My World

Moving to Wordpress

2009-11-09T18:44:00.000-08:00

Hey guys,

I have created a blog on Wordpress and have imported all the blogs from here. It would be good if you could follow me from there.

Wordpress Blog: xpl0it.wordpress.com

Sorry for the inconvenience.

Thanks for all the support :)

Cop-Tech Forum

2009-09-16T22:21:00.000-07:00

Recently, a few months ago, on the 30th of June, 2009, Cop-Tech Forum was launched. It is a joint initiative of Pune Police, NASSCOM (The National Association of Software and Services Companies) and the DSCI (Digital Security Council of India).

Purpose:
The main objective behind this forum was to increase sharing of ideas and knowledge on cyber security between the Police and the IT Industry. As Commissioner of Police, Dr. Satya Pal Singh, phrased it: "Cop-Tech is solemnization of the marriage between the Police and the IT Industry". It is an initiative which calls for contribution of the IT professionals to help develop the Police force to serve the people better.

Pratap Reddy, an IPS officer who was an advisor (cyber security) to NASSCOM, listed down the things which Cop-Tech has to take care of:

Develop the Control Room of Pune Police to make it state-of-art which can cater to all those who dial 100 in a proper, structured way. This would also involve Fleet Management to keep track of police vehicles on the field
Cyber crime, computer security awareness among the students, non-IT professionals and the citizens in general
Usage of CCTVs from different locations. This would also involve Video and Image Analysis. For this, IT professionals who work in this area were called for help.
Training the Police staff in Cyber Security, Cyber Crime Investigation, Forensic Investigation, Computer Security in general, trainings on using of different tools (like GPS). This is to ensure that the state-of-art devices which would be used in the Control Rooms would be used efficiently and effectively by the policemen
Forensic Investigation. There are many cases which are shutdown since Police do not have proper evidence or direction to work on. Here, the IT professionals can help (voluntarily) in Forensic Investigation

After this, the discussion was thrown out to the audience who are ready to contribute to this CopTech Forum. It was good to see a number of professionals from Infosys, Delloit, IBM, Null Security Community, Press, etc, who were ready to help in their own way. An Infosys guy was ready to design, develop, code and implement a database system for Cyber Crime cell and Control Room. As is going on for many months now, Null Security Community is already into spreading security awareness among the citizens of Pune, which has now extended to Banglore. They were also interested in helping for Cyber Crime Investigations and Forensics.

Pic:
Pratap Reddy (2nd from Right)
Dr. Satya Pal Singh (Lighting the lamp)

There was a good suggestion from one of the attendees. What he suggested was to look at the whole Cyber Crime as a business. A business which would involve 3 steps, including the actual crime and the monetization of that crime (like selling the data/information, selling the method to perform the crime in form of exploits, etc). If in some way, one of the 3 steps could be interfered and cause hamper, the whole cyber crime process would fall. But, since this Cop-Tech forum has a narrow scope (as of now) to those listed above, this suggestion was left for future scope. There were many other inputs from the audience volunteering for Image and Video Analysis, Forensics, etc.

In short, it was good to see a bunch of around 60-70 individuals as well as a few groups like Null to have participated in this and who are ready to contribute. But, looking at the facts of Pune being the "IT hub of India" or the Silicon Valley of the East, 60 - 70 was a very small number. Till date, people have always questioned the government for not doing a good job, but when it comes to helping/contribution/volunteering, only a bunch of people are there at the disposal of the government, even when the government has taken the first step. This is a humble request to all IT Professionals to help the Police and the Cyber Cell to make it better so that they are able to serve us in a better way.

To get in touch with CopTech and Cyber Cell Pune, you can pay a visit to Cyber Cell branch at Sadhu Vasvani Road, Camp, Pune-1.

Dr. Satya Pal Singh's Blog: http://drsatyapalsingh.blogspot.com/

Chat Protocol ...

2009-09-14T01:09:00.000-07:00

Scenario 1: You forgot(or don't want) to go offline and you are projecting your screen on projector with some serious discussion in a busy conference room and bang! an old friend messages you on messenger "Hi Sexy"

Scenario 2: You are sitting with someone say Mr. A and another friend say Mr. B sends you a message about Mr. A. You know what kind of message I'm talking about

These kind of sudden and uninvited chat messages can disturbing at times. So in one of my previous organization we had a protocol for chatting. I found it very helpful and slowly many of my friends have started following it.

Here's how it goes, PLEASE try to follow the same when chatting with me and may be others too. This will make the online life bit comfortable for you and your friends

[?] To start a conversation, send a question mark only. Yes a simple " ? " only. This can mean anything as per your understanding like "Can we chat?" or "are you there?".

Now the answer to this question can be yes no or later

[Y] So if the answer is YES, the person replies " y ". Which means "I'm comfortable chatting with you at this moment, tell me"

[N] If the answer is NO for reasons like "I'm busy", or "Can't chat" or whatever, the person replies " n ". If you get a " n " DO NOT send any more message, not even "OK, I'll ping you later" It like saying DO NOT DISTURB

[5] or for that matter any number like " 10 " - "15 " means busy right now, lets talk after 5 (or 10-15) minutes. This comes very handy when you want to chat but because you are preoccupied in something which you can't leave in between.

[ ] If in case there is no reply from the other side, there can be 2 reasons. Too busy to say a " n " or not near the computer. The best option in this case is treat it as " n " and DO NOT disturb

Looking at so many shortcuts, we devised another shortcut. It was " b " this time which means BYE that comes at the end of conversation.

I strongly recommend all my friends to use this protocol while starting a chat with me. Share the protocol with your friends and see the difference.

Original Post: http://blog.rohit11.com/2009/02/chat-protocol.html
Thanks to Rohit Shrivastva, from whose blog I copied this.

Install Skype Fedora 11

2009-08-10T21:31:00.001-07:00

Installing Skype on Fedora is a pain in the neck. And making the sound work on skype is a bigger pain! After migrating from Ubuntu to Fedora, things have become really difficult! In this post, I explain (thanks to mdim, a user on fedoraforum.org) how to install Skype on Fedora 11.

The first few steps are a copy paste of what mdim wrote on the forum:

Step 1:
Login as root in the terminal
Code:

su -

And provide your root password.

Step 2:
Download the libsigc++20-2.0.17-1.i386.rpm package:
Code:

wget http://fedora.osmirror.nl/extras/5/i386/libsigc++20-2.0.17-1.i386.rpm

Step 3:
Run the command:
Code:

rpm2cpio *.rpm | cpio -idmv

Step 4:
Create directory /opt/libs32/ if you don't have it yet:
Code:

mkdir /opt/libs32

Step 5:
Copy libsigc-2.0.so.0 and libsigc-2.0.so.0.0.0 to /opt/libs32/ directory:
Code:

cp ./usr/lib/libsigc-2.0.so.0 /opt/libs32/
cp ./usr/lib/libsigc-2.0.so.0.0.0 /opt/libs32/

Step 6:
Install everything that has anything to do with Qt4:
Code:

yum install qt4*

Step 7:
Download the skype-1.4.0.118-fc5.i586.rpm rpm package from http://www.skype.com/intl/en/downloa.../linux/choose/ and enter command in terminal:
Code:

rpm -i --force --nodeps skype-1.4.0.118-fc5.i586.rpm

Step 8:
Now give the path to those libraries:

Code:

export LD_LIBRARY_PATH="/opt/libs32/"

Step 9:
Now you can run skype by typing:
Code:

skype

IMPORTANT NOTE:
In some cases, there is this error which is encountered on the last step (Step 9).

warning: skype-2.0.0.72-fc5.i586.rpm: Header V3 DSA signature: NOKEY, key ID d66b746e

And when Skype is executed, another error is encountered:

skype: error while loading shared libraries: libXss.so.1: cannot open shared object file: No such file or directory

For this, you would require the file libXss.so.1

Step 10:
Enter the following command in the terminal and then start skype.
Code:
yum install libXss.so.1

Special thanks to mdim and the post http://forums.fedoraforum.org/showthread.php?t=174114

VAPT ... Day 1

2009-04-28T22:54:00.000-07:00

First day into my VAPT - Vulnerability Assessment and Penetration Testing, (Hacking, in short) was a blunder. I had not contacted my mentor that I was going to start from 15th of April. I forgot :D. Neither did I know his time of arrival to the office, so that I could reach just on time to talk to him and get the project details.

Anyways, reached xyz (the company for whom I work) at around 9:10 am. I contacted my mentor, Mr Danny Nagdev just before reaching their. He asked me to come at 10, since he was in a meeting. Passed my time on Level 9, started my laptop, and began playing Burnout Paradise ... believe me, its a superb game, with all the stunts and races and what not ... cool cars, great graphics ... ok, later, back to the topic.

I was re-directed to another office of xyz, after meeting Mr. Danny, where the security administrator used to work from. Finally, after having a chai with Mr. Namit Kasliwal, the Security Administrator of xyz, I got my project. I did have a choice of skipping office since that was the first day, but I started off with my job, due to 2 reasons, 1) no friends on the campus and 2) i am a workaholic.

The Project:
I was asked to Hack into the xyz servers. Yo. That would be fun! Lets start off. The project was going to be a Black Box type, i.e. the company would provide me with no information, its me who has to find out everything! Imagine, EVERYTHING!!!! Fine, lets go ahead.

Starting off with the Project:
The company people were good enough to provide me with an ethernet cable to connect to their internal network. Good, atleast that would help me find some more information about them!

The only thing I knew about the company (other than its name, and the 2 people I met), was the website. After connecting to the local internet, I found the basic information:
- the subnet I was connected to (IP address and the subnet mask)
- the DNS used by the company
- the default gateway

After this, the logical step was to find out the final gateway of the company, i.e. the final server which connected xyz the world, the Internet. So, for that, I did a traceroute to the google and orkut servers and from there. Traceroute gives you a list of all the hops on the way to the servers. Looking (DNS Lookup) up each one of them, I came to know of the last internal ip address which would take all the requests of xyz to the Internet. Hence, found the NAT Server!

The next step which I took, was in the Internet side. I queried the Whois database for information on the company's website. Finding a few fields which were unknown to me, I went on to look for details of the fields which are included in the Whois query answer. I found this wonderful site http://www.apnic.net/db/ref/attributes/attributes-inetnum.html which listed all the fields and their descriptions. Having queried the Whois database, I found a lot many details about the company, like the Name of the contact person for the website, the address of the registrant, phone numbers, email addresses, and the most important, the DNS records!! I dont know why the whois database is open for all; well, good for people like me ;).

For the Whois query, I used www.samspade.org for the same. I haven't tried finding how it queries the Whois database, but I did find out how to query the samspade whois database.
www.samspade.org/whois?query=;server=auto. This URL would take you to the Whois page of the IP/Domain.

Also, from the Whois query, I came to know that xyz hosted its website on a public domain, and it wasnt in their servers ... wow ... pretty intelligent!

Having found the DNS records from the Whois page, the next step was to find the subdomains and the other domains, if registered.

Since it was the first day, I din't want to go into much of details, and so used the tools on the page http://member.dnsstuff.com/pages/tools.php to get more information on the web server. Using the Whois wouldnt have made much of a difference, since all the whois queries would return the same answer!

Used all the tools available on that page to check what all information I get my hands on.

After all this, I sat surfing their website, looking for more information about the company; their products, services, addresses .... anything, everything.

There is a pretty good addon to firefox, "Extract Links". It would extract all the links from the specified page and print it on a new tab, separating all the links and the domains. Through this, I found various sub domains of the company xyz. Pretty neat. I dint have to use much of the DNS tools to get the sub domains ;)

There is one more addon, External IP Address. This shows the public IP Address which you are using to connect to the Internet. Through this, I got the IP Address range which the company xyz uses! Simple, huh ;)

Lastly, having certain restrictions on surfing the web, I found the page www.torproject.org. I installed a client for this and started surfing without any problems! Yo! :D

Cheers :)

Microsoft Office 2007 running in Ubuntu via Wine

2009-02-26T01:10:00.000-08:00

Finally! I have been able to install Microsoft Office 2007 on my Linux (Ubuntu 8.10 Intrepid Ibex). This was the only lacking feature in my Ubuntu, a good office solution. Though I hate Microsoft, I like its Office solution.

So, have been searching and trying, searching and trying out various ways to install Office on Ubuntu, and finally, am successful! Shockingly, it’s pretty easy to install Office 2007 on Linux!

Steps:

1) Install Wine:

Wine is required. This is the basic requirement. If you dont have Wine, you cant install Office! It is currently in a development release. If you don’t have it already, here’s a quick guide.

Enter the following commands in the Terminal:

wget -q http://wine.budgetdedicated.com/apt/387EE263.gpg -O- | sudo apt-key add -

sudo wget http://wine.budgetdedicated.com/apt/sources.list.d/intrepid.list -O /etc/apt/sources.list.d/winehq.list

sudo apt-get update

sudo apt-get install wine

2) Install winetricks:

Winetricks is a small shell script which allows you to install a large variety of library and support files, and is available here. To download directly, type the following command:

wget http://www.kegel.com/wine/winetricks

chmod +x ./winetricks

3) Use winetricks:

This will setup all neccesary libraries that Office will need to run.

./winetricks gdiplus riched20 riched30 msxml3 msxml4 msxml6 corefonts tahoma vb6run vcrun6 msi2

4) Download Office

If you read this post, you’ll see some wonderful resources for downloading Office 2007 (just in case you can’t find your cd). If you have your own Microsoft office, you can use that too. No need to download it again.

wget -c http://download.microsoft.com/download/7/c/4/7c49b09b-d6f9-431d-9738-4c00aff11fc7/Enterprise.exe

5) Install Office

To use your own copy of Office, enter the command:

wine

If you downloaded (w.r.t Step 4), enter the command:

wine ./Enterprise.exe

Enjoy!

This install worked absolutley perfectly for me! Please feel free to comment if this worked for you, if you have any questions or comments, or if you need any help.

Thanks to: ~~http://kennethreitz.com/office-2007-in-linux/~~

http://www.programmerfish.com/roffice-2007-in-linux

Purchase Microsoft Office 2007 Professional at a good price from eCostSoftware UK.

Dell XPS M1530 Linux Touchpad Problems

2009-02-25T03:46:00.000-08:00

Many of you might have experienced the "highly hyper" behaviour of the touchpad while working on Linux on Dell XPS M1530. It seems there is a configuration problem for the touchpad.

Here, I rectify the touchpad problem in Ubuntu. The same solution can be used for other Linux distributions too.

1) Open the boot file: /boot/grub/menu.lst
Command Line Interface:
sudo nano /boot/grub/menu.lst
[sudo] password for username:

Graphical User Interface:
Press ALT + F2
Enter: gksu gedit /boot/grub/menu.lst
Enter the root password when asked.

2) Change the following line:
Before:
# defoptions = quiet splash

After:
# defoptions = quiet splash i8042.nomux=1

3) Run this command in a terminal (Accessories > Terminal)
# sudo update-grub
# [sudo] password for xxxx:

4) Restart the machine .... DONE! :)

For other distributions, instead of # defoptions, you might have to edit the kernel boot line.

Linux on Dell XPS M1530

2009-02-25T01:47:00.000-08:00

Contents:
Hardware Configuration
Installing Ubuntu 8.10 (Intrepid Ibex)
Drivers

Harware Configuration:
Processor: Intel Core2Duo T8100 (2.1 GHz/800 MHz FSB, 4MB Cache)
RAM: 4 GB (2 X 2048 MB) 667 MHz Dual Channel DDR2 SDRAM
Tuxedo Black LCD display with Integrated 2.0 mega pixel web cam
15.4" Widescreen WXGA (1280 X 800) TFT Display with TrueLife
256 MB NVIDIA GeForce 8600M GT
250 GB SATA Hard Drive
6-cell Lithium Ion Primary Battery
Internal 8X DVD+/-RW Combination Drive with dual layer write capabilities
Intel(R) 4965AGN Wireless-N Mini-Card
6-cell Lithium Ion Primary Battery

Installing Ubuntu 8.10 (Intrepid Ibex):
Requirements:
- Install media Ubuntu 8.10 32 Bit (Intrepid Ibex). You can download it from http://www.ubuntu.com/getubuntu/download
- An external mouse, if you aren't well versed with the keyboard shortcuts. Believe me, the Dell XPS M1530 touchpad creates a hell lot of troubles in Linux.

Steps:
1) Insert the Ubuntu disc in the DVD drive and start your computer. Press F12 to enter the boot configuration and boot from your DVD Drive.

2) Once the computer boots up through the Ubuntu media, you would see the screen. Select the language of your choice and press Enter.

3) Next, Boot options:
2.1) Try Ubuntu without any change to your computer: Live Boot to use Ubuntu without installing it on your computer. You can install Ubuntu after the Operating System (the Live OS) has booted up.
2.2) Install Ubuntu: It says it all. Install Ubuntu directly.
2.3) Check for CD Defects: Check your installation media before installation.
2.4) Test Memory: Test the memory of the PC before installation.
2.5) Boot from first hard disk: Boot normally from the hard disk and not from the bootable Ubuntu disc.

3) After selecting the option 2 (Install Ubuntu), Ubuntu would start its own installation daemon (something similar to Anaconda of Fedora). From here, you will get a Graphical User Interface to install Ubuntu. A screen would come up asking you to select the language of your choice. Select the language and press Enter.

4) After the language settings, you need to select the location where you are. This is required to configure the system time. Just keep your mouse over your location and the map would enlarge itself. For eg: if you are in Mumbai, India, just go to that part of the map (dont click) and the map would enlarge itself, providing all the locations available (timezones) of which you could select the nearest one.

5) Next, Keyboard layout. Select the default one ... USA - USA. You can select the others according to your keyboard type.

6) Partitions: We need to specify the partition on which Ubuntu should be installed. By default, it would resize one of the partitions (not sure which one) and use it to install Ubuntu. I suggest not to go for this option. Instead go for Manual partition. I would explain how to do that. Select the option and press Forward. Select the other options only if you are sure that it wont delete the other partitions on your system!

7) Once you are in the manual installation of Ubuntu, select the partition on which you want to install Ubuntu. Delete the partitions if there is some data on it.
Create 2 partitions here:
- Root Partition (/): Click the button "New Partition". A new window would pop up named "Create partition". Enter the size (in MB). Select the mount point as "/" (without the quotes, of course!). For this, use "Ext3 journaling File System" in the "Use As:" drop down list.
- Swap Partition: A Swap partition is used as a Virtual memory for linux. Preferably, it is double of RAM. But, if you have a 4 GB RAM, you can keep this to 2 GB. For this partition, use "Swap Area" in the "Use As" drop down list.

8) Finally, the partitions are created. 2 partitions as mentioned.
9) Once the partitions are set, enter other details (Name, Username, password, etc)

10) Finally, check your settings and click Install to install Ubuntu 8.10 on your Dell.

11) And finally, it installs the Operating System.

Once you boot into Ubuntu, you might encounter a touchpad problem. The mouse goes beserk once it is touched, flying all around the screen, clicking icons and buttons on its own. There is a way to repair this too ... wait for my next blog :)

I wanted to write this blog since long and finally, took out time for it. If you liked this, please comment :)

Happy Linux'ing :)

How to download Google Videos ...

2009-02-22T22:33:00.000-08:00

Watching Google/YouTube videos is a superb time pass ... everyone would agree. But, its not always we can sit and watch them online. Like sitting in a lecture (for students), or meetings (for students and professionals), or in any seminar in some company where you get high speed internet access. You need to download the videos for later availability.

Here are the steps through which you can download Google videos ... a small 5-6 step process:

- Open the Google Video (the page where you watch the video)
- Open the source of the page and search for "googlevideo". You would find yourself at a position similar to the example:

dmca: false},
'/googleplayer.swf?videoUrl\x3dhttp://v1.cache1.googlevideo.com/videoplayback%3Fid%3Dec1a3fc426e598a5%26itag%3D5%26

- Here, copy the link, starting from "http://v1......". Open a new tab/window in a browser and type:
javascript:unescape("the link which you copied from the source code")
and press enter.

- You will get a link on the page. Clicking the link would provide you options to save it on the computer (download it) or view it.

Have fun! :)

SCIT GD/PI 2008-10 NITI

2009-01-26T00:12:00.000-08:00

many queries coming up about SCIT GD/PI ... heres my GD/PI experience ... last year on the 2nd of February:

There were 2 GDs (Technical and Non Technical), 2 PIs (Technical and Non Technical) and a Psychometric Test. Total 12 in our group; 3 were absent. Total students = 150. Out of that 120-125 turned up for the GD/PI.

First GD:
Topic: Nice guys finish last. The GD was good. Everyone was adding good points. I summarized.

Checking of Certificates: Every mark sheet was checked - the 10th, 12th, 1st sem, 2nd sem, 3rd sem and the 4th (for me!). And if wanted, we could show other certificates too!

Second GD:
Topic: Made in India is not yet a brand.
The jury consisted of the Director of SCIT. All in the competitors were fighting, so she said that if we dint have a good discussion, she would disqualify the whole group. We then had a good discussion. Summarized by me again!

Psychometric Test: This test contained some questions through which the PI panel could know the nature of the student. There were 40 questions and 20 minutes were given to answer them. Questions mainly repeated after twisting them 15-20 times. They gave this test to decide the questions to be asked in the PI.

Lunch

Results: The GD was the elimination round. They selected 67 people for the PIs. Got selected for the PI :D
PI (Technical):

Questions:
1) Why MBA
-> To widen my horizon. I learnt the technical stuff in BCA and now want to learn how to apply them in the business world (exact answer).

2) What are the different types of topologies?
-> Silly Mistake. Explained LAN, WAN, etc. Then panel asked "are you sure". I replied "no" and gave the correct reply of Star, Bus, Tree, Mesh, Ring!

3) How to setup a network? Have you ever set up a network?
-> NIC and cable needed, with 2/more comps. Connect one computer via NIC to router. Do the same to another. Yes, I have. Got one comp from my friend's house and connected it. And finally, set the IP address.

4) What is NIC? Which is the best one in market? and why?
-> Device through which we can connect a computer to a network. Network Interface Card. Best is of D-Link. I came to know from various hardware dealers, my friends and teachers.

5) Which hardware dealers do you go to buy?
-> One near my house named New Wave Computers.

6) OSI layer? List all the layers. Explain Transport (I dint know so i explained Application and Physical).
-> They dint ask the full form. Bach gaya :). Remember "Please Do Not Touch Sexy Pamela Anderson"? I remembered that over there and wrote down everything. She asked me to explainTransport layer. I said i dint know since its 1 year i learnt that. So she asked me explainanything. So i explained the Application and the Physical layer.

7) My sixth sem project.
-> Explained the whole Project. She seemed really impressed :D

The success ( i thot so) of the technical interview was enough for me to appear for the HR interview with the best of me. I wasnt at all afraid, i was instead having fun with the 1st year students of SCIT.

PI (The HR one):

1) Where are you from?
-> I stay in Vadodara. My home town is in Kutch, Gujarat.

2) Then what is this Tanzania? (I had written in the form i filled for SCIT that my dad works in tanzania)
-> my dads business works over there.

3) what work?
-> my dad has a shop over there. Sells stuff like medicine, vessels and other general items.

4) Why not help him?
-> i want to remain in IT field and study more.

5) Hobbies - "Making software from my technical knowledge". What all softs have you made till date?
-> Digital Diary - containing calc, calendar, games, and an address book. the games consists of hangman, tic tac toe and cows and bulls.

6) explain cows and bulls
-> explained the whole game. (cont with the softs.) various microsoft tools like notepad, messengers, browsers, civiltech and the sixth sem project.

7) (curious about 6th sem proj) Explain.
-> explained the whole project. (impressed by the project :) ).

8) Which newspaper do you read?
-> The Times of India

9) There was something about Yahoo in today's (2nd feb) paper. you know that?
-> yes sir. microsoft is planning to buy yahoo to compete with goole. (explained it)

10) what do you think? can they compete?
-> no sir i dont think so. since google has established itself in the world. i think its too difficult to overthrow them or even compete with them.

11) who was the chief guest at the republic day at rashtrapati bhavan?
-> sorry sir, i dont know.

12) you said you read newspaper. that was on the front page.
-> i am a bit engrossed in my project (not exactly in these words).

13) How can Internet help in India?
-> In a lot many ways. Sites like google and wikipedia can be used to get useful information. a lot can be known from that. Remote areas can be accessed from internet. communication is possible. (dint speak on globalization :) ).

14) Any questions for me?
-> No sir, I dont have any questions, but just a few suggestions. Being a member of the BCA Training and Placement Cell, and the administrator of the BCA Web Site, I would like to givemy suggestions on the SCIT web site: scit.edu. They are: 1) Too many links on the home page which confuses people who have come for the first time. 2) The home page should not have any "flashy" things. There is this NEWS that flashes on the front page. This is unprofessional. 3) The word "Disclaimer" is added to every page. Thats fine, but the placing of that word is not proper. Sometimes it is between the text of that page, and sometimes it is far away from the text of the page at the bottom of the text. 4) The alumni corner doest work properly, just the main page works.

The interviewer was an external faculty. He said that he would deliver my suggestions to the people involved.

Then sir chkd the Psychometric test. No more questions.

FINISH. overall it was great. the students over there were great. They helped a lot. in all ways. helped a lot to reduce tension.

Hope this is useful for all people targeting SCIT ... all the best and cheers :)

What are REAL IT policies vs. What is actually enforced…

2009-01-03T22:35:00.000-08:00

(Evil Sysadmin laugh) Silly Users! You cannot escape my domain! I have been getting a whole lot of questions regarding… “Can I do this at work” or “Will I get caught if I am downloading…” and my all time favorite “If I look at a little pron will I get caught?”

Here’s a clue, most of the time, if we have the capabilities of remote monitoring, we’re not using them. Unless you do something to draw the Evil Eye of a Sysadmin, we just don’t care, we’ve got other things to worry about.

Now that being said, if you DO happen to do something to draw our attention, you’re dead in the water if you’re doing something wrong.

Here is a list of things that most Sysadmins don’t really care about:

Light Porn surfing (if it’s playboy type stuff) up to say 10-15 minutes a day, we just don’t care. We might be a bit entertained by your old woman or tranny fetish, but chances are, nothing to really worry about. Unless you owe us money. Just be aware, we know what you’re doing.

Reading news sites, or shopping online. Again, we just don’t care. Most of our days are spent in one of two modes; putting out fires, or preventing fires.

Circumventing the proxy to go watch that really funny YouTube video your brother sent you in your corporate email. If you’re smart enough to do it, more power to you. If you didn’t do it exactly right, the Evil Eye is turning your way right now. If it’s just a funny YouTube video, no big deal. If you’re logging into hardcore pr0n sites to download videos, and eating all the T1 bandwith, your fapping is about to be seriously interrupted. It might even be something like total computer failure, which we will conveniently be able to pin to the pr0n you were downloading.

If you have thus far managed to evade the Evil Eye, good job! Here are some things that will draw down the Striking Hammer Of God:

Illegal pr0n. If she could be your daughter, or our kid sister, you are toast. We don’t just get you fired, we call the FBI and let them arrest you. If you (sick bastards) are unlucky enough to get a Sysadmin like me, you first get the living shit beat out of you, then you get to deal with the Feds.

Illegal pr0n. If the “man” of the pr0n is named fido, we call the FBI and again, probably beat the crap out of you for good measure. We definitely make sure that EVERYONE in the company (and likely your spouse, and/or family) know what you were doing, and why the men in suits have come to take you away.

Downloading illegal music. Not cool man. Not at work. Yeah we have a T1, but it’s not your personal playground. Expect to have the music mysteriously disappear from your machine overnight, and forget being able to do anything like that in the future, we just demoted you to the Guest account.

Listening to streaming music. Ok, so yeah it’s not illegal. But you and your 10 brethren have just filled our T1, and effectively DoS’d the email server. If you want music, bring it from home on a portable hard drive, and don’t copy it to the machines. Just play it from the hard drive.

Installing or running any port scanners, or downloading anything that might be considered a “hack” tool. Congratulations, you just pissed IT off, and will likely be locked out of the network shortly. I’ve got enough to do without wrangling your script kiddie ass too.

Heavy pr0n surfing. Like 5-6 hours a day heavy. Dude, just stop. You are likely going to be visiting some websites that are, ummm, less than legit, to get in that amount of pr0n every day. You are going to end up getting that machine infested with virii and spyware. You might even actually inadvertently compromise the corporate network. If that happens, do you really think that anyone is going to let that slide? I’ve actually had to explain to the boss why you need to be fired before your little problem destroys the network, and I don’t really care to discuss what you’ve been looking at (you mean there’s more than one person that looks at THAT?!?!?) with my boss.

Even if I’ve been cool enough not to filter out web content, the boss is going to want to know how you were able to view this stuff. Rather than blow it for everyone, I am going to do the right thing. I am going to lie my ass off. You must be a hacker, because you’ve been able to circumvent every filtering method I’ve set up, and I have logs to prove it (believe me, I have logs to prove ANYTHING).

The short answer is, if we’re watching you, there is no escape. Between hardware keyloggers, and specialty software that is designed to be undetectable (which is extremely hard to find even to buy), we will catch you.

If you are doing something that is in a grey area, take your Sysadmin out for lunch a couple times, or for a beer, and find out what the real policy is (the one that gets enforced, not the one in the manual). Hell if we like you, we’ll let you get away with alot more than if you’re a dick to us in the hall.

ORIGINAL POST: http://www.asktheadmin.com/2008/12/what-are-real-it-policies-vs-what-is-actually-enforced.html

Certifications ...

2008-12-29T00:49:00.000-08:00

Certifications. Hearing the word Certifications, everyone hopes to have a few to make their resume look colorful. But what I would like to ask that does it make any difference? If yes, what difference does it make?

I learn everything they teach in CCNA from college; another friend goes for the Certification of CCNA. What difference does it make? The friend paid 250-300 or maybe $1000 too for the same thing which I did. We both have the same knowledge! How does it make a difference?

A few days ago, me and a friend of mine, Tushar Dalvi planned for a certification of Ethical Hacking, CEH. There are 2 versions of CEH which we can opt for 5 and 6. We finally decided to go for v5, since v6 is too extensive.

For me, certification is just like learning something new. CEH, CCNA, SCJP, everything means learning something new. I appeared for Ankit Fadia Certified Ethical Hacker (AFCEH) course, I failed by a mere 0.4%. Fine. But the knowledge I got from it, the things I came to know of networking ... it was superb ...

I had planned for CCNA, RHCE, CEH when I started my MBA in IT ... (believe me, I dont know why I am into MBA). Why all this? Just for the fun of it; just to learn more; just to keep myself busy ... strange? yups, i agree. A friend of mine told me, if you are going for RHCE, going for CCNA isn't logical, both are opposites. But a few days ago, I came to know that CCNA is somewhat related to Network Security. I dont know who is right! Guess, will have to jump again into planning.

CEH? Well, had planned for v6 which is 300% of v5. Tushar told me to first go for v5 and then v6. Nopes, i am an arrogant person, I would directly jump to v6. Thankfully, my bro, Shilen Ramaiya, explained me not to directly jump 10m. First start from a meter. Accepted v5. Hopefully would be appearing for it in 2-3 months.

Had a BackTrack session on the 8th of December where this superb person gave a lecture. Mr. Kunal Sehgal. He gave a superb presentation on BackTrack. He is a certified BackTrack professional. When he told us how the BackTrack certification is held, I was all geared up and determined to appear for the exam. The BackTrack exam, according to Kunal, is a 24 hour practical examination, where you have to break into a server. Cool ... fun ... lets see it then. But well, apart from the difficulty of the endevour, I also want to be the best in Network Security and Hacking, and hence the interest in this Certification.

Tushar also asked me to take CCNA with him. The same day, a new subject started in my 2nd semester, Internet Routing Protocol and Architecture. Discussing if I should go for it or not, he told me that there is a difference between in having a certificate and not having a certificate. I havent learnt it till now. Anyone there to help me out?

SCJP. That was one certification that I had planned in my 3rd semester of graduation. After learning Java for just 6 months, SCJP seemed to be something superb. I love Java. I used to write all my programs in it. I used to sit on the computer only to work on Java; why? I loved it. But till date I havent been able to appear for SCJP.

I even wanted to get a few Microsoft certifications (MCSE, MCSA, etc) when I was in my grad school. Again, just for the fun of it!

Any answers?

ClubHack

2008-12-26T03:55:00.000-08:00

It was 8:30 in the morning of 7th day of December when I, as usual, woke up and went down to the mess for my breakfast. After picking up my plate and taking bread-butter-tea, I reached the table where my class mates were sitting. It was a normal day for all! Then came up Utkarsh's question, "We have a workshop on hacking, are you interested to join me?" I could not believe what he just said, and so I asked him to repeat what he said ... "Are you interested to attend a hacking workshop with me?" "Of course I am! I am all ready for it, just tell me the time and the place." ... "Be ready by 11am, we will leave by the 11:15 bus" ... "sure! :D".

While going back to my room, I just pondered over the thing I have always wanted. I wanted a group, a group with whom I could learn new things (related to hacking and security, of course). A group with whom I could sit all day and night sitting in front of the laptop and doing "geeky" stuff, with whom I could share all my hacks and "cracks". Well, seems here is a start for me.

(hey ClubHack people, dont read this part):
On the way to the destination, I was told that we are going in for free, thanks to one volunteer, Amit Tripathi, my senior. I attended around 4 lectures that day (where each cost Rs. 1000!), whereas Utkarsh seemed to be bored of just one. Believe me, it was great to attend the workshop, it was ultimate to be around those superb people of whom I had only dreamt! The same day, I met Mr. Rohit Srivastwa. Asked him how to join ClubHack. I was surprised to hear the reply, "... there is no "membership" here. Its just like a friend circle, without any boundary. If you want to join a security and hacking community, theres Null, a Network Security group ...". He introduced me to Mr. Aseem Jakhar, the founder of Null. I decided to attend the Null meet the next day, after listening to him.

The workshop spanned 2 days, first day was for theoretical knowledge, the 2nd for practical things. After reaching home the first night, I called up my dad to get Rs. 1000 for the next day (of course you cant expect them to allow me free entry 2 days!!) Getting dad's green signal (thanks a lot :D) I went into the workshop the next day full excited (well, I did skip my breakfast that day). Got my registration done, got a T Shirt, and went into the first practical seminar. This was followed by the Null meet. There were quite a few people, around 10.

After that workshop, I attended a lot many workshops by different groups, OpenSocial Developer Garage, Null Event (i was a volunteer) .... etc, etc, etc.

In short, these two days have been the best of my life. I got to know a lot many people here, Vipul Kalia, Tushar Dalvi, Tara, Aseem, Murtuja, Rohit, Ajit, Priyank, Vishal.... many, many ... and got to know about many groups of Pune too, PLUG, POCC, etc, etc, etc. This "friend group" without a boundary seems to be a superb one. Everyone seems to be getting along with each other pretty well! (Except for Vishal, he robbed me of my Google Cap!!! I will kill you, Vishal)

Thanks a lot Utkarsh ... :)

... Merry Christmas ...

2008-12-24T20:59:00.000-08:00

Jingle bell, Jingle Bell, Jingle all the way ....

Reminds me of my school days. We used to have a huge party on the 25th of December (a week after my birthday) :D. It was great fun, used to get gifts; no more!! :)

I do have socks but they aren't hanging anywhere, instead, they are near my shoe rack, filled with dirt :D ... guess, i don't think Santa is going to come to my room :)

Still, merry christmas to everyone out there :) ... enjoy the day :)

Protect your identity ... Identity Theft Labs' advices

2008-12-24T20:46:00.000-08:00

It is in everyday newspaper that we read about the theft of credit card information, but do we do anything to prevent it? In countries like USA and UK, people do not give their Credit Cards to the cashier to swipe it; instead, they do it on their own, least the cashier swipes the credit card for his own interest in some other device. When can this be started in India?

Given below is a blog post from http://www.business-opportunities.biz/2008/12/23/identity-theft-labs-shares-some-advice-on-how-you-can-protect-yourself/. Read it; its important for all of you using credit cards ...

Although it is not strictly business related, identity theft is no stranger in the world. It is a problem that has hit a variety of people within all income levels. Unfortunately many people don’t realize what they should do until after it is too late. If you do the work, there are ways that you can protect yourself. However, if you don’t have the time or patience, there are paid services available that can do the work for you.

I recently spoke with John Armstrong, the owner of Identity Theft Labs, about identity theft and what we can do to protect ourselves.

What are some of the top tricks that thieves have used to steal someone’s identity?

To steal someone’s identity you must first obtain their private information and identity thieves use all sorts of tactics from dumpster diving, shoulder surfing, credit card skimming, stealing - purses - wallets - laptops - data storage devices, phony websites, phishing, impersonation, break and enters - house and car, hacking and viruses.

The most interesting case, in my view, just happened recently in Europe. Even the Wall Street Journal did an article on this one. A Pakistan identity theft ring placed a 4 ounce card capable of wireless communication under the motherboard of credit card readers made in China and distributed throughout Europe. It captured credit and debit card details including passwords and uploaded the information to a server in Pakistan. This was a very sophisticated ring that luckily got broken up due to the curiosity of one person otherwise it may have been undetected for a long time. The device included an intelligent program that sent the information sporadically and could even be told to lay dormant to avoid detection. An initial investigation found hundreds of these devices that could only be detected by weight as there were no visual clues of a tampered credit card reader.

Joel F. Brenner, the U.S. government’s top counterintelligence officer said “Pretty small but intelligent criminal organizations are pulling off transnational, multi-continent heists that only a foreign intelligence service would have been able to do a few years ago.”

It is important to realize that Identity Theft is big business costing the US economy $50 billion a year. Identity thieves vary from the low life criminals going through your trash to sophisticated multi-national criminal organizations.

Do you have any tricks that someone could use on their own to help prevent this from happening?

The single biggest tip I could give is to become aware of the problem of identity theft and start safeguarding your personal information in every way possible, especially your Social Security number. Only give this out where necessary.

Unfortunately, even if you followed an extensive list of tips to protect your identity, your information may still get in to the hands of a criminal. Data Breaches in the United States have exposed the private information of over 200 Million Americans in the last three years and breaches occur weekly if not daily.

Obviously, you still want to reduce your risk and so I advise everyone to shred personal documents, make sure your online activities are secure and most importantly order and review your credit reports for any discrepancies. Additionally, a fraud alert is a simple yet effective tool to protect your credit.

What should they look for in a paid service? Why might this be a better option?

Though a paid service can help protect you in ways you cannot many of the services they provide can be done for free if you are willing to do some legwork. One of the big advantages of a service is that you are provided identity theft insurance or a service guarantee. There is no way to fully protect your identity so this is a big plus and gives many consumers peace of mind and financial security.

There are essentially three types of paid services that can be divided up by their main means of identity protection ? fraud alerts, credit monitoring, database scanning. The best companies usually combine two of these options and this is something I would definitely look for in choosing a company. Other things to consider are the guarantee or insurance provided, what is done on your behalf if you do become a victim, what exact steps are taken to prevent your identity and credit from being stolen. If you are looking at a credit monitoring service make sure they monitor all three bureaus daily.

What actions would put someone at a higher risk of having their identity stolen?

Again it comes to awareness and making a conscious decision to protect your personal information. A lot of people, companies and institutions still use the Social Security number as a means of identification. This has got to stop as it a key piece of information for identity thieves and the exposure of your SSN can put you at great risk.

What kind of information may we find when we visit your website?

Identity Theft Labs is a great resource for tips on identity theft prevention as well as information on the risks that are out there. We pride ourselves on providing unbiased reviews of the best identity protection companies and we point out the differences in each to aid the consumer in choosing the right service for themselves and their loved ones.

Before someone pays for a service, what are some of the most important features they should look for in a company?

The most important features are: fraud alerts or credit monitoring, a guarantee or insurance, support ? preferably trained Americans, credit reports, black market internet scanning, database scanning and identity restoration services.

I understand that Identity Theft Labs is not an actual service on its own, but helps others by recommending some of the companies available. What are some of the companies that you represent?

We review LifeLock, TrustedID, Identity Guard, Debix, Identity Truth and some credit monitoring services from the credit bureaus. We continue to monitor dozens of identity protection companies but only include what we deem to be the best services on our website located at http://www.identitytheftlabs.com. For most services we provide discounts as well.

Do you think you’ll enter into any other form of business or is this it for you?

Identity Theft Labs is a business and a passion for me. I do not see myself leaving this venture for a long time but at the same time would not rule out diving in to something else if the right opportunity came along. The problem with new ventures is that they are often very time consuming and I would prefer to find an opportunity that could co-exist with what I am doing now.

What has your business taught you?

Entrepreneurs either know or quickly find out that there is no limit to the number of tasks that need to get done. No matter how fast or hard you work there is always more. As such we quickly learn to prioritize our tasks to make sure we are focusing on what matters most or the tasks that will have the most impact. We also learn that at times you have to take a step back to evaluate and recharge your batteries. It took me a while to realize that we have to do this in life as well. As a husband, father and friend there are always a lot of expectations concerning your time. By prioritizing based on what is truly important and taking the time on occasion to look at the bigger picture and rejuvenate yourself I believe you become a better person, husband and father.

If you had the opportunity to retire tomorrow, would you? Have you done everything in business that you’ve wanted to do so far?

In my younger days I always stated that if I won the lottery I would retire. You know, the old you work to live not live to work philosophy. I hate to go back on those words but I would not retire tomorrow, earlier yes, but not right away. Right now I am passionate about business, about internet marketing and about Identity Theft Labs, it is enjoyable, and a large part of me wants to see it through to the end. I think a large part of this is that I have set out to accomplish certain goals and have a strong desire to achieve them.

Null

2008-12-23T02:02:00.000-08:00

The very first event of Null was a huge success. It was well appreciated by everyone.

The event was held on the 21st of December at I2IT. The clerks (the volunteers) were already there at 830. The most amazing thing was that the group founder and the co-founder, Mr. Aseem Jakhar and Mr. Murtuja were already there before 830!! Cheers to them ... make the way ... :)

Ok, then started the lectures ... we never expected such a huge crowd of around a 100 people! On the very first event, Null made a century! cheers, once again :)

First, came up Aseem to give an intro on Null and Network Security. The presentation was well appreciated.

Next came up Mr. Rohit Srivastwa What to say about him! The very first paragraph contained the keywords on how vulnerable WEP is, and how to go about getting the key! The whole crowd was excited to see this, since till date the students have only been taught theory stuff!! Hey guys, you have clubhack and null for this only, come and join it :) (marketing learnt from tara :))

Ok, so high from the previous lecture, the crowd gathers around Rohit to clear their doubts and grab a copy of BackTrack, their saviour for future WEP endevours!! A break follows.

Next in line comes Mr. Ajit Hatti to talk on Application Security. A pretty good presentation, hitting directly on the developers who write code which is fast and not complex, but dont focus on the security part. Worth watching, worth listening, and ofcourse, worth implementing what he said.

The last topic for the day, NMAP and TCP/IP was taken up by Mr. Murtuja. He did a pretty good job, increasing the excitement level of the audience by getting access to a gmail account through ARP poisoning, all practically and in front of the audience.

Then comes the lunch part. Well, in short, it was a mouth watering food :P

All this time, the clerks were just having fun!! cracking jokes, clapping to cheer the presenters, clicking pics, preparing the stickers, tshirts, etc, etc, etc ... :P

As a whole, the first event of Null was pretty good success. Cheers to all :)

The hospitality of I2IT was beyond par! The escorts, the food, the hall, resources ... nothing lacking from anywhere.

For registration, visit the site www.null.co.in

People behind all this
- Mr. Aseem Jakhar (Founder)
- Mr. Murtuja (Co-founder)
- Mr. Rohit Srivastwa (Founder - ClubHack)
- Mr. Ajit Hatti

Special Thanks to:
- Mr. Tara Lodh
- Mr. Vipul Kalia
- Mr. Abhishek Nagar - he got an audience of 15 people himself!! cool enough :)

oh ya, dont forget me ... special thanks to me too :D

cheers :)

Linux vs. Dell XPS M1530

2008-12-21T19:43:00.000-08:00

I have been trying since 5 months to install Linux on my Dell XPS M1530. I have tried around 4-5 distros, but the touchpad created a hell lot of problems (though I am an all-keyboard type person). Finally, yesterday, I was able to get my touchpad work properly.

Configuration of my Dell:
- 2.1 GHz Intel Core2Duo Processor T8100
- 4 GB RAM
- 8600 GTx NVidia GeForce Graphics Card
- etc, etc, etc ...

The Distros I used:
- Fedora Core 9
- Suse 10.2
- Mandriva
- CentOS
- Ubuntu (finally using this one)

Steps:
- Open the file /boot/grub/menu.lst in admin previledges, you can do this using and editor
------- ALT + F2
------- Type /boot/grub/menu.lst
------- Enter the root password (if asked)

- The file will be opened in an editor. You need to change a particular line in there
----- Before: # defoptions = quiet splash
----- After: # defoptions = quiet splash i8024.nomux=1

- Another thing that needs to be done is the following command to be executed in the terminal
----- sudo update-grub
----- password for xxxx: root password

Restart the machine.

This worked for me. Hopefully it would work for all out there.

Would like to thank this post and the writer:
https://answers.launchpad.net/ubuntu/+question/34253

You can also check this link:
https://wiki.ubuntu.com/InstallingUbuntuOnADellXPSM1530

Cheers :)

Long time no see!!

2008-12-21T19:14:00.000-08:00

Its more than 6 months that I haven't written in this blog of mine. Seems this is the right time to start blogging. Having got into contact with various groups of Pune, like ClubHack, Null, POCC, PLUG, and loads more, it seems i do have some work at last. And yes, this time I am pakka that I would keep on posting stuff here.

Cheers :)

Blog?

2008-04-18T08:49:00.000-07:00

Everytime I start coding, in any language, I first open Google... the one word answer for all questions ... and start searching for all parts of my code which i am unable to do it myself... and believe me, I get everything there!! so i thought, if i use all this, why not give something to it too, so that everyone else can use it... hence, this is a blog created for all my technical stuff i have done till now... everything, all self motivated projects, all hacks and cracks, everything. enjoy coding... the best thing in life. :)

Green IT

2008-04-15T21:42:00.000-07:00

For our 6th sem project, we are working on a new concept named Green IT.The project is a huge one... might take up around 2 years...

Green IT refers to environmentally sound IT. It is the study and practice of designing, manufacturing and using computers and other support systems efficiently and effectively with no or minimal impact on the environment.

This project will help any business... yes any ... to ensure that their industry... their business confirms with the norms set up by the government. Any business can just take up this software and ensure that they are going GREEN.

The technologies we are using in this project are:

Designer Tool: Unified Modelling Language
Microsoft .NET Framework 2.0
Microsoft Visual Studio 2005
RDBMS: Microsoft SQL Server 2005

Meet the Geeks

2008-04-15T21:17:00.000-07:00

yo... meet the 3 GITs... Green IT Revolutionaries...

Siddharth Bhargava (aka Bhaalu)
Vivek Shrinivasan (aka Uncle)
Kinjal Ramaiya (aka Ramu)