Sunday, October 27, 2013

Google Hacking

Google is a very important tool for all people nowadays. For business, it helps to improve profit for business owner by paying Google an amount of money in order to get in the top results of a search query. For school, there is no argument that Google will be the best tool for studying, researching, gathering information and so on. However, Google is also a very powerful tool for hackers to seek vulnerabilities of a system.

In this article, I would like to discuss about Google Hacking.

WHAT IS GOOGLE HACKING?
Google Hacking is the term used when a hacker tries to seek vulnerabilities of a system and its sensitive data by using Google search engines. In Google search engine, the queries that help to filter the results (sensitive data) from a search line store in Google Hacking Database. Although Google blocks some of their famous hacking queries, hacker is still able to attack a website by launching the Google Hacking Database queries.

Google Hacking Database is able to identify these below information:
  • Advisories and server vulnerabilities
  • Error messages that contain too much information
  • Files that contain unencrypted passwords
  • Sensitive directories which should never show to outsider
  • Pages that contain login portals

WHAT ARE COMMON KEYWORDS IN A GOOGLE SEARCH QUERY?

allintext - occurrences of all the keywords given
intext - occurrences of keywords all at once or one at a time



inurl - a URL matching one of the keywords
allinurl - a URL matching all the keywords in the queryi
intitle - occurrences of keywords in URL
allintitle - occurrences of keywords all at a time
site - a particular site and lists all the results for that site
filetype - a particular filetype in the query
link - external links to pages
numrange - specific numbers in your searches
daterange - a particular date range



Some Sample Simple Google Search Queries: 

intext:@gmail.com filetype:xls

Spammer can use Google to troll email addresses across the Internet.  A huge list of emails is that they need in succeeding their goals.



inurl:group_concat(username, filetype:php intext:admin


As above, hackers are able to hack some of the SQL injection results that other users made on the sites. Unfortunately, username and password combinations are still in a search result.

After that the md5 hash might be easily cracked by using any simple tool. The combination is bcheramy : 130270


HOW TO PREVENT GOOGLE HACKING ATTACKS?
First, we should verify the pages that identified by Google hacking queries. If pages provide information that could not be found on the website, we should remove such pages from the site. However, if site requires these pages, we should re-arrange them and their wording so that they are not indexed and detected by Google hacking queries.


References:

1. Google Hacking:
http://www.acunetix.com/websitesecurity/google-hacking/

2. Google Hacking Database (GHDB)
http://www.hackersforcharity.org/ghdb/


Posted by at No comments:

Wednesday, October 9, 2013

Open-Source Software Is Our Future

Nowadays, open-source software and code are everywhere, especially in an open project that we can find easily in the Internet like SourceForge or Google Code. The term “new frontiers” of programming does not apply for today anymore. Most of the best algorithms that need for coding have already been written. Spending time to rewrite a code or algorithm that it has been done is a waste of time since they are given free as open-source. In addition, some programmers have generously donated their code for free to help improve on a specific project.

So, open-source seems to be a good point we should do. In my opinion, however, before you use an open-source software, I want to discuss about how open-source will be our future.


1. Stability - Is open-source software stable?

Stability is really important for any software program, and there should be no argument about that. The community is a base of any open-source software. A good open-source community should have hard-working developers, and users support infrastructure. Most communities offer such things like: 


Open source middleware
Closed circle of open-source industry
  • releases that are recent enough to be useful
  • up to date and helpful documentation 
  • a helpful and active mailing list 
  • automated tests 
  • well maintained change notes 
  • well managed issue tracker 
  • well managed version control system  

As a result, the community is the stability of any open-source software. Unlike commercial software, the open-source one gets updated quickly when a bug or a security hole is found. Yet the size of an open-source community will be reflex its stability.




2. Support -  Can I get the help I need?

Some people say that they couldn’t reach any support when they need because there are no free toll numbers and support teams. It seems to be right since open-source software doesn’t have direct support. Again, open-source is all about its community. In fact, it can be a lot easier to get the help you need through the vast community of open-source users. I suggest that you should register to any supported forum, then ask questions, and get the help you need almost right away.

3. Cost - What's it going to cost me?

Unlike any commercial software with the same features and functionality, the open-source software is usually free. In some complex open-source software system, users will need supported for implementation with a fee such as RedHat Linux, CMS system. However, it is way cheaper when comparing to the commercial one.
Low cost open source
Low cost open-source vs. commercial software

4. Flexibility - Can I move it, change it, or tweak it?

The beauty of the open-source program is its ability to become exactly what you want it to be. For example, we can easily see what difference between android and iOS. People are changing to android more and more because iOS doesn’t give to its users the ability to customize the system. People like android because of its flexibility and customization. As a result, open-source software frees users from the grip of being out dated.

5. Security - Will my stored data be safe?

First, I will say that the “open” term in open-source is to only refer to the source code itself, not the data stored in the system. Because of the constant update, open-source seems to be safer. If an open-source system is well implemented and followed correctly security procedures, your data in the system will be just fine. There is no difference between an open-source and commercial program from being attacked by hackers. The rate is same for both.

Open source is wildly used
Open Source Wildly Used


Because of all advantages above, I will say “YES” to open-source because it benefits for the community in many ways. In short, open-source will be the best choice for small business or a start-up company with short budget. However, users must stay in the community to get the support when they need.


  
References:

1. Good or Bad? The Verdict on Open Source CMS
http://www.cmscritic.com/good-or-bad-the-verdict-on-open-source-cms/

2. Balancing stability and innovation in open source
http://blog.startifact.com/posts/older/balancing-stability-and-innovation-in-open-source.html


Posted by at 6 comments:

Sunday, October 6, 2013

Agile and 3 most important portions of the agile process

While agile is a general philosophy regarding software production, scrum is an implementation of that philosophy pertaining specifically to project management. So agile scrum defines a set of recommendations that the whole team should follow. There are 3 main portions in the agile process that we need to concentrate on when applying agile into project management in real life.

1. The scrum master is no. 1 role in an agile process.

Besides the product owner who is responsible for defining the users' stories, and maintaining the whole product backlog, scrum master is the most important roles in the agile process. This person has to be a bridge of communication between the product owner and the rest of the implementation team.

Scrum master
Scrum Master is most important in an Agile process

Because of the important role, scrum master should be a person who possesses a strong technical knowledge with good communication skills, and proactively participates in all development processes. In short, it is a hard role that requires many skills. In addition, any modification about users' stories and product backlog from the product owner must be completed through the scrum master.









2. Planning board is the backbone of an agile process.

Currently, the planning board now accommodates the Lean Development Process that we use in agile today. The benefit of the planning board is to help adapting any changes throughout the process.

There are four main columns must be present in the board:

The Planning Table
  • Release backlog – it shows all the current release after each sprint or all what we have archived.
  • Sprint backlog – in each sprint, it shows what product owner wants to be done. Any undone from previous sprint will keep showing in the sprint backlog, and yet moving to the release backlog when they are done.
  • Working on – work divided mostly is listed here for teamwork control. The whole team will know what they and other members are working on.
  • Done – all completed stories will be here. However, all bugs and changes from the sprint backlog also need to list here.

3. Continuous Improvement Model helps push up performance.

After a few sprints, the scrum master needs to gather the whole team to discuss any good and bad things has happened in the team. This is very important to improve the team performance. At first, it might not be comfortable to talk about what really go wrong in the team, yet it will give big awareness for the whole process. In retrospectives meeting, all team members need to give their open opinions about what are happening in the team.

Improving Circle

  • Bad things – like fighting between team members, not collaborating in pair work, or spending too much time on minor things. Solutions to these problems should be given immediately to help avoiding  them in the future.
  • Good things – like finishing on time, giving the best suggestions and ideas. It is also important to list all the good things because it encourages the team to do it more and more.







The adaption of the agile process may be different for each time and each team. However, we can embrace the whole process by concentrating on 3 important portions of the process above. We should never follow blindly the rules because adaption to the changes is more important.


References:
1. SCRUM: The Story of an Agile Team
http://net.tutsplus.com/articles/editorials/scrum-the-story-of-an-agile-team/

2. Agile Development
http://www.versionone.com/agile101/agile_development.asp


Posted by at 2 comments:
Subscribe to: Comments (Atom)