G Duy 's Blog: April 2006

Saturday, April 29, 2006

Future is Browser

[Integrating my blogs into one blog: This post is copied from my other blog]
Google has declared the war against microsoft by offering money to those site who will put the "Download Firefox" add. This is more important because its timing, this news came soon after the release of IE7(beta) by Microsoft.

I think the browser and http technology is yet to evolve. Application software will be going to be the fully web enabled. And that is why the role of browser is crucial and person who will win the browser race will be overall winner.

Google’s 'Explorer Destroyer'

Google’s 'Explorer Destroyer' movement aims IE

Google has lunched Explorer Destroyer campaign. Here in this blog I have quoted the various texts from different sources that says some thing very much interesting .

What is It?

According to the Explorer Destroyer Web site, the group offers Web-site owners scripting technology that detects whether a visitor is running IE. If so, an alert will appear advising the visitor to download Firefox so they can either view the site better or view it at all. Whenever a visitor to a Web site using the group's technology switches to Firefox from IE, the owner of the Web site will get the referral fee if they have signed up for.

How it works?

There are three types of alerts site owners can put on their page--"gentle encouragement," "semi-serious," or "dead serious."

If a Web site owner chooses "gentle encouragement," site visitors who are using IE will see a banner across the top of the page that encourages them to download Firefox. A "semi-serious" site will put up a splash page encouraging a user to download Firefox, with a link for downloading Mozilla's browser as well as a link to the Web site.

Those who choose the "dead serious" alert actually block users with IE from viewing the page, informing them they must install Firefox to view the site. View a demo of what happens when a user clicks on a site with this rating.

Reactions

"Everyone likes a good horse race--even when the race is fixed. That's about how I see the supposed race between Internet Explorer and Firefox. Ever since IE was included with Microsoft's operating system, its dominance has pretty much been a done deal. But that doesn't mean the front-runner should sit back and rest on its laurels. And up until now, that's what Microsoft has been doing."

"Just as IBM finally got that suits and white shirts and shiny shoes don't project a friendly image at trade shows, Microsoft seems to have finally understood that just shipping a browser along with its OS isn't going to guarantee that people will use it. So as Ed Bott reveals in "IE7 For XP Beta 2: Has Firefox Met Its Match?" Redmond has added a few interesting features to its venerable browser, such as tabbing and some additional security protection. (Which it needs--IE is still the number-one target of malware writers.)"

"I think IE 7 brings the browser to parity with Firefox in terms of features, and the security is a big improvement over IE 6," said Matt Rosoff, an analyst with Directions on Microsoft "I think it will be good enough to stop some of IE's market share loss to Firefox."

However, Microsoft's history is replete with examples of the company using its financial and distribution muscle to overpower smaller competitors. It used such tactics with devastating effect in the first round of the browser wars in the 1990's, when it challenged the once dominant Netscape browser and eventually drove it out of business.

Information Week ran a comprehensive test of both browsers and concluded that Firefox was still slightly ahead especially for technology savvy users like programmer Mitchell Adams.

Tuesday, April 25, 2006

Microsoft Windows: Window mechanism has flaw

"The GetWindowText function copies the text of the specified window's title bar (if it has one) into a buffer. If the specified window is a control, the text of the control is copied. However, GetWindowText cannot retrieve the text of a control in another application."

This is what described about the GetWindowText API in MSDN Documentation. GetWindowText API can not retrieve the text of a control in some other application. But this restriction was introduced since the Windows 2k/XP. So in XP and 2K you can not retrieve the text of a password control from other application. So to overcome this restriction many applications like PasswordSpy uses dll injection technique on Xp and 2kp versions. Now I found another way that can be easy than dll injection to retrieve the text of window controls of some other application.

The CloseWindow function minimizes (but does not destroy) the specified window.

BOOL CloseWindow(

  HWND hWnd   // handle to window to minimize

);

CloseWindow function minimizes the windows whose handle is provided as argument. Even it can minimize the control window of some other application (process). Now flaw of windows mechanism is that whenever a window is minimized it shows its text as its minimized caption. So if you will minimize the password control of some other application by calling CloseWindow api you can see the password of the that particular window (control). So no more need of dll injection for spying the password.

Tuesday, April 18, 2006

Wipro Q4 net profit

Wipro Q4 net profit has rose 43% on a year-on-year basis. The company today reported a consolidated net of Rs 617.90 crore for the quarter ended March 2006 when compared to Rs 433 crore in the corresponding quarter a year ago. The Q4 total income increased 35% to Rs 3,113.20 crore from Rs 2,312.10 crore in a year ago period

For Year 2006 (FY06) consolidated net profit was up 27% at Rs 2,067.40 crore from Rs 1,628.50 crore in FY05. The total income grew 30% to Rs 10,625.80 crore as against Rs 8,169.80 crore.

The company's board has proposed a final dividend of Rs 5 per share.

Azim Premji, chairman of Wipro, said: "We look back at our performance in 2005-06 with immense satisfaction. It was a year in which we crossed several landmarks - including Rs 10,000 crore in total revenue, $2 billion mark in IT business revenue, Rs 500 crore quarterly profit, 5% revenue contribution from innovation initiatives and team size of 50,000. With all Wipro businesses delivering industry-leading growth rates, we were able to post record revenue and profit growth. Looking ahead, for the quarter ending June 2006, we expect revenue from global IT services business to be approximately $533 million."

This is great news for me. Basically I don’t know how these results are going to affect us. but one thing is sure that these result will be encouraging for the employees and shareholders, and also for me since I have to join Wipro in next June/July as a trainee.

I am tracking wipro's results since the day i was placed in the Wipro. I saw this year's Q2, Q3 and now Q4 results.

The Q2 result was not that much encouraging because the rival companies (like Infosys and TCS) made more profit than wipro.

The Q3 result was bit encouraging. in fact the results were better than rival compainies on %tage basis. since we can not compare the infosys and TCS on the absolute basis as there net capital is more that that of Wipro.

Between the Q3 and Q4 Wipro made some of the acquisitions. You can read my quoted text which wrote in my yahoo 360 blog.
"It's a takeover week for Wipro. After lying low for almost two years, Wipro is deep into the acquisition mode and has devoured two companies within four days. On Thursday (December 22, 2005), it acquired New Jersey-based mPower Inc, for all cash payout of $28 million, even before the ink had dried on its three-day old $56 million purchase of Austria-based NewLogic.In a space of just one week, it has shelled out nearly $100 million to entrench itself well into the financial services (mPower) and wireless design (NewLogic) sectors. "

Wipro also bagged the 300b deal from GM and Rs360 crore outsourcing deal with HDFC Bank.

Now in q4 the results are really encouraging......

Tuesday, April 4, 2006

Google Page Creator

After a long time, I found this service of Google on which I want to put some comment. Since Google expanding its business area and its started many service. like Gmail, Personalized Search, Google Earth,Google Reader, Google Analytics... and much more.

All these services are really amazing....

I think at least 4 weeks ago I came to know that the Google have launched its new service Google Page creator from its site http://labs.google.com. I immediately rushed to get the service but I disappointed to know that the service in not opened for all due to resource problem. No Problem!! I have submitted my request for it., and yesterday I got the mail from Google that now I can get the Page Creator Service.

I started with lot of enthusiasm and excitement but I found that this service got nothing new except the browser embedded editor and a space to host your personal pages.

I think now the Google become the same old kind of company who always brings the older concepts to business. I mean I didn’t find any thing interested in this new service of Google.

Hacking Contest

Hi all,
Last few days were very hectic for me because I was preparing the website for hacking contest to be organized in my college. The website that I have built could be one of the best examples of my programming skill. Before building it I listed all kinds of the scenario that may happen during the contest, so in taking care of everything I have built this web application in ASP.net. Website had total 10 levels of increasing complexity. Here in this article i have discussed those 10 levels.

Level-0
At level zero it was nothing to do. Here I put the password of the level in comment of the html source of the page. So anybody who will go to see the html source can pass this level.
Level-1
Level-1 was very similar to level-0 the only difference was that instead of the keeping the password in source of html I gave the link of the password. i.e I kept the password in pass.txt in the current directory and written this information in comment of the html source.
Level-2
level-2 was also a very easy level in which u need to edit the query string of the URL to advance in the next round. The level URL was like this.
http://myhackingsite/level2.aspx?advance=no
you need to make it like this to advance
http://myhackingsite/level2.aspx?advance=yes
Level-3
level 3 was about the encryption that uses substitution cipher technique. most of the people can easily go through this level.
Level-4
it was about the buffer overflow. u must overflow the buffer length to get error message. This will show u the password.
Level-5
Level 5 uses the XOR based encryption.
let P is your plain text
and C is your cipher(encrypted text)
and K is your key.

then
C=K XOR P
which can be also written as
K= C XOR P (read xor technique)
here you can get key from using cipher and plaintext

Level-6
This level was about breaking the secret function based authentication technique. Probably you can know about this level by reading about the reflection attack.
Level-7
this level was based on the XSS (cross site scripting) concept. I have put some information in one of the cookie so that hacker can use that information to pass this level.
Level-8
the level 8 was based on the concept of SQL injection.
means
you have to break my code which was like this

String str= "select count(*) from user where username='"+text1.text+"' and password='"+text2.text+"'";
if(cmd.ExecuteScalar()>0)
{
//Authentic User
}
else
{
//wrong username or password
}
check what will happen if i will inter the following string in text1.text
' or 1==1 ---

Level-9
this level was about the directory traversal attack.
Means
ASP page shows the text from file intsruction.txt
using URL like
http://myhackingsite/level2.aspx?file=intsruction.txt
using this u can see some critical file using URLs like
http://myhackingsite/level2.aspx?file=../../../windows/system32/criticalfile.txt
level 9 was the last level of the contest

Pages