The new USB gadget reinvented – iTwin. I was quite impressed with the technology this little instrument used. The tag line, “Simple, Secure and Private Internet File Access” caught my attention as I do file uploads through file hosting servers, which eat up most of my time. iTwin is a one-time investment gadget which allows users to transfer or access unlimited data anywhere in the world.

iTwin is a USB service consisting of two identical halves  Its operation is quite simple. Connect one half of iTwin to your computer where you have your files, with an Internet connection. The device will  install its drivers as it is a plug’n'play device. Then it will create an iTwin folder on your machine to which you can remotely access. Now comes the magic. Connect the other half to any other system with an Internet connection, anywhere in the world and you can access your files. iTwin actually gets connected to its cloud. So none of the data is stored on in the drive. The device only keeps log information.

Here are a few of questions which needs to be answered.

So, how good is the device?

The device can be setup instantaneously as it is a plug’n'play device. The data transfer actually depends upon a lot of factors, but mainly on the speed of your Internet connection. Accessing, editing and copying files from one system to the other is smooth and brilliant. And you can easily close the connection by simply unplugging. With a high speed Internet connection, you can securely transfer your whole disk pretty easily.

And how secure is the device?

The device uses a two-way authentication system. The pair generates a 265 AES encryption key every time they are paired and connected. When the pair is connected the owner gets a “Disable Code” via email with which the pair can be disconnected remotely. So you don’t need to worry if you lose one half of your iTwin. When the pair gets connected, the device gets authenticated by iTwin Trust Server. The communication between the server is via HTTPS (RSA 1024 bit, 128 bit RC4) protocol and all data are compressed and encrypted.

And how does iTwin differ from Cloud based applications?

Simple! You don’t need to install any third party software on to your system. Your system is your personal cloud. As the files reside on your system, there is no storage limit, if u have enough disk space. iTwin makes it possible to remotely edit the files. So there won’t be multiple versions of files here and there. And most importantly accidental removal of files from the iTwin folder does not delete the files on the original location. Now that’s impressive!

And here we go! iTwin is a perfect companion for users having those GB limits on file hosting servers. The main reason behind that is you can even have your whole disk on cloud. And its more secure.

To find more about iTwin, click here

Web applications often accept input data from users and pass it to database systems.   Problems happen when such data contain characters that have special meaning to the database.  For example, the single quote (‘) is used by most database systems to terminate a string.  Different databases have different such meta-characters.  Hackers skilfully exploit the use of meta-characters to run SQL commands in the database.

Consider this code fragment that accepts an employee id from a web form and fetches employee details from the Employee table:

$empId  =  _GET["employee_id"];
$query   =  ”SELECT * FROM Employee WHERE emp_id = ”  .  $empld

If a user fills in the employee_id field with

1 ; UPDATE Employee SET salary = 5000

that would result in the following queries to execute:

SELECT * FROM Employee WHERE emp_id = 1 ; UPDATE Employee SET salary = 5000

Many database systems like Postgre allow multiple queries to execute in a single command.  It’s anybody’s guess as to what would happen if the above queries execute.  The hacker is exploiting the semi-colon (;) meta-character, which is used as a statement separator in many database systems.

The above is only one example; there are in fact hundreds of ways in which other meta-characters can be exploited to execute a variety of harmful commands.

So how do you protect your application against SQL injection?  Some steps are outlined below.

1. Escape the special characters before you pass it on to the database.  You need to figure out all the meta-characters used by your database and escape them, so they are interpreted as regular data and not as control characters.
2. Avoid dynamic SQL generation in your code.  Use prepared statements instead.  When prepared statements are used, the database will not confuse data for control characters.
3. Stored Procedures offer some degree of protection, but are not injection-proof either.  They are vulnerable if additional parsing is performed on input parameters.
4. The application should have only minimal rights to perform operations in the database.  It need not have DROP access if your application doesn’t have to drop a table.
5. Validate your input.  Do this on the server-side as client-side validation cannot be trusted.  Write per-field validations using regular expressions that allow only whitelisted characters.  Limiting the allowable range of characters and length of each field will reduce the chance of injection.
6. I have mentioned escaping data before passing it on to the database.  However, many developers perform input escaping.  This kind of blanket escaping is generally effective.  However, it could create problems if you need to pass data to other subsystems (example: sending an email), which may have different escaping needs.  The ideal solution is to perform output escaping before passing data to another subsystem.
7. Catch database exceptions and show a custom error page to the user.  Show minimal information about the error to the user.  Database exceptions carry more information than what the user needs to see – it may contain table and column names.  So catch these exceptions in your application and redirect the user to an error page that does not give out much information.

This article gave some tips on how to avoid falling prey to SQL injection attacks. Only the application developer can prevent this type of attack.  It cannot be avoided by installing firewalls or SSL certificates.  Developers need to think about how to prevent injection attacks when they write code and not as an after thought.

Almost a year back (Aug 15^th, ’08, to be precise), AUTOMATTIC released WordPress 2.6.1 fixing over 60 bugs. Also the version featured with the introduction of ‘right to left’ typing for Hebrew and Farsi language administrators. In a very short period of time (may be around one month), the company alerted 2.6.1 version users of security holes in using the same. Here, in this small article, we are going to analyze those vulnerabilities that made AUTOMATTIC release an upgrade for WordPress version 2.6.1 so soon.

Ok, let’s be clear and to the point. The problem is created by the nature of:

1.    mt_rand () function of PHP and

2.    the truncation method that MySQL adopts

mt_rand ():

PHP has two random number generating functions: rand (), mt_rand (). The former uses GNU C library and the latter uses Mersenne Twister algorithm. Mersenne Twister algorithm was created by Takuji Nishimura and Makoto Matsumoto of Japan. mt_rand () is predominantly used in most of the PHP applications and most importantly, WordPress 2.6.1 uses it.

Normally a seed is used to initiate the generation of random numbers. If it is possible to determine that seed, we will be able to generate the same sequence for any number of times. In other words, we will be able to hack the working of random generation. Seed can be determined using a lookup. Now, once the seed is found, anyone can generate the sequence that the application generates. If you want to know how this is possible, you got to learn random number generation in PHP or there’s an alternative: bow to the fact that it is the nature of mt_rand () function.

Now, make a request for admin password which would send an activation link to the actual admin. But since we have the seed, we will be able to calculate the same activation link by enabling Keep Alive HTTP request.  Activating this link and using a different email ID in the form will allow creation of a new WordPress admin password and thereby complete control.

MySQL Truncation:

Let’s see the next one. When the string input given in a query is longer than the defined maximum length, MySQL, by default, truncates the string to the defined maximum length. For example, if the maximum value of the string column is defined to be 8 then, the input value, “qburst_expressions” will be truncated to “qburst_e”. There will be a warning displayed but, applications are normally not configured to handle those warnings. And importantly, WordPress version 2.6.1 was not.

Suppose I know the WordPress admin name, (let’s say, “godfrey”) and the maximum length of the username in MySQL is set as 32. When I register as a new user with the same name “godfrey”, obviously, MySQL will return an error as there already exists an username godfrey. Now, I try with “godfrey   “(with 2 spaces after the name), MySQL will truncate the string to “godfrey” and again return an error due to the same reason. Suppose I try with “godfrey                         g” (with 25 spaces between godfrey and g) then MySQL will not be able to identify a similar username and also truncate the name to “godfrey” to be inserted into the database column. This happen because the username exceeds the defined maximum length of 32 and the system will not be able to find a match in the database. Now we have 2 admin usernames in the table. This is sufficient to pass the validation and gain access to the password of the original admin, thereby complete control.

These holes in security made AUTOMATTIC to work on an upgrade at the earliest. And the next release fixed all these errors. So if you are planning to use WordPress, make sure you use the latest version and remain safe. WordPress 2.8.4 is available for download now. It is the latest stable version of WordPress according to the AUTOMATTIC’s last release.

Drupal is one of the most popular content management system (CMS) used in web development. It is also called content management framework for it enables developers to extend and implement custom content management solutions. Drupal is written in PHP with MySQL as backend.

With Drupal, it is possible to develop and manage blogs, websites, portals, forums, e-commerce sites, social networking sites and many more. A few examples of popular websites developed using Drupal are www.labs.sonyericsson.com, www.jacksonville.com, www.nysenate.gov.

CMS like Joomla, Plone, WordPress are also existent in the market but the features available in the core Drupal and its extendibility makes Drupal stand in front of its competitors. SEO is better achieved through Drupal. It also provides a number of themes and modules to choose from. Integration of various technologies with Drupal extends its capability further. Apache Solr integration is a recent accomplishment. It is done through the Apache Solr Integration module.

Drupal administration has four main components. Content management enables to manage the website content. Site building controls look and feel of the site. Custom modules and themes help extend the ability of Drupal by not restricting to the available options in core module. Roles and permissions are created in the user management section for managing access rights to different users.

The Drupal presentation is available on Slideshare.

Earlier, search did not have a high priority in the sites that were developed using Drupal. Analysis reveals that the slowness and lack of smartness of the search feature have made the users loose their trust on search. The integration of Drupal with Apache Solr is changing the entire scenario now. Here in this article, I am going to give you a snapshot of this revolution.

What is Solr?

Lucene as we know, is a search engine library for enabling text-based search and is written in Java. Solr is a search server developed based on Lucene. It is easy to install and configure and it comes with an HTTP-based administration interface. Documents are first indexed through XML over HTTP. Queries are sent through HTTP GET method and search results are received in XML.

What makes Solr stand in front?

• Faceting
• Spell checking
• Highlighting
• Caching
• Replication
• Open Source

There are two types of search mechanisms used by dominant search engines. Navigational search uses a hierarchy structure (taxonomy). This mechanism is used by Yahoo directory, DMOZ, etc. Google, Yahoo search and other popular search engines use direct search. Both these have their own benefits and drawbacks. Recently the direct method is gaining more recognition and is evident from the growth of Internet dominance by Google and Yahoo search engines.

Faceted search is a new mechanism and it combines both the above techniques. It allows users to navigate multi dimensionally with a pool of words. Here is an illustration that contrasts faceted searching with taxonomical searching.

Lets move on to the other features. Spell checking: With this feature, the user can get search results for a given query and also get spelling suggestions at the same time. This is similar to the ‘Did you mean’ in google. The SpellCheckComponent that forms a part of Solr is designed to provide this inline spell checking of queries.

Solr provides a set of highlighting utilities with which it highlights the location of the query terms in the text of the search results. Solr caches are associated with an Index Searcher. Any item in the cache will be valid and available for reuse as long as that Index Searcher is being used.  Solr cached objects will not expire after a certain period of time and the cached objects will be valid as long as the Index Searcher is valid.

Apache Solr Project

Apache Solr Search Integration is a module that integrates Drupal with a Solr server for searching. Solr can be used as a replacement for core content search that already comes with Drupal. The module comes with schema.xml and solrconfig.xml which requires configuration. This module makes all the features of Solr available in Drupal for the development of the new site. A few websites that have currently implemented Solr using this project are AOL, Drupal.org, Netflix, CNET, CitySearch and GameSpot.

Links for further study

http://lucene.apache.org/solr/

http://drupal.org/project/apachesolr

http://www.ibm.com/developerworks/java/library/j-solr1/#ibm-pcon

http://www.ibm.com/developerworks/java/library/j-solr2/#resources

Most anti-virus utilities are powered by a large virus signature database that needs to be constantly updated to help them identify known viruses. The database keeps growing as new viruses are released at an ever-increasing rate. Also these utilities are incapable of recognizing a newly released malware since there is no match in the database.

Prevx is based on behavior-based detection as its primary concept and is very good in doing that job.

Advantages of Prevx:

* Download size of 800 KB compared to the 20 MB size of other malware utilities
* Instantaneous installation and ultra fast scan
* Cloud-based malware detection
* Highest malware blocking score

How does Prevx achieve this?

As mentioned earlier, Prevx doesn’t rely on predefined signatures, it rather looks for patterns of suspicious behavior. In addition, it takes the local age of the file and its distribution index into account, before flagging it as a malware. Newer files are under higher suspicion than a file that has been around for a while. Similarly, a widely distributed file is considered benign compared to one that is found on a handful of computers. Prevx confirms this by checking its online database.

On my computer Prevx took around 30 sec to download and performed a learning scan in 5 minutes. It will clean up low risk adware for free, but anything serious has to be cleaned up by purchasing a license key.

One drawback of Prevx is it needs to contact the database during scan and will not work in offline mode.

You may find more details about this anti-malware utility on their site www.prevx.com.