In the world of networking, nothing is 100% secure. Not even SSL can make sure your information is safe from eavesdropping. With simple tools (eg: Cain and Abel), anyone can tap into your network and sniff sensitive information such as your login information and credit card number.

This kind of attack is known as Man-In-The-Middle (MITM) attack. MITM is achieve when the attacker manage to impersonate each endpoint. The attacker can then view the all the traffics between each end point.

In here, I’m going to touch on how to create a better login mechanism to prevent attacker from getting your personal password. Since many of us are using same password for several account eg, bank account and email; it is important that the web applications we are using are able to safeguard this piece of information before it reaches the server.

The diagram above shows the process of sending the password across a network that has been compromised . Do bear in mind that all the information/data send will be visible to the attacker.

When the client request a login page from the server, a login page including a challenge and challenge id will be send to the client. The server will keep a copy of the challenge and challenge id in it’s database. Before sending the username and the password back to the server for authentication, the password will be hash with the challenge on client side and send across the network together with the username and challenge id. After the server receive the username, hash and challenge id, it will use the challenge id to retrieve the challenge and password from it’s database and hash them together and match it with the received hash.

The challenge that is stored on the server can be use once only. Even if it’s not used, the challenge only have a validity of 15 mins.

I’ve written a plugin for Wordpress that will show visitor a under construction splash page when you are doing some maintenance or turning your blog offline just as I’ve promised. http://blog.zorex.info/?p=111

This plugin wont make your maintaining job easier, but it will help you to convey the message that you are maintaining your blog without you taking down your blog completely.

You can download the plugin from this page. Hope you all like it. ;D

You may leave comment and suggestion here.

I’ve been using same logon screen for quite sometimes. Suddenly I got this idea of making a nice logon screen like the one we use to see in Vista. I bet all of you would admit XP default logon screen sucks. ;p

Because of that, I decided to create my own logon screen with aero effect for WinXP. This is the screen shot of the logon screen in action.

Here is the link to the logon screen. It’s in .exe format.

DOWNLOAD

To apply this logonui, paste the “logonui_vista.exe” into your “windows\system32\” directory. Then open up “regedit” and go to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon”. You need to change the value of “UIHost” to the new logonui path.

note: This is free software and the author is not responsible for any damages cause by using the software.

After I’ve finish my assignments, I did something weird.

Not the above naughty stuff of course. I’m so naive and innocent.

I created a program that can pack an executable file into smaller size and make it easier for distribution.

Of course I didn’t write the core engine. It’s a module from http://upx.sourceforge.net/. The program only available in command line interface, so I decided to make a GUI for it using Java which this pass few day I was facing for most of the time.

Here is the screenshot of the program, hope it can help lazy people like me.

It’s currently in beta stage and some feature are not fully functional. I’ve yet to add in function like saving your project and so on. It’s a freeware and same goes to the module.

Here is the link to the program.

DOWNLOAD

It’s study week and guess what? I code my 1st plugin for WordPress since I want a simple yet secure CAPTCHA system for my comment area to prevent spam. Continue Reading »