Computer Press!

Now Google launched a new service to help you in finding the SUNRISE  and SUNSET timings of your city by simply typing “sunrise ” or “sunset” before  or after your desired CITY in Google search box.

Source http://googlesystem.blogspot.com/2010/06/google-onebox-for-sunrise-and-sunset.html

Cisco has unveiled the Cius, a 7-inch business tablet capable of capturing and displaying high-resolution video among a bevy of other business oriented tasks for which the device is geared. With collaboration and communication portability in mind, the device weighs in at 1.15 pounds and supports HD video streaming, multi-party conferencing, and all the messaging and browsing you could ever need for business use. Wi-Fi and 3G connectivity insures employees in the field can easily stay in touch with headquarters.

The Android-based tablet won’t be available until 2011, though consumer trials will begin during Q3 of this year, but you probably can’t expect to see this tablet available directly to the consumer. Sales of the device will be targeted toward business and enterprise users through Cisco, which is a bit of a shame considering some of the truly cool features this tablet offers. I actually really dig the office phone docking station, too.

Reference site:  http://www.cisco.com/en/US/prod/collateral/voicesw/ps6789/ps7290/ps11156/solution_overview_c22-608594.html
Source: http://phandroid.com/2010/06/29/cisco-announces-cius-7-inch-hd-android-tablet/

Angry IP Scanner (or simply ipscan) is one of the best tool which came across during my professional career. It can be used for network mapping, identification of live hosts and get some useful information which can help in detailed penetration testing activities. Angry IP Scanner is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies.

It runs on Linux, Windows, and Mac OS X, possibly supporting other platforms as well.

Download Link: http://www.angryip.org/w/Download

Introduction

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Generic features

• Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server back-end database management systems. Besides these four database management systems software, sqlmap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase.
• Full support for three SQL injection techniques: inferential blind SQL injection, UNION query (inband) SQL injection and batched queries support. sqlmap can also test for time based blind SQL injection.
• It is possible to provide a single target URL, get the list of targets from Burp proxy requests log file or WebScarab proxy conversations/ folder, get the whole HTTP request from a text file or get the list of targets by providing sqlmap with a Google dork which queries Google search engine and parses its results page. You can also define a regular-expression based scope that is used to identify which of the parsed addresses to test.
• Automatically tests all provided GET parameters, POST parameters, HTTP Cookie header values and HTTP User-Agent header value to find the dynamic ones, which means those that vary the HTTP response page content. On the dynamic ones sqlmap automatically tests and detects the ones affected by SQL injection. Each dynamic parameter is tested for numeric, single quoted string, double quoted string and all of these three data-types with zero to two parenthesis to correctly detect which is the SELECT statement syntax to perform further injections with. It is also possible to specify the only parameter(s) that you want to perform tests and use for injection on.
• Option to specify the maximum number of concurrent HTTP requests to speed up the inferential blind SQL injection algorithms (multi-threading). It is also possible to specify the number of seconds to wait between each HTTP request.
• HTTP Cookie header string support, useful when the web application requires authentication based upon cookies and you have such data or in case you just want to test for and exploit SQL injection on such header. You can also specify to always URL-encode the Cookie header.
• Automatically handle HTTP Set-Cookie header from the application, re-establishing of the session if it expires. Test and exploit on these values is supported too. You can also force to ignore any Set-Cookie header.
• HTTP Basic, Digest, NTLM and Certificate authentications support.
• Anonymous HTTP proxy support to pass by the requests to the target application that works also with HTTPS requests.
• Options to fake the HTTP Referer header value and the HTTP User-Agent header value specified by user or randomly selected from a text file.
• Support to increase the verbosity level of output messages: there exist six levels. The default level is 1 in which information, warnings, errors and tracebacks (if any occur) will be shown.

Granularity in the user’s options.

• Estimated time of arrival support for each query, updated in real time while fetching the information to give to the user an overview on how long it will take to retrieve the output.
• Automatic support to save the session (queries and their output, even if partially retrieved) in real time while fetching the data on a text file and resume the injection from this file in a second time.
• Support to read options from a configuration INI file rather than specify each time all of the options on the command line. Support also to save command line options on a configuration INI file.
• Option to update sqlmap as a whole to the latest development version from the Subversion repository.
• Integration with other IT security open source projects, Metasploit and w3af.

Fingerprint and enumeration features

• Extensive back-end database software version and underlying operating system fingerprint based upon inband error messages, banner parsing, functions output comparison and specific features such as MySQL comment injection. It is also possible to force the back-end database management system name if you already know it.
• Basic web server software and web application technology fingerprint.
• Support to retrieve the DBMS banner, session user and current database information. The tool can also check if the session user is a database administrator (DBA).
• Support to enumerate database users, users’ password hashes, users’ privileges, databases, tables and columns.
• Support to dump database tables as a whole or a range of entries as per user’s choice. The user can also choose to dump only specific column(s).
• Support to automatically dump all databases’ schemas and entries. It is possibly to exclude from the dump the system databases.
• Support to enumerate and dump all databases’ tables containing user provided column(s). Useful to identify for instance tables containing custom application credentials.
• Support to run custom SQL statement(s) as in an interactive SQL client connecting to the back-end database. sqlmap automatically dissects the provided statement, determines which technique to use to inject it and how to pack the SQL payload accordingly.

Takeover features
Some of these techniques are detailed in the white paper Advanced SQL injection to operating system full control and in the slide deck Expanding the control over the operating system from the database.

• Support to inject custom user-defined functions: the user can compile shared object then use sqlmap to create within the back-end DBMS user-defined functions out of the compiled shared object file. These UDFs can then be executed, and optionally removed, via sqlmap too.
• Support to read and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
• Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
  • On MySQL and PostgreSQL via user-defined function injection and execution.
  • On Microsoft SQL Server via xp_cmdshell() stored procedure. Also, the stored procedure is re-enabled if disabled or created from scratch if removed.
• Support to establish an out-of-band stateful TCP connection between the user machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice. sqlmap relies on Metasploit to create the shellcode and implements four different techniques to execute it on the database server. These techniques are:
  • Database in-memory execution of the Metasploit’s shellcode via sqlmap own user-defined function sys_bineval(). Supported on MySQL and PostgreSQL.
  • Upload and execution of a Metasploit’s stand-alone payload stager via sqlmap own user-defined function sys_exec() on MySQL and PostgreSQL or via xp_cmdshell() on Microsoft SQL Server.
  • Execution of Metasploit’s shellcode by performing a SMB reflection attack ( MS08-068) with a UNC path request from the database server to the user’s machine where the Metasploit smb_relay server exploit runs.
  • Database in-memory execution of the Metasploit’s shellcode by exploiting Microsoft SQL Server 2000 and 2005 sp_replwritetovarbin stored procedure heap-based buffer overflow ( MS09-004) with automatic DEP bypass.
• Support for database process’ user privilege escalation via Metasploit’s getsystem command which include, among others, the kitrap0d technique ( MS10-015) or via Windows Access Tokens kidnapping by using Meterpreter’s incognito extension.
• Support to access (read/add/delete) Windows registry hives.

Project Page: http://sourceforge.net/projects/sqlmap/

A fully automated, active web application security reconnaissance tool. Key features include, 
High speed, pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.

Download current version: http://code.google.com/p/skipfish/

Ronald Rivest of RSA developed the RC4 algorithm, which is a shared key stream cipher algorithm requiring a secure exchange of a shared key. The algorithm is used identically for encryption and decryption as the data stream is simply XORed with the generated key sequence. The algorithm is serial as it requires successive exchanges of state entries based on the key sequence. Hence implementations can be very computationally intensive. This algorithm has been released to the public and is implemented by many programmers.

This encryption algorithm is used by standards such as IEEE 802.11 within WEP (Wireless Encryption Protocol) using a 40 and 128-bit keys. Published procedures exist for cracking the security measures as implemented in WEP.

The VOCAL implementation of the RC4 algorithm is available in several forms. The forms include pure optimized software and varying levels of hardware complexity utilizing UDI instructions. The operations are supported using UDI instructions for improved performance. When special assistance hardware is not available (as is the case on most general purpose processors), the byte manipulation/exchange operations are implemented via software.

In the algorithm the keystream is completely independent of the plaintext used. An 8 * 8 S-Box (S0 S255), where each of the entries is a permutation of the numbers 0 to 255, and the permutation is a function of the variable length key. There are two counters i, and j, both initialized to 0 used in the algorithm.

Algorithm Features
Uses a variable length key from 1 to 256 bytes to initialize a 256-byte state table. The state table is used for subsequent generation of pseudo-random bytes and then to generate a pseudo-random stream which is XORed with the plaintext to give the ciphertext. Each element in the state table is swapped at least once.
The key is often limited to 40 bits, because of export restrictions but it is sometimes used as a 128 bit key. It has the capability of using keys between 1 and 2048 bits. RC4 is used in many commercial software packages such as Lotus Notes and Oracle Secure SQL.
The algorithm works in two phases, key setup and ciphering. Key setup is the first and most difficult phase of this encryption algorithm. During a N-bit key setup (N being your key length), the encryption key is used to generate an encrypting variable using two arrays, state and key, and N-number of mixing operations. These mixing operations consist of swapping bytes, modulo operations, and other formulas. A modulo operation is the process of yielding a remainder from division. For example, 11/4 is 2 remainder 3; therefore eleven mod four would be equal to three.
The algorithm works in two phases, key setup and ciphering. Key setup is the first and most difficult phase of this encryption algorithm. During a N-bit key setup (N being your key length), the encryption key is used to generate an encrypting variable using two arrays, state and key, and N-number of mixing operations. These mixing operations consist of swapping bytes, modulo operations, and other formulas. A modulo operation is the process of yielding a remainder from division. For example, 11/4 is 2 remainder 3; therefore eleven mod four would be equal to three.

Algorithm Strengths
The difficulty of knowing where any value is in the table.
The difficulty of knowing which location in the table is used to select each value in the sequence.
A particular RC4 Algorithm key can be used only once.
Encryption is about 10 times faster than DES.

Algorithm Weakness
Encryption is about 10 times faster than DES.
One in every 256 keys can be a weak key. These keys are identified by cryptanalysis that is able to find circumstances under which one of more generated bytes are strongly correlated with a few bytes of the key.
WEAK KEYS: these are keys identified by cryptanalysis that is able to find circumstances under which one or more generated bytes are strongly correlated with small subset of the key bytes. These keys can happen in one out of 256 keys generated.

Algorithm Terminology
RC4 = Ron’s code # 4 or Rivest
Cipher = a cryptographic algorithm used for encryption and decryption.
Symmetric key algorithm = an algorithm that uses the same key to encrypt and decrypt
Stream cipher = algorithm that encrypts data one byte at a time
Anonymous remailer = distribution system that strips off all of the sender information and remails the message under an anonymous name.
State table: is a table initialized from 1 to 256 bytes. The bytes in the table are used for subsequent generation of Pseudo-Random bytes. The Pseudo-Random stream generated is XORed with the plaintext to give the ciphertext.
Performance
Each of the UDI implementations is a hardware block specifically designed for the implementation. RAM space is required by the key byte generator to locally maintain the state table for key generation. This state would need to be preserved and restored in case of a context switch if other processes would need the same functionality. This overhead is not considered in the above performance projections. Encryption and decryption state data may be stored in separate state memories to allow for independent processes.
The following table summarizes the number of MIPS required for the algorithm encryption/decryption for 1 million bits per second for each of the three implementations.

MIPS RAM
Optimized MIPS Assembly 2.5 none
RC4 Operation Support UDI Primitives 1.75 0 bytes
RC4 Key Byte Generator UDI Accelerator 0.22 256 bytes

VOCAL’s embedded software libraries include a complete range of ETSI / ITU / IEEE compliant algorithms, in addition to many other standard and proprietary algorithms. Our software is optimized for execution on ANSI C and leading DSP architectures (TI, ADI, AMD, ARM, MIPS, CEVA, LSI Logic ZSP, etc.). These libraries are modular and can be executed as a single task under a variety of operating systems or standalone with its own microkernel.

Source: http://www.vocal.com/cryptography/rc4.html