Senin, 12 November 2012

0 IPB PC 2012 – Programming Competition

PROGRAMMING COMPETITION - PC 2012

Implementing Computer Science Student Association
 

General Explanation
Programming is a core or core of the IT world, for it is for those who cultivate the necessary understanding of the IT world of good programming. In order to provide a means of learning and to foster love of souls programming on youth, HIMALKOM (Computer Science Student Association) Department of Computer Science, Bogor Agricultural University Programming Competition 2012 events, this event is part of activities of the National Science Party 2012 organized by BEM Faculty Mathematics and Natural Sciences (Faculty) IPB.
Participants Programming Competition 2012 is the student / high school i was in Indonesia. This activity is a competition problem solving using programming languages. All participants will follow the preliminary round online, and who managed to escape the semi-finals will follow both onsite at the IPB campus.


Registration

    
Participants can register at http://pestasains.ipb.ac.id through online forms provided.
    
Participants will follow the allowance to pay 50,000, 00 of a total of 150,000, 00 cost competition (details can be seen in the use of cost general guide). Proof of payment sent by (choose one):
        
Email: pestasainsipb@gmail.com
        
Fax: 0251-862 16 38
        
Post:
Science Committee of the National Party in 2012
BEM Faculty IPB Secretariat
Building Student Center Faculty of Science
Jalan Meranti Dramaga Campus IPB, Bogor, West Java 16680
and received no later than October 6, 2012 by the committee.

    
Participants who have confirmed payment receipt will receive username and password via email that will be used for the opening practice session for 3 days using server graders IPB (notified next time).
    
The rest of the payment is Rp.100.000, 00 will be paid if the participant concerned qualify conducted onsite at the IPB campus. Payment no later than November 2, 2012.


General Guidelines

    
The race is individual.
    
Each school may send representatives of more than one person.
    
Participants are students / high school student (or equivalent).
    
Not allowed to take notes in any indoor competition.
    
Source code is sent maximum 100KB and can be compiled by the server is less than 30 seconds
    
Each program receives input response from the standard input (keyboard) and released the results via standard output (monitor)
    
Programs that are sent to receive some verdict (decision) of the grader, namely:
- Accepted: The program is submitted successfully pass all the given testcase
- Wrong Answer: The program still does not give the same output with the given testcase
- Pending: The program you send are graded, wait a while to see results
- Compile Error: you send failed program compiled by the server
- Runtime Error: Program successfully compiled, but error occurs when the program is run
- Time Limit: The program runs over a given time frame in question
- Memory Limit: The program requires more memory than the limit on the matter

    
8. Verdict of the grader and the scoreboard during the race only by some testcase testcase of all matter.
    
9. Re-grading the entire testcase will be made after a race is completed.
10. Assessment based on the correct number of testcase grader. Eg for a matter of 10 testcase, programs delivered right answer only 3 testcase, then the value obtained in question is 30.
11. Scoreboard at-freeze will last 15 minutes.
12. The programming language is allowed is C, C + +, Pascal.
13. During the race participants are prohibited from:
- Communicate with other participants
- Interfere other participants
- Eating or drinking in the room competition
- Disrupt the competition in any form
- Doing things that are potentially damaging computer equipment (slamming the mouse, keyboard hard hitting, etc.)
14. Participants who violate the above violations may be disqualified.
15. Decision of the judges is final and can not be contested.


Babak Allowance

    
Held online using graders in IPB server.
    
Held on Friday, October 26, 2012, at 13:30 to 16:30 pm.
    
Taken 60 best participants to advance to the semi-finals.
    
Number of questions: 5 questions.
    
Processing time: 3 hours.
    
Participants will receive a username and password to enter the race site via email.
    
There will be warm-up session (warming-up) for 3 days to try and adjust to the grader is used. Date and time notified later.
    
Participants can make clarifications about 1 hour only on the first
    
Announcement of participants who qualify for the semi-finals were announced up to 1 day after the preliminary round ends.


Semi-Final Round

    
Held onsite at the IPB campus network server using a grader at IPB
    
Held on Friday, November 9, 2012, from 8:00 to 11:00 hours.
    
Best taken 15 to advance to the final round.
    
Number of questions: 5 questions
    
Work time: 3 hours
    
Participants will receive a username and password to enter the system in the space race competition.
    
There will be warm-up session (warming-up) for 30 minutes to try and adjust to the grader is used.
    
Participants can make clarifications about 1 hour only on the first


Final Round

    
Held onsite at the IPB campus network server using a grader at IPB
    
Held on Friday, November 10, 2012, from 08:00 to 12:00 hours.
    
Retrieved 3 winners with the best scores.
    
Number of questions: 5 questions
    
Working Time: 4 hours
    
Participants will receive a username and password to enter the system in the space race competition.
    
There will be warm-up session (warming-up) for 30 minutes to try and adjust to the grader is used.
    
Participants may clarify questions only on the first 2 hours


Notes: Winner of I, II, and III will be announced through the National Science Party central committee 2012. All committee decisions Party National Science Programming Competition 2012 are final and can not be contested.


Information

For more information on PC 2012 can contact

Alfat - 089638529818 (harunalfat@gmail.com)

0 What you Support Wireless Hacking?

Hello Cetix Hacked,

No hacking without tools, that is the basis of our discussion this time. Every human activity has never escaped from the use of tools, including trivial things like hacking a computer.

Selection of the right tools to our base in the act, because it is not just any tool can be used. We will briefly discuss how we can choose a device for wireless hacking activities.

Factors that affect the speed and accuracy of wireless hacking:

1. The speed of data access, faster data access, the faster we can get the job done

2. The reach, influence the range we find another client around us, a good wireless card has a range of up to draft-N, so if the device you buy is written without the n 802.11a/b/g then immediately you are discouraged to buy equipment them.

3. The selection of drivers, a good tool is useless if the appropriate driver is not supported, use a suitable driver for injection, because the injection is a MANDATORY requirement for this activity. If the injection can not then you can not move over to capture internet traffic, cracking WPA passwords, etc.. You can upgrade, downgrade, or patching the driver manually.

4. Selection of the operating system, keep your operating system is suitable for hacking, eg: Backtrack, Blackbuntu, etc. and try to air-LINUX based user interface is not too flashy. If the operating system can not be used then put on another that matches your device. There is no standard operating system you have to use "this" to death.

 Physically, avoid using tools that are too flashy, maximum use card-sized wireless flash when you act in a hotspot area. Do not install the antenna on your laptop, because it will provoke suspicion around.

The characteristics of the wireless card that supports injection:

1. Usually from Atheros wireless card already has this feature, you can find the description in madwifi-project.org. The device used by the writer is Atheros AR9285, in reference to the authors obtain the following information:

In the note mentioned that the author is supported by ath9k driver (Linux), works well for monitoring networks such as mon0, injection, but a low sensitivity (not really a problem, yet still able to do the hacking). You can use other tools to allow more sensitivity captures data packets. Overall was okay even on Backtrack 4 works perfectly.

2. Searching on google with keyword <tipe_perangkat_anda> (space) <injection>, eg injection ar9285

3. Tried manually by software aircrack. Use aircrack linux and a wireless device that is capable, not necessarily a physical access point, but can be set by the adhoc WEP password. If you managed to hijack the device means that wireless cards, drivers, and operating system you use already support injection well.

A few light guides from me, when there are less obvious please ask in the forums FB

0 DNS Enum

Rabu, 02 Mei 2012

0 War Netcut and Netcut Defender Network

Cetix Hacked - Welcome gain knowledge back in coco-fuxbumz.blogspot.com

Cyber ​​world is not going to run out if you keep to uncover the intricacies of network security, from the newbie to the advanced I came back from camping with a few small toys that can be fairly fun to accompany us to fight in a small network either LAN or Wireless LAN (WLAN). Yup, netcut an application that is very familiar in the ears of the bandwidth thieves, pentester, until the hacker has reached version 2.1.1. But did you know that coincided with the release of the new netcut now Arcai.com 's netcut as vendors have released software to counter netcut sandingan who have been abused for evil, that Netcut Defender that I carry with version 2.1.1
null
Still the same principle works with the checklist Protect My Computer in netcut program itself, the difference is more tailor-made tools to survive from netcut (I have not tried to attack network than netcut). This application by default will run at startup in the SystemTray.
null

For you who like to network with netcut war and did not turn the firewall either on your computer or on the network, this tool is worth trying because of the Arcai.com 's themselves are in need of your help to test it I? I've found some deficiencies when experimenting with are:

1. Posts Protected by Netcut Defender Defender Netcut not from itself but from Netcut. The bottom line is Netcut 2.1.1 can not recognize Netcut Defender 2.1.1 properly.

null
null

2. When the program window diclose not be closed but diminished towards syatemtray, in other words action to close and minimize the same should be different

3. Netcut and Netcut Defender still forced to run at startup even for a startup option has been removed

Dengain these bugs had me submit to the netcut for repair

For now I do not recommend you to use tools Netcut Defender remember there are still many bugs, it's better if you entrust to experts the better firewall like Comodo Firewall

Download Netcut and Netcut Defender here

The end of this article may be useful for all of us, Share Y guyss

0 Forgot Passcode and Password

Coco FuxnBumz - Nature sure can not be separated from us as human beings, although often worn every day, every hour and even every minute, there are times when we suddenly forgotten passwords Tab Android us? So what if you forget your passcode Android solution? Eg forgotten passwords Tab Asus Eee Pad Transformer TF101?

The good news, Android has features Forget Password, so it is easy to reset the password or passcode from our Android phones. The first step to Reset Password Android is an incorrect passcode entries 5-10 times, well then will appear the icon Forgot Password / Pattern, click on the icon next to then we must include an appropriate email address and password previously used on the Android Tab. Easy is not it?

Help Share Yes sob, I hope useful!

Minggu, 22 April 2012

0 How it Works Token Internet Banking

Coco FuxnBumz -
The use of such a small token such as a calculator tool for securing internet banking transactions has now become mandatory. Token has become an additional factor in the authentication is to prove that my friend is really legitimate users. There may be wondering how to work the token as used Internet banking site? How small tools such as calculators that can produce numbers that are also known by internet banking server, but the tool was not terbubung with the server. In this article I will explain how the token internet banking, and in the next article I will make a token-based software and a simple website that will simulate internet banking.
Authentication Method
Authentication aims to prove who the real friend, if my friend is really the person he claims to be my friend (who you claim to be). There are many ways to prove who mate. Authentication method can be seen in 3 categories of methods:
1. Something You Know
It is the most common authentication method. This method relying on the confidentiality of information, such as passwords and PINs are. This method assumes that no one knows it except my friend a secret.
2. Something You Have
This usually is an additional factor to create a more secure authentication. This method relies items are unique examples are magnetic card / smartcard, hardware tokens, USB tokens, and so on. This method assumes that no one has the goods except for a mate.
3. Something You Are
It is the most rare diapakai because of technology and the human factor as well. This method rely on the uniqueness of the body parts that are not my friend may have on others such as fingerprint, voice or retina prints. This method assumes that the body buddy like fingerprints and retina, is probably the same with others.
And what about the traditional authentication methods such as the signature on the stamp? Go to the category which means that of the three methods above? I do not think there is a match, so I added another one which is "Something You Can". This method assumes that no one else in the world who can do that other than my friend. Indeed, the signature authentication is built on the assumption that no one can write a signature unless buddy buddy. Despite the fact that there are people who can mimic the signature of a very good friend, but the knowledge facts signature on paper is still recognized as authentic evidence of who mate.
Two Factor Authentication
In critical and sensitive applications such as financial transactions, the authentication method is not enough. Hence the term 2FA (Two Factor Authentication) which is a system that uses 2 factor authentication (method) is different. Four authentication methods I described sebelunya can be combined to improve security, one example is the combination of "something you have" in the form of ATM card with "something you know" in the form of a PIN. This combination is a combination of the most widely used.
Still another example is when my friend shopping in the modern market and pay by card, unwittingly buddy has been using more than one factor of authentication. The first factor is "Something You Have" ie credit / debit cards buddy. The second factor is "Something You Know", when prompted to enter a PIN into the EDC. There may even be a third factor that is "Something You Can", When prompted to sign a memorandum of payment are printed EDC.
Internet banking is also using two factor authentication with a combination of "something you know" in the form of passwords and "something you have" a hardware token (or token KeyBCA Mandiri).
Incurred Password Token Internet Banking
In general, there are two modes of use of internet banking token:
1. Fashion Challenge / Response (C / R)
This is the mode most often used when trading. In this mode the server provides challenge in the form of a series of numbers. That number must be entered into the token machine to get an answer (response). Then the user enters the number that appears on tokennya into the form on the Internet banking site. Tokens will be issued a code different challenge though with the same code on a periodic basis depending on the time when the challenge put in a token.
2. Mode Self Generated (Response Only)
In this mode the server does not provide a challenge (challenge) of any kind. Token users can directly issue a series of numbers without having to enter the challenge. As the mode C / R, also issued a token code that periodically vary depending on the time when the token is required to produce a self-generated code.
Actually, the answer given by the token in either C / R and Self Generated (resopnse only) is nothing but the password as well. However, different from the password used to login pal, token generated password has limitations for security reasons, namely:
1. May only be used one time
This is called OTP (One Time Password). Once a password is used, the same password can no longer be used for the second time. This way there is no point intercepting the token generated password because the password can not be used again. However, if the password is in-intercept so it never gets to the server, the password is still worthwhile because in the eyes of the server, the password has not been used.
2. May only be used within a limited time span
Token generated password has a very limited life, probably between 3-6 minutes when the old expires, the password can not be used, although it has never been used. Later I will explain why the password token requires age, time is a very critical element in this system.
3. May only be used in the context of narrow
If the password / PIN is used for password-free login context, in the sense that it is armed with a password, my friend can do many things, ranging from the view balances, check transactions and so on. But the token generated password, can only be used in the context of narrow, for example a password that is used to charge the toll to the number 08123456789, can not be used to transfer funds.
Lack of context because a password is needed to make a transaction bound by the challenge from the server, so that the password can not be used for other transactions that require a different challenge code. For example, if the server is a challenge given the last 3 digits of the phone number (for transactions contents pulse), or 3 digits destination account number (for transfer transactions). Then the token generated password for the transaction to number 0812555111222 contents pulses, will be valid also for the transfer of money to the account transactions 155,887,723,120,222. Because it happened to both transactions require passwords bound by the same code challenge, namely 222 (taken from the last 3 digits).
Context is only valid when the password is generated in fashion C / R. Password generated in Self Generated mode, can be used in any transaction that does not require a password to the challenge code.
So it can be concluded that the issued token password is:
1. Always changing periodically
2. It has a short life
3. Can only be used 1 times
4. Divided into two types, namely:
* Password contextually bound by a code in a fashion challenge challenge / response.* Password-free context resulting in a mode of self-generated.
Authentication Process
Such as passwords in general, on condition that the authentication is successful is:
client sent password = password stored on the server
With security reasons rarely server stores user passwords in plain-text. Typically server stores user passwords in hashed form so it can be returned in the form of plain-text. So successful authentication requirements above can be interpreted as tally hash of the password sent by the client must be the same hash value stored in the server. See the picture below for better understanding.
courtesy of "www.unixwiz.net / TechTips / iguide-crypto-hashes.html"
courtesy of "www.unixwiz.net / TechTips / iguide-crypto-hashes.html"
Use of Salt
To avoid brute-force attack against the hash stored on the server, then the calculated value before the user's password hashnya, first add a random string called the salt. Consider the following example, if the user's password is "secret", the pre-calculated value hashnya, password salt be added first random string "81090273" so that the calculated values ​​are hashnya "secret81090273" not "secret".
Note that MD5 ("secret81090273") is 894240dbe3d2b546c05a1a8e9e0df1bc while MD5 ("secret") is 5ebe2294ecd0e0f08eab7690d2a6ee69. If without the use of salt, the attacker gets the hash value 5ebe2294ecd0e0f08eab7690d2a6ee69 could use the technique brute force attack or rainbow table to get the value of the password in plain-text. One example of online MD5 database that can be used to crack md5 is http://gdataonline.com/seekhash.php. In these sites try entering 5ebe2294ecd0e0f08eab7690d2a6ee69 value, then the site will result in "secret". This is because the site has been storing mapping information secret <=> 5ebe2294ecd0e0f08eab7690d2a6ee69.
The addition of salt "81090273" make a hash value 894240dbe3d2b546c05a1a8e9e0df1bc. If this value is included in the site, guaranteed not to exist in the database that the hash value is "secret81090273". And because the salt value is generated randomly, then each user has a different salt value that the attacker may not be able to build a database mapping between the plaintext and the hash is complete.
With the use of salt, then the user database in the server will look like this:
Salt Username Password Hash
81090273 favor 894240dbe3d2b546c05a1a8e9e0df1bc
Field salt is needed when authenticating. Password supplied by the user will be added once the salt value is then calculated value hashnya. Hash value calculation results will be compared with the Password Hash field in the column next to it. If the same, then the authentication is successful, if not the same, then the authentication fails. In principle, the same as the picture above, just added a step is the addition of salt before the calculated value hashnya.
Generation One Time Password (OTP) Token Internet Banking
What I have described previously the basis of what I will describe below. How to generate a series of numbers as the token OTP that can be authenticated by the server? Remember that the condition for successful authentication is the password sent by the client must be the same that is stored on the server. Remember also that the generated password token always changing periodically. How is what produced the device can be synchronized with the server? Though the device is not connected to the server, how can the server know how the value generated token? The answer is time. Earlier I mentioned that time is a very important element in this system. The server and the token can be synchronized by using time as a reference value.
OTP Mode Self Generated (Response Only)
I will explain the start of the OTP generation in self-generated or response mode only. Formerly, of course, the server and the token must agree to a secret initial value (init-secret). The initial value is stored (planted) in the token and also stored in the table on the server.
When at a certain time required generate OTP token without challenge code, this is what made token:
1. Taking the current time in seconds EPOCH format (number of seconds since January 1, 1970), usually within 10 seconds granularity, so the EPOCH value divided by 10.
2. Combining init-secret with the current time from step 1.
3. Compute the hash value init-secret combination and timing of step 2.
Hash value from step 3 is at the OTP. But the OTP is usually taken from some of the characters / digits at the beginning of the hash.
How to perform server authentication? The trick is similar to that of the token, ie by calculating the hash value of init-secret combination with the current time and take a few digits at the beginning of the OTP. If the OTP is sent the same user OTP server obtained from the calculation of the hash, then the authentication is successful.
However, there are few records that must be considered relevant time. To tolerate the time difference between the token and the server, as well as the lag time from the time server until the user asks for a password generating token request token, the server must provide tolerance time.
There are three events to note the time, namely:
1. Seconds when the server asks for a password (OTP) of the user
2. OTP tokens generate a second when
3. Seconds when it receives the OTP from the user
Consider the example below:
Assuming the exact same time with a time server on the token (token internal clock), then we should note that there will be a lag between events 1, 2 and 3. When the second-to-0 server asks for a password from the user, because of the slow internet access, it could be a new user 30 seconds to look at the browser that he must enter the OTP from the token. Later in the 60th minute to generate OTP token. In the second-to-65 user submits the OTP value to the server and the new server arrives at the second-to-90.
Due to the time-dependent generation of OTP OTP when raised, then the resulting OTP tokens, OTP was the second-to-60. While the server asks for a password from the user since the second-to-0. How to perform server authentication? The trick is to examine all possible OTP in the timeframe that is deemed adequate, say 180 seconds.
If the system uses granularity 10 seconds then the server must calculate the value of the second OTP since the 0, 10, 20, 30, 40, s / d to 180 in increments of 10 seconds. Consider the example in the figure below. In this system it is assumed OTP is 6 characters beginning of MD5 combined. In doing authentication, the server should compare all the values ​​from the second to the OTP-0 (in this example EPOCH/10 = 124 868 042) to a maximum tolerance.
otptoken1Dalam the example above, if the user sends the OTP "b1cdb9" then authentication will be successful when the server calculates the value of the second OTP-60 from the server to the OTP requested from the user.
The illustration above is only an example, in fact there is the possibility of time between the server and the token is not exactly 100%, so the server is forced to tolerate the time not only forward, but also backwards. Because it could be the time at the server is faster than the time on the token. For example, when the time on the server shows EPOCH/10 = 124 868 219, it could be time in the new token shows EPOCH/10 = 1248682121 (a token fee 80 seconds).
Suppose the tolerance time is 3 minutes, then the server must tolerate the next 3 minutes and 3 minutes to the rear relative to the time when it receives the OTP from the user and authentication. Remember, when tolerance is relative to the time server authentication. So if a server to authenticate against the EPOCH/10 = 600, then the server must calculate the entire value of OTP since EPOCH/10 EPOCH/10 = 420 to = 780.
Remember my explanation of salt before. When compared with this OTP, the init-secret value is similar to the plain-text passwords of users, while the salt or enhancements is the time (EPOCH/10).
Age OTP
Earlier I mentioned that the nature of the OTP is to have a limited lifespan. Age is associated with a given server tolerance for X seconds forward and backward X seconds relative to the time server authentication. If a tolerance is 3 minutes (180 seconds), then the age of an OTP is 3 minutes, in a sense when server authentication is not more than 3 minutes since raised OTP token, the OTP will be considered valid by the server.
OTP in Fashion Challenge / Response
Generation and OTP authentication mode C / R is actually similar to the self-generated. When in a mode of self-generated additional (salt) from the init-secret is the time (EPOCH/10), the mode C / R is salt / enhancements more. Init-secret not only coupled with time, but also coupled with the challenge.
Note the picture below. OTP Server performs calculations for all seconds within tolerance.
otptoken2
In mode C / R there is an additional field to be joined before the calculated value hashnya, the challenge. Challenge value is known by the server, and also by the token (when users type challenge to the token), so that both the token and the server will be able to count so that the same OTP authentication process can take place.
Source: X-Code Community
Related Posts Plugin for WordPress, Blogger...
 
HEAD LINE NEWS CREATIVE BY COCO FUXBUMZ