Friday, 22 August 2014

So, the delay has a reason! Windows password check

A large portion of the world population use Microsoft Windows  as their Operating System. To all those people, I ask..

Have you ever wondered why it takes a long time to display a error message when you enter a wrong login password whereas if you password is correct, you login in a reasonably smaller amount of time ?
         Most people think that it is their system fault , a slow processor( as if how big data crunching is going on :P).

The reason is so simple and intelligent .
The 2 major concepts are Password caching  and preventing Brute Force Attacks
 It is better explained in the microsoft blog . Go ahead and satisfy yourselves .:)

Tuesday, 19 August 2014

Facebook Bug? Maybe... Maybe Not

Recently, I was fiddling around with things and found something which according to me seems a bug, but is not according to the Facebook .

So what I found that, the visibility/ privacy settings as in this picture can be overruled.
fb privacy


I have tried reporting this to the Facebook team and according to them this is no security bug, so I can safely post my report over here.







So, I was using the developer tools provided in Google Chrome.  I asked my friend to change privacy setting of his profile picture such that all except me could see his image. Note: while a profile picture is visible to all when someone visits a person's profile, they only see the cropped portion of the profile picture. Only the people granted access can click on it to see the complete picture. Of course, this is what facebook claims or maybe we have deduced it incorrectly.

       I used the DOM inspector to find the unique url of the profile picture as in the picture below


So, the unique url is the portion that i have scribbled with blank (:P) .

I copied this url. Now, I went to my own account, and clicked on the profile picture. Again using the DOM inspector, I found the common url. It turned out to be this (the part which is not scribbled):
I then replaced the scribbled part of this url with the scribbled part of the previous image.

 And the result was, I could see the profile picture of my friend, not only the cropped part, the whole picture. Also going into incognito mode, I could still see it.


So according to me, this is incorrect and as mentioned above I reported this to facebook twice. But it seems I am wrong.. I'd like to hear your comments on this :)

EDIT:
Facebook offers an API to see the images as in here . However, the point to be noted there is :

Permissions

  • Any valid access token for any photo with public privacy settings.
  • For any photos uploaded by someone, and any photos in which they have been tagged - A user access token for that person with user_photos permission.

Wednesday, 13 August 2014

Using BigDump

 I recently was in a situation when I had to push code for a new website to my server. Simple enough, except that I could not access the phpmyadmin by remote or local method. (Local method means accessing phpmyadmin installed on the hosting server itself, whereas remote method means using phpmyadmin on your own system ,for eg. i had it installed as part of wamp, to access the mysql database of remote server.)

There were large queries to be made and i didn't want to type it all on the console. It was at this time that i came across bigdump script . What it actually does , is that it excutes your mysql dump( usually generated by an export of your database). That is, it imports a database to the server.It is a very good script made specially for problems like this .

The steps involved are as follows,

  1. Create a folder(let its name be dump).
  2. Transfer the bigdump.php and the dumped sql file in that folder.
  3. On your browser, enter the path to the script.
  4. The script will ask your permission to run the queries in database.

The script itself is customizable. Few things to be kept it mind,
  1. You need to change database login credentials in the script.
  2. If the dump contains CREATE DATABASE  query, we need to uncomment a line in the script.

With these things in mind, bigdump turns out to be a very useful tool