Purity of Mathematics

My friend, Abhishek has put up a series of posts which describes various branches of Mathematics (Applied Mathematics, Pure Mathematics). Some of you may not be able to read them as they are in hindi.
Reading these I remembered a similar post on xkcd comparing purity of various field (branches)

I’ll agree with it but comic misses the Applied Mathematics, which i think will have application in the whole spectrum of various branches mentioned by comics. On the other side Pure mathematics is purely based on reason, ignoring its usability.

Mathematicians have always had differing opinions regarding the distinction between pure and applied mathematics. One of the most famous (but perhaps misunderstood) modern examples of this debate can be found in G.H. Hardy’s A Mathematician’s Apology.

Applied mathematics sought to express physical truth in a mathematical framework, whereas pure mathematics expressed truths that were independent of the physical world.

June 26, 2008 | Filed Under offbeat | 1 Comment

Firefox about: pages

Special pages available in firefox :

about: A simple prompt without any parameter will display the Mozilla “about” information.
about:logo Displays firefox logo.
about:licence Informaion regarding licencing, Mozilla Public licence, Source code licence
about:buildconfig It shows the build platform configuration and parameters.
about:blank — A blank page. Useful for setting as your homepage.
about:cache Displays info and statistics regarding memory cache device and disk cache device including the number of enteries, name of your cache’s directory and a list of the entries you can find there. From there ou can view cached webpages and images.
about:config It provied you an nice interface to tweak firefox settings. It allows you to modify firefox preferences. Read About:config entries to more about it. These entries are stored in pref.js folder in your profile.
about:plugins provides information regarding installed plugins (plugins help your browser perform specific functions like viewing special graphic formats or playing multimedia files.) like flash, quicktime, realplayer, adobe reader and java plugin
about:credits This is an alphabetically sorted list of all the people that gave their contribution to the development of Firefox.
about:Mozilla from Book of Mozilla, 7:15

And so at last the beast fell and the unbelievers rejoiced. But all was not lost, for from the ash rose a great bird. The bird gazed down upon the unbelievers and cast fire and thunder upon them. For the beast had been reborn with its strength renewed, and the followers of Mammon cowered in horror.

Works with Flock too but with different Quote:
from Book of Mozilla, 11:1

And when the Beast had taken the quarter of the Earth under its rule, a quarter hundred Birds of Sulfur flew from the Depths. The birds crossed hundreds of mountain views and found twenty four wise men who came from the stars. And then it began, the believers dared to listen. Then, they took their pens and dared to create. Finally, they dared to share their deed with the whole of mankind. Spreading words of freedom and breaking the chains, the birds brought deliverance to everyone.

Update: (12th April 2007)

chrome://browser/content/browser.xul To open firefox inside firefox

Update: (13th April 2007)

Editing configuration files..

Update : (4th April 2008)

javascript: - opens the js console
view-source:www.google.com/ view source for given url

Update: (22nd April 2008)

about:robots (Works with firefox versions later than v3 beta5) Message from Robots

Update: (2nd May 2008)

Type resource: in your location bar to directly go to firefox installation directory.

Update: (5nd May 2008)

about:crashes (type it in location bar) to track all the crash reports that you have submitted whenever firefox crashes.

About protocol links >>

Read The Book of Mozilla

Firefox: The Jewel of open Source, from xkcd

January 31, 2007 | Filed Under firefox, tips | 14 Comments

SQL Attacks : Hacking

Yesterday I was participating an hacking competetion in which at one stage I had login on a page and after that can get to next level . When at first i randomly typed any password. then it gave an sql error that ” zero row selected” and incorrect password. So I thought of using SQL string injection . SQL is poor in security issues surrounding is the login and url strings. So idea is you give these values in login form :
user : ‘ OR 1=1–
password : ‘ OR 1=1–

and voila you are in. the other possible strings for password are :

‘ OR a=a–
‘ or 0=0 #
“) or (”a”=”a
‘) or (’a'=’a

A funny comic strip from xkcd illustrating sql injection.

So whats the funda behind this :
When you click “login” or “enter” on webpage the variables ‘userid’ and ‘password’ are to sql. The underlying query is :

SELECT * from auth_db where username = ‘ $userid ‘ AND password = ‘$password’

So if you have entered username = admin and password = test123 then query executed will be :
SELECT * from auth_db where username = ‘ admin ‘ AND password = ‘test123 ‘

So in auth_db , if userid and password are correct than corresponding row will be selected and as no of rows returned is > 0 you will be granted access. But if password is incorrect than it will retun zero rows and permission won’t be granted. But if you use SQL string injection like if you put ‘ OR 1=1– as password and username both than query executed will be :

SELECT * from auth_db where username = ‘ ‘ OR 1=1– ‘ AND password = ” OR 1=1– ‘

Because a pair of hyphens designate the beginning of a comment in SQL, the query becomes simply becomes :

SELECT * from auth_db where username = ” OR 1=1

The expression 1=1 is always true for every row in the table, and a true expression or’d with another expression will always return true. So, assuming there’s at least one row in the Users table, this SQL will always return a nonzero count of records.So you are logged in now. And if in some cases But many times sql tries to parse = character in input strings and didn’t allow to do so, hence trick is using :
‘ OR userid LIKE ‘%%

So resultant query will be

SELECT * from auth_db where username = ‘ ‘ OR userid LIKE ‘%% ‘ AND password = ” OR userid LIKE ‘%% ‘
So every string matches ‘%%’ so it returns non zero number of and you are granted access.
Not all SQL injection attacks involve forms authentication. All it takes is an application with some dynamically constructed SQL and untrusted user input. Most SQL-compliant databases, including SQL Server, store metadata in a series of system tables with the names sysobjects, syscolumns, sysindexes, and so on. This means that a hacker could use the system tables to ascertain schema information for a database to assist in the further compromise of the database. For example, the following text entered into the txtFilter textbox might be used to reveal the names of the user tables in the database:

' UNION SELECT id, name, '', 0 FROM sysobjects WHERE xtype ='U' --

The UNION statement in particular is useful to a hacker because it allows him to splice the results of one query onto another. In this case, the hacker has spliced the names of the user tables in the database to the original query of the Products table. The only trick is to match the number and datatypes of the columns to the original query. The previous query might reveal that a table named Users exists in the database. So after this with multiple queries you can get control over database.

Updated :
Also visit Ten hacker tricks to exploit SQL Server systems
http://us2.php.net/mysql_real_escape_string
http://www.unixwiz.net/techtips/sql-injection.html
*******************************************************************************
WARNING: the information provided is for educationally purposes only and not to be used for malicious use. i hold no responsibility
********************************************************************************