7th Floor | MSc (CA) | SICSR | Pune

Bank of India has launched its yet another terribly ‘faltoo’ service. This time its a software! There are no more browser based services available after March 18th 2010. I am not surprised but rather annoyed at the foolishness these people carryout sometimes always.

1. It works only on Windows. I gave up windows due to virus & security reasons. I am now on Macintosh. I can’t use any of Bank Of India’s online services. So its a waste for me. There are 20% people like me who are using non-windows operating system.

2. There is not much information about the digital security. The first time I use star token it asks for a PIN. How can I confirm that the information is going out securely from my system? It is not mentioned anywhere on the website.

When we install it says Publisher is Uniken Systems Pvt. Ltd. : Who is this Uniken Systems? How many of you know these guys? How does a lay man know about it? Should Bank of India website give some instructions for this?

Its ok to have a vendor do certification for you. But where is the information passed to the users ?

3. The first time Bank of India has mailed a secret PIN number to all their customers.(note the huge postal cost). What If I format my windows? I have to re-install the Star Token which will demand an authentication PIN which is mailed to me via post. It appears that this pin is usable only once! I am stuck! Help me!

4. Not sure if Bank of India thinks long term or not. According to a news, Microsoft windows will be shipped with an option of NOT having Internet Explorer. How will you guys deal with this? The software is heavily dependent on embedded Internet explorer control(Not just heavily, but rather say fully dependent!) which internally connects to BOI website! I am sure the software was heavily invested product. An unplanned investment. Any Answers BOI?

5. The software’s usability is very annoying. It blocks the entire screen. This means I can use only and only one program at a time. I am not sure if it has been tested with other intrusion detection / anti virus programs. Technically speaking, when the program requests for a full screen hook blocking other program, its a virus like activity for many anti-virus programs unless you add a exception to it.  Have you tested it BOI?

6. The whole idea of Internet Banking is ruined. This particular software restricts me to use the services from ONLY and ONLY 1) Windows AND 2) Internet Explorer AND 3) Only single Application at a time as it disallows me to use any other program at other time. I am not sure how this will work with ONLINE payment gateways!

7. According to a news report, French and German government has officially asked everyone *NOT* to use Internet explorer. Indian govt systems were compromised due to usage of Internet Explorer. Time and again it has been proved that Internet Explorer has been more vulnerable towards attack than any other browser/system. Why so much dependency on a single browser and racism towards other browsers? Isn’t Bank of India technically capable of providing services to another operating system?

8. Most of the Internet explorers in *India* are A) IE 6.0 and IE 7.0. Out of them 90% are default with their operating system which are *NEVER* patched to the current security level which Microsoft has to offer. There is always a threat of hackers using existing loopholes in the system.

With this step Bank Of India may publicize that it has added an extra level of security with all these hassles and restrictions, I rather use my old banking way of depositing a cheque/ draft than using such system. Or may be just close an account with them. They don’t care a damn for a single person! Do you BOI?

Security doesn’t mean you will narrow down options for users. It rather means you have to narrow down Hacker’s options and attempts to break into the system.

And yes, its not the end of the world. There are other banks which provide higher and secured system without A) annoying the user or B) Restricting the user for a particular operating system which has time and again proved to be more vulnerable than other operating systems. Any comments on this one, BOI?

Why does Bank of India invest in padding up existing technology and not open to newer options and not giving a though that ultimately the service is going to be used by end users! If you be evil to the the end users and they aren’t happy, it will be inevitable that sooner or later they will close an account with you.. !

Bank of India, I am not going to close the account with you immediately(But with such ‘funny’ services, I will soon). But yes, Its my humble appeal, Please employ better brains to put up a better security system which is easy and user friendly.

This blog post is an HowTo "Setup SQL*Plus to work on BASH" The commands illustrated in this howto are tested on Ubuntu 9.10 with Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production Installed.

What is SQL * Plus ?

SQL*Plus is a command line SQL and PL/SQL language interface and reporting tool that ships with the Oracle Database Client and Server software. It can be used interactively or driven from scripts. SQL*Plus is frequently used by DBAs and Developers to interact with the Oracle database.

Prerequisite

Oracle Database 10g Express Edition Release 10.2.0.1.0 Installed

Once you have Oracle 10g Installed successfully you can go to

Applications > Oracle Database 10g Express Edition > Run SQL Command Line

and successfully run all your SQL PL/SQL easily but using SQL*Plus directly on BASH is the real fun, Below are the steps which will enable you to use SQL*Plus on BASH

1) set ORACLE_HOME

read more

A lot of tweets today informed me about launch of Damn Vulnerable Web App (DVWA) which is basically an aid for security professionals to test their skills and tools and help web developers better understand the processes of securing web applications.

I had an old list of tools/plug-ins/utilities etc which can be helpful while playing with DVWA and I'd like to share the same for you to learn WebApp Security better.

Proxy Servers:
WebScarab: http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Download
Burp: http://www.portswigger.net/suite/download.html
Paros: http://www.parosproxy.org/download.shtml

Firefox Plugins: [ https://addons.mozilla.org/en-US/firefox/collection/webappsec ]
Tamper Data: https://addons.mozilla.org/en-US/firefox/addon/966
SwitchProxy: https://addons.mozilla.org/en-US/firefox/addon/125
SQL Inject Me: https://addons.mozilla.org/en-US/firefox/addon/7597
XSS Me: https://addons.mozilla.org/en-US/firefox/addon/7598
NoScript: http://noscript.net/getit
ShowIP: https://addons.mozilla.org/en-US/firefox/addon/590
ViewStatePeeker: https://addons.mozilla.org/en-US/firefox/addon/7167
LiveHTTPHeader: https://addons.mozilla.org/en-US/firefox/addon/3829

Injection Tools:
SQLMap: http://sqlmap.sourceforge.net/
SQLNinja: http://sqlninja.sourceforge.net/
Pangolin: http://www.nosec.org/en/pangolin.html

Some other HACKMEs:
WebGoat: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824&release_id=613045
Foundstone Hacme Series: http://www.foundstone.com/us/resources-free-tools.asp

While doing webapp security testing, how can someone forget rsnake. Check out http://ha.ckers.org/ & specially his list of jailfree hacking sites @ http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime

Happy Hacking

The IT environment today in any organization is a sort of a mixture where many different Operating Systems are used, and Windows Active Domain Controller exists in majority of such organization.

Below is a 4 step How to on "Connecting Linux (Ubuntu) Systems to Active Directory Setup"

1) Update the Software Repositories

sudo apt-get update

2) Install Required Packages (likewise-open)

sudo apt-get install likewise-open

3) Join The Domain using Domain Administrator Account, replace Administrator with Domain Administrator Username and fqdn..domain with the Fully Qualified Domain Name

sudo domainjoin-cli join fqdn.domain Administrator

4) Update the Startup Scripts

sudo update-rc.d likewise-open defaults

read more

India is my country and I love my country like any other foreign national. And this gives me right to criticize about the things I hate most about it.

1. People spitting on road: I just hate it. I am a biker and I cannot go near a bus. You’ll find people spitting out from the window of the bus and that too without looking if someone is down below. People spit on the road, corners of a building staircase, they empty their nose and stick the material on the walls and practically any place where they don’t find another person’s spit.

2. Getting the garbage out of your property only :  In India people keep their houses clean by dirtying their neighbor’s. It takes enormous amount of effort to just throw your garbage at the right place. Instead people just push it to the place which is out of their property and jurisdiction – To their neighbor’s land. Use of plastic and paper in daily lives has increased the garbage to another level, Not to mention that there isn’t a good recycling system, but all this just spreads out on the streets, sewage or some remote area which contributes to a very bad smell everywhere around the place.

3. Bribe: One may have heard about politicians being corrupted, but corruption at local level is also very common. Giving bribe is very common. Without bribe or tip money, its not that your work wont get done, but definitely not smoothly. Everyone takes a bribe or commission in whatever manner they may get the opportunity for. The term ‘chai-pani’ or tea-snacks is quite famous which means some tip for snacks or sweets. Even after paying service charges + service tax , a person would ask for ‘chai-pani’.

4. Unnecessary Wastage: What’s the point in cooking for 10 dishes for a family invited over for dinner. Answer: Show off. This results in a major wastage of food, decoration. Lavish marriages, Lavish apartments, Lavish use of Petrol & energy and everything. Its like “Have money, will spend it”.

5. Media & Controversies: Media plays very important role to destroy the real meaning of news. Some news channels present news in a manner which we call “Masala” or spice which just increases viewer’s attention and not awareness. Political controversies, Celebrity controversies juices up everything which is just unnecessary!

6. Traffic. : Everyone in India is in a hurry. Pedestrians and vehicle owners share the same area of road. Foot paths are for Hawkers selling things on road right from junk computer hardware to cheapest food. Traffic congestion is everywhere.

7. Attitude of people and Competition: In India people compete with each other forgetting the common goal. They keep fighting for their own self meaning rather than achieving a common goal. Everyone has a lazy attitude, until poked by higher authorities they don’t start working or improving things on their own. Laziness among the people doesn’t allow them to be creative and even make others lazy. One dirty fish in the pool makes the entire pool dirty.

8. Caste system and Reservations: Everything in India has caste systems, there is hidden discrimination everywhere. I just hate it when a job is denied to a person just because he may be from another state or another culture. I hate it even more when people treat each other as outcast if one is from separate state. They forget that they are from the same country afterall.

9. Reuse until death. The mentality of people in India is to re-use everything until its final death. A new shirt will be a shirt for a year,  A second hand shirt for a poor guy. Then a dusting cloth for a few months, then a further degraded cleaning cloth for a few months and finally it will end up as a unusable rag. I am ok until the last part. The cloth has finally lost all its recyclable value and ends up as a dead end.

10. Cheapest bargain: Indian’s want to get the best deals from the shop owners. They bargain to the level where in a shop owner will have no profit margins. There are something which can’t be bargained and Indian’s will bargain on that as well. Bargaining is good, but the thing I hate most is that’s its not equal. A shop owner may slaughter a newcomer customer with a sticker shock because some previous customer gave him the least profit margin of the day!

But alas, India is pretty pretty better place to live in comparing its neighborhoods…

This user is a Novice Editor and is entitled to display this Service Badge.

Wikipedia today has become an unparalleled source of content on virtually any topic and has grown with a great pace, The content available on wiki is all contributed by users like you and me and is available under a Creative Commons Attribution-ShareAlike Licence which allows reuse of this content in various forms by attributing in a manner specified by the author.

read more

GNUnify is one of the biggest FOSS Event organized by the students of Symbiosis Institute Of Computer Studies & Research (SICSR) Pune & Pune GNU/Linux Users Group. GNUnify is entering in its 8th year with GNUnify 2010.

When: 19th & 20th Feb 2010

Where:  Symbiosis Institute of Computer Studies and Research, Atur Centre, Gokhale Cross Road, Model Colony, Pune-411016, Maharashtra, INDIA. Tel : +91-20-25675601

Event Website : http://gnunify.in

GNUnify Gallery: http://gnunify.in/gallery

LFU Update : Story in Linux for You March 2009 (pg 36)

Hope to see a great Event ahead

I am sure that by now you would have at least seen one domain name which was written in a non-english language but still if you have not seen any such domain the screen shot below would explain the entire story. I would try to explain the mechanism behind these kind of Domain Names in this post

read more

Every time you run an application on Windows box, a prefetch file is created in "c:\WINDOWS\Prefetch". This file with extension .pf keeps information for optimizing the load time of the application (as the name suggests).

I always wanted to see what's there in the .pf file. Recently NirSoft has released a tool called WinPrefetchView which can be used to see the content of these files.

image source : nirsoft.net


Note: This website http://nirsoft.net is a wonderful resource for nice tiny utilities for many system & password plays.

You know you’re someone’s best friend when you goto to that person’s wedding and everyone knows you! And for those who don’t, you’re introduced as a very special member with words like ‘Hey, Meet my best friend”, and their family members as “Meet him, he is bride/groom’s closest friend”

I had this experience yesterday when such friendly love was bestowed upon me by my friend’s family members. I felt like a family member. Simple yet meaning words like ‘closest’ and ‘best’ carry a very special meaning for me as I don’t get to hear this a lot.

Yesterday I understood how much happiness I’ve given my friend by being present on her wedding. And the same on my side to have received such warm gift of being special. I was too excited that she is getting married with a guy who will take care of her no matter what! Its not everyday you get this but its a life time opportunity.

My friend had an inter-caste marriage at a mosque(she being a muslim) and a church(groom being a christian) on the same day. The Boy converted to Islam and she converted to Christianity. Very rare in India and I’m quite lucky to have witnessed both in front of my eyes.

When I was leaving the reception she said to me “and you know the best part is that you attended all the events in the mosque and the church and finally here at the reception party! “. I enjoyed this wedding more than any other social events.

I wish the lovely couple my heartiest congratulations and may they enjoy lives and fulfill their dream.

phpcamp is Back and this time its even bigger.

What a start for the year, i see various major tech events lined up this month and later, to start with the biggest PHP unconference in India or maybe in Asia the phpcamp is scheduled on 9th January 2010

Attend PHPCamp Because learning from humans is much better than Google

Event Website : http://phpcamp.org

Event Date: 9th January 2010

Register ASAP: http://phpcamp.eventbrite.com/ The number of allowed participants are limited, organizers have already increased the number twice.

Venue: Symbiosis Center of Distance Learning, Model Colony, Pune, India

read more

On the brighter side :)
# Shifted to Delhi from Pune.
# Bought another car.
# Worked for Commonwealth Games 2010.
# Finally got married to Stuti.
# Went to Puri & then Nainital for honeymoon.
# Delivered talks/lectures in IIM Ahmedabad & IIT Madras.
# Tajmahal & Delhi tourism with Stuti along with few more places in north.
# Decided to quit Commonwealth Games 2010.
# Organized ClubHack2009.
# Organized Indo-UK cyber security roundtable conference in ClubHack2009.
# Did wardriving in Pune again
# Worked for some serious national security projects.
# & right now baking a cake for the new year :)

On the down side :(
# No bike rides this year. Need to get back there.
# No more girlfriends, those were the days...
# Very less parties, need to party more
# Didn't organized even a single BarCamp, just attended one.

In total a very happening year. Hope to have 2010 a better one

Wish you all the readers a very happy & prosperous new year.

Year 2009 was a great experience for me as i started my Professional Career in February 2009 and Completed Post Graduation in June 2009, I had been working for various organizations till 2008 as a freelancer/consultant, but in the beginning of 2009 i started my Professional Life by joining Maybole Technologies Pvt Ltd as a System Engineer.

I am tring to list down a few of my memories of each month of Year 2009

read more

2009 was indeed a good year. Made good money, spent good money and it was all worth it. Made a lot of serious decisions. Gained a lot of experiences.
My 2009 resolution was to travel a lot as I’d not traveled anywhere in 2008. And so I ended up visiting 10 countries which include China, UK, US, France, Italy, Austria, Netherlands, Switzerland, Belgium & Germany.

I plan to get the following things done in 2010.
Travel – Plan to travel on a pilgrim to places around Iraq, especially Karbala. Hopefully take my grandmother along.
Social - Be more Social. I will try
Donate - 10% of all profits and income shall be donated in Charity.
Renounce - I plan to renounce all income which involves interest on money or bonds. Banks are unavoidable, Plan to distribute interest earned in Charity.
Reduce - Shell of some extra pounds. This is my resolution every year!
Re-gain - Try to regain old friendship with lost friends.
Expand - Expand like always
Spend - I plan to spend and invest like before.
Marriage – Yes, Lets keep our fingers crossed!

Besides I have a big wish-list like always!

So wish you all a very pleasant 2010 with lots of prosperity and solace! Shalom!

image: wikipedia

Christmas & New year is here and its the time many people buy/exchange gifts. So if the next shiny gift in your hand is a smartphone, then remember following tips to be safe & secure your data.

1. Don't loose track of your phone.
This one goes non-technical. Don't loose the sight of your smartphone. Keep you eyes on it when you leave it anywhere, especially at the airport security checkin. The nature of data stored on phone makes it more important now

2. Turn off Wifi & Bluetooth
Keep wifi & bluetooth turned off when not in use. I'm sure you are smart enough by now not to accept unknown bluetooth connections but what about wifi. When you use wifi, always remember to use encrypted connections. BTW turning these off will also conserve your battery.

3. Do not sync everything
Its the first thing everyone tries to do after getting a smartphone, sync it up with your PC. Though it comes very handy, but avoid the temptation of syncing your password and very critical information which you often store in notes of outlook or similar apps. If the phone gets stolen, just remember you might be giving away everything.

4. Do not click on links in emails/sms.
SPAM has also gone smartphone way, now and then you might get an SMS/MMS for some offer and link to click. DONOT click any such link unless you have verified it in depth. Same goes for mails on phone, follow the similar rule of your PC.

5. Download apps with care.
The first thing anyone would love to do after getting a shiny new phone is download & install applications, that too loads of them. Always make sure you are downloading them from trusted sources. Sometime common apps are rebundled with malwares and kept for download at different websites. If you know an application, download it from its parent website only.

6. Backup your data.
Most importantly keep a backup of our data. A regular sync with PC will ensure this but still make sure you have copies of the phone data on your PC which I hope is regularly getting backed up.

Smartphones are actually the best gadget to digitise your life and really are very helpful. All you need to do is take little extra care and make it safe.

Merry Christmas & Happy New Year

Previously wrote a blog on Why Kolkata will never have a barcamp, like two years back. And even now Barcamp never happened in Kolkata!

Here are some of my experiences as an employer in a Metro city which tried to hide away from its siblings when The Software Industry boomed. Thanks to its People and its Government Both!

Recently we posted an advertisement in the largest subscribed newspaper twice. We received some responses which I shall describe. I would treat this as my personal survey for what kind of people exists around Kolkata, West Bengal. Their current pay scales, their expectations, their competency levels, and their adaptability and everything else that a company needs from an employee

1. Almost 90% of all job seekers didn’t know proper English. They somehow managed.

2. Almost 90% were unemployed. 10% were looking for change.

3. 30% were irrelevant job applications. We mentioned requirements of technical people but people even applied for “Any suitable opening”. A CV came in for receptionist post as well.

4. All CVs had TONS  of technologies known but master of NONE. Many CVs were tailored to our requirements mentioning “basic knowledge of XYZ technology”

5. Most funny part was, they CC’ed to other companies’ HR too.

6. Some people didn’t have an email ID, they applied using the cyber parlor or Internet cafe guy’s email ID.

7. We asked for some sample work of their own. We got cut-paste templates from the internet.

8. We received very late responses. These people check emails once or twice a day.

9. Some people applied just for an opportunity.

10. They expectation was quite low. Not sure why, May be lack of confidence. Not many computer software companies in the region, or perhaps they don’t want to fight harder. One person was ready to switch job for a just 12% hike. He was even willing NOT to serve notice period to current employer. This means he could have a ’sudden departure’ with us as well.

11. Freshers are useless unless we train them for at least 6 months. Colleges are least bothered as they get their share. And still the atmosphere in 90% of the software companies in Kolkata is Lazy. Work starts at 10 and finishes at 5. Life is slow here.

12. 75% of people are from non technical background who have undergone a diploma from some ’so called’  reputed computer training industry where faculties are faculties there because they’ve not got any other job!

Some other small things:

1. Our HR is female, People kept addressing Sir.
2. No proper cover letter, Just a cv attached.
3. People email twice. First time they forget to attach their CV
4. Many never replied back at all.
5. They just forward their CV without removing previously applied “TO” in the cover letter.

I cannot blame anyone for such a crisis but may be an eye-opener for the government and the people too, that its high time they should change their attitude towards software industry – Only talks wont do.

And so, our much anticipated application went off smoothly after some initial turbulence.

Here are some screen shots of our latest app on the store.

Download Link: HERE (iTunes Link)

Weblink : http://www.lifemasterytrainer.com/

two one za two
two two za four
two three za six

many of us have grown up mugging this and I always wondered what is this ZA, is it a synonym of "equals to" ??

Just a casual browsing today answered this long pending query of mine

its actually

two 1s are two
two 2s are four
two 3s are six

Thanks to the anonymous who clarified this thing to me today.

If we divide the whole table in columns, I always thought that its the "1st column" being counted "2nd column" times gives you the result in "3rd column". Its actually the "2nd column" counted "1st column" time gives you the result in "3rd column".

Confused? Have fun....

Stay tuned this post will be updated and completed in some time...

Webform is one of the most popular Contributed Module to Drupal, practically we cant imagine any website/application today which does not use a form in one way or the other. This mini-book on Webform Module for Drupal is an attempt to explain major aspects of the module with examples.

To make this topic simpler we will go through each of the following separately

read more

This post is password protected. To view it please enter your password below:

Password: