Searching for the 1st PC Virus

30 04 2012

Amazing and inspiring!!! Mikko is awesome





My HTML5

3 04 2012

References

  • Know your browser with findmebyip.com
  • Compatibility information with caniuse.com
  • Nodernizr HTML5 javascript tools
  • Data vocabulary for Rich snippets
  • Google Webform 2.0 — cross browser implementation
  • Baker — ebook framework for iPad and iPhone
  • LungoJS — mobile framework
  • Ai2Canvas plug-in enables Adobe® Illustrator® — mobile framework




  • A quick look on ASP.NET viewstate

    1 04 2012

    Viewstate is a cool mechanism in ASP.NET platform to maintain information supplied from the client-side. Every input will be submitted to the server with POST method by default. Some HTML input objects will contain javascript function calling back to the server as it is shown below.

    function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
    theForm.__EVENTTARGET.value = eventTarget;
    theForm.__EVENTARGUMENT.value = eventArgument;
    theForm.submit();
    }

    This mechanism could prevent CSRF(Cross-Site Request Forgery) attack implicitly. You have to write quite a few lines of code in PHP, if you want to prevent this kind of attack. However, viewstate is a trade-off between performance and security. Thus, disable viewstate on the page or on the objects you don’t need. Enable it only whenever you need it. Use viewstate wisely.

    Disable Viewstate
    1. website level
    In web.config, change enableViewState to false under system.web tag.

    <pages enableViewState="false"></pages>

    Whatever you change the properties of the control you use, the server could not maintain viewstate value.

  • Result –> Not maintain
  • Even the control was set as:
  • EnableViewState = True
    ViewStateMode = Inherit,Enable

    2.page level
    Modify the target page with,

    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="YOURCODE.aspx.cs" Inherits="XXXX_Stage" EnableViewState="false" %>

    Whatever you set the control, viewstate won’t work.

  • Result –> Not maintain
  • Even the control was set as:
  • EnableViewState = True
    ViewStateMode = Inherit,Enable

    3.control level
    Bear in mind that the setting inherit viewstate’s configuration from above levels by default. Website–>Page–>Control

  • Result –> maintain
  • EnableViewState = True
    ViewStateMode = Enable

  • Result –> not maintain
  • EnableViewState = True,False
    ViewStateMode = Disable

    Tested on:
    Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1





    Software Security

    26 03 2012

    A good visualisation infographic by VeraCode.

    Secure Coding and Software Security

    Infographic by Veracode Application Security





    Voice VLAN

    25 03 2012

    1. Voice VLAN is not a trunk.
    2. Voice VLAN is supported on an access port not a trunk port.
    3. Even IP phones and workstations share the same physical ports, they are treated differently. IP phones’packets are tagged, but PC’s packets are untagged. This key role is played by CDP.
    4. Voice VLAN is not on a trunk port, it is called as multi VLAN access port.
    Group Study: Good Explanation of the Voice VLAN
    5. DHCP could distribute IP address correctly after IP phones exchange CDP with the switch. DHCP on data VLAN and DHCP on Voice VLAN are different.

    Cisco QOS
    QoS Frequently Asked Questions
    Configuring QOS





    Client-side Attack

    21 03 2012

    These were talked in NotaCon 6th.

  • Fast-Track- Advanced Penetration Techniques Made Easy
  • Time To Replicate The Real Threat- Client Side Penetration Testing
  • Therefore, enjoy human hacking!!





    IP address and its geographic information

    15 03 2012

    To delve into geographic location information, you need a good database.

    Free GeoIP could be your answer as Ivan Bütler described in his article:

    GeoIP List Conversion for Security Tools “geo2nginx.pl”

    .