Wednesday, November 11, 2009

How To Remove Encrypted Footer Links in Free WordPress Themes

Legal Disclaimer:

The following article is for your reading enjoyment only in regard to free WordPress themes with sponsored encrypted footer links and should not be construed as legal advice. You take full responsibility for you own actions and should consult a lawyer or do further research before taking any action to remedy themes that have encrypted footer links. Themebot is not liable in any way for the actions you take regarding the information presented in this article.

Encrypted WordPress Footer Link ExampleWith that said, this article will address the issues with sponsored links in WordPress themes and give a technique to remove the encrypted code in the footer without messing up the theme. A few months ago, a visitor left a comment on one of the WordPress themes called "Kindergarten" in relation to the license and encrypted footer links contained in the theme. It was mentioned that the encrypted code presents a security concern, because malicious code could be included with the theme and there is no way to audit for it.

Themebot has been aware for a long time that WordPress theme designers often encrypt the sponsored links at the bottom of the WordPress themes they add. This wasn't the first time somebody complained about this, and it brought to mind the possibility of disallowing themes that contain encryption. Some sites that provide directories for free WordPress themes do not allow themes to be listed if they use encryption, and the free themes directory on WordPress.org doesn't even allow themes with sponsored links at all. However, this is not the best solution, because there are a lot of high quality themes that have sponsored / encrypted links. Instead of prohibiting members from uploading such themes and removing all of the existing themes with encryption, Themebot decided it would be better to write an article explaining why it is a bad idea to use these themes along with a tutorial outlining an easy method to remove the encrypted code. This way your selection of themes is not limited and it is up to you to decide whether or not to use such a theme. You will also have the tools to take care of the encrypted code if so desired.

First, it is important to understand why sponsored links are harmful and you should keep reading if you are considering using a WordPress theme that has encrypted links. If you would like to just skip ahead to the method for removing encrypted links, click here.

Will Sponsored WordPress Themes Hurt My SEO?

If you are starting a new blog or already maintain a blog you obviously want people to visit the website. One of the best ways to gain traffic is through organic search results. When you write quality content, you should be rewarded with good search engine performance, whether or not you even know anything about SEO. The problem is that SEO (Search Engine Optimization) is not something that everyone has taken the time to learn, and you could be harming your search engine results performance (SERPS) by using a WordPress Theme that includes sponsored links.

Since Google is by far the dominant search engine, they will used as the example in this article. Google uses links to determine the relevancy of websites and pages in relation to the content and keywords used. If you link to another website from your blog, Google inteprets this as a vote of confidence and will adjust the search results so that the page that was linked to performs better in searches when somebody does a related search. Obviously, this can be manipulated. If Google detects artificial manipulation of pagerank, it can be damaging to the SERPS for both the website which contains the innappropriate links, as well as the websites that are being linked to.

SEO Issues for Blog Owners

When you use a WordPress theme that contains unrelated, low quality links to other websites in the footer you are putting your SEO at risk. First of all, the links are at the bottom of every single page of your blog. This could be interpreted as spam and will most likely result in a performance penalty or even having your website banned completely from search results.

Let's take a look at the WordPress theme previously mentioned: Bad WordPress Sponsored Links Example. There are a total of four sponsored links at the bottom:

Designed by Webagentur Presented by celebrity baby clothes, Vacation with a Baby and PKV Private Krankenversicherung

Two of the links are completely irrelevant to the topic of the theme. The other two links are relevant, but only one of the links actually leads to a decent quality website. So, there are three junk links in the footer. And, the "Designed by" link doesn't even go to the actual web designer's website, it is a sponsored link and thus a lie.

There is nothing wrong with a legitimate link back to the web designer's website. One link in the footer giving credit to the web designer who actually created the theme is completely appropriate and will not cause a penalty for either the blog owner or the web designer. But, when there are four global footer links (three of which are poor quality links) it is likely to raise a red flag with Google et al. Therefore, these links should either be removed or the theme should not be used.

SEO Issues for Link Sponsors

This is very clear cut issue. Sponsored WordPress footer links are paid text links. If you are using paid links to artificially boost the Pagerank of your website, you are violating Google's quality guidelines for webmasters / site owners. Google and other search engines strive to deliver quality search results. Anyone can pay for a link and thus paid links are not a good indicator of quality. Websites that buy text links for this purpose are likely to be penalized or banned. It is only a matter of time before Google finds out and it is not worth the risk. I can't believe people are still sponsoring footer links in WordPress themes, because they are shooting their SEO in the foot.

Several months ago, I was contacted by a theme designer who's website had been completely banned because of the links they put in their theme. She had contacted Google through webmaster tools to find out why and then contacted Themebot to request that the theme be replaced with a clean version. Whether you are the theme designer or you are purchasing footer links, if your website gets banned just imagine how difficult it would be to track down all of the websites hosting the problematic theme(s) for download, all of the the blogs that are using the theme(s) and then requesting that the links be removed. It is probably easier to just start over with a new domain, definitely not worth the risk. And, if you paid money to have your links sponsored, it is a double loss.

SEO Issues for Theme Designers

Obviously, if you are including a link to your own website along with the sponsored links, you are at risk of having your website flagged. As mentioned earlier, it is perfectly legitimate to link to your own website for design credit and this will help your pagerank. Perhaps two quality footer links are not going to raise any flags, but nobody knows the magic Google formula and the more links there are in the footer, the more it increases the chances of invoking an SEO penalty. Really, the best strategy is to just link to your own website and provide quality web design for clients or have another way to monetize the traffic. Selling sponsored links is bound to become obsolete in the future as more people wise-up to the fact that they are actually damaging their SEO by sponsoring themes. If you are depending on selling links for income, it would be a smart move to actually have a website with a web design portfolio and start building pagerank to that.

Encrypted Code and Security Issues

The chances that encrypted sections in WordPress themes contain malicious code are very slim. The reason why theme designers use encryption is because it is a selling point for potential theme sponsors. It is more difficult to remove the links when they are encrypted and most people won't bother trying to figure out how. People who sponsor themes are more willing to pay for the links since they are seemingly difficult to remove (too bad for them that there is a an easy way to get rid of the encrypted links). But, you never know what someone's intentions are and it is difficult to determine if there is malicious code present when encryption is used. If a theme contains encrypted code, it is in everyone's best interest to remove the encrypted section. If the license prohibits doing this, use another theme.

License Issues

Themes that are licensed GNU/GPL or Free do not have restrictions in relation to modifying the code. You can modify the code as much as you want. However, some themes are released with the GNU/GPL license or as Free but they contain a copyright notice above the encrypted code that looks something like this:

This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited.

My understanding of this issue is that the theme was released under a license which allows you to modify the code that comprises the theme. Since the license governs all of the files within the theme, this could be interpreted to mean that the code used to display the copyright notice can also be modified or removed. So, get rid of it.

For themes released with a license that requires attribution, this gets a little trickier. Going back to the example theme we looked at earlier for bad WordPress sponsored links, it was determined that all four of the links don't have anything to do with the actual author of the theme. Most likely, the author is mentioned in the style.css file under Author URI. Sure enough, the Author URI for the Kindergarten theme is http://www.wpskins.org, which is completely different from the credit links in the footer. Since none of the links provide attribution, they can all be removed. Now, if a link to the actual author's website is mixed in with the other links for the footer, the sponsored links could be removed but the author's link would have to stay intact to be in accord with the license.

Moral Issues

WordPress is free software, licensed under GNU/GPL. Anyone can download and even modify the code for WordPress to suit their needs and they can do so without having to pay anything. Many people have volunteered countless hours to make WordPress the high-quality software it is today. It is understandable if theme designers want to receive credit for having spent time working on a WordPress theme and release it with an attribition required license, even though this is more restrictive than the GNU/GPL license. There is no problem with asking for a link in exchange for your hardwork. However, encrypting footer links for spammy sponsor websites that had nothing to do with the design of the theme and then putting a restrictive copyright warning above the encrypted code in the footer is just plain wrong. If you are doing this, profiting off of the hard work of the WordPress team and you haven't even made a donation to WordPress, you suck! Not only do you suck, you also deserve to have any legitimate links to your own website removed as well, if your website hasn't already been banned from search results.

Method to Replace the Encrypted WordPress Footer Links

Now that most if not all of the issues related to sponsored WordPress themes and encryption have been discussed, let's get to the method for removing the links. First, log in to the admin area for your WordPress blog. After having activated the WordPress theme you want to use, click the editor link under Appearance in the left column.

WordPress Theme Editor

You will then see the Theme Files listed. If you click on the Footer (footer.php), you will see the encrypted code, which looks like a bunch of gibberish.

Encrypted WordPress Footer

Now click on Main Index Template (index.php). This is the main file use to compile all of the separate files used in a WordPress theme. We are looking for the bit of code that calls the footer file. If you are using Firefox as your browser, this is very easy to do. Simply press Ctrl F to open the Find box at the bottom of the browser. Then, paste this into the box:

Firefox will take you right to the code. You can also use the find function in other browsers but it is not as convenient.

Now that you have located the code for calling the footer file, you need surround this in something that will allow you to find that section of the website when viewing the source code for the live site. To do this, we add two lines above and below the footer code:


Paste those two bits of code above and below the footer code and click the Update File button. Your Main Index Template should look like this:

Themebot Footer Finder

With that done, open the homepage for your blog in a new browser window. If you are using Firefox (you really should give it a try if you aren't already using it), press Ctrl U and a window will pop up with the source code for your blog. Again, press Ctrl F to open the Find box. Paste in "ThemebotFooterFinderTop" and Firefox will take you to the beginning of the actual code used for the footer. Now, highlight everything between and and press Ctrl C to copy the code.

Unencrypted Footer from Source Code

Go back to your WordPress admin window and click on the link to edit the Footer (footer.php) file.

Select all of the code in the Footer, this can be done by pressing Ctrl A. With the crappy encrypted code selected, just press Ctrl V to paste in the code you copied from the source code page. Now you can go through and remove any links that shouldn't be there without screwing up the theme. For example, you could start by removing this one from the Kindergarten theme:

Designed by Webagentur

Remove all inappropriate links but do not remove the link to the Author's website, if the actual author is listed. Check the Stylesheet (style.css) file for Author URI, which will list the actual author if this info was entered properly. After you have removed the lame links, press the Update File button and you are done. No more links harming your SEO and no more potentially malicious code lurking behind encryption!


Tuesday, October 6, 2009

How to Backup your WordPress Database

Considering what happened on this incident , I think it's fitting to write up a tutorial on how to backup your wordpress Database. There are a couple of ways to backup your database, I'm going to show you how to do it using WordPress Database Backup Plugin .

  1. Extract wp-db-backup.php, upload it into /wp-content/plugins/ and activate it under the Plugins menu.
  2. Click the Manage menu in your WordPress admin area.
  3. Click the Backup sub-menu.
  4. The plugin will look for other tables in the same database. You may elect to include other tables in the backup.
    ** NOTE **
    Including other tables in your backup may substantially increase the
    size of the backup file!
  5. Select how you’d like the backup to be delivered: Save to server :
  6. this will create a file in /wp-content/backup-*/ for you to retrieve later Download to your computer :
  7. this will send the backup file to your browser to be downloaded Email :
  8. this will email the backup file to the address you specify
  9. Click “Backup!” and your database backup will be delivered to you.

    When having the database backup emailed or sent to your browser for immediate download, the backup file will be deleted from the server when the transfer is finished. Only if you select delivery method “Save to server” will the backup file remain on your server.

Tuesday, September 29, 2009

Differences Between Conventional Data Backup Systems and Rollback RX

Historically, our defense against a hard drive crash has been a complete disk image kept at a physically separate location - this image is copied back on to a replacement hard drive. This is the foundation of all Data Backup Software (MS Backup, Ghost, etc.) – the physical imaging of data.


But image-based backups have two major problems: they are very resource-hungry and they require a lot of manual intervention. So arduous is this that even disciplined IT shops do it as infrequently as is possible. Most small businesses and individuals seldom get around to doing backups.


But when the time comes to restore – the older the backup, the more work is lost. There is some “logging” software that tries to maintain continuous change tracking, but again, it is very demanding on resources.


As disk hard ware is very stable, the impulse to defer a backup is high. But content corruption has become a major issue. Spyware, Adware, faulty “Upgrades”, incomplete Uninstalls, Key Loggers, Root Kits, and Viruses hit us almost daily. Firewalls, anti-viruses and intrusion detectors lessen the risks, but it is a question of “when” security will be breached, not “if”. The need for a frequent, fast, and efficient backup and restore has never been greater.


Now, Horizon DataSys has come out with RollBack Rx Pro™ that takes a bit-level snapshot of your hard drive in 1 to 3 seconds. You read that correctly, that’s seconds! Rollback Rx is based on a groundbreaking new technology called “incremental sector mapping”. This technology gives it its blazing snapshot speed. And, as only changed sectors are snapshot – the more often you use it, the faster it works. I can’t think of a better encouragement to use it more often.


At Horizon DataSys for example, all the machines in their network are set on an automatic hourly snapshot. When asked why they were doing such frequent backups, President Lyle Patel’s answer was, “’…because we can!” There is literally zero impact on productivity - machines marginally slow for about one second an hour.


And that’s not all. The Rollback Rx Restore function is a true bit-for-bit recovery of the complete hard drive. Pick any snapshot and get back everything as of that point in time: the programs, the drivers, the data, the Registry settings, everything. Rollback Rx even recovers the contents of your Recycle Bin! And how long does that take? Try about 3 seconds plus a restart.


Also, Rollback Rx will store 60,000 snapshots in less than 0.1% of your disk. Multiple restore points are available to you. So, even if you don’t know when your drive was infected, you can step back gingerly until you are clear.


Back from the future


But, if you have to revert a day, a week or a month, what about all the lost work? Believe it or not, Rollback RX recovers data from the future! Let us say that you go back to a snapshot from a month ago. You can ask Rollback Rx to “recover data to latest image”. Rollback RX will hunt forward and update data files (only) from any later snapshots you have taken! If you do hourly snapshots – well, you get the picture.


Here is how you would recover even more. You get an error or discover an infection. Close out all open documents and take an immediate snapshot, infection, error and all. Use Rollback RX to go back to the last clean baseline and ask it to recover data forward. Now, you’ve got every last keystroke back.


A Real Example


Rollback Rx’s performance sounds almost miraculous, but I can personally attest to it. Here is my (Robin Chakravarti) actual experience of my first Snapshot and a Restore.
Using MS Backup: As a benchmark, I backed up my work system: (XP Pro SP2, Kaspersky, MS Office and some data files – altogether around 6 GB). It estimated 4 hours and 40 minutes and an additional 4.3 GB to back up to a second internal hard drive. I tried to work, but the machine just crawled during the backup so, around 2 hours in, I cancelled the job. Does this sound familiar?


Using Rollback Rx Pro: With the same 6 GB system, I did the first snapshot – it took 3 seconds, 400K used. I then immediately took second snapshot – it took 1 second, zero K used. It was so fast that, frankly, I had my suspicions that Rollback was really doing anything.


Then, at my boss’s urging, I deleted the following: MyDocs, MS Office and almost all of \System32 (!).I cleaned all the icons off y Desktop. He wanted me to continue deleting things till I got a BSoD. By this time, I thought I was totally toast anyway and to go on till a BSoD would be overkill. I then took the “restore” option on Rollback. The machine restarted, and offered me a choice of restore points. I selected one and 3 seconds later, EVERYTHING was back- my icons, \System32, MyDocs, MS Office, everything. My “recently opened files” lists were restored into every application. Even my Recycle Bin was back!


Differences from MS System Restore


XP has a built-in System Restore function, but this is restricted to recovering (some not all) system files only. This means that you can uninstall a failing driver or update, but nothing else. Now newer malware survives a System Restore. In addition, System Restore has a certain (ahem!) unfortunate reputation.


Rollback Rx recovers every single bit on the drive. It will recover a system from BSoD, the Blue Screen of Death. It will even rescue a PC whose drive has been formatted AND Fdisked!


Enterprise version


Rollback Rx Pro comes in an Enterprise version that permits remote management of snapshots and rollbacks. Working through a web interface, the security manager can manage any machine in a network from anywhere. This version is popular with large commercial Customers.


Public Access Machines?


Rollback Rx also comes in a “Standard” version that permits only a single snapshot, and not the 60,000 permitted by the Pro version. This snapshot can automatically be restored on logoff or restart; so the next user can have a clean baseline system. This version is popular with institution with a lot of Public Access machines such as School Districts and Libraries. Incidentally, if you take the Enterprise version, you can have any mix of Standard and Pro clients that you please.


Conclusions


I don’t quite know how to phrase this but Rollback Rx is a “complete new thing”. It’s not just another “me too” backup product, offering to work marginally faster and take marginally less space than the competition. Rollback Rx Pro works in seconds and restores in seconds and restores a complete bit-image. Now backup and restore has become a trivial thing.


I had actually begun to dread going the Internet, as it had so many traps for the unwary – but now I lost my fear. I feel like I am back to the first careless days of the Net, when you could safely browse everywhere and hardly ever end up with a virus. And even if I do get infected, it is a trivial matter to back out cleanly.
Of course, you still have to be identify nasty-ware in order to remove it, but hopefully spyware identifiers and firewalls will continue to do a good job. Rollback RX Pro, however, does a much better job of backing you out from an infection.

Monday, September 21, 2009

Cryptainer LE - Free 128 bit file and disk encryption software

Cryptainer LE encryption software was developed as a freeware 128 bit file/disk encrypting tool.

It a simple, easy to use software that creates encrypted "vaults".
One can store any kind of data in them It creates a 128 bit "vault" that encrypts all files by simply dragging and dropping them into this vault.

Additionally it lets you create secure e-mail files that you can send to anyone.

The free, fully-functional Cryptainer LE version uses a 128-bit implementation of the powerful Blowfish algorithm while the registered versions Cryptainer ME, Cryptainer PE and Cryptainer 6 offer a choice between a 448-bit implementation of Blowfish and a 256-bit implementation of AES (Rijndael).

Cryptainer LE Free encryption software encrypts all files by simply dragging and dropping them into the vault.

Cryptainer LE ensures absolute complete security for your data making sure that only you and nobody else can access your data. Cryptainer LE creates an encrypted volume that can be accessed only with your password.

Once mounted, the volume behaves as a standard windows drive. and the files can be read, changed, as well as moved from one place to another.

Any kind of file - from word and excel documents to movies and pictures, can be encrypted. You can also send secure email attachments.

It runs on most 32 bit versions of Windows (95/98/ME/2000/XP).
The best part - this package is totally free to use. A must have for every desktop.

Here are some key features of "Cryptainer LE":

· Creates an encrypted container (vault) to store any type of data.
· 128 bit strong encryption
· Simple drag and drop operation
· Easy to use, Impossible to break.
· Works on all versions of Windows.
· Works on all Media including removable (USB Drives, etc)
· Send Secure E-mails



Thursday, September 10, 2009

How to create a backup of all drivers and restore them - easy way

Double driver v2.1

It really gives many people headaches and troubles when it comes to re-installation of your Windows operating system. After the Windows installation, you need to find and install all hardware drivers again. You may get into troubles if you don’t have the Driver CD or you have lost it or they are unavailable on the net?

Double Driver is a freeware Windows application that allows you to backup hardware drivers on your system for restoration purpose at a later time. This driver backup utility can save you a lot of time and comes in handy especially when you need to reinstall your Windows. Instead of going through all kind the troubles, you can use Double Driver to get all your hardware drivers restored in one go.
How to use Double Driver?

First of all, launch Double Driver after successful installation. Click the scan button to scan for drivers on your system. You can check specific drivers or select them all for backup.

It really gives many people headaches and troubles when it comes to re-installation of your Windows operating system. After the Windows installation, you need to find and install all hardware drivers again. You may get into troubles if you don’t have the Driver CD or you have lost it or they are unavailable on the net?

Double Driver is a freeware Windows application that allows you to backup hardware drivers on your system for restoration purpose at a later time. This driver backup utility can save you a lot of time and comes in handy especially when you need to reinstall your Windows. Instead of going through all kind the troubles, you can use Double Driver to get all your hardware drivers restored in one go.
How to use Double Driver?

First of all, launch Double Driver after successful installation. Click the scan button to scan for drivers on your system. You can check specific drivers or select them all for backup.

To restore drivers, click the restore button. Locate the directory containing your drivers backup and click Restore.

You can download it from: http://www.softpedia.com/get/System/System-Info/Double-Driver.shtml

Thursday, August 20, 2009

How They Hack Your Website: Overview of Common Techniques By John Conroy | Mar 5, 2008

We hear the same terms bandied about whenever a popular site gets hacked. You know… SQL Injection, cross site scripting, that kind of thing. But what do these things mean? Is hacking really as inaccessible as many of us imagine; a nefarious, impossibly technical twilight world forever beyond our ken?

Not really.

When you consider that you can go to Google right now and enter a search string which will return you thousands of usernames and passwords to websites, you realize that this dark science is really no mystery at all. You'll react similarly when you see just how simple a concept SQL Injection is, and how it can be automated with simple tools. Read on, to learn the basics of how sites and web content management systems are most often hacked, and what you can do to reduce the risk of it happening to you.
SQL Injection

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.

When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.

SPONSORSHIP
CMSWire speaks to a specific audience of professionals. You can too. Advertise here.

The Simple SQL Injection Hack

In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.

Suppose we enter the following string in a Username field:

' OR 1=1 double-dash-txt.png

The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:

SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT’

…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.

So entering `OR 1=1 — as your username, could result in the following actually being run:

SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '’

Two things you need to know about this:
['] closes the [username] text field.

'double-dash-txt.png' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:

SELECT * FROM users WHERE username = '' OR 1=1

1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.

Let's hope you got the gist of that, and move briskly on.

Brilliant! I'm gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank, evidently.

citibankhack.png

But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:

username field examples:

* admin'—
* ') or ('a'='a
* ”) or (“a”=”a
* hi” or “a”=”a

… and so on.

Backdoor Injection- Modules, Forums, Search etc.
Hacking web forms is by no means limited exclusively to login screens. A humble search form, for instance, is necessarily tied to a database, and can potentially be used to amend database details. Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTO, UNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.

So you can have security locked down at the login, but poor security on other forms can still be exploited. Unfortunately this is a real worry regarding 3rd party modules for Web CMS products which incorporate forms, and for CMS products these 3rd party modules are often the weakest links which allows hackers access to your database.

Automated Injection
There are tools to automate the process of SQL Injection into login and other fields. One hacker process, using a specific tool, will be to seek out a number of weak targets using Google (searching for login.asp, for instance), then insert a range of possible injection strings (like those listed above, culled from innumerable Injection cheat-sheets on the Web), add a list of proxies to cover his movements, and go play XBox while the program automates the whole injection process.

Remote Injection
This involves uploading malicious files to inject SQL and exploit other vulnerabilities. It's a topic which was deemed beyond the scope of this report, but you can view this PDF if you'd like to learn more.

SQL Injection in the Browser Address Bar
Injections can also be performed via the browser address bar. I don't mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests with URLs of the following form are most often held to be vulnerable:

http://somesite.com/index.asp?id=10

Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11

See if both articles come up. Don't shoot your webmaster just yet if it's your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.

As we saw above, access to the database raises a number of interesting possibilities. The database structure can be mapped by a skilled hacker through ill-conceived visibility of error messages — this is called database footprinting — and then this knowledge of table names and so forth can be used to gain access to additional data. Revealing error messages are manna - they can carry invaluable table name and structural details.

The following illustrative string is from Imperva.

http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT username, password FROM USERS

There are vast swathes of information on SQL Injection available, here are a couple of good sources:

* GovernmentSecurity.org
* SecurityDocs.com

Cross Site Scripting (XSS)

XSS or Cross Site Scripting is the other major vulnerability which dominates the web hacking landscape, and is an exceptionally tricky customer which seems particularly difficult to stop. Microsoft, MySpace, Google… all the big cahunas have had problems with XSS vulnerabilities. This is somewhat more complicated than SQL Injection, and we'll just have a quick look to get a feel for it.

XSS is about malicious (usually) JavaScript routines embedded in hyperlinks, which are used to hijack sessions, hijack ads in applications and steal personal information.

Picture the scene: you're there flicking through some nameless bulletin board because, yes, you really are that lazy at work. Some friendly girl with broken English implores you to get in touch. 'Me nice gurl', she says. You've always wondered where those links actually go, so you say what the hell. You hover over the link, it looks like this in the information bar:

[%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7…]

Hmmm…what the hell, let's give it a bash, you say. The one thing I really need right now is to see an ad for cheap Cialis. Maybe the linked page satisfies this craving, maybe not. Nothing dramatic happens when you click the link, at any rate, and the long day wears on.

When a link in an IM, email, forum or message board is hexed like the one above, it could contain just about anything. Like this example, from SandSprite, which helps steal a session cookie, which can potentially be used to hijack a session in a web application, or even to access user account details.

cookiegrab.png

Stealing cookies is just the tip of the iceberg though — XSS attacks through links and through embedded code on a page or even a bb post can do a whole lot more, with a little imagination.

XSS is mostly of concern to consumers and to developers of web applications. It's the family of security nightmares which keeps people like MySpace Tom and Mark Zuckerberg awake at night. So they're not all bad then, I suppose…

For additional resources on this topic, here's a great overview of XSS (PDF) and just what can be accomplished with sneaky links. And here's an in-depth XSS video.
Authorization Bypass

Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm

Authorization bypass, to gain access to the Admin backend, can be as simple as this:

* Find weak target login page.
* View source. Copy to notepad.
* Delete the authorization javascript, amend a link or two.
* Save to desktop.
* Open on desktop. Enter anything into login fields, press enter.
* Hey Presto.

Here's a great video of a White Hat going through the authorization-bypass process on YouTube. This was done against a small university's website. It's a two-minute process. Note that he gets into the User 1 account, which is not the Admin account in this case. Is Admin User 1 on your User table?
Google Hacking

This is by far the easiest hack of all. It really is extraordinary what you can find in Google's index. And here's Newsflash #1: you can find a wealth of actual usernames and passwords using search strings.

Copy and paste these into Google:

inurl:passlist.txt
inurl:passwd.txt
…and this one is just priceless…
“login: *” “password= *” filetype:xls

Such strings return very random results, and are of little use for targeted attacks. Google hacking will primarily be used for finding sites with vulnerabilities. If a hacker knows that, say, SQL Server 2000 has certain exploits, and he knows a unique string pushed out by that version in results, you can hone in on vulnerable websites.

For specific targets Google can return some exceptionally useful information: full server configurations, database details (so a good hacker knows what kind of injections might work), and so forth. You can find any amount of SQL database dumps as well (fooling around with a Google hack while preparing this article, I stumbled across a dump for a top-tier CMS developer's website). And a vast amount more besides.

johnny.ihackstuff.com is the man to go to for Google hacks. One interesting one I toyed with invited me to the Joomla! install page for dozens of sites… people who had uploaded Joomla!, decided against installing it, and subsequently had either left the domain to rot, or else set a redirect on the page to, say, their Flickr account (in one case). Allowing anybody to walk in and run through the installer. Other query strings target unprotected email/IM archives, and all sorts of very sensitive information. What fun we can have!
Password Cracking

Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.

You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.
A Few Defensive Measures

* If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
* Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
* Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
* If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
* Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
* Do a few Google hacks on your name and your website. Just in case…
* When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes.

Monday, August 17, 2009

HP USB Disk Storage Format Tool

I had this problem with my USB flash memory stick: During a new install of WinXP Pro I deleted all partitions seen in WinXP partition manager which unfortunately included my USB Flash Drive which was still left plugged. When I plugg it in, message pops up that I should formate it. If I try to format the flash drive using WinXP I get the message "Windows was unable to complete the format".
I was looking for answers by visiting forums, sending mails to technical support, but nobody had a solution. I solved it by using HP USB Disk Storage Format Tool.
Its usefull piece of software and I think that everybody should have it in basic software collection.

Download link: http://hp-usb-disk-storage-format-tool.software.informer.com/