My TechBytes

This spring when i was in a project meeting, one of the developers picked up a topic saying “POST” variables are secure enough when they are validated in Javascript. It took some time to tell him it’s not secured and it needs a demonstration for sure to make him understand it. After hours of my web research, i understood that many developers don’t look at the security angle while they develop something. For example, developers who started as designers and finish up remaining website with little bit of scripting knowledge tend to believe that SSL is a very strong means of communication. There are websites that just put a secured logo down their site and doesn’t enforce SSL. Using SSL and enforcing it are different.

To define SSL, it is a means of establishing trust between client and server from third parties. If the server redirects the client to a third party website, it means the client can still modify the data being sent as he is a trusted entity in the transaction.

I will update this post with a demonstration of some websites where they failed to secure the websites soon.

Well, Piracy is one of the hot topics of Telugu movie industry. Few people in Telugu movie industry started publicity stunts in the name of “Anti-Piracy” and few are good to stay low and still maintain teams that shatter piracy links online. Being one of the thousands(err.. may be more) of the so called “Desi people” who do not care for copyright laws, i think it’s not gonna end unless there are people like us. Hmm, wait a minute. Let me rephrase that. I buy my operating system, i buy Micros**t office, i buy anti virus, i watch English movies mostly on net*lix. But i am one of those people who believe watching most of Telugu movies is not worth a bug.

Just don’t count me among those who think Telugu movies are not worth a penny. I am even among those that believe Telugu Industry should stay in those good old days because of it’s over influence towards politics. There are people who blame Telugu movie piracy as killing employment opportunities for Technicians. Then what about the Industry people(Actors, Actresses, Producers, Comedians) who jump into politics and try to use it for their own benefits. They make use of blind folded frustrating fans mixed with interests of political parties. Who says they are completely destroying the state itself?

And most important hope they answer about Telugu Music Plagiarism at http://www.itwofs.com/telugu.html and also about the tons of movies they copied from other languages even not bothering about buying rights.

Anyways keeping personal feelings apart, turning the post to Tech stuff, i am wondering to find ways about how people can find piracy links of Telugu movies. Lets think Lambu talks for Anti-piracy teams and Jambu talks for Piracy websites.

Lambu: “The first thing any one would do about finding piracy links is to search for them in search engines like Bing or Google.”

Jambu: “So what if the piracy site uses robots.txt file to disallow the search engines from indexing the links. Although the websites with links may go down in search engines, they still get their loyal viewers visiting the site.

robots.txt:
———-
User-agent: *
Disallow: /

A sample robots.txt file from Bing is at http://www.bing.com/robots.txt. For more details they may find information at http://www.robotstxt.org.”

Lambu: “Ok, even the anti-piracy teams know the movie sites. What if they directly visit them and check for links.”

Jambu: “Hmm, very clever. Do they have anti-piracy teams in each country. Piracy websites will post Telugu movies in two or three websites and post them on their website. They will make the links visible based on countries. They show all visitors from US states links on a particular website and UK visitors another website links. They can cut that down by even states. If they have enough time, they can replicate the video content on multiple video servers and can post links based on visitor states.”

Lambu: “Is that really so easy as you say to do that.”

Jambu: “Yes, let me explain little clear. Just little more.”

To be updated…

Back in my engineering, i used to wonder about ip spoofing. The reason is although the concept is quite clear, none of the tools i used were able to make me convincing that network devices take the spoofed packets.

Inspired by Linux Firewalls: Attack Detection and Response , i tested a perl script using Net:RawIP library which is very flexible to design our own raw IP packet.

TO BE MORE CLEAR, i tested this script only in a LAN. Generally, its easy to test this in a LAN. I haven’t tried on internet, but studies show that it’s not easy to spoof in Internet due to secure mechanisms. But i will try and update some day.

#!/usr/bin/perl -w
 
use Net::RawIP;
use strict;
 
my $src = $ARGV[0] or &usage();
my $dst = $ARGV[1] or &usage();
my $str = $ARGV[2] or &usage();
 
my $rawpkt = new Net::RawIP({
	ip => {
		saddr => $src,
		daddr => $dst
	},
	tcp => {}
});
$rawpkt->set({ 
 
	ip => {
		saddr => $src,
		daddr=> $dst
	},
	tcp => {
		source => 10001,
		dest => 8080,
		data => $str,
		psh => 1,
		syn => 1,
	}
});
$rawpkt->send();
print '[+] Sent '.length($str). "bytes of data... \n";
exit 0;
 
sub usage(){
	die "usage: $0 <src> <dst> <str>";
}

Given the source ip address, destination ip address and string to be sent, i was able to track the ip packet being blocked on the network by setting some invalid flags. If i set the flags correctly, it was not detected which means the network devices allowing spoofed packets.

If you have a Intrusion detection or prevention system, try removing the syn flag in above example and try to send it through the network. Although the above script sends TCP packet, RawIP has the capability to send UDP packets too.

Note: RawIP library may not come inbuilt with Perl. It’s available in CPAN library.

Good luck

A short detail on Andhra SRC detail from Eenadu dated 6^th January, 2010.

Constitution of India declares the Union of India to be a sovereign, socialist, secular, democratic republic(source: Wikipedia). Although our country has ‘Representative democracy‘, it has gone to an extent where the representatives started working for the parties and not for the country. When the representatives(popularly known and blamed as politicians) make me laugh when they give statements like ‘party is above all’ to their mates. It’s not their fault. Looks like the culture of kings and his ‘tandaana taanana batch’(whenever the king says something, the batch starts praising his wisdom) still haven’t moved off after hundreds of years from our culture. The PCC Andhra members praising Sonia Gandhi, Andhra assembly representatives praising the ex-CM’s son; I feel it like BullSh*t. Why should Rahul Gandhi be the next prime minister? or why should Mrs. YSR made CM after his death?

I have been reading that Rahul may be the PM candidate for next general elections. Although i am a great fan of Sonia Gandhi in terms of the capability to control hundreds of head-nodding(i think some animal does this) representatives, i don’t take it for granted her deciding who should rule me. In 2008, Outlook published a cover story “Borne Supremacy:
The Nehru-Gandhis are India’s First Family. But across the country, power is family inheritance.“.

Image Source

The Nehru-Gandhis
They have held the reins of the Congress party ever since the struggle for Independence. It was Indira, though, who started the dynastic tradition first with Sanjay and after his death, with Rajiv. Today, Sonia guards the family preserve while son Rahul gets groomed for his political destiny.

Given the statements of Rahul, i don’t think this is gonna end anytime soon. Although it starts with convincing statements, it goes down to show his boiling enthusiasm to bring up his family name(may be a lecture from his BOSS) -

“It is undemocratic that the Congress is still led by a Gandhi. But it’s the reality…. My position gives me certain privileges. It is a fact of life in India that success in politics depends on who you know or are related to. I want to change the system.”

“I will continue to work for the youth unless I am forced by the prime minister and my boss (Congress president), which they can do. But personally, I prefer to work for the youth.”

“If anyone from the Nehru-Gandhi family had been active in politics then, the Babri Masjid would not have fallen.”

“I belong to the family which has never moved backwards, which has never gone back on its words. You know that when any member of my family had decided to do anything, he did it. Be it the freedom struggle, the division of Pakistan or taking India to the 21st century.”

Source: Outlook

I don’t care for what family can do or cannot. I hate the people who nod their heads for whatever the family says. I used to do a lot of YES-nods back in school and college days(to elders, teachers, professors). But slowly i started thinking why shouldn’t the head nodded the other way. In a recent movie “Prasthanam”, there is a dialogue ‘leadership comes through blood’. They may inherit leadership, but what about their motivation? Does it come through blood? Son of a leader need not ALWAYS be a leader.

To be updated..