Archive for abhishekkr

[hackersmag] Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

Posted in AbhishekKr, Blogroll, security with tags , , , , , , , , on December 29, 2010 by abhishekkr

@ hackersmag.blogspot.com [29-Dec-2010]

http://hackersmag.blogspot.com/2010/12/weak-excuses-after-weak-security.html

Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

On Dec-17-2010, Mozilla was reported about availability of its user-accounts (partially, which were used on addons.mozilla.org) over a public server.

They have projects like Firefox (super famous web-browser), NSS (one of the most famous libraries for developing secured client-server application), and more… if an organization like them do a mistake like this, oh yeah… hackers paradise

it’s how they defend themselves…
database included 44,000 inactive accounts using older
but don’t you think… even inactive users on a site deserve their privacy, and if they were inactive and not important then……….

…click here to read full blogPost

Advertisements

[hackersmag] bypass user level restrictions, bug-case in ‘Scribd.com’

Posted in AbhishekKr, ABK Labs, security with tags , , , , , , , , , , on December 21, 2010 by abhishekkr

@ hackersmag.blogspot.com [21/Dec/2010]

entry@Blogpost: http://hackersmag.blogspot.com/2010/12/bypass-of-user-level-restrictions-case.html

view-video@Youtube: http://www.youtube.com/watch?v=g-ETsFjRhqs
access-video@Vimeo: http://vimeo.com/18020569 [view/download original nice resolution video here]

bypass of user level restrictions, a case of bug in ‘Scribd.com’

So, here is a bug (which  has now been fixed) in Scribd.com… that allowed users to get a local copy of documents which were devoid of download and print options.

It’s how layered limitation can be broken, and why restrictions must be implemented root-level-up and not just as user-level module.

…click here to read full blog-post and view real-case video

[abionic.blogspot.com] GitHub’s “purely artificial and poorly intelligent” A.I.

Posted in AbhishekKr, Blogroll with tags , , , , , , , , , on December 20, 2010 by abhishekkr

@ abionic.blogspot.com [20/Dec/2010]

http://abionic.blogspot.com/2010/12/encounter-with-githubs-ai-which-is.html

encounter with GitHub’s A.I. which is “purely artificial and poorly intelligent”

Recently, I had an interesting encounter with GitHub’s A.I. which was purely artificial and poorly intelligent.
I have a repo at ‘https://github.com/abhishekkr/sitehoster‘; it’s an experimental web-server developed in ‘Java’ but it has been marked as ‘Javascript’.

Now I’m a bit hard at things which don’t work to their potential… but I don’t think their is anything wrong in it.

So yeah there is an ‘Artificially Poorly Inferenced Logic‘ implemented in so advanced GitHub
which could have been ‘Smartly Easily Granted Control‘ to not so artificially intelligent Users…

…click here to read full blog post

[hackersmag.blogspot.com] only few domains DNSSEC protected, WHAT ABOUT YOU

Posted in Blogroll, security with tags , , , , , , , , , , , , , , on December 20, 2010 by abhishekkr

@ hackersmag.blogspot.com [17/Dec/2010]

http://hackersmag.blogspot.com/2010/12/only-org-and-net-domains-under-dnssec.html

Are you protected with DNSSEC:
[] in mid-2010, DNSSEC got deployed over ‘root-DNS-server’ and ‘.org’ domain
[] on 10-Dec-2010, Verisign deployed DNSSEC in ‘.net’ zone too
{securing more than 13million registrations online}
[] preparations are up to sign the ‘.com’ zone in first quarter of 2011

Verisign has even launched a cloud based DNSSEC implementation service to ease its implementation in organisations…

…click here to read the full post

Ambiguity & Confusions with Me & Bangalore

Posted in Uncategorized with tags , , , , , , on October 9, 2010 by abhishekkr

I’m relocated to ThoughtWork’s Pune Office and will be missing all friends I made in Bangalore, at the same time hoping to meet new wonderful people and laying my hands over some more new interesting technical stuff.

However ambiguity and I don’t go much hand-in-hand… but it was somewhat more prominent during last 10 months of my life.

It started near about December’2009… I was planning for my Internship applied at few fine and few not so fine places. Actually I was in full-mode of developing an Independent Project but my College Guide wanted me to go for Industry Project. This actually confused me with the thought that if I’m aiming at a new large-scale user-oriented concept to be realized… whats not Industry Level in it, it’s just that no registered corporate organization is funding it.

Anyhow, to his and my satisfaction… I got an offer from TW to join as an intern and I accepted. But confusions didn’t ended here… they started.

Its just that somehow I’ve been one of the (or may be the only) humanoid confusions roaming around in the office filled with ensured thoughts that work.

The ambiguity started around with my interview itself.

I got a call for Interview in Pune… my all college friends hoping me to go Pune and I landed up in Bangalore.

This was good as I had 3 of my college friends (total crazy, in their words ‘sample’) and one old (vintage 😀 elder brother like) and strong (goes to Gym and diets on maggie) friend. Then their friends added up to my list too, kewl right.
This confused me how I got so many friends, where once I knew nobody.

My colleagues are awesome (instead of intense work pressure, laughing on anything and everything), and the best thing about them is after school they were first people to call me ‘good boy’.
This raised ambiguity that if I was true whenever I told my college friends that I’m really type(d) as SHAREEF and they denied.

Then, the confusion started, with what is your field…
one colleague asked “Are you a Linux Guy?”… now I’m not a Linux Guru to call myself that, so No
another person asked “Are you a Networking Guy?”… now I don’t know entire Tanenbaum Theory, so No
colleague asked again “So, you are Security Expert?”… its vast and deep enough to say I got it all, so No
again and again “Windows? Development? ABC? XYZ?”… truly speaking, No
At least I’m not confused here… I’m just a Geek, who loves technology and learning new things related what he loves… so loves learning technology also.

Then in July, my Internship ended at TW and I joined permanently. I joined as Pune my Home Office, and continued working in Bangalore office completing some of stuff left.
Since I told all of my friends my proposed office-location… they all remained confused for few coming weeks.
Even my parents started asking me if everything is alright, that I’m not sent to my home-office location.

Then happened X-Conf2 (a TW internal conference), TWers from different offices met and discussed. When I met different TWers from other offices… first Q. was “You are from which office?” and I was just playing the in-records location “It’s Pune”.
Then happened a comical scene when I met a Pune Office TWer and he was just wondering how he has never seen me.

I started loving the place, its weather (unpredictable but cool )… and regular technical events which keep your mind-game in pace.

Few days back, my mentor in Bangalore told me that I’m relocated to Pune Office and it will be a nice experience for me. He also told me that it will be good for me to work in Pune office as its not as loaded and tension-filled as here. He said it with a simple nice meaning. But my brain’s ambiguity…

That time I inferred what he meant, that with less ‘Tension’ in Pune office I’ll work peacefully…
Now I just think how ambiguous it was that if I’m sent to level it up 😀

[hackersmag.blogspot.com] Problem with IEEE 802.1x

Posted in Blogroll, security with tags , , , , , , , , , , , , , , , on September 7, 2010 by abhishekkr
Problem with IEEE 802.1x implementation’s fallback option
———————————————————
I was just looking over some gyan for 802.1x implementation ……. saw mention of fallback option …….
MAB i.e. MAC Authnetication Bypass porviding support for Legacy Devices (say Printers) which are not capable of

[hackersmag.blogspot.com] XSS Defeating PoC

Posted in Blogroll, security with tags , , , , , , , , , , , , , , , , , on September 7, 2010 by abhishekkr

@ hackersmag.blogspot.com [6/Sep/2010]

http://hackersmag.blogspot.com/2010/09/xss-defeating-poc-if-have-any-time-for.html

Video Demo of the same PoC: http://www.youtube.com/watch?v=ENiiAccY1v0
WhitePaper is also available at SourceForge link above
I was working on a XSS-Patch PoC, which I now feel works proper enough to prove its point.
This neither require Web-Developers for any Filtering/Validation, nor any javascript blocking add-on on user’s browser.

…….click here to read full BlogPost