Sunday, April 20, 2014

Getting over the Heartbleed

Not the love life, the life Online

The simple explanation:
Heartbleed allows a hacker/attacker to have access to a random chunk of memory on the server that contains ur encryption keys or un-encrypted passwords, site data etc while the hacker remains anonymous. You would not know if it hit you.



What can the end user do???
Check if your provider/website of which you are a member of has patched the heartbleed bug. 
Here's the list of websites which have been affected by the heartbleed bug.
 Just change the Password.



 Android users update ur phones.

In detail:
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet. 
One library that implements TLS is OpenSSL.

66% of the websites use OpenSSL, so knowingly or unknowingly u have been bugged.

A few versions earlier to the current OpenSSL, the negotiation between the client and server before sending expensive data was expensive. Most of the time the packets used to get lost or corrupt due to too many requests and need to drop its end of the TLS connection.
So the guys at the OpenSSL formulated a solution. i.e A way of telling that the server is available or its currently overwhelmed by different requests.  This way of telling if the server was available was done with the help of "KEEP ALIVE" messages known as "HEARTBEATS".


How does the HEARTBEAT work?
ex: suppose you send an request as a payload "you there man" the size is 13 so the webserver to whom you requested stores the payload as well as the size 13 into its memory. So when you send the "keep-alive" request the message is sent back to the client this is done by reading the message out from the memory of the server where it was stored following 13 places(size of ur payload).So, ur connection is kept alive.


The FLAW: Heartbleed
OpenSSL library never checked that the Heartbeat payload size corresponds with the actual length of the payload being sent.  A user is allowed to input any number up to 65535 (64 kilobytes) regardless of the true size of the payload. 
So now the attacker will send an heartbeat request for 64kb even though his payload size is 13 bytes. The server will start responding to the heartbeat request by sending the first 13 bytes and  continuing upto 64kb from the server memory to the client. The data received by the client will contain encryption keys, usernames, unencrypted passwords, user information, site information etc etc . In short whatever is put onto the server memory which is relatively everything.
All this can be performed anonymously and in a repeated manner so accessing different parts of the server memory. 


The CURE:
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2.
--Official Statement
Check if your site is affected by using this tool by LastPASS

You need to revoke your current secret TLS keys and regenerate new ones. Coz there is no telling if you have been hit and run coz all these attacks are anonymous. 

Android users of V.4.1.1 Jellybean, need to update their phones. (Better to update all android devices irrespective of the version) Download Lookout’s Heartbleed Detector or Bluebox’s Heartbleed Scanner apps, both of which will tell you if your Android device is affected by the bug.

Change ur passwords of websites that are affected(atleast by a letter) 

Even VPN's are suffering from Heartbleed. You will have to regenerate the client certificates. http://www.pcworld.com/article/2144962/vpn-provider-proves-openvpn-private-keys-at-risk-from-heartbleed-bug.html

Don't stop there, coz even if you have patched it from the patch received from the vendor there still might be a lot of ways to steal the information. Everyone's checking and trying to find out more vulnerabilities (so should you) and a few have found too like the Reverse HeartBleed


Reverse Heartbleed
The Heartbleed bug (CVE-2014-0160)can be used to attack clients as well as servers. Many organizations have hosts which initiate outbound SSL connections (pulling updates, fetching images, or pinging webhook URLs). These hosts are often on a separate infrastructure (with different SSL dependencies) within the organization firewall. These hosts may be vulnerable to the reverse Heartbleed attack. 
This is the tool to check for it. https://reverseheartbleed.com/

Reverse Heartbleed is more tricky for the attacker however once you have patched the heartbleed the reverse heartbleed becomes more trickier.


This bug has been around for 2 years
There are claims that no hackers knew about this and it was the researchers who found about it probably the NSA and Google(since a month) knew it. 
The race is on to find the next bug. It's got a reward too. http://www.theregister.co.uk/2014/04/16/open_ssl_crowdfunding/

Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer and Skype, along with most Microsoft Services, are not impacted by the OpenSSL “Heartbleed” vulnerability. Windows’ implementation of SSL/TLS is also not impacted. A few Services continue to be reviewed and updated with further protections. 


 References:
https://xkcd.com/
http://security.stackexchange.com




Thursday, February 27, 2014

EMPLOYER E-SEWA PF India Annexure ii upload tool

This is an unofficial tool to help ease the process of uploading Annexure ii to the e-sewa portal.
The official instructions i.e the format for upload is specified here http://www.epfindia.com/ECR/AnnexureII_ErrorCodesList_10042013.pdf

Its a lot complicated for non tech people. So to simplify things I have created an excel sheet where you need to enter the employee details and then just click on a button which will generate the file to be uploaded in the specified format by EPF India.

You should be able to do it in 5 simple steps,  let me take you step by step

Step 1: Download the excel sheet Click Here

Step 2:
These are the columns you ll need to enter into the excel sheet

Open the excel sheet you will find the same columns 

So start filling your employees details, I shall fill the employee Anil Singh on my sheet

Step 3: 
Click on the generate file button.
Step 4:
Enter the path for the file to be stored along with the filename with the extension .txt
ex: d:\FileToBeUploaded.txt and click on Ok


Step 5:
Go to the destination folder/ drive whatever you gave in the above step and open it

Check if all the records are there and then just upload it in the portal.

Important: Every time you plan on using this sheet, use a fresh one, don't use previously entered sheets.
                Before uploading the text file you need to make sure there are no extra lines in the file.

If any doubts or clarifications mention them in the comments, I shall respond. If any errors in upload, epf provides the error codes etc,  post them too in the comments.

Later I shall cover the code of the Macro.

Tuesday, May 28, 2013

Getting over a heartbreak/breakup

According to Greek mythology humans were originally created with 4 arms 4 egs & a head with 2 faces.

According to Greek mythology humans were originally created with 4 arms 4 legs & a head with 2 faces.


If the above pic is true m so screwed...

Well I'm writing a few ways to get over your ex Wife/Gf/Bf/Husband. They dint seem to workout for me but they did help a lot of my friends, so I decided to put it up here.

When you breakup the feeling of betrayal, misplaced guilt, depression etc etc combine and grind your thoughts. To get over it is not easy but possible
Here are a few things u need to know
* If they left you for no apparent reason then say to yourself that they are happy without you. It was not meant to be.

* If you truly loved someone, then it means that their happiness is the only thing that matters to you. So just pray that they'll be happy no matter what.
It is hard to accept that he/she is happy without you, but hey they are HAPPY


* Letting go can be the hardest thing to do, because of all the memories created when together , So, create new ones alone/ with someone. Try not to compare with what was / what will be. Things are never gonna be the same but only better.


*Mornings can be the hardest, such as waking up alone/ waking up with no text from him / her (such as gm/ good morning). Just say to yourself I'm not going down that  road today and get off your bed asap.
It takes time to get rid of memories/routines you've had in your relationship.(Avg 12 months). Don't worry one day u shall just stop thinking about that person.

* Don't drive yourself to suicidal thoughts they tend to come up very often. Try and be calm, pray / do whatever works for you. Just remember by doing something stupid you are not causing any good but just making things harder for the ones who really care about you. Talk to someone who you can trust. If you cant find anyone talk to yourself, never think that you are alone. Think about how small you are in the Universe, in your mind zoom out from your place ur state ur country the world the earth the solarsystem the milkyway the cluster of galaxies and so on and on, so how big is your problem now???.Think about all the less fortunate people, people who have to worry for their 3 square meals. Tell yourself that you can handle this and will emerge stronger than before. It is true and it will happen.

*"I may live a hundred lifetimes without you but not one without thinking about you"~ Anonymous
Well the above statement sums it all. We tend to keep thinking about them all the time, all the memories, all the promises, all the dreams built together etc etc . It is not going to help us in anyway. It just increases the pain. So keep those thoughts at bay. If they get out of control/end up in tears, say to yourself that what you had for that person was pure and full of life and you did your best to keep it together but may be they dint want it to be that way, they thought that they would lead a better life without you, so Life goes on and apparently his/her life goes on without you. (That's the hard truth, the sooner you accept the better it is for you)

Here are a few things u need to follow
* Stop listening to songs that you both used to listen(couple songs). I am not saying stop completely listening to it but give it a break.
* Try and avoid contact at any event, such as mutual friend's party/event
* Distract yourself, focus your attention on your friends.
* Explore your friendzoned friends, one of they may really care about you. (Don't jump immediately into a new relationship, take it slow )
* Stop stalking their Facebook profile, if you cant control block their profile. If you still cant control delete your profile for some time.
* Try and get rid of all the gifts you exchanged.
* Try also to get rid of the things that remind you of that person.
* Try to avoid places that you used to hangout with that person for some period.

So all de best. Remember just BE YOURSELF and that you are NEVER ALONE

Wednesday, October 3, 2012

Sorry, Movie Maker can't start. PROBLEM SOLVED

Movie maker error c945000e
Error you get when you click on Windows movie maker
This is the annoying error you get while trying to open Movie Maker.
"Sorry, Movie Maker can't start. Make sure your computer meets the minimum system requirements before trying to start Movie Maker again, and then try to update the driver for your video card if Movie Maker still doesn't start."
As said I tried updating my video card driver but it was already upto date.
The Microsoft Support said that the new versions had some bugs in it and it affected some graphic cards.

Here are the Solutions that will work out:

Soln 1: Update your graphic card. HERE are the LINKS for the drivers. 


Soln 2:  Offline Install of Live Essentials 2011 not 2012 . In this LINK go to Show all and select Vista and select english (though your using Windows 7 ) as shown in the image. The download will start. The file size is 214 mb.

Once the download is complete, uninstall Windows Live Essentials from the Control Panel (How to Uninstall Windows Live Essentials) and then Restart System.
After Restarting Install Movie Maker from the freshly Downloaded Installer File.


Soln 3: Recommended . This worked for me.

5 Simple Steps:
Step 1: Download the offline installer of Live Essentials 2011 as mentioned in the Soln 2.

Step 2: Create a new USER ACCOUNT on the system with ADMINISTRATOR privileges (How to create admin Account)

Step 3: Uninstall Windows Live Installer from Control Panel. (How to Uninstall Windows Live Essentials) Now Restart System.

Step 4: Login to New Administrator account that you created in STEP 2. Install Movie Maker from the freshly downloaded file as mentioned in Step 1. Once you start the Installer Select USE RECOMMENDED SETTINGS. 

Step 5: Start Windows Movie Maker . No error.




Saturday, September 29, 2012

Make Windows 7 / XP bootable with WinUSB Maker (FREEWARE)

Update: This works even for windows 8.
Make usb portable in 5 simple steps using this software (Freeware)


A simple software to make your pendrive bootable and use it to install win 7 / XP.
1) Download the above software here and install it. (you will require Dot Net Framework)

2)Insert Pendrive and select the drive in device to work with

3)Select Setup to USB

Select 2nd option ISO image file if you have an image file

else

select 3rd option work with directory and select the win 7 / XP installation directory (i.e either the CD Directory or any other place in ur HD


4)Click select an ISO or directory and select ur ISO / Directory

5)Click Make USB Bootable

Tuesday, September 25, 2012

How to delete facebook account permanently and Immediately ?



Difference between deactivating your facebook account and deleting is that, if you deactivate your account, your account is deleted temporarily i.e your profile wont be visible to  anyone in facebook to activate your account again, you just have to login with the same user id and password.  Click here to deactivate

On the other hand if you delete your account it ll be gone permanently.

Remember you cant reactivate your account if  you do this.

There are 2 ways to delete your account


1) log in to your facebook account and fill out this form.
you will be asked for password confirmation and you'll be logged out. You will receive an email saying that your account has been marked for permanent deletion and you have 14 days time to change your mind(mean while your account will be deleted temp from facebook i.e ur account wont be visible to anyone in facebook). If you change your mind in 14 days just login to facebook with the same usrname and password. If its past the 14 day time limit your account will be gone forever.

2) If you feel 14 days is a long time to wait , then follow these extreme steps (NOT RECOMMENDED)
Upload adult xxx pics onto your account also set one as profile pic.(better to do after unfriending everyone)
Report abuse from a friends profile .
Your account will be gone in few hours. (Permanently)


Disclaimer
Use of this website or material is, at all times, "at your own risk." If you are dissatisfied with any aspect of the website, any of these terms and conditions or any other policies, your only remedy is to discontinue the use of the website. In no event shall I, the website, or its suppliers, be liable to any user or third party, for any damages whatsoever resulting from the use or inability to use this website or the material upon this site, whether based on warranty, contract, tort, or any other legal theory, and whether or not the website is advised of the possibility of such damages.

Monday, September 24, 2012

Shutting down computer after utorrent downloads or at a particular time



This may come in handy when you wanna shut down your computer after some time like an hour or so. Also for connections like BSNL which have free download only from 2am-8am. Here are two methods without the use of any additional software.

Option 1: utorrent has an option for this utorrent->in menubar options-> Auto shutdown-> select shutdown after downloads complete or hibernate after downloads complete

Option 2: Sometimes your download doesn't complete in time coz of less apeed or seeds etc. So now
start > run > type cmd and hit enter
cmd opens

type shutdown /s /t and the amount of time you in which you want your system to shutdown/turnoff in seconds

your command should look like this

shutdown /s /t 60

this will shut down the computer in 60 secs

Here:
/s means shut down
/t means time
60 means 60 secs

After you type in this command and hit enter a small pop up at the corner of the screen will tell you how many seconds is left for the computer to turn off.


Suppose you wanna cancel the command type
shutdown /a


If you feel calculation of time in secs is hard then use this website
http://www.onlineconversion.com/days_between_advanced.htm

calc the exact seconds and use it.



LinkWithin

Blog Widget by LinkWithin