Oct 31, 2008

Web-Harvest

Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. It is normally called Web Scraping or Web Data Mining.

It leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Web-Harvest mainly focuses on HTML/XML based web sites.

Gmail Modes


>>>> From Google Operating System

If you can't access Gmail, try some of these URLs:

Safe mode - http://mail.google.com/mail/?labs=0. It disables the experimental features from Gmail Labs, just in case some of them are buggy. You can remove some of the features from Gmail's settings page.

Secure mode - https://mail.google.com/. It encrypts the traffic between your computer and Gmail's servers. Use it from public computers, Wi-Fi networks or to bypass some proxies and web accelerators. There's a Gmail setting that redirects the standard version to the secure mode ("Always use https").

Older version - http://mail.google.com/mail/?ui=1. This version has been replaced in October 2007 by a rearchitectured Gmail, but the old version is a little bit faster.

Basic mode - http://mail.google.com/mail/?ui=html. It's the version that doesn't use JavaScript, so it loads faster and it works well with older browsers. Unfortunately, many Gmail features are missing (contacts autocomplete, chat, spell checker, rich formatting) and each click loads a new page. If you like this version, click on "Set basic HTML as default view" at the top of the page.

Mobile mode - http://mail.google.com/mail/?ui=mobile or http://m.gmail.com. This is a simplified Gmail interface for mobile phones that has even less feature than the basic mode. Use it if no other Gmail mode works for you.

iPhone mode - http://mail.google.com/mail/x/gdlakb-/gp/. A more user-friendly mobile version for iPhone and other mobile phones that use WebKit-based browsers.

iGoogle gadget - http://www.google.com/ig/gmailmax. This was mentioned here before. It is a canvas view for the updated Gmail gadget which can be found in the new iGoogle. Some people found that this interface bypasses most corporate filters that prevent them from accessing Gmail at work.

"No browser checking" mode - http://mail.google.com/mail?nocheckbrowser. If you use a cutting-edge new browser and Gmail serves you the basic HTML mode, try this URL to bypass browser detection.

Command Line mode - http://goosh.org/. This is for UNIX users.

Two Database Audit Tools

Today I found 2 audit tools for database: SQLAudit and DBAudit.

SQLAudit is made up of two .NET 2.0 Assemblies: SqlAudit.dll and SqlAuditGenerator.exe
T-SQL Script Generator for SQL Server 2000/2005 to Allow Auditing on Database Tables using Triggers and Additional tables for Auditing.

DBAudit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.

Oct 27, 2008

Microsoft Windows Azure

Today Microsoft announced Windows Azure, a new version of Windows that lives in the Microsoft cloud. You won't be running Windows on your PC over the internet with Azure, though; instead the platform is intended to help developers host and distribute software running over the internet.

Windows® Azure is a cloud services operating system that serves as the development, service hosting and service management environment for the Azure Services Platform. Windows Azure provides developers with on-demand compute and storage to host, scale, and manage Web applications on the Internet through Microsoft® data centers.

We can use Windows® Azure to:
  • Add Web service capabilities o existing packaged applications.
  • Build, modify, and distribute applications to the Web with minimal on-premises resources.
  • Perform services (large-volume storage, batch processing, intense or large-volume computations, etc.) off premises.
  • Create, test, debug, and distribute Web services quickly and inexpensively.
  • Reduce costs of building and extending on-premises resources.
  • Reduce the effort and costs of IT management.

Oct 10, 2008

Comparing Smartphone OSes

An article to about the most popular smartphone operating systems by Gizmodo. It illustrates the pros and cons for the top OS used in smartphones today: Android (by Google), Blackberry (by RIM - Research in Motion), iPhone OS X (by Apple), Windows Mobile (by Microsoft), Palm Garnet, and Symbian (by Nokia).

Oct 6, 2008

Steganography Without Steganography Tool

Today I learn the most simple way to create steganography, without any steganography tool. Don't you think this is cool? It allows you to bypass most of the forensic checking or DLP solution, and the best part is to make the system administrators mad.

Here's the step to follow:
  1. Prepare a innocent JPEG file and a list of confidential documents (pdf, doc, ppt, xls).
  2. Compress the list of confidential documents using any archiving tool, 7-zip, WinRAR, WinZIP, said confidential.7z (this works the same for RAR/ZIP/etc).
  3. Optional, you can remove the extension of the archive file if you want.
  4. Now issue the command to join the JPEG file and the archive file.
copy /B innocent.jpg+confidential new-innocent.jpg

The new-innocent.jpg file will embed the confidential documents and is ready to be distributed. To retrieve the documents back, simply open the new-innocent.jpg file with any of the archiver tool and extract the files.

You will notice the size of the new-innocent.jpg is the total of the innocent.jpg and the confidential.7z.

If you open the new-innocent.jpg with any graphic editor, try to save it once, all your "attachments" will lost.

Oct 3, 2008

Cracking one billion passwords per second with NVIDIA video cards'

>>> From the page Cracking one billion passwords per second with NVIDIA video cards:

Cracking one billion passwords per second with NVIDIA video cards

The new release of Elcomsoft Distributed Password Recovery reaches the recovery speed of one billion passwords per second by employing several NVIDIA video accelerators. Today's video cards such as NVIDIA GeForce GTX280 can process hundreds of billions fixed-point calculations per second. Add as much as 1 GB of onboard video memory and up to 240 processing units, multiply it by two by using a couple of NVIDIA cards, and enter the whole new world of super-parallel computational power for just a few hundred dollars. Unlike NVIDIA SLI mode, ElcomSoft has figured out how to unleash the computational power of several NVIDIA cards no matter whether or not they are of the same kind.

Until recently, the abundance of highly parallel, super-scalar processors in 3D graphic accelerators could only be used for gaming. Today, ElcomSoft has found a way to reach into the future. The company has figured out how to put computational power provided by several NVIDIA boards working together to crack many kinds of passwords.

In February 2007, NVIDIA launched CUDA, a developer's kit that gives software developers access to the parallel processing power of the GPU. Modern NVIDIA GPUs act as powerful, highly parallel multiprocessors, with huge shared memory and cache.

Elcomsoft Distributed Password Recovery can recover a variety of system passwords such as NTLM and startup passwords, crack MD5 hashes, unlock password-protected documents created by Microsoft Office 97-2007, PDF files created by Adobe Acrobat, as well as PGP and UNIX and Oracle user passwords. With the newest GPU acceleration upgrade of Elcomsoft Distributed Password Recovery the passwords will be recovered up to 25 times faster than by using CPU-only mode.

Oct 2, 2008

Some Useless Google Chorme's Switches

There are 2 useless switches in Google Chrome command line:
  1. "-no-sandbox" allows Chrome to launch and work well, although with some diminished security in that each tab is not as restricted to its own sandbox.
  2. "-remote-shell-port=100". Not sure what you can do with it. But you can start telnet to localhost at TCP port 100 to get a Chrome prompt. No login is required.

Oct 1, 2008

SecApps

So what is Secapps? Secapps is the new home of the GHDB - Goolge Hacking Database. It will also be the new home for several other tools and perhaps an user-supported index of external tools. It is sponsored by GNUCITIZEN.