RSS

Monthly Archives: June 2011

School Tuitions: A dark spot on government school education system.

Students or shishyas, went to teachers or gurus. They studied, lived, and grew up under their surveillance to become esteemed personas. In return all they have to pay back was their due services and respect. This was the education system of our India or say ancient India which was unique in the world.

But long gone is the era and long gone is that feel of education.

I passed my 10+2 some 15 months back. And I am in proper contact with many of my school junis. From them only I got to know that the problem which we faced is still prevailing and in fact has increased its grasp over my school. So I decided to start the issue calling for a healthy discussion via my page. I completed 10+2 from Kendriya Vidyalaya, Seoni and my schooling had a very deep grafted impact on me. When we, me and my mates were in class 8th we first heard of coaching’s and tuitions. At that time they were meant for getting an extra edge over other students. To improve my language skills, I also joined one in class 9th. That was a very satisfying experience; learning from Mr. Deepak Singh. We learnt, discussed and improved our communication there.

But you see, things change. At a very fast pace indeed. As we advanced in class 10th and academics became more technical with subjects like mathematics and sciences, we studied harder dropping English coaching. Then out of nowhere an ugly face of commercial tuitions came in front of us. That year in maths we were to get outta 80 marks in theory exam and 20 marks, nearly accounting for 4% was for internals, totally in mercy of our school teacher. I remember the day when he stormed into our class and threatened us for those 20 marks. Next eve, half of class was at his home, each stud carrying 300 bucks in pocket. LMAO!!!

Some people tried to protest. I was also one of ‘em. We sincerely asked him, what ot would take to get those 20 marks. The reply came, “I’m particularly busy at the moment. Why don’t you people also come and meet me in evening?” I lost the hope but still tried for next few days. When he also realized that we are hard nuts, one day he declared, “Get your projects ready!!! They will be evaluated for the 20 marks of internals.”

Then onwards, we poor students, wasting our precious time, energy and hundreds of bucks of money started making project. But what happened on day of submission was horrible and painful. Along with it I felt a rage. Our projects were never looked upon for once. The tuition students got 20 average and we suffered a loss of 7-8 marks.

Image courtsey- sourabh barapatre.

In the following years this practice came under notice of city administration, raids were done, fines were imposed, but with time it all started again with increased efficiency.

Whatever I am today is because of my teachers. I’ve always felt proud saying it. But it is also true that I met some people in my own school that I would love to see behind bars.

PS: Solely opinion. 😛

All I want you people get to is that is it a noble activity to allow such activities to run in our loved schools?

Is it a proper thing for teachers to use their knowledge and power as an evaluator to suck money?

What happened is past. But what lie ahead is a future full of possibilities. I appeal with all my regard to all the teachers of my school, my city and my state to teach students with responsibility. And not to sell student’s parents out who earn working very hard.

PS:

  • No harm intended to anybody. I clearly state, as in my case it is fictious. Hope you get it.whatever I’ve written is my strict personal opinion, nothing is objective. 😛
  • I would love a healthy discussion down under the article. You can agree or disagree freely.
 
6 Comments

Posted by on June 21, 2011 in Uncategorized

 

Trojan Horses- The menace.

What Is A Trojan Horse????

  • Unauthorized instructions contained within a legitimate program. These
    instrcutions perform functions unknown to (and probably unwanted by) the user.
  • A legitimate program that has been altered by the placement of anauthorized
    instructions within it. These instructions perform functions unknown to (and
    probably unwanted by) the user.
  • Any program that appears to perform a desirable and necessary function but
    that (because of unauthorized instructions within it) performs functions
    unknown to (and probably unwanted by) the user.
  • Under a restricted environment (a restricted Unix shell or a restricted
    Windows computer), malicious trojans can’t do much, since they are restricted
    in their actions. But on a home PC, trojans can be lethal and quite
    destructive.

The Name- TROJAN

In the 12th century B.C., Greece declared war on the city of Troy. The dispute
erupted when the prince of Troy abducted the queen of Sparta and declared that
he wanted to make her his wife, which made the Greeks and especially the queen
of Sparta quite furious.
The Greeks gave chase and engaged Troy in a 10-year war, but unfortunately
for them, all of their efforts went down the drain. Troy was simply too well
fortified.
In a last effort, the Greek army pretended to be retreating, leaving behind a
hude wooden horse. The people of Troy saw the horse, and, thinking it was some
kind of a present from the Greeks, pulled the horse into their city, without
knowing that the finest soldiers of Greece were sitting inside it, since the
horse was hollow.
Under the cover of night, the soldiers snuck out and opened the gates of the
city, and later, together with the rest of the army, killed the entire army of
Troy.

This is why such a program is called a trojan horse – it pretends to do
something while it does something completely different, or does what it is
supposed to be and hides it’s malicious actions from the user’s prying eyes.

Remote Administration Trojans

These trojans are the most popular trojans now. Everyone wants to have
them trojan because they let you have access to your victim’s hard
drive, and also perform many functions on his computer (open and close his
CD-ROM drive, put message boxes on his computer etc’), which will scare off
most computer users and are also a hell lot of fun to run on your friends or
enemies.
Modern RAT’S (remote administration trojans) are very
simple to use. They
come packaged with two files – the server file and the client file (if you
don’t know which is which, look for a help file, a FAQ, a readme or
instructions on the trojan’s homepage). Just fool someone into runnig the
server file and get his IP and you have FULL
control over his/her computer
(some trojans are limited by their functions, but more functions also mean
larger server files. Some trojans are merely ment for the attacker to use them
to upload another trojan to his target’s computer and run it, hence they take
very little disk space). You can also bind trojans into other programs
which appear to be legitimate.
RAT’S have the common remote access trojan functions like:
keylogging
(logging the target’s keystrokes (keyboard functions) and sometimes even
interfering with them, thus being able to use your keyboard to type
instead of the target and say weird things in chatrooms or scare the
hell out of people), upload and download function, make a screenshot of the
target’s monitor and so on.
Some people use the trojans for malicious purposes. They either use them to
irritate, scare or harm their enemies, scare the hell out of their friends or
enemies and seem like a “super hacker” to them, getting information about
people and spying on them or just get into people’s computers and delete
stuff. This is considered very lame.
There are many programs out there that detects the most common trojans (such
as Nemesis at blacksun.box.sk, which also detects people trying to access
your computer), but new trojans are
released every day and it’s pretty hard to
keep track of things.
Trojans would usually want to automatically start whenever you boot-up your
computer. If you use Windows, you can get b00tm0n from blacksun.box.sk (note:
at the time this tutrial was released, b00tm0n was not ready yet, but it
should be ready some time before year 2,000, so if you’re reading this after
Y2K, b00tm0n should probably be available at blacksun.box.sk). Under Unix, we
suggest getting some sort of an IDS (Intrusion Detection System) programs to
monitor your system.
Most Windows trojans hide
from the Alt+Ctrl+Del menu (we havn’t seen any Unix
program that had the ability to hide itself from the processes list yet, but
you can never know – one day someone might discover a way to do so. Hell,
someone might have already did). This is bad because there are people who use
the task list to see
which process are running. There are programs that will
tell me you exactly what processes are running on your computer (such as
Wintop, which is the Windows version of the popular Unix program called top).
Some trojans, however, use fake names and it’s a little harder for certain
people to realize that they are infected.
Also, some trojans might simply open an FTP server on your computer (usually
NOT on port 21, the default FTP port, in order to be less noticable). The FTP
server is, of course, unpassworded, or has a password which the attacker has
determined, and allows the attacker to download, upload and execute files
quickly and easily.

How RATS Work????

Remote administration trojans open a port on your computer and bind themselves
to it (make the server file listen to incoming connections and data going
through these ports). Then, once someone runs his client program and
enters the victim’s IP, the trojan starts receiving commands from the
attacker and runs them on the victim’s computer.
Some trojans let you
change this port
into any other port and also put a password so only the person
that infect this specific computer will be able to use the trojan. However,
some of these password protections can be cracked due to bugs in the trojan
(people who program RATs usually don’t have much knowledge in the field of
programming), and in some cases the creator of the trojan would also put a
backdoor (which can be sometimes detected, under certain conditions) within
the server file itself so he’ll be able to access any computer running his
trojan without the need to enter a password. This is called “a backdoor within
a backdoor”.

The most popular RATs are Netbus (because of it’s simplicity), BO (has many
functions and hides itself pretty good) and Sub7 (lots of functions and easy
to use). These are all Windows RATs.
If you havn’t done so already, it is advised to get some RAT and play around
with it, just to see how the whole thing works.

Legitimate purposes

Some people use RATs to remotely administer computers they are allowed to have
access to. This is all good and fine, but anyway, you should always be careful
while working with RATs. Make sure you have legal access and the right to
remotely administer a computer before using a RAT on it.

Password Trojans

Yes, password trojans. Password trojans scour your computer for password and
then send them to the attacker or the author of the trojan. Whether it’s your
Internet password, your Hotmail password, your ICQ password or your IRC
passwords, there is a trojan for every passsword.
These trojans usually send the information back to the attacker via Email.

Priviledges-Elevating Trojans

These trojans would usually be used to fool system administrators. They can
either be binded into a common system utility or pretend to be something
unharmful and even quite useful and appealing. Once the administrator runs it,
the trojan will give the attacker more priviledges on the system.
These trojans can also be sent to less-priviledges users and give the attacker
access to their account.

Keyloggers

These trojans are very simple. They log all of your keystrokes (including
passwords), and then either save them on a file or Email them to the attacker
once in a while.
Keyloggers usually don’t take much disk space and can masquerade as important
utilities, thus making them very hard to detect.
Some keyloggers can also highlight passwords found in text boxes with titles
such as ‘enter password’ or just the word password somewhere within the title
text.

Destructive Trojans

These little fellows do nothing but damaging your computer. These trojans can
destroy your entire hard drive, encrypt or just scramble important files and
basically make you feel very unpleasent. I wouldn’t want to bump into one in a
dark alley.
Some might seem like joke programs, while they are actually tearing every file
they encounter to pieces.

Joke Programs

Joke programs are nice, cute and unharmful. They can either pretend to be
formatting your hard drive, sending all of your passwords to some evil
cracker, self-destructing your computer, turning in all information about
illegal and pirated software you might have on your computer to the FBI etc’.
They are certainly no reason to worry about (except if you work in tech
support, since unexperienced computer users tend to get scared off pretty
easily by joke programs.

HOW TO PROTECT YOURSELF??

IN UNIX

If you are working on your PC, DO NOT work as root! If you run a trojan as
root, you can endanger your entire system! The whole point in multi-users on a
single-user system is limiting yourself in such cases (or in case you want to
prevent yourself from doing anything stupid). Switch to root only when you
NEED root, and when you know what you’re running. Also, remember that even if
you’re working on a restricted environment, you still put the passwords and
files you still have access to to risk. Also, if someone has a keylogger on
your system, and you type in some passwords (especially the root password),
they will be logged!
Also, DO NOT download any files from untrusted sources
(small websites, underground websites, Usenet newsgroups, IRC etc’), even if
it comes in the form of source code.

IN WINDOWS

Windows is a whole lot different in this aspect. Limiting yourself under
Windows is quite an annoyance. It is almost impossible to work like that, in
comparison to Unix.
Also, make sure you don’t run any untrusted software. There are much more evil
Windows trojans for Windows than Unix, since people are more motivated to
write trojans for Unix (because of all the security Unix imposes).
Also, when running on a restricted Windows environment, you cannot just act
like you’re so protected and all. Remember that people can still steal
passwords owned by the restricted user, and also, some trojans can break into
administrator priviledges and then compromise your entire system, since
Windows imposes such lame security.

Oh, and one last tip – you should try to download and use at least some of the
types of trojans listed above, so you could get to know them better and be
able to remove them in case you get infected.

 

Proxy Servers

 

Some home networks, corporate intranets, and Internet Service Providers (ISPs) use proxy servers (also known as proxies). Proxy servers act as a “middleman” or broker between the two ends of a client/server network connection by intercepting all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. Proxy servers work well between Web browsers and servers, or other applications, by supporting underlying network protocols like HTTP.

Proxy servers have two main purposes. One thing it can do is that it can dramatically improve performance for groups of users. This is because it saves the results of all requests for a certain amount of time. Consider the case where both user X and user Y access the World Wide Web through a proxy server. First user X requests a certain Web page, which will be called Page 1. Sometime later, user Y requests the same page. Instead of forwarding the request to the Web server where Page 1 resides, which can be a time-consuming operation, the proxy server simply returns the Page 1 that it already fetched for user X. Since the proxy server is often on the same network as the user, this is a much faster operation. Real proxy servers support hundreds or thousands of users. The major online services such as America Online, MSNand Yahoo, for example, employ an array of proxy servers.

Another feature of proxy servers is that it can filter requests. For example, a company might use a proxy server to prevent its employees from accessing a specific set of Web sites.

Proxies can do many other things. For example, they could translate multiple languages. They could shrink the size of a response so it fits on ones mobile phone webscreen. They could also filter nasty language or subjects.

Firewalling and Filtering- Proxy Servers

Proxy servers work at the Application layer (Layer 7) of the OSI model. As such, they aren’t as popular as ordinary firewalls that work at lower layers and support application-independent filtering. Proxy servers are also more difficult to install and maintain than firewalls, as proxy functionality for each application protocol like HTTP, SMTP, or SOCKS must be configured individually. But, a properly configured proxy server improves network security and performance. Proxies have capability that ordinary firewalls simply cannot provide.

Some network administrators deploy both firewalls and proxy servers to work in together. To do this, they install both firewall and proxy server software on a server gateway.

Connection Sharing with Proxy Servers

Various software products for connection sharing on small home networks have appeared in recent years. In medium- and large-sized networks, however, actual proxy servers offer a more scalable and cost-effective alternative for shared Internet access. Rather than give each client computer a direct Internet connection, all internal connections can be funneled through one or more proxies that in turn connect to the outside.

Proxy Servers and Caching

The caching of Web pages by proxy servers can improve a network’s “quality of service” in three ways. First, caching may conserve bandwidth on the network, increasing scalability. Next, caching can improve response time experienced by clients. With an HTTP proxy cache, for example, Web pages can load more quickly into the browser. Finally, proxy server caches increase availability. Web pages or other files in the cache remain accessible even if the original source or an intermediate network link goes offline.

Types of Proxy servers

Web

Proxies that attempt to block offensive web content are implemented as web proxies. Other web proxies reformat web pages for a specific purpose or audience; for example, Skweezer reformats web pages for cell phones and PDAs. Network operators can also deploy proxies to intercept computer viruses and other hostile content served from remote web pages.

A special case of web proxies are “CGI proxies.” These are web sites that allow a user to access a site through them. They generally use PHP orCGI to implement the proxying functionality.CGIproxies are frequently used to gain access to web sites blocked by corporate or school proxies. Since they also hide the user’s own IP address from the web sites they access through the proxy, they are sometimes also used to gain a degree of anonymity, called “Proxy Avoidance.

Intercepting

Many organizations — including corporations, schools, and families — use a proxy server to enforce acceptable network use policies (see content-control software) or to provide security, anti-malware and/or caching services. A traditional web proxy is not transparent to the client application, which must be configured to use the proxy (manually or with a configuration script). In some cases, where alternative means of connection to the Internet are available (e.g. a SOCKS server or NAT connection),

the user may be able to avoid policy control by simply resetting the client configuration and bypassing the proxy. Furthermore administration of browser configuration can be a burden for network administrators.

An intercepting proxy, often incorrectly called transparent proxy (also known as a forced proxy) combines a proxy server with NAT. Connections made by client browsers through the NAT are intercepted and redirected to the proxy without client-side configuration (or often knowledge).

Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease administrative burden, since no client browser configuration is required.

Intercepting proxies are also commonly used by Internet Service Providers in many countries in order to reduce upstream link bandwidth requirements by providing a shared cache to their customers.

It is often possible to detect the use of an intercepting proxy server by comparing the external IP address to the address seen by an external web server, or by examining the HTTP headers on the server side.

Some poorly implemented intercepting proxies have historically had certain downsides, e.g. an inability to use user authentication if the proxy does not recognize that the browser was not intending to talk to a proxy. Some problems are described in RFC 3143 (Known HTTP Proxy/Caching Problems). A well-implemented proxy should not inhibit browser authentication at all.

Open

An open proxy is a proxy server which will accept client

connections from any IP address and make connections to any Internet resource. Abuse of open proxies is currently implicated in a significant portion of e-mail spam delivery. Spammers frequently install open proxies on unwitting end users’ operating systems by means of computer viruses designed for this purpose. Internet Relay Chat (IRC) abusers also frequently use open proxies to cloak their identities.

Because proxies might be used for abuse, system administrators have developed a number of ways to refuse service to open proxies. IRC networks such as the Blitzed network automatically test client systems for known types of open proxy. Likewise, an

email server may be configured to automatically test e-mail senders for open proxies, using software such as Michael Tokarev’s “proxycheck.”

Groups of IRC and electronic mail operators run DNSBLs publishing lists of the IP addresses of known open proxies, such as AHBL,CBL, NJABL, and SORBS.

The ethics of automatically testing

clients for open proxies are controversial. Some experts, such as Vernon Schryver, consider such testing to be equivalent to an attacker portscanning the client host. Others consider the client to have solicited the scan by connecting to a server whose terms of service include testing.

Reverse

A reverse proxyis a proxy server that is installed in the neighborhood of one or more web servers. All traffic coming from the Internet and with a destination of one of the web servers goes through the proxy server. There are several reasons for installing reverse proxy servers:

  • Security: the proxy server is
  • An additional layer of defense and therefore protects the web servers further up the chain.
  • Encryption / SSL acceleration: when secure web sites are created, the SSL encryption is often not done by the web server itself, but by a reverse proxy that is equipped with SSL acceleration hardware. See Secure Sockets Layer.
  • Load balancing: the reverse proxy can distribute the load to several web servers, each web server serving its own application area. In such a case, the reverse proxy may need to rewrite the URLs in each web page (translation from externally known URLs to the internal locations)

Split

A split proxy is effectively a pair of proxies installed across two computers. Since they are effectively two parts of the same program, they can communicate with each other in a more efficient way than they can communicate with a more standard resource or tool such as a website or browser. This is ideal for compressing data over a slow link, such as a wireless or mobile data service and also for reducing the issues regarding high latency links (such as satellite internet) where establishing aTCP connection is

time consuming. Taking the example of web browsing, the user’s browser is pointed to a local proxy which then communicates with its other half at some remote location. This remote server fetches the requisite data, repackages it and sends it back to the user’s local proxy, which unpacks the data and presents it to the browser in the standard fashion.

Anonymous Proxy Servers 

Anonymous proxy servers hide ones IP address and thereby prevent unauthorized access to that computer through the Internet. They do not provide anyone with that IP address and effectively hide all information about the user at hand. Besides that, they don’t even let anyone know that you are surfing through a proxy server. Anonymous proxy servers can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc. ProxySite.com – a place where the huge list of public proxies is compiled. In a database you always can find the most modern lists, the Proxy is checked every minute, and the list is updated daily from various sources. The system uses the latest algorithm for set and sortings of servers by proxy, servers for anonymous access are checked. Results of Search always can be kept in file Excel.


 
 
%d bloggers like this: