Courtesy of Cain’s Brain.

1. Any PERMISSION DENIED has an OVERRIDE function.

2. Complex calculations and loading of huge amounts of data will be accomplished in under three seconds. In the movies, modems transmit data at two gigabytes per second.

3. When the power plant/missile site/whatever overheats, all the control panels will explode, as will the entire building.

4. If you display a file on the screen and someone deletes the file, it also disappears from the screen. There are no ways to copy a backup file — and there are no undelete utilities.

Corollary: Deleting a file instantly removes all copies of said file from disks, memory, frame buffers and caches across all computers in the universe.

5. If a disk has got encrypted files, you are automatically asked for a password when you try to access it.

6. No matter what kind of computer disk it is, it’ll be readable by any system you put it into. All application software is usable by all computer platforms.

7. The more high-tech the equipment, the more buttons it has. However, everyone must have been highly trained, because the buttons aren’t labeled.

8. Most computers, no matter how small, have reality-defying three-dimensional, real-time, photo-realistic animated graphics capability.

9. Laptops, for some strange reason, always seem to have amazing real-time video phone capabilities and the performance of a CRAY.

10. Whenever a character looks at a terminal, the image is so bright that it projects itself onto his/her face.

11. Computers never crash during key, high-intensity activities. Humans operating computers never make mistakes under stress.

12. (From Independence Day) No matter what kind of virus it is, any computer can be infected with it — even an alien spaceship’s computer — simply by running a virus upload program on a laptop.

13. (From Jurassic Park) A custom system with millions of lines of code controlling a multimillion dollar theme park can be operated by a 13 year old who has seen a Unix system before. Seeing an operating system means you know how to run any application on that system, even custom apps.

Note: What OS was it really running?

(1) “These are super computers”.  A CrayOS?

(2) “Quicktime movie, Apple logo, trash can.”  MacOS?

(3) “Reboot. System ready. C:\”  DOS?

(4) “Hey, this is Unix.  I know this”  Unix?

The computers in Jurassic Park were Cray supercomputers running the MacOS as a graphical shell of DOS all layered on top of a Unix base.

14. You cannot stop a destructive program or virus by unplugging the computer. Presumably the virus has it’s own built-in power supply.

15. You cannot stop a destructive program downloading onto your system by unplugging the phone line. You must figure out the mandatory “back door” all evil virus programmers put in.

16. Computers only crash if a virus or a hacker is involved.

17. All text must be at least 72 point.

18. Word processors do not have an insert point.

19. The only way to reboot is to shut off the main power to the building.

20. Passwords can be guessed in three and exactly three tries.  If you cannot guess the password in three tries, you must give up immediately.

21. Any task or program can be executed by simply pressing Enter, no matter which program or window is in the foreground.

22. All scanners, video cameras and digital cameras have a resolution of approximately 500 megapixels.  Any image can be infinitely magnified with no pixelization.

23. Security will not improve over time.  Nonaffialiated personnel can take over a space ship without needing an account or access control.  Corollary: Anyone can override access control lists in the future.

24. All hackers wear black T-shirts or Hawaiian shirts.

25. Incoming messages are displayed letter by letter.  Email over the Internet works like telegraphs.

26. Microsoft Windows doesn’t exist.  Macintosh has a 75% market share.

27. GUI operations, such as image selection and manipulation, can be handled easily and quickly via the keyboard.

28. If a robot’s eyes turn red, it becomes evil.

29. Cell phones and laptops have infinite battery life, until you need to call for help.

30. Latency does not exist.  Voice and data can be sent to Mars in real time.

The System.Web.Security namespace offers us the FormsAuthentication.HashPasswordForStoringInConfigFile() static method for hashing strings:
C#:

string pwhash = FormsAuthentication.HashPasswordForStoringInConfigFile(“password”, “md5″);

VB:

Dim pwhash As String = FormsAuthentication.HashPasswordForStoringInConfigFile(“password”, “sha1″)

The second parameter can be either “md5” or “sha1“.

PS: You should not be storing passwords within a database or flat file in plain text.  It’s not a matter if the information will become compromised, but when.

1. Use Notepad to open the Web application Web.config file. By default, this file is in the following folder:

2. Add the following section at the end of the web.config file in the respective site:

  <system.webServer>
 <security>
  <requestFiltering>
   <requestLimits maxAllowedContentLength=”1073741824“/>
  </requestFiltering>
 </security>
</system.webServer>

Where the number is in bytes.  This amount would allow you to upload 1024 MB (1 GB) and was calculated as follows (1024 B / KB * 1024 KB / MB * 1024 MB / GB).

Note This code sets the value of the maxAllowedContentLength property to 52428800. Therefore, the maximum file size of an uploaded file is 52428800 bytes. However, set the value of this property so that it is larger than the file that you are trying to upload. Also, set the value of this property so that it is larger than the maximum file upload size that you have configured in SharePoint. If you do not, users will not receive an error message that they are exceeding the size limit if they try to upload a file that is larger than the maximum file upload size that you have configured in SharePoint.

You can have a ball taking online quizzes on Facebook and other sites, but here are some things you should know before you do.

JR Raphael, PC World

Tuesday, May 12, 2009 04:00 PM PDT 

I am a genius. I’m charismatic, kind, and understanding. I’m also a Disney princess named Aurora and the reincarnation of Marilyn Monroe.

But I’m not crazy (at least, not completely). I’ve just been taking a lot of online quizzes lately — you know, the ones all over the Web promising to reveal your IQ, personality traits, or celebrity resemblances. Aside from discovering my inner Sleeping Beauty, I’ve also learned something important: These quizzes are about far more than providing users with enlightening or entertaining information.

The Real Deal

While Web quizzes may be fun to take, they’re also a powerful tool for companies to collect your data and even your money — and often in ways you might not notice. We’ll get to the spooky stuff in a moment, but let’s start with the simplest method of quiz-based marketing: advertising. The very nature of a typical online quiz requires you to divulge all sorts of details about yourself. Those tidbits of info are like nuggets of gold for advertisers craving a way to connect with you.

“The big trend is about engagement,” says Debra Aho Williamson, a senior analyst with eMarketer. “These quizzes are getting people to pay attention to ads.”

After more than 100 online ‘offers’ appeared, the author gave up on trying to obtain the results of the test he took.

Paying attention, it seems, is almost a requirement: Aside from being carefully targeted at your interests, the ads are often in-your-face and impossible to avoid. Take, for example, TheFreeIQTest.com, a quiz I found via a text ad on Google. By the time I clicked through the 105th “offer” (aka advertisement) it threw in front of my results — no exaggeration — I gave up without seeing the results of the quiz.

“There’s a clear annoyance factor, leading people to one thing, then at the last minute bait-and-switching them,” Williamson says. “The challenge with this type of advertising is walking that line between people wanting it and people wanting it to go away.”

The ads can follow you long after you click away, too. Just look at RealAge, a detailed quiz that assigns you a “biological age” based on your family history and health habits. The site, a recent investigation revealed, takes your most sensitive answers — those about sexual difficulties, say, or signs of depression — and sells them to drug companies looking to market medications.

Bigger Issues

Unwanted advertising, unfortunately, is only the tip of the iceberg. Some online quizzes will surprise you with required payments or purchases before you can access your results. While the requirement may be in the fine print somewhere, it’s often not in a place you’d easily notice before beginning the process.

It’s when the PayPal logo pops up that you realize Test-IQ.com wants $7 to give you your quiz results.

That’s exactly the scenario I found at Test-IQ.com, a quiz advertised on Facebook. The site’s home page makes no mention of a fee–you’d have to click to the privacy policy and read to the bottom to discover the $7 charge. Other sites, such as IQ-Test-Results.com, slip in recurring monthly fees for registered users.

You really have to dig to figure out what this quiz site wants to do with your credit card.
Then there are quizzes like CheckMyPersonality.com. Its Web site says, “Happy! (Shy) Sad? Outgoing, Fun? Which are you? Find Out for Free with CheckMyPersonality.com.” This site goes as far as to periodically access your credit card once you’ve signed up. I discovered a line in the company’s privacy terms that gives it an ongoing right to “verify that your credit card account is valid and has credit available” by charging fees and later crediting them off.

Worse, that line isn’t even in the terms linked on the home page–it’s in a secondary set buried deeper in the site. It comes up under a link labeled “Privacy Policy” on the fourth screen you reach as you fill out the quiz. The page is hosted on a different domain, and is separated from the site’s privacy policy page, but it is still branded as CheckMyPersonality.com.

CheckMyPersonality.com also authorizes its owners to dig up all kinds of information on you. The company states that it may use “third-party service providers” to track down everything from your household income to your buying habits–and then resell that data to marketing agencies.

“These [types of sites] are data-mining havens where users willingly opt-in from the very beginning,” says Ryan Jacobson, an attorney and cochair of the Entertainment Media and Privacy Law Group at the law firm SmithAmundsen in Chicago. “I’m afraid that the average user fails to recognize or take the time to understand what privacy rights he or she is actually giving up by responding.”

CheckMyPersonality.com, incidentally, didn’t respond to our requests for comment.

The Trust Factor

Ultimately, deciding whether you should take an online quiz comes down to a question of trust: Are you comfortable putting your information–personal or financial–into the owner’s hands? Remember, even if you don’t directly input data, it can be passed along. Such is the case with Facebook, where just opening an application automatically grants its developer access to your entire profile. And don’t assume that the developer isn’t going to use the information within.

“The very intimate and detailed nature of the information featured on Facebook profiles makes such a database very valuable to marketers,” says Guillaume Lovet, a senior manager with security company Fortinet.

Finally, bear in mind that the quizzes’ results may not even mean much. In the case of online IQ tests, for instance, many of the exams are about as valid as my excuse for missing mah-jongg night at the clubhouse.

“These things are simply not sophisticated,” says Dr. Martin Eaton, a licensed clinical psychologist and adjunct professor at the University of Southern California. “Calling them intelligence tests would be a misnomer.”

The test that declared me a genius, I can only assume, was a rare exception.

Connect with JR Raphael on Twitter (@jr_raphael) or via his Web site, jrstart.com.

Introduction

When the domain in the URL of your RoundCube instance and the domain the page is actually being rendered from are different are different, you will recieve an odd error message – your browser does not support cookies – from RoundCube.  My set up has an iFrame from one Domain redirecting to another, where RoundCube sits.  Why did I do that? Because the actual domain is ugly and my client requested the web login to their email be the same as the actual domain their emails come from.

FireFox and Chrome allow the login to work fine, but not IE.

However, Internet Explorer does not allow cookies from a 3rd party domain (the second one in the iFrame) to be downloaded, and silently deletes them – security measure I suppose – it is widely documented.  The only way to get around this is to modify the headers sent to notify the browser that the mismatch is intended.

Problem

Email Domain: emailDomain.com
Web Server Domain: webDomain.com
RoundCube URL: webDomain.com/webmail
IMAP Server: mail.emailDomain.com
Redirects: emailDomain.com redirects HTTP traffic to webDomain.com, emailDomain.com redirects SMTP traffic to webDomain.com

NOTES: emailDomain.com is basically just an alias. 

If you try to login through webDomain.com via RoundCube (actually type in webDomain.com/webmail) it will work, the cookies will match up and everyone will be happy.

If you try to login through emailDomain.com (which will open up webDomina.com/webmail in an iFrame) it will not work with Internet Explorer 7 or 8.

Solution

I added the following line of code to the first line of code (after the comments) within the index.php file.

file: /var/www/webmail/index.php (please note that webmail is where RoundCube is installed)

header(‘P3P:CP=”IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”‘);

These two scripts are very important for the system admin who regularly works with mail servers and somehow forgets to backup his system username and password! Let’s say somehow we lost the usernames and passwords of the mail server. In this case the admin has to manually create all the users and then change the passwords for all the users. Tedious job. Let’s make our life easier.

First create a file which contains all the user name. Something like this:

nurealam
nayeem
mrahman
farid
rubi
sankar

Save the file as userlist.txt. Now create the following bash file:

#!/bin/sh
for i in `more userlist.txt `
do
echo $i
adduser $i
done

Save the file and exit.

chmod 755 userlist.txt

Now run the file:

./userlist.txt

This will add all the users to the system. Now we have to change the passwords. Let’s say we want username123 as password. So for user nayeem the password will benayeem123, rubi123 for user rubi and so on.

Create another bash file as follows:

#!/bin/sh
for i in `more userlist.txt `
do
echo $i
echo $i"123" | passwd –-stdin "$i"
echo; echo "User $username’s password changed!"
done

Run the file. All the passwords are changed.

If you want to force all your users to change password, use the following code:

Force all your users to change their passwords because the temporary password is a security risk

#!/bin/sh
for i in `more userlist.txt `
do
echo $i
echo $i | change -d 0 "$i"
echo; echo "User $i will be forced to change password on next login!"
done

I then log as that user and see this

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user amcorona.
Changing password for amcorona
(current) UNIX password:

sda1: Windows Vista encrypted with TrueCrypt
sda2: Ubuntu Hardy Heron /boot partition (not encrypted)
sda3: Ubuntu Hardy Heron encrypted volume with LVM inside and / and swap partions within LVM (to save partitions used overall incase it gets over 5 partitions)
sda4: Working on installing OSX Leopard on this partition currently.

The steps I used are as follows, in brief:
1) Installed Vista first (actually pre-installed on laptop)

2) Installed Ubuntu second using encrypted physical volume with LVM inside it and 2 partions / and swap inside the LVM(at this point, grub was in the MBR)

3) Ran full windows system encryption (not full disk encryption) through TrueCrypt and let it write its bootloader to the MBR. (obviously overwriting Grub in the MBR)

4) Booted with a live cd and copied the truecrypt bootloader from the MBR to a file in the /boot partition (sda2)
use these commands to do so:
dd if=/dev/sda of=/mnt/boot/truecrypt.mbr count=1 bs=512
dd if=/dev/sda of=/mnt/boot/truecrypt.backup count=8 bs=32256

5)Reinstalled grub to the MBR using these commands:
sudo grub
install (hd0,1)/grub/stage1 (hd0) (hd0,1)/grub/stage2 0×8000 p

6) Added a chainloader to the menu.lst Vista entry to point to the truecrypt bootloader within the /boot partition like so:

title Windows Vista/Longhorn
rootnoverify (hd0,0)
makeactive
chainloader (hd0,1)/truecrypt.mbr
boot

The only partition not encrypted in the /boot partition so far, which is fine. After grub loads, no matter which OS I choose, I enter a passphrase and that OS starts.

For more detailed instructions which I pulled from but which are for XP instead of Vista, use this link:

http://ubuntuforums.org/showthread.php?t=761530

Iraq boots out the Americans

Nov 20th 2008 | BAGHDAD
From The Economist print edition

WHEN General David Petraeus, now America’s most celebrated military commander, arrived in Iraq in 2003 at the head of an airborne division, he asked a journalist: “Tell me how this ends?” For years nobody had a good answer. But now, thanks to a military pact between America and Iraq, a conclusion is in sight: America’s war in Iraq will end in three years’ time, with American troops being shown the door and Iraqi politicians competing to claim credit for getting rid of the foreigners.

A “withdrawal agreement” approved by the Iraqi cabinet on November 16th requires American troops to pull out of Iraqi towns and cities by the end of June next year, and to leave Iraq altogether by December 31st 2011. Those deadlines, said Iraq’s prime minister, Nuri al-Maliki, in a televised address, would not be extended. The deal was not perfect, but marked “a solid start for Iraq to regain its full sovereignty in three years.”

There were no secret articles, he said, and there would be no permanent American bases. Iraq could not be used to attack others (ie, Syria or Iran). There would be, he promised, “no detainees any more, no detention centres any more, no searches or raids of buildings or houses, until there is an Iraqi judicial warrant and it is fully co-ordinated with the Iraqi government.”

This is a big moment for America and Iraq, yet the Iraqi government was more regretful than jubilant, calling the deal the best it could achieve after more than a year of negotiations. The Bush administration, now in its last weeks in power, made several concessions. It had long opposed any notion of a fixed timetable for withdrawal, saying any troop pull-out had to be based on security conditions on the ground. The White House said the new deadlines were “aspirational”, but the text leaves less wiggle-room; clauses allowing for a review of the deadline, and the possibility that some American troops would stay on to train and support Iraqi forces, have been deleted. Security has improved markedly. But the political context has also shifted against the Bush administration—and the Iraqis have got their timetable.

In America, Ike Skelton, chairman of the House armed services committee, a Democrat, said he was worried by provisions that could result in American troops facing prosecution in Iraqi courts. But the text suggests that this is a remote possibility. Iraq has legal jurisdiction over American troops only in cases of “major and intentional crimes”, and even then only when they are outside their bases and off-duty.

The agreement should make life easier for Barack Obama, although there is some dispute as to whether it will have to be ratified by the American Congress. The deal supports the president-elect’s principle of a firm timetable for leaving Iraq, but allows him to draw out the process beyond the 16-month withdrawal he promised in his campaign. Admiral Mike Mullen, chairman of the joint chiefs of staff, said America had so much equipment that it would take two or three years to withdraw completely—security conditions permitting.

The agreement was strongly endorsed by the Iraqi cabinet but its passage through the Iraqi parliament, which could vote on it as early as November 24th, is less assured. There were brawls among the lawmakers when it was discussed on November 19th.

In a country with a history of intense opposition to military pacts with an invading power, the deal could polarise opinion. Followers of Muqtada al-Sadr, the radical Shia cleric who heads a powerful (though now dormant) private army, oppose the treaty and demand an immediate withdrawal of foreign troops. Ayatollah Ali al-Sistani, Iraq’s most senior Shia cleric, says any agreement had to restore Iraqi sovereignty and win “national consensus”. But he did not oppose it, which supporters take as tacit assent.

Some Sunnis want the agreement to be put to a referendum. Another contentious issue is the status of some 17,000 (mostly Sunni) prisoners in American hands. The Iraqi government is due to take responsibility for them, but some Sunni leaders want them all released.

Iran is equivocal. The speaker of its parliament, Ali Larijani, said America was seeking to turn Iraq into a vassal. But the leader of Iran’s judiciary, Ayatollah Mahmud Hashemi Shahrudi, said the Iraqi government “has done very well”. Some interpret this as Iranian endorsement. But like so much else in Iran, it is hard to pick out a genuine signal from the political noise.

By ROBERT McMILLAN, IDG News Service\San Francisco Bureau, IDG

Published: July 24, 2008

Hackers have released software that exploits a recently disclosed flaw in the Domain Name System (DNS) software used to route messages between computers on the Internet.

The attack code was released Wednesday by developers of the Metasploit hacking toolkit.

Internet security experts warn that this code may give criminals a way to launch virtually undetectable phishing attacks against Internet users whose service providers have not installed the latest DNS server patches.

Attackers could also use the code to silently redirect users to fake software update servers in order to install malicious software on their computers, said Zulfikar Ramizan, a technical director with security vendor Symantec. “What makes this whole thing really scary is that from an end-user perspective they may not notice anything,” he said.

The bug was first disclosed by IOActive researcher Dan Kaminsky earlier this month, but technical details of the flaw were leaked onto the Internet earlier this week, making the Metasploit code possible. Kaminsky had worked for several months with major providers of DNS software such as Microsoft, Cisco and the Internet Systems Consortium (ISC) to develop a fix for the problem. The corporate users and Internet service providers who are the major users of DNS servers have had since July 8 to patch the flaw, but many have not yet installed the fix on all DNS servers.

The attack is a variation on what’s known as a cache poisoning attack. It has to do with the way DNS clients and servers obtain information from other DNS servers on the Internet. When the DNS software does not know the numerical IP (Internet Protocol) address of a computer, it asks another DNS server for this information. With cache poisoning, the attacker tricks the DNS software into believing that legitimate domains, such as idg.com, map to malicious IP addresses.

In Kaminsky’s attack a cache poisoning attempt also includes what is known as “Additional Resource Record” data. By adding this data, the attack becomes much more powerful, security experts say.

An attacker could launch such an attack against an ISP’s (Internet Service Provider) domain name servers and then redirect them to malicious servers. By poisoning the domain name record for www.citibank.com, for example, the attackers could redirect the ISP’s users to a malicious phishing server every time they tried to visit the banking site with their Web browser.

On Monday, security company Matasano accidentally posted details of the flaw on its Web site. Matasano quickly removed the post and apologized for its mistake, but it was too late. Details of the flaw soon spread around the Internet.

Although a software fix is now available for most users of DNS software, it can take time for these updates to work their way through the testing process and actually get installed on the network.

“Most people have not patched yet,” said ISC President Paul Vixie in an e-mail interview earlier this week. “That’s a gigantic problem for the world.”

Metasploit’s code looks “very real,” and uses techniques that were not previously documented said Amit Klein, chief technology officer with Trusteer.

It will probably be used in attacks, he predicted. “Now that the exploit is out there, combined with the fact that not all DNS servers were upgraded… attackers should be able to poison the cache of some ISPs,” he wrote in an e-mail interview. “The thing is we may never know about such attacks, if the attackers… work carefully and cover their tracks properly.”

Copyright 2008 IDG News Service. All Rights Reserved.

The AFP (7/17) reports that the “Organization for Economic Cooperation and Development (OECD) in a study published Wednesday found that costly public support for biofuel production has but a limited impact on reducing greenhouse gas emissions and on improving energy security.” Meanwhile, “development of the biofuel sector ‘will contribute to higher food prices over the medium term and to food insecurity for the most vulnerable populations in developing countries,’” the report found.

        According to Bloomberg (7/16, van Loon), the report noted that the “U.S., Canada, and the European Union” combined for $11 billion “in annual subsidies for plant-derived fuels.” Stefan Tangermann, OECD director for trade and agriculture, said that the “greenhouse gas released by cars, trucks, airplanes, and ships ‘at best’ will decline 0.8 percent by 2015 in those regions with the help of aid programs.” The study found that in the U.S., ethanol produced from corn “reduces emissions by between 10 percent and 30 percent, compared with burning gasoline to drive the same distance.” Instead, nations “should focus on reducing fuel consumption for vehicles and end import taxes on ethanol from Brazil,” the OECD argued. In addition, the OECD said that “[e]xisting policies mean that as much as 14 percent of the crop land in the EU, the U.S., and Canada will be used to grow plants for biofuels by 2017 from about eight percent last year.” This “could push prices for some crops up by 19 percent by 2015.”