Web hosting Web hosting

Saturday 27 January 2018

Yes Password can be rest by sticky key attack!

Here we all sometimes not be able to recall the login password of your computer, and also
who want to illegally login to someone's computer uses these basic attacks.

These attacks are more basic and more affective so, all of you have a knowledge about these attacks.

Sticky key Attack


Sticky Keys is part of Windows Ease of Access features that allows a user to tap the Shift, Ctrl, Alt or Windows key once to achieve the same effect as holding the key down.

and when you press 5 times SHIFT key it popups a Windows login screen, the Sticky Keys application (sethc.exe) will launch and ask if you want to enable sticky keys feature.

this method work with only when you replace some files ,this hacking method works by replacing the sethc.exe file with cmd.exe

 From the Command Prompt, you have sufficient privileges to reset a lost password without knowing your current password. This method works flawlessly with all versions of Windows XP, Vista, 7, 8, 8.1 and 10.

and then when we press 5 times SHIFT key then the cmd.exe open and then , have to type some cmds on it

net user user_name new_password

restore the sethc.exe file we overwrote. Enjoy!


Sunday 21 January 2018

Is Client Side Script is able to VALIDATE?

Programmers who design websites are always want to validate the data submitted by the user to any website.
there are may ways to validate the data by using server side , client side and in data servers methods.

Many of us who want to make website and take input for user with validating  it on client side is not good for site health if not properly used.

there are many ways by which we can alter the validating detail and submit some incorrect info to website and make able to produce result accordingly.

JAVASCRIPT ATTACK

These attacks are used to bypass a validating process of a site which checks the information from client side.
they just have to open that site and load on there browser

than just have to input some java scripts on that site to check weather it is vulnerable or not.

javascript:alert(1);
then it produce an alert message.

it means that you are done with javascript.

after that if the site is storing the data in there cookies ,than they change the cookies store by the site and make it true if required to proceed further. 

javascript:alert(document.cookie);
this display the cookie store in.
javascript:document.cookie.replace(current_value, your_value);
this change the current value of the cookies stored in.


FORM VALUES ALSO CHANGE BY THIS
javascript:void(document.form[0].value="your_value";
this makes the value of form according to yours.

these are the ways by which anyone can manipulate the values of client side script validation, so be aware before make use of these syntax.

USE PROPER VALIDATION TO BE SAFE FROM THESE ATTACKS.

Saturday 20 January 2018

Removal of Some PENDRIVE Virus | Shortcut | Application

There are many virus which are very harmful for our data , but antivirus work well to remove it, but what happen when they are not detected by some antivirus.

Some virus which come from infected Computer and damage our Data Traveler data are very dangerous ,some virus which convert all files to shortcut and some virus convert files to small .exe format or some specific format file which get copied to other devices.

These are not virus , but only some autorun script which run in computer and convert or modify our data which is only be understand by these script, so antivirus which do not check any autorunnig script are not able to detected.
Here are some solution to remove that virus or just correct that changes done by that script.

Removal of shortcut virus

=> just open RUN (wind+r)
=> open RUN as admin mode
=> type this cmd         
   attrib g:*.*  /d /s -h -r -s  (replace g with your infect disk name)
=> press enter.
:-)  you recovered from that small virus.

Recovery of folder to application Virus

=>open RUN (wind+r)
=> open RUN as admin mode
=>type this cmd           
attrib -r -h -s autorun.inf (open the folder which is infected)
=>press enter.
:-)

this means that these virus only covert the attribute or type of the present data and make new file according to the script, so these are recoverable changes, so don't be panic.

Thursday 18 January 2018

How they hack into a SITE ,Vulnerable for SQL injection?

SQL Injection Attack


Here is a hacking method which is done on site which Vulnerable for SQL injection.

HOW WE CAN FIND IF IT IS VULNERABLE OR NOT?
If we see in the website source code and if that source contain some <form> which send data to the server and produce result on input query, which connect to database, than by some wrong sql query inputs we can find if it is vulnerable !

than after that, have to find that how it checks the input field query which is coming from the user side by some input field to server.

like:
if the input by a <form> is check in server like this:

&user_name is the input coming from the user input form.
SELECT column_name(s) FROM table_name where user_name="&user_name";
 then

if we have to correct the input and produce , a always TRUE Statement
so ,the input be like this

" OR ""="
this makes the above query be looks like this

SELECT column_name(s) FROM table_name where user_name="" OR ""="";
this means that it is always TRUE no matter how the input is.

THIS IS USED BY THE HACKER to gain access without password and user name or user id of any user of that site, so be aware when you are writing the code which checks and produced the result from the sql database .

always check that the input coming from the user side  don,t contain special characters (=,(,),*,!,%,$,etc)  and the words like :or ,and ,select ,sql, like.

there are many tools which can find the vulnerability of this attack.
So,be aware of this attack , this is mostly used and most simple attack for attackers and very easy to find VULNERABLE sites for this attack.


Monday 30 January 2017

Is the complexity of Google's search ranking algorithms increasing or decreasing over time?

I don’t work at Google, but I have worked on Bing search ranking and at other search engines, and have friends working on Google search. Given what I know, here is how I expect the complexity of Google’s search ranking algorithms to have changed over time.
The diagram shows long periods of time where the complexity keeps on increasing as you make small incremental improvements to the ranking algorithms. These long periods of increasing complexity are interspersed by periods of sudden reduction in complexity brought about by replacing complex heuristics by machine learning and other simplifications.
This diagram is obviously an oversimplification, but I hope it gets the main point across. Let’s dive into the details of why this happens.
Let’s start with what we know about Google search ranking publicly:
  1. Google search ranking is a fairly complex beast. There are thousands of features that influence ranking, and quite a few of them are complex enough that they are best learned using their own machine learning algorithms to calculate them (E.g. search query embeddings).
  2. Traditionally, Google has resisted using machine learning for their core search ranking algorithm. [1]
  3. But more recently, there has been a shift towards using more machine learning in search, especially some of the stuff that the Google Brain team has built. [2]  [3]
Given this, I expect the current Google search to be a combination of heuristics, that are used at some places, and machine learning, that is used at other places. It’s still unclear whether the top level ranking function is machine learned or heuristic. My personal guess is that it’s still a heuristic function that combines a few machine learned and a few heuristic scores.
Here is a rule of thumb for the complexity of ML systems that is generally agreed upon by ML practitioners:
  1. A simple, intuitive heuristic is less complex to understand and maintain than a Machine Learned system.
  2. However, a well-designed ML system is less complex than a complex heuristic.
These closely match rules 1 and 3 from the rules of ML put forward by Google’s own Martin Zinkevich. For the complexity of search ranking specifically, read my answer on the complexity of heuristics vs. ML ranking here: What are the pros and cons of using a machine learned vs. heuristic / score-based model for search ranking?
Given this, I expect the arc of complexity for the Google search ranking algorithms to have adopted a sawtooth pattern as shown above:
  1. You start off with some heuristics for ranking. Over time these heuristics get more complex, since you need to encode more rules in your search engine to make it better.
  2. At some point, the system becomes complex enough that you need to take a step back and work on reducing the complexity of the system. You might do this by moving some of the heuristics to ML systems, or do other things like feature ablation or consolidation of existing ML systems. Usually these are deliberate efforts that lead to a sudden decrease in complexity of the system.
  3. Once your system reaches the planned lower complexity state, you repeat steps 1 & 2 over and over. Given that the search engine needs to get more relevant for a wider range of queries over time, the overall complexity trend of the system, in spite of these “sawtooths” will still be slightly positive. Depending on how good Google is at this, they will try to keep the slope of this long term trend to a minimum.
Footnotes

What does China make people promise to do when it lends them a panda?

When China gives a zoo a panda, it tends to be accompanied by the signing of a document usually called a "cooperative research and breeding agreement" pipeline.
The Smithsonian Institute sent me a copy of the most recent agreement, from 2011, in effect between China and the U.S. governing the two pandas at the  D.C. National Zoo. I've posted it here: http://web.mit.edu/mherdeg/Publi.... This agreement might well mirror other similar agreements that China has with other countries.
Here are some of the highlights:
  1. The U.S. pays China $500,000 per year, of which 70% goes to conservation of the giant panda in China, 20% goes to the Wolong China Conservation and Research Center for the Giant Panda, and 10% goes to fees and expenses.
  2. This contract took effect on Jan 20 2011, but the prior contract expired on Dec 6 2010! There was a brief period when there was no contract at all governing the pandas! Panda anarchy! (*This* contract says that, retroactively, the old one was in effect.)
  3. The pandas belong to China and so do any of their offspring. If there are any offspring, they must be returned to China before they turn four years old.
  4. The agreement expressly forbids panda cloning research:

    Without prior written approval from the Chinese Party, the American Party shall not conduct any activity beyond the term of this Agreement related to the above mentioned giant pandas or their offspring, nor shall the American Party collect samples such as genetic materials of the giant panda for scientific research or transfer any samples to a third party.

    The American Party may conduct routine health examination or other necessary activity for emergency anesthesia without approval by the Chinese Party, however, it shall keep record of such activity and preserve any samples collected during the process, and return such record and sample to the Chinese Party upon expiration or termination of this Agreement."
  5. America must buy a $1 million panda life insurance policy for each panda who is more than 180 days old. China is the sole beneficiary.
  6. If a panda dies because of American misconduct and the panda is more than 18 months old, America has to pay China $800,000.
  7. "If one of the giant pandas (not including their offspring) dies during the term of this Agreement, both Parties shall friendly negotiate whether to replace the dead one with another panda and whether to maintain the existing giant panda."
  8. "This Agreement, written in both Chinese and English languages, both versions shall have the exact legal effect. If conflict exists in the two versions, the Chinese version overrides English version and shall be used as the basis for clarification."


----https://www.quora.com/What-does-China-make-people-promise-to-do-when-it-lends-them-a-panda/answer/Michael-McGraw-Herdeg#_=_

Friday 27 January 2017

Want a Job At google in 2 years ?


  1. Become fantastic at making software (end to end… coding, SW design, debugging…. )
  2. Bring some sort of impactful results from your projects to the table when applying to any large tech company (including Google)
  3. A potential path is:
    1. Study open computer science programs that mirror a reputable university curriculum. (MOOCs and free programming resources are plentiful). Learn to code in a couple popular programming languages as you go, usually by making simple things… web services, applications, etc. (This could be year one, but realistically it will be longer)
    2. When you get your coding skills up, start contributing to open source projects that matter to the companies you want to work for. (Projects that contribute to cloud platforms, machine learning, AI, operating systems, etc). Learn to interact with fellow programmers in a meritocratic environment in the process, and take a lot of feedback / lumps to become a better coder.
    3. Start your own open source projects / or your own online business that solve problems in the domain you're focusing on. (Assumption: by emersing yourself in a domain, you'll be better positioned to identify problems that others need solved, but lack support. If that domain is sought after by large tech companies, I'd claim your skills are more valued)
    4. Build a portfolio of amazing things you and others have accomplished from your contributions from 2 and 3. You might find this easier to do through working in a smaller startup environment that's equally focused on software that large tech companies are interested in.
Web hosting