Haven’t been posting anything recently. Here I would like to share something suddenly pop up from my mind. I think I’ve been day dreaming…

Java is juz like a cup of coffee… You take a sip of it, it may be bitter in the begining but it’s tremendously addictive and high after a while…

PHP is like ‘You dun like Perl (Pearl), but act as if you like them and end up liking this combination of C + some OO style’ thats why people name PHP as People Hate Perl.

C is like the door to programming. You might dunno C but know C++; well who needs door as we can always climb through window and still reach?

In the world of networking, nothing is 100% secure. Not even SSL can make sure your information is safe from eavesdropping. With simple tools (eg: Cain and Abel), anyone can tap into your network and sniff sensitive information such as your login information and credit card number.

This kind of attack is known as Man-In-The-Middle (MITM) attack. MITM is achieve when the attacker manage to impersonate each endpoint. The attacker can then view the all the traffics between each end point.

In here, I’m going to touch on how to create a better login mechanism to prevent attacker from getting your personal password. Since many of us are using same password for several account eg, bank account and email; it is important that the web applications we are using are able to safeguard this piece of information before it reaches the server.

The diagram above shows the process of sending the password across a network that has been compromised . Do bear in mind that all the information/data send will be visible to the attacker.

When the client request a login page from the server, a login page including a challenge and challenge id will be send to the client. The server will keep a copy of the challenge and challenge id in it’s database. Before sending the username and the password back to the server for authentication, the password will be hash with the challenge on client side and send across the network together with the username and challenge id. After the server receive the username, hash and challenge id, it will use the challenge id to retrieve the challenge and password from it’s database and hash them together and match it with the received hash.

The challenge that is stored on the server can be use once only. Even if it’s not used, the challenge only have a validity of 15 mins.

I’ve written a plugin for Wordpress that will show visitor a under construction splash page when you are doing some maintenance or turning your blog offline just as I’ve promised. http://blog.zorex.info/?p=111

This plugin wont make your maintaining job easier, but it will help you to convey the message that you are maintaining your blog without you taking down your blog completely.

You can download the plugin from this page. Hope you all like it. ;D

You may leave comment and suggestion here.

I’ve been using same logon screen for quite sometimes. Suddenly I got this idea of making a nice logon screen like the one we use to see in Vista. I bet all of you would admit XP default logon screen sucks. ;p

Because of that, I decided to create my own logon screen with aero effect for WinXP. This is the screen shot of the logon screen in action.

Here is the link to the logon screen. It’s in .exe format.

DOWNLOAD

To apply this logonui, paste the “logonui_vista.exe” into your “windows\system32\” directory. Then open up “regedit” and go to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon”. You need to change the value of “UIHost” to the new logonui path.

note: This is free software and the author is not responsible for any damages cause by using the software.