Technology and Open Source Update

Latest information about new technology and open source.

Posted by megahacker136 on September 12, 2008

Thank you to all my readers for supporting my blog. I hope you are satisfied with my blog. I will try all my best to fill this blog with lots of information and education. I will share all my experience and knowledge with the blog readers. If you find anything interesting or useful, please share with your friends and other blog readers. I also hope all readers always support this blog. Keep in track with the latest updates within this blog because something that you could not aspect will surprise you. Anyone can get benefits from this blog contents, so, don’t lose your chance to get something benefits for yourselves. This blog is not for me but to all of you…

Advertisements

Posted in Uncategorized | 7 Comments »

Phalanger

Posted by megahacker136 on February 17, 2009

The .NET development framework facilitates writing applications in more than one programming language like VB or C#. While writing a .NET application, you can always opt for a language of our choice. You can even write each module (say a Windows form or a Web form) of an application in a different language.

On the other hand, PHP is a popular open source scripting language which is used typically for writing Web based applications. Being a scripting language, applications written in PHP are interpreted and not compiled.

With a piece of software/plugin called Phalanger, you can use PHP as one of the languages for writing .Net applications. Plus these applications, written in PHP will be compiled – as with any application written in .NET language. Plus, Phalanger offers an extension/plugin for Visual Studio which allows you to write PHP based .Net applications in Visual Studio 2008 (the latest in the Visual Studio family).

Get, set and go…
Assuming that you have already installed and are running .NET 2.0 (or above) framework and Visual Studio 2008, you require to do the following to download and install Phalanger:

1. Download phalanger-2.0-march-2008.zip from the URL http://www.codeplex.com/Phalanger/Release/ProjectReleases.aspx?ReleaseId=11564#ReleaseFiles.
2. Unzip the file and run the installer via setup.exe. The installer also sets up IIS web server for PHP (to be precise, for PHP Phalanger).
3. To write PHP Phalanger applications in Visual Studio, you need to install the Phalanger extension which is a separate download.
4. Go to the above mentioned link and download the file vsintegration-2.0-march-2008.zip. Unzip the file and run vsiip.msi.

Configure IIS Web Server
To configure IIS on Windows XP to use Phalanger, execute the following steps:
1. Goto Control Panel>Administrative Tools>Internet Information Services.
2.Expand the tree (in the left pane) till you see “Default Web Site”. Right click on it and select Properties.
3.Click on the “Home Directory” tab and then click on the Configuration button. Under the Mappings tab, click on Add. Type in the following for the Executable and the Extension:
Executable: C:\WINDOWS\ Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll Extension: .php

4. Leave the other settings to their default. Restart IIS.

Posted in computer, Programing | Tagged: , | Leave a Comment »

Low-Cost Defenses Against Curbing Computer Worms

Posted by megahacker136 on February 17, 2009

Thanks to an ingenious new strategy devised by researchers at University of California, Davis and Intel Corporation, computer network administrators might soon be able to mount effective, low-cost defenses against self-propagating infectious programs known as worms.

Many computers are already equipped with software that can detect when another computer is attempting to attack it. Yet the software usually cannot identify newly-minted worms that do not share features with earlier marauders. When network managers detect suspicious activity, they face a major dilemma, said Senthil Cheetancheri, who led efforts to develop the strategy. “The question is, ‘Should I shut down the network and risk losing business for a couple of hours for what could be a false alarm, or should I keep it running and risk getting infected?'”

Cheetancheri, a graduate student in the Computer Security Laboratory at UC Davis when he did the work, has shown that the conundrum can be overcome by enabling computers to share information about anomalous activity. As signals come in from other machines in the network, each computer compiles the data to continually calculate the probability that a worm attack is underway. “One suspicious activity in a network with 100 computers can’t tell you much,” he said. “But when you see half a dozen activities and counting, you know that something’s happening.”

The second part of the strategy is an algorithm that weighs the cost of a computer being disconnected from the network against the cost of it being infected by a worm. Results of this ongoing process depend on the calculated probability of an attack, and vary from computer to computer depending on what the machine is used for. The algorithm triggers a toggle to disconnect the computer whenever the cost of infection outweighs the benefit of staying online, and vice versa.

The computer used by a person working with online sales, for example, might be disconnected only when the threat of an attack is virtually certain; the benefit she provides by continuing to work during false alarms far outweighs the cost of infection. On the other hand, a computer used by a copy writer who can complete various tasks offline might disconnect whenever the probability of an attack rises above even a very low level.

The study is published in “Recent Advances in Intrusion Detection, 2008,” the proceedings of a symposium that was held in Cambridge, Mass., in September, 2008.

Other contributors to the study are John-Mark Agosta with Intel Corporation; Jeff Rowe, research scientist in the UC Davis Computer Security Laboratory; and UC Davis computer science professors Karl Levitt and Felix Wu.

Posted in computer, Hacking, internet, Security | Tagged: , , | Leave a Comment »

Could Remote Drug Delivery Devices Be Hacked?

Posted by megahacker136 on February 17, 2009

Electronic implants that dispense medicines automatically or via a wireless medical network are on the horizon. Australian and US researchers warn of the security risks.

Many computers are already equipped with software that can detect when another computer is attempting to attack it. Yet the software usually cannot identify newly-minted worms that do not share features with earlier marauders. When network managers detect suspicious activity, they face a major dilemma, said Senthil Cheetancheri, who led efforts to develop the strategy. “The question is, ‘Should I shut down the network and risk losing business for a couple of hours for what could be a false alarm, or should I keep it running and risk getting infected?'”

Cheetancheri, a graduate student in the Computer Security Laboratory at UC Davis when he did the work, has shown that the conundrum can be overcome by enabling computers to share information about anomalous activity. As signals come in from other machines in the network, each computer compiles the data to continually calculate the probability that a worm attack is underway. “One suspicious activity in a network with 100 computers can’t tell you much,” he said. “But when you see half a dozen activities and counting, you know that something’s happening.”

The second part of the strategy is an algorithm that weighs the cost of a computer being disconnected from the network against the cost of it being infected by a worm. Results of this ongoing process depend on the calculated probability of an attack, and vary from computer to computer depending on what the machine is used for. The algorithm triggers a toggle to disconnect the computer whenever the cost of infection outweighs the benefit of staying online, and vice versa.

The computer used by a person working with online sales, for example, might be disconnected only when the threat of an attack is virtually certain; the benefit she provides by continuing to work during false alarms far outweighs the cost of infection. On the other hand, a computer used by a copy writer who can complete various tasks offline might disconnect whenever the probability of an attack rises above even a very low level.

The study is published in “Recent Advances in Intrusion Detection, 2008,” the proceedings of a symposium that was held in Cambridge, Mass., in September, 2008.

Other contributors to the study are John-Mark Agosta with Intel Corporation; Jeff Rowe, research scientist in the UC Davis Computer Security Laboratory; and UC Davis computer science professors Karl Levitt and Felix Wu.

Posted in computer, Hacking, Security | Tagged: , , | Leave a Comment »

Fighting Tomorrow’s Hackers

Posted by megahacker136 on February 17, 2009

One of the themes of Dan Brown’s The Da Vinci Code is the need to keep vital and sensitive information secure. Today, we take it for granted that most of our information is safe because it’s encrypted. Every time we use a credit card, transfer money from our checking accounts — or even chat on a cell phone — our personal information is protected by a cryptographic system.

But the development of quantum computers threatens to shatter the security of current cryptographic systems used by businesses and banks around the world.

“We need to develop a new encryption system now, before our current systems — such as RSA — becomes instantly obsolete with the advent of the first quantum computer,” says Prof. Oded Regev at Tel Aviv University’s Blavatnik School of Computer Science. To accomplish that, Prof. Regev has proposed the first safe and efficient system believed to be secure against the massive computational power of quantum computers and backed by a mathematical proof of security.

Secure for Centuries

Prof. Regev stresses it is imperative that a new cryptographic system be developed and implemented as soon as possible. One reason is that current information, encrypted with RSA, could be retroactively hacked in the future, once quantum computers are available. That means that bank and other financial information, medical records, and even digital signatures could instantly become visible.

“You don’t want this information to remain secure for just 5 or 10 years until quantum computers are built,” says Prof. Regev. “You want it to be safe for the next century. We need to develop alternatives to RSA now, before it’s too late.”

New Cryptographic System

Cryptographic systems are used to transmit secure information such as bank and online transactions, and typically rely on the assumption that the factoring problem is difficult to solve. As a simplified example, if the number 3088433 were transmitted, an eavesdropper wouldn’t be able to tell that the number is derived from the factors 1583 and 1951. “Quantum computers can ‘magically’ break all of these factoring-based cryptographic systems, something that would take billions of years for current computers to accomplish,” Prof. Regev explains.

The current gold standard in encryption is the universally used RSA cryptosystem, which will be instantly broken once quantum computers are a reality — an event predicted to happen as early as the next decade. To replace RSA in this new reality, Prof. Regev combined ideas from quantum computation with the research of other leaders in the field to create a system that is efficient enough to be practical for real-world applications.

Prof. Regev’s work was first announced in the ACM Symposium on Theory of Computing and will appear in the Journal of the Association for Computing Machinery. His work has now become the foundation for several other cryptographic systems developed by researchers from Stanford Research Institute, Stanford University, and MIT. Its potential real-world applications are extensive, ranging from banking transactions to eBay and other online auctions to digital signatures that can remain secure for centuries.

Posted in computer, Hacking, internet, Security | Tagged: , , | Leave a Comment »

Good Code, Bad Computations (Return Oriented Programming)

Posted by megahacker136 on February 17, 2009

If you want to make sure your computer or server is not tricked into undertaking malicious or undesirable behavior, it’s not enough to keep bad code out of the system.

Two graduate students from UC San Diego’s computer science department—Erik Buchanan and Ryan Roemer (picture)—have just published work showing that the process of building bad programs from good code using “return-oriented programming” can be automated and that this vulnerability applies to RISC computer architectures and not just the x86 architecture (which includes the vast majority of personal computers).

Last year, UC San Diego computer science professor Hovav Shacham formally described how return-oriented programming could be used to force computers with the x86 architecture to behave maliciously without introducing any bad code into the system. However, the attack required painstaking construction by hand and appeared to rely a unique quirk of the x86 design.

This new automation and generalization work from graduate students and professors from UC San Diego’s Jacobs School of Engineering will be presented on October 28 at ACM’s Conference on Communications and Computer Security (CCS) 2008, one of the premier academic computer security conferences.

“Most computer security defenses are based on the notion that preventing the introduction of malicious code is sufficient to protect a computer. This assumption is at the core of trusted computing, anti-virus software, and various defenses like Intel and AMD’s no execute protections. There is a subtle fallacy in the logic, however: simply keeping out bad code is not sufficient to keep out bad computation,” said UC San Diego computer science professor Stefan Savage, an author on the CCS 2008 paper.

Return-oriented Programming

Return-oriented programming exploits start out like more familiar attacks on computers. The attacker takes advantage of a programming error in the target system to overwrite the runtime stack and divert program execution away from the path intended by the system’s designers. But instead of injecting outside code—the approach used in traditional malicious exploits—return-oriented programming enables attackers to create any kind of nasty computation or program by using just the existing code.

“You can create any kind of malicious program you can imagine—Turing complete functionality,” said Shacham.

For example, a user’s Web browser could be subverted to record passwords typed by the user or to send spam e-mail to all address book contacts, using only the code that makes up the browser itself.

“There is value in showing just how big of a potential problem return-oriented programming may turn out to be,” said computer science graduate student Erik Buchanan.

The term “return-oriented programming” describes the fact that the “good” instructions that can be strung together in order to build malicious programs need to end with a return command. The graduate students showed that the process of building these malicious programs from good code can be largely automated by grouping sets of instructions into “gadgets” and then abstracting much of the tedious work behind a programming language and compiler.

Imagine taking a 700 page book, picking and choosing words and phrases in no particular order and then assembling a 50 page story that has nothing to do with the original book. Return-oriented programming allows you to do something similar. Here the 700 page book is the code that makes up the system being attacked—for example, the standard C-language library libc—and the story is the malicious program the attacker wishes to have executed.

“We found that return-oriented programming poses a much more general vulnerability than people initially thought,” said computer science graduate student Ryan Roemer. He and Buchanan chose to study return-oriented programming for a class project after they heard Shacham outline a series of open questions in a guest lecture he gave in Savage’s computer security course last winter.

Living with Return-Oriented Programming

“The threat posed by return-oriented programming, across all architectures and systems, has negative implications for an entire class of security mechanisms: those that seek to prevent malicious computation by preventing the execution of malicious code,” the authors write in their CCS 2008 paper.

For instance, Intel and AMD have implemented security functionality into their chips (NX/XD) that prevents code from being executed from certain memory regions. Operating systems in turn use these features to prevent input data from being executed as code (e.g., Microsoft’s Data Execution Prevention feature introduced in Windows XP SP2). The new research from UC San Diego, however, highlights an entire class of exploits that would not be stopped by these security measures since no malicious code is actually executed. Instead, the stack is “hijacked” and forced to run good code in bad ways.

“We have demonstrated that return-oriented exploits are practical to write, as the complexity of gadget combination is abstracted behind a programming language and compiler. Finally, we argue that this approach provides a simple bypass for the vast majority of exploitation mitigations in use today,” the computer scientists write.

The authors outline a series of approaches to combat return-oriented programming. Eliminating vulnerabilities permitting control flow manipulation remains a high priority—as it has for 20 years. Other possibilities: hardware and software support for further constraining control flow and addressing the power of the return-oriented approach itself.

“Finally, if the approaches fail, we may be forced to abandon the convenient model that code is statically either good or bad, and instead focus on dynamically distinguishing whether a particular execution stream exhibits good or bad behavior,” the authors write.

Posted in computer, Hacking, Security | Tagged: , , | 1 Comment »

Danger…

Posted by megahacker136 on November 2, 2008

You have installed a new self-updating antivirus program, have the latest firewall, and you do not open any dodgy looking e-mail messages. You think you are reasonably safe from a lot of the harmful content on the Internet. Unfortunately, you are not.

On top of the newer and deadlier versions of the same kind of threats that are out there, there is now a new type of danger altogether — “click-jacking.”

At the Hack-in-the-Box security conference (HITBSecConf) 2008 here last week, click-jacking was the focus of a keynote speech by the founder and chief technology officer of WhiteHat Security, Jeremiah Grossman.

“Think of any button on any website that you can click on,” said Grossman. “Now consider that an attack can invisibly hover over these buttons and below a user’s mouse, so that when the user clicks on something he sees, he is actually clicking on something the attacker wants him or her to.”

An attacker, for example, can make you click on an “activate webcam” button when you intended to click the “news” button, he explained.

This means that a home user’s web browser can be covertly infiltrated with shadow buttons that lie invisibly over legitimate buttons.

According to Grossman, the “bad guy” hacker can access a web browser this way through the existing Java script or Flash player and it is relatively easy. Exact details on how this is done are confidential for security reasons.

“We have only known about this for a very short period of time; it is still unclear if there are any effective defences against this newfound threat,” he said.

Grossman recommends making sure the web browser security features are installed and up to date, especially with the more popular web browsers.

“If you want to use a popular web browser, you have to install every security add-on you can find. The less popular web browsers are less likely to be targeted by attackers. In any case, I would recommend you unplug or tape-up your webcam lens and disable or mute your microphone,” he said.

Grossman said that is it unclear what the web browser companies themselves can do about click-jacking right now. “Given that it is a very new type of threat, not much is known right now. We are looking into it,” he added.

HITBSecConf is Asia’s largest network security conference and is organised by Hack In The Box (M) Sdn Bhd; the event is in its sixth year.

That HITBSecConf is expanding year after year underscores how critical network security as a subject matter has become in Malaysia, said Dhillon Andrew Kannabhiran, founder and CEO of Hack In The Box, when announcing this year’s conference last month.

He had also said that it shows IT decision makers in local organisations and network security professionals worldwide acknowledge the value that HITBSecConf offers in terms of hands-on training, deep technical information, and insights into security trends.

The event is endorsed by the Malaysian Communications and Multimedia Commission; Malaysian Administrative Modernisation and Management Planning Unit; Malaysian National Computer Confederation; and Multimedia Development Corporation.

Posted in Uncategorized | Tagged: , | Leave a Comment »

Java Thread Program Using Runnable Interface

Posted by megahacker136 on October 19, 2008

public class soalan4 {

public static void main(String[] args) {
try {
Thread thread1 = new Thread(new runThread(“Parent Thread”));
Thread thread2 = new Thread(new runThread(“Child Thread”));
thread1.start();
thread2.start();
} catch (Exception e) {
System.out.println(e.getMessage());
}
}
}

class runThread implements Runnable {

String threadName;

runThread(String nama) {
threadName = nama;
}

public void run() {
for (int i = 1; i <= 5; i++) {
System.out.println(threadName + ” “ + i);
}
}
}

Download source code:

>>>DOWNLOAD<<<

Solution 2:

public class soalan4 implements Runnable{

public soalan4(){

try{

Thread thread2 = new Thread(new runThread(“Child Thread”));

thread2.start();

}catch(Exception e){

System.out.println(e.getMessage());

}

}

public static void main(String[] args) {

try {

Thread thread1 = new Thread(new soalan4());

thread1.start();

} catch (Exception e) {

System.out.println(e.getMessage());

}

}

public void run(){

for (int i = 1; i <= 5; i++) {

System.out.println(“Parent Thread ” + i);

}

}

}

class runThread implements Runnable {

String threadName;

runThread(String nama) {

threadName = nama;

}

public void run() {

for (int i = 1; i <= 5; i++) {

System.out.println(threadName + ” ” + i);

}

}

}

Posted in Open Source, Programing | Tagged: , , | 40 Comments »