Posted by yadab das on April 8, 2009
There is a very good note on plugins and firefox setup. The problem occurs sometimes,
if you install a new JRE after your firefox installation on LInux. Here is the Link :
http://plugindoc.mozdev.org/linux.html
Hitghlighted the Java Plugin & Firefox
Install Java Runtime Environment.
Make a symbolic link to libjavaplugin_oji.so in your Mozilla Plugins directory.
Use the copy located in the plugin/i386/ns7 directory of JRE 5.0 or later, or plugin/i386/ns610-gcc32 if you are using JRE 1.4.2
Posted in General | Leave a Comment »
Posted by yadab das on January 17, 2009
It might be a good idea to add a firewall to each of your VMs to protect the whole system. The “Whole System” is of concern becuase one compromise VM can become a hacker’s playground and will be used it attack other VMs in it’s boundary. But there is an; LATENCY, software switches makes the latency more and the firewall (software) will add to it. The presentation from ALTOR networks looks promising for ALTOR VF.
Posted in Hacking, Information Security | 1 Comment »
Posted by yadab das on December 19, 2008
I am not a big fan of cartoon but i appreciate the work on Cartoon Cosmos. Realy thoughtfull and well presented. Good work Mr Sumanta Baruah.
Posted in General | Leave a Comment »
Posted by yadab das on December 12, 2008
I have been observing a quite simple but very interesting attack these days and that is based on the popularity of the Web Service. Though is it similar to this definition but it has a clear distintion from the previous one.
Consider about the enormou popular Web Servers like – yahoo, google, ….etc. Now consider about all the Developer, system testers, testers, network troubleshooter, network tester and so on…
What is the first thing you do when your server is not respondig? This what:
I am not claiming that this same to everyone of us but it is somewhat common. Now, immediate question will be; How to get rid of such attack? Ans: It is really great to have such honor.
Posted in Information Security | Leave a Comment »
Posted by yadab das on November 21, 2008
World Wide Web — ??? Some Buzz words
——————–
Semantic — Ontology
——————–
Internet –HTTP
———————
Communication Protocols – TCP/IP
========================
Come on it is too much !!! The length is increasing vertically on top same old infrastructure. I feel we need to stop and make some foundation changes.. 
http://schneider.blogspot.com/wwg.htm
http://tech.slashdot.org/article.pl?sid=08/11/19/2335219
http://schneider.blogspot.com/wwg.htm
Posted in SOA | Leave a Comment »
Posted by yadab das on November 13, 2008
I think this is a very interesting topic, I have just started to learn this, But as I am going through this I have found couple of links as well as documents which are really interesting. These articles talk about openssl, Hardware Security module, SSL Accelerator and information about provider companies
I will write about my findings, An how to do , Short cut of course. But let me look in to it more carefully. Thanks to Jad.
Posted in Cryptography, Information Security, OpenSSL, TLS/SSL | Tagged: HSM | Leave a Comment »
Posted by yadab das on August 30, 2008
I was not able to find any communication or message security related documents for Microsoft’s DSSP (Decentralized Software Services Protocol). The current DSS defines a fine grain application security model / access control mechanism to restrict service consumtion and it has been improved from the last MSRS 1.5 version.
As per I know (From the available documents on the Web), the current implementation of DSSP always uses SOAP as a message tunneling mechanism. That means either it may be binary TCP or HTTP, it is always SOAP. The following two diagrams helps to visualize the scenario.
DSSP HTTP Binding
DSSP TCP Binding
Well, it uses SOAP and also defines the transport on top of HTTP or TCP. So, the security mechanisms comes to mind are HTTPS, WS-Security or if you do not want to touch the DSSP communication stack then it is IPsec.
Since MS defines DSSP for Robots or Control systems, so HTTPS may be the last choice as device with low resource are not well suited with https. As one of advantage of DSSP is to provide a decentralized and distributed system so WS-Security would be a very good choice since it provides end-to-end security instead point-to-point security like https.The following diagram shows the new stack with WS-Security.
In WS-Security, Message integrity is provided by XML Signature and Message confidentiality leverages XML Encryption. Both these techniques has numbers of advantages other than TLS or SSL or even IPsec style of Security. Also “Specifically, the WS-Security profile specifications describes how to encode Username Tokens, X.509 Tokens, SAML Tokens , REL Tokens and Kerberos Tokens as well as how to include opaque encrypted keys as a sample of different binary token types.“
So, if the security for the SOAP messages exchanged during DSSP service request and response are provided by WS-Security, it will be very strong as well as end-to-end security mechanism. The existing username/pasword security policy of DSS can be combined with WS-Security and also with WS-SecureConversation to have secure session. However attaching with Kerberos will be a better option as it guarantees better network security to overcome those entropy related attacks in username/password cases.
Posted in DSSP | Tagged: DSSP, Microsoft, Network, Robotics, Security | 1 Comment »
Posted by yadab das on August 20, 2008
Ok, There is no direct support to write blog posts (atleast in wordpress or blogspot) in assamese but you can write with help of some unicode editors. One important thing to remember that your browser need to support unicode formats. Well, IE 6+ and Mozilla Firefox supports unicode character formats.
Steps:
In assamese , “O mor apunar desh”…
Posted in General, Uncategorized | Leave a Comment »
Posted by yadab das on July 11, 2008
This time Google targeted the virtual reality with their foot step into Lively, an 3d chat room. While Second life (Linden Lab ) is the leader in Virtual reality market, but the thin client based approach will help them. But for just chating, does it make sense? May be for those people, who have enough time to chat…
Posted in Second life | 1 Comment »
Posted by yadab das on July 2, 2008
SHA-*, MD* and RIPEMD-* are the most popular Hash functions. OpenSSL provides both generic APIs to these Hash functions also provides direct APIs. Accessing through generic API (the EVP) is preferred.
Now let us first use the Hash APIs from OpenSSL and generate fingerprint or calculate hash value. The alorithm, that we will use, is MD5. MD5 (MD stands for Message Digest ) is One way hash algorithm from Ron Rivest. There are test vectors in MD5 RFC, which we can use to calculate (or validate) the hash values. The following figure shows the process of calculation MD5 hash using OpenSSL :-
Below is an example to calculate message digest using MD5 algorithm.
Code Snippet :
openSSlExmpleHashMd5.cpp
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
int main(int argc, char *argv[ ]) {
int i,j;
const int totalTestVectors = 7;
/*
The ouput length for the claculated
digest. This will be fixed for a parti-
cular Hash algorithm and will very algo-
rithm to algorithm.
*/
unsigned int outputLength;
/*
The Message Digest Context object, which
will hold the intermediate state.
*/
EVP_MD_CTX messageDigestContext;
/*
The buffer to store message digest after
computing. 64 bytes is enough for any hash
function. For MD5 128/8 would be fine as
MD5 has 128 bit output length.
Someone can directly use the 128/8 as
the size but if you change the Hash
algorithm, for example SHA1,has 160 bit
output, the length need to be changed to
160/8 bytes.
*/
unsigned char messageDigest[EVP_MAX_MD_SIZE];
/*
Hashes will be calculated for the following strings.
These strings are from the MD5 RFC.
*/
const char *strMessages[] =
{ "", // Input String : 1
"a", // Input String : 2
"abc",// Input String : 3
"message digest",// Input String : 4
"abcdefghijklmnopqrstuvwxyz",// Input String : 5
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",// Input String : 6
"12345678901234567890123456789012345678901234567890123456789012345678901234567890"};// Input String : 7
/*
For each Input string the Expected Output are (from RFC,
this is to make sure that, this implementation is not bogus):
1: d41d8cd98f00b204e9800998ecf8427e
2: 0cc175b9c0f1b6a831c399e269772661
3: 900150983cd24fb0d6963f7d28e17f72
4: f96b697d7cb7938d525a2f31aaf161d0
5: f96b697d7cb7938d525a2f31aaf161d0
6: d174ab98d277d9f5a5611c2c9f419d9f
7: 57edf4a22be3c955ac49da2e2107b67a
*/
/*
Initialize the Message Digest Context
Calculate Message Digest
*/
//EVP_DigestInit(&messageDigestContext, EVP_md5());
for (j=0;j<totalTestVectors; j++)
{
EVP_DigestInit(&messageDigestContext, EVP_md5()); // for SHA1 use EVP_sha1()
EVP_DigestUpdate(&messageDigestContext, strMessages[j], strlen(strMessages[j]));
EVP_DigestFinal(&messageDigestContext, messageDigest, &outputLength);
printf("Test Vector : \"%s\" \n, Digest : = \"",strMessages[j]);
for (i = 0; i < outputLength; i++) printf("%02x", messageDigest[i]);
printf("\"\n");
}
return 0;
}
The above code work fine on windows or Linux but you should have
already openssl libs with you or you can download it.
Posted in Hashing - One Way Functions, OpenSSL | Leave a Comment »
