Saturday, October 27, 2012

Caesar Cipher Cryptography Technique & My Caesar Cipher Enc/Dec Script In PHP

Caesar cipher
is one of the simplest and most widely known encryption techniques.It is a type of substitution cipher in which each letter in the plain text is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B would become E, and so on. The method is named after Julius Caesar, who used it in his private correspondence.As with all single alphabet substitution ciphers, the Caesar cipher is easily broken and in modern practice offers essentially no communication security.

The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using a left rotation of three places (the shift parameter, here 3, is used as the key):

When encrypting, a person looks up each letter of the message in the "plain" line and writes down the corresponding letter in the "cipher" line. Deciphering is done in reverse.
Plaintext:  the quick brown fox jumps over the lazy dog

I wrote 3 scripts in separated pages that will help beginners to do the CaesarCipher Encryption/Decryption/Breaking:

you can download the zip file from:
for downloading the whole zip file, when the page loaded completely press "Ctrl + S" , otherwise it will show you  the files.

Thursday, October 25, 2012

Top 25 Worse Password Of 2012

Based on a research of Splashdata who collected millions of stolen passwords posted online by hackers in 2012 and put them in order of popularity, these are the top 25 worse and predictable passwords of 2012. the info in the parentheses are comparison of the position of the password in compare to the last year ranking .
1. password (unchanged)
2. 123456 (unchanged)
3. 12345678 (unchanged)
4. abc123 (up 1)
5. qwerty (down 1)
6. monkey (unchanged)
7. letmein (up 1)
8. dragon (up 2)
9. 111111 (up 3)
10. baseball (up 1)
11. iloveyou (up 2)
12. trustno1 (down 3)
13. 1234567 (down 6)
14. sunshine (up 1)
15. master (down 1)
16. 123123 (up 4)
17. welcome (new)
18. shadow (up 1)
19. ashley (down 3)
20. football (up 5)
21. jesus (new)
22. michael (up 2)
23. ninja (new)
24. mustang (new)
25. password1 (new)

These kind of passwords are really easy to brute force or even guess by a hacker and using them  will lead to reduce level of your account security almost to zero! Based on this study yet high amount of computer users don't care about their password strength.

Saturday, October 20, 2012

Music Piracy Before Computers

The World According To Apple Maps

What is Botnet and how it works?

Image credit goes to Tom-b from wikipedia.

Before , I putted an article about Botnet here. But I submit a paper which I use part of this article inside that. For making sure about the plagiarism software I took out the article from here! But now I'm going to describe the Botnet in an easy way.

Basically Botnet is the term used for a group of infected computers with a malware named Bot. Bot derived from "robot" as Bots work automatically and act based on the commands of the owner.
When we speak about botnet we don't mean a network of few computer but we mean million of million computers spread around the globe. This type of malware (Bot) , designed in a way that after infecting the victim machine try to communicate with a command and controll server (C&C) which later attacker do the updates and attacks from that command and control center.

Infected computers also known as Zombie , always listening to the Command and control channel and waiting for new instruction. The botnet owner known as Botmaster which can change the setting of the bots or add new feature to them.

Botnets spread around with different methods such as social engineering, Trojans and they are also able to spread them self through the victim. For instance the bot send itself with a message to email list of the victim and due to the trust between victim and third party the chances that the third party open it is very high.

Botnets give different abilities to the botmaster which most of them used in aim of financial gain and criminal activities such as:

  1. Launching DDoS attacks  : The attacker rent the botnet to a third party instead of specific amount of money to do DDoS attack against a target address. Distributed Denial of Service (DDoS) attack is a type of attack which by doing a lot of request to a website or IP consume all of server or network resources which result in unavailability of service to legitimate users of that website. Availability is one of key concept of security which can be voided by DDoS attacks.
  2. Spamming :  Emails are equipped with spam filter which block the sender IP address. However if the spam sent from different addresses it can successfully bypass the spam filter.The botmaster will send spam behalf of a third party for advertising purposes by using all of his bot nodes.
  3. Sniffing : The bot can act as a sniffer program and sniff and record all of the victim network activities and send back to the attacker.
  4. Keylogging : The bot also can record victim keystroke and even filter them for specific fields like username and passwords.
  5. Spreading : The bot can send itself to other computers via emails, messaging applications and removable medias.
  6. Identity Theft : Attacker can make fake Identity cards based on information that he collected sooner or even can sell all these information in mass amount to criminals for the same purpose or spamming.
  7. Sharing illegal files: The botmaster can store and share illegal files such as cracked software and copyright material which in case the host got caught the owner of computer is responsible.
  8. Click jacking : Botmaster might rent the botnet to a second party which have a website with an advertise. Advertisers have kind of service named Pay Per Click (PPC) which do the payment to website owner for each unique click. The botnet can be used to click on these advertise and due to that fact each computer has its own IP so it seems legitimate and produce high revenue for the website owner.
  9. Changing online polls: The botnet might be hired by a third party to change the result of an online voting. Due to that fact in online polling systems each person with a unique IP only can vote once. A malicious entity might hire a botnet to change the result of voting by making fake votes from all bots.

Copyright Notice: This article is brought to you by . Feel free to use this article but please provide & Amir Sadeghian([email protected]) in your references list.Thank You.

Thursday, October 18, 2012

Android 4.1.2 Jelly Bean update for Galaxy Nexus & Nexus S

Android JellyBean 4.1.2 update is now available for Galaxy Nexus and Nexus S from OTA (Over The Air) .  

For updating your nexus you need a stable wifi connection and your battery charge level should be more than average , because after the phone download the update it will rebot to unpack and install all package and it will take times and need battery or charger connected!
For updating your nexus you just need to goto "System Setting > About Phone > System Updates > Check now"

Tuesday, October 16, 2012

How To Force Android To Download Latest Update By OTA

As Google release many updates for Android devices regularly and it took time that these updates will be available in all regions from Wireless Internet Carriers, some users have to wait long time to updates will be available in their regions. Until now for checking any available system updates you have to go to "System Setting > About Phone > System Updates" to see if there is any new update available for you or not?!

Now with this new method you can force your Android device to update the latest system update.
  1. First Go to "System Setting > App".
  2. Switch to "All" tab.
  3. Find "Google Services Framework".
  4. Open it and click on "Clear Data" button.
  5. Click on "Force Stop" button.
  6. Now go to "System Setting > About Phone > System Updates" , probably it should show a old date now you can update your device to latest system update.

credits goes to Amir Zarei

Monday, October 15, 2012

10 Facts About The Flame Malware

Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is being used for targeted cyber espionage in Middle Eastern countries.
Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab of the Budapest University of Technology and Economics. The last of these stated in its report that it "is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found."

Based on F-Secure Threat report for (H1 2012) Here are 10 interesting facts about Flame:

  1. Flame has a keylogger and screengrabber.
  2. Flame has built-in SSH,SSL and LUA libraries.
  3. Flame searches for all Office documents, PDF files, Autodesk files and text files on the local drives and on the network drives. Since there would easily be too much information to steal, it uses IFilters to extract text excerpts from the documents. These are stored in a local SQLite database and sent to the malware operators. This way they can instruct the malware to hone in on the really interesting material.
  4. Flame can turn on the microphone of the infected computer to record discussions spoken near the machine. These discussions are saved as audio files and sent back to the malware operators.
  5. Flame searches the infected computer and the network for the image files taken with digital cameras. it extract the GPS location from these images and sends it back to the malware operators.
  6. Flame checks if there are any mobile phones paired with the infected computer via Bluetooth. If so, it connects to the phone and sends it to the malware operators.
  7. The stolen info is sent out by infecting USB sticks that are used in an unfected machine and copying and encrypted SQLite database to the sticks, to be sent when they are used outside of the closed environment.This way data can be exfiltrated  even from a high-security environment with no network connectivity.
  8. Flame creates a local proxy which it uses to intercept traffic to Microsoft update and drop a fake update onto the machine. This is used to spread Flame to other machines in a local area network. The fake update was signed with a certificate linking up to Microsoft root, as the attackers found a way to repurpose Microsoft Terminal Server license certificates. Even this wasn't enough to spoof newer Windows versions, so they did some cutting-edge cryptographic research and came up with a completely new way to create hash collisions, enabling them to spoof the certificate. They still needed a supercomputer though. And they've been doing this silently since 2010.
  9. When Flame was finally busted, the attackers got busy destroying all evidence and actively removing the infections from the affected machines.
  10. Latest research proves that Flame is indeed linked to Stuxnet. And just one week after Flame was discovered, US Government admitted that they had developed Stuxnet together with the Israeili Armed Forces.

Sunday, October 14, 2012

IE: Make me your default web browser "Please"

A Review on Microsoft Project 2010

Microsoft Project (MSP, MSOP or WinProj) is a project management software program, developed and sold by Microsoft, which is designed to assist a project manager in developing a plan, assigning resources to tasks, tracking progress, managing the budget, and analyzing workloads.
When Microsoft first released MS Project on the windows platform in 1987, their projections for market share were probably underestimated compared with the success they had. MS Project Standard and Professional have a significant share of the desktop scheduling market even with some highly capable competitors promising stiff competition.

The Microsoft server based product suite has not achieved the same level of market penetration as their desktop offering and their PPM Solution has been out competed by other product sets such as Primavera, HP-PPM and Clarity in many larger corporate environments. This is due in part to the earlier server based products having no real portfolio capability. Prior to the 2007 release Microsoft acquired UMT’s Portfolio Management Software and integrated it loosely into the 2007 offering. This however had little uptake and still left the Microsoft suite far behind its competitors in portfolio capability.
Microsoft’s 2010 release promises much, and current talk suggests the latest product will go a long way to challenging Primavera, HP-PPM and Clarity in some of the larger corporate environments they have missed out on to date.
Microsoft Word 2010 is a similar product to past Microsoft Project releases; this version includes updates to both the desktop products and the server.
The desktop products continue to be offered as a two tier stack with the option of the Standard version and the Professional version. As per previous releases the Professional version offers enhanced features in comparison to the standard version and enables connectivity with the server product suite and also directly with SharePoint.
The core in this article will be the Microsoft Project Professional.

Changes from Previous Versions
Project 2010 offers some changes to both desktop users and server users. The following is a quick summary of key changes of each product set.
Project Professional edition offers the following key changes / enhancements:
  • Top Navigation Ribbon that is reflective of other MS Office products (Word, Excel, PowerPoint)
  • New Timeline representation of the schedule. Can provide a handy snapshot of the schedule.
  • Team Planner – Resource Management function allowing drag and drop resource allocation and timing. Supports resource leveling but needs to be used very carefully
  • Excel based data entry – more flexibility in entry of plan / schedule information but reduces data validation.
  •  Manual / Auto Scheduling – When set to manual schedule it allows tasks to be scheduled by the operator regardless of logic conflicts, etc. This is possibly the most controversial change for past users of Project.
  • Sync to SharePoint – allows a direct synchronization between Project Professional and SharePoint for schedule information. This results in a fairly basic representation of the schedule within a SharePoint site.

The release of Project Standard and Professional editions will have only a minor impact on businesses and users of the product. It is unlikely current users of the equivalent 2007 products will scramble to update their products since the difference in functionality is moderate. Power Users will require a few hours or days to adjust to the new navigation ribbon and probably won’t enjoy it initially. While the ribbon may improve productivity in the long run, (according to Microsoft), initially it will slow down users familiar with the current navigation.
The timeline view can provide a simple and flexible visual representation of the schedule. This will save time and effort for those users who have been exporting projects data to Visio to produce a timeline view.
Power users will most likely set their installation to Auto Scheduling and avoid the challenges Manual Scheduling may bring to reliability of the schedule dates and float calculations. Intermediate and beginner users of the desktop products will possibly be challenged by manual scheduling. An unreliable schedule may result if manual scheduling is supported beyond initial high level planning stages and the user lacks the experience to identify and resolve planning conflicts. PMO’s may find this feature undermines attempts to improve Scheduling Standards.
The team planner view and function will aid project resource leveling. However, users will need to be careful to ensure reassignment of a resource doesn’t also result in realignment of dates. While drag and drop seems great, it does have its dangers.
With the exception of the value of a timeline view to aid communications, Project Standard and Professional offer schedulers and their organization little tangible benefit over current versions.

Microsoft Project and Project Server 2010 appear to be a solid product family that will have an impact on the EPM/PPM marketplace. As a result of increased capability, we expect to see Microsoft EPM erode some of the market that has traditionally gone to the likes of Primavera, Clarity and HPPPM. This may also result in lower maturity organizations engaging more readily with other SharePoint based solutions.
This release will offer organizations an opportunity to formalize and improve their Portfolio Management model and deliver portfolio planning and control more efficiently and effectively. This should result in significant benefits for organizations that do it well.
The new features of Microsoft Project 2010 desktop will make developing and managing a project more intuitive for Project Managers new to the tool, and will provide many new tools that will enhance the experience for existing Project Managers.

Tuesday, October 9, 2012

Introducing Google Glass Project

Project Glass is a research and development program by Google to develop an augmented reality head-mounted display (HMD). The intended purpose of Project Glass products would be the hands-free displaying of information currently available to most smartphone users,and allowing for interaction with the Internet via natural language voice commands.The functionality and physical appearance (minimalist design of the aluminum strip with 2 nose pads) has been compared to Steve Mann's EyeTap.The operating system software used in the glass will be Google's Android.

Wednesday, October 3, 2012

iPhone 5 Banned Commercial

Iphone 5 Banned Commercial

Search by Image in Google

Sooner i posted an article about doing reverse image searching , but  today i want to introduce a new service from Google that started at October 2011 and it will give you the similar and maybe more powerful features. This service named "Search By Image " .
Its very easy to use, for example you have a picture of something or somebody and you need to find out where was the source of this picture or you need more information about that picture, you just need to go to and then switch to Image Section and just drag the image from your computer to your browser page and drop it there... it will start upload your image on Google and it will look for similar pictures and more description and information about it for you.
If you don't want to use the drag and drop feature, you can go to image section of Google and click on the camera icon inside the search box then it will let you to upload your image for reverse image search.
This service also have Add-ons for Firefox and Chrome , that will help you to do the search by image only by doing a right click everywhere on the web on any images!

Search by Image Add-on for Mozilla Firefox
Search by Image Add-on for Google Chrome

Social Networks Sharing