Day 2 – SQL Injection

We learned about SQL injection today and were just randomly picking Malaysian websites to test it on. This is the result that I managed to get with a local organisation’s website (which shall remain nameless). I managed to find out the version of MySQL server that they were running (5.0.45) and also the account credentials for that MySQL server (root@localhost).

Nice!

Our trainer was able to exploit this further and enumerate a whole bunch of stuff, including all the user login credentials for their MySQL database, a list of all their databases and column fields, a dump of all the records of any selected database and more. This is not a bad reflection on MySQL as our trainer says that MySQL databases are amongst the hardest to attack.

However, if there system administrator is not doing their jobs correctly, things can get screwed.

Hacker Halted – Day 1

I attended Day 1 of Hacker Halted today. I signed up for Workshop 1 – on web-application hacking – because I wanted to learn more about it. Our morning started with mainly basic stuff on the underlying mechanism behind web applications – HTTP protocol, DNS services and what nots.

Our afternoon session was more interesting, with our trainer – Sean Arries – showing us the information gathering aspect of web-application hacking (vulnerability analysis). This is done in order to increase the attack space of the target. The thing that I learned from this section of the training is that – sites are far more vulnerable from side-channel and internal attacks than direct external attacks.

The tools that I already knew (and are part of every System Admin’s arsenal) were things like whois, dig, nslookup, host and other network layer stuff. However, at the application level, I learned how to use XSS ME. Manually testing cross-site scripting (XSS) is quite fun.

The basic techniques shown were really useful. We even practiced it on a number of prominent local Malaysian sites. Very interesting. Tomorrow, we get to the actual act of attacking web applications (penetration testing) and see if we can pwn any machines. I am looking forward to hacking my own websites.

Verifying Anonymity

When it comes to electronic voting, the biggest problem has always been the divergent requirements of maintaining the anonymity of a ballot versus the authentication and verification of a voter with the ballot. There is a lot of research going on to ensure that all of these requirements are taken care of. While the following is a good step in the right direction, it has one specific assumption – that the ballot sheets are given out randomly. It is unlikely that such a thing can be done fairly and easily.

Physical Programming #104: Parallel Programming

I was attending a training session on parallel programming given by Dr Yan Solihin (from NCSU) today, when it occurred to me that one very important reason to learn physical programming is to do parallel programming. Parallel programming could be considered a sub-set of physical programming.

While physical programming encourages one to consider all physical aspects of programming, parallel programming makes one consider the physical constraints that relate to the execution of instructions across multiple cores and machines. Therefore, this will take into account the memory hierarchy as well as communication limits.

Therefore, this might be a good example to use as a sub-chapter or two of physical programming. It is very important to show how and why parallelism is important and we should stop being lazy programmers.

Waterfall Model Failure

I recently saw the video on “Real Software Engineering” and one of the things that struck me about the video is that it pointed out that the classic ‘waterfall model‘ of software development that we are all taught in schools, does not work. Not only does it not work, in fact, the original author and person attributed for inventing the model actually said that, “I believe in this concept, but the implementation described (above) is risky and invites failure.”

Hahaha!