Find us on Google+ Bypass The Security: January 2015

Friday, 9 January 2015

Cache

What is Caching and How Does it Work? 
Caching makes your computer faster 


If you have purchased a computer recently, you may have heard the word "cache." It is usually mentioned as part of the specifications. Caching is a technology used with the memory subsystem of your computer. The main purpose of a cache is to accelerate your computer while keeping the price of the computer low. Caching allows you to do your computer tasks more rapidly. 


The Basic Concepts


To understand the basic idea behind a cache system, let's start with a super-simple example that uses a librarian to demonstrate caching concepts. Imagine a librarian behind his desk. He is there to give you the books you ask for. For the sake of simplicity, let's say you can't get the books yourself -- you have to ask the librarian for any book you want to read, and he gets it for you from the stacks in a storeroom (the library of congress in Washington, D.C., is set up this way). First, let's start with a librarian without cache. 

The first customer arrives. He asks for the book Moby Dick. The librarian goes into the storeroom, gets the book, returns to the counter and gives the book to the customer. Later, the client comes back to return the book. The librarian takes the book and returns it to the storeroom. He then returns to his counter waiting for another customer. Let's say the next customer asks for
 Moby Dick (you saw it coming...). The librarian then has to return to the storeroom to get the book he recently handled and give it to the client. Under this model, the librarian has to make a complete round trip to fetch every book -- even very popular ones that are requested frequently. Is there a way to improve the performance of the librarian? 
Yes, there's a way -- we can put a
 cache on the librarian.

Let's give the librarian a backpack into which he will be able to store 10 books (in computer terms, the librarian now has a 10-book cache). In this backpack, he will pu
t the books the clients return to him, up to a maximum of 10. Let's use the prior example, but now with our
new-and-improved caching librarian. 

The day starts. The backpack of the librarian is empty. Our first client arrives and asks for
 Moby Dick. No magic here -- the librarian has to go to the storeroom to get the book. He gives it to the client. Later, the client returns and gives the book back to the librarian. Instead of returning to the storeroom to return the book, the librarian puts the book in his backpack and stands there (he checks first to see if the bag is full -- more on that later). Another client arrives and asks for Moby Dick. Before going to the storeroom, the librarian checks to see if this title is in his backpack. He finds it! All he has to do is take the book from the backpack and give it to the client. There's no journey into the storeroom, so the client is served more efficiently. 

What if the client asked for a title not in the cache (the backpack)? In this case, the librarian is less efficient with a cache than without one, because the librarian takes the time to look for the book in his backpack first. One of the challenges of cache design is to minimize the impact of cache searches, and modern hardware has reduced this time delay to practically zero. Even in our simple librarian example, the latency time (the waiting time) of searching the cache is so small compared to the time to walk back to the storeroom that it is irrelevant. The cache is small (10 books), and the time it takes to notice a miss is only a tiny fraction of the time that a journey to the storeroom takes.
 
From this example you can see several important facts about caching:
 

- Cache technology is the use of a faster but smaller memory type to accelerate a slower but larger memory type.  It also helps when data is transferred from a relatively slow data channel, like the Internet.
- When using a cache, you must check the cache to see if an item is in there. If it is there, it's called a
 cache hit. If not, it is called a cache miss and the computer must wait for a round trip from the larger, slower memory area. 
- A cache has some maximum size that is much smaller than the larger storage area.
 
- It is possible to have multiple layers of cache. With our librarian example, the smaller but faster memory type is the backpack, and the storeroom represents the larger and slower memory type. This is a one-level cache. There might be another layer of cache consisting of a shelf that can hold 100 books behind the counter. The librarian can check the backpack, then the shelf and then the storeroom. This would be a two-level cache.
 


Internet Caching

Caching can also improve performance when you retrieve information from the Internet. Your
 Internet connection is the slowest link in your computer. So your browser (Internet Explorer, Netscape, Opera, etc.) uses the hard disk to store HTML pages, putting them into a special folder on your disk. The first time you ask for an HTML page, your browser renders it and a copy of it is also stored on your disk. The next time you request access to this page, your browser checks if the date of the file on the Internet is newer than the one cached. If the date is the same, your browser uses the one on your hard disk instead of downloading it from Internet. In this case, the smaller but faster memory system is your hard disk and the larger and slower one is the Internet. 

The browser cache works well with individual computers, but is not efficient when many people access similar web sites.  To provide caching for many users on the network, you need to set up a separate computer server that does the job of caching web pages for everyone. This type of special server is called a web-caching appliance.  The Avantis ContentCache™ system is an example of this type of server

The ContentCache web-caching appliance provides one of the functions of a proxy server. It provides a store-and-forward cache. When you configure your web browser to use the caching appliance, it never connects to the URL. Instead, it always connects to this special proxy server, and asks it to get the URL (web page) for you.
 


How the web-caching appliance works 


The web-caching appliance receives a request for an Internet service (such as a Web page request) from a user. The server looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the web-caching server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, server relates it to the original request and forwards it on to the user. It also adds this new page to its cache. If the cache is full the web-caching server uses special rules to decide what other page to remove from the cache.  Just like the librarians backpack cache, if the bag becomes full they have to remove one of the books. For example they may remove the book that has been requested the least.

To the user, the web-caching server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The web-caching server is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.)
 

Even organizations that already have very fast internet connections, can benefit from web caching because it effectively removes upstream contention and all the interaction delays associated with traversing the internet (typically 10-20 hops between the user’s web browser and the origin server). Therefore, it will take longer for web content to travel through the Internet than the near instantaneous LAN delivery when caching is deployed.

Caching systems must ensure that users always receive identical content to what would have been delivered had the request been forwarded to the originating server via the Internet. Web servers deliver a ‘caching directive’ with their web pages that determine how long content is to be cached. For example, the directive may instruct the web caching appliance not to cache the content or for the content to time-out after a period of time. A professional web caching solution, such as the Avantis ContentCache™ will follow the originating server’s caching directive when setting all attributes of cached content to ensure that content is always ‘fresh’ and identical to the originating server. If required, ContentCache™ can also be configured to determine how often the content should be re-loaded e.g. on a daily, weekly or monthly basis.


How is it different from a Proxy Server?

The Web-caching server provides some of the functions of a proxy server, but is not as difficult to set up and use.  Microsoft provides Proxy Server software which runs on a server.  It usually requires a very experienced network technician to get this working correctly.  The web-caching appliance, as it name implies, is as easy to use as an appliance.  It is a plug and play device that includes the hardware and software necessary to perform the Proxy Server function.


Benefits

In a typical organization up to 90% of internet traffic is generated by users requesting the same web content more than once – making caching particularly advantageous. However, ContentCache™ offers much more than just dynamic caching – allowing high bandwidth content and e-learning resources to be hosted and delivered from the local cache on the network. This provides a better data gathering experience for all organizations, regardless of their Internet connection speed, and frees up the connection for other bandwidth intensive activities such as video conferencing.

Just as the librarian’s performance can be improved by adding a backpack cache, the Internet performance can be improved by adding a web-caching appliance to your network.
 


Hack Online Account by Phishing - Backtrack

Hack Online Account by Phishing - Backtrack


Hi folks. I got many messages and complaints for not writing any article on hacking Gmail, Facebook or Yahoo. First of all guys let me share that I'm not in the favour of Black Hat Hacking because no matter how smart you're at the end of the day its path will end by packing your ass behind the bars. Many people wants to hack someone's account because of revenge, anger, unknowingly or just for fun but I suggest you to find a better alternative than hacking.
Anyways, here I'm sharing a simple trick to hack anyone's Gmail/Facebook/Yahoo or any similar account by using most powerful and very popular tool these days known as backtrack.
I'll use a site cloner tool included in Social Engineering Toolkit to get the Job done. Now enough chit chat, lets get our hands on some real stuff.

Warning:
 This is for education purpose only. I'm not responsible for any damage done to anyone :P


  • Boot your backtrack machine.
  • Navigate to the following path. Applications > Backtrack >Exploitation Tools > Social Engineering Tools > Social Engineering Toolkit > set



  • It'll navigate you to the Social-Engineering Toolkit (SET) terminal
  • Here, Enter your choice as 2 for Website Attack Vectors.



  • Now, Enter your choice as 3 for Credential Harvester Attack Method



  • In website attack vectors, Enter the Number as 2 for Site Cloner.



  • Then it'll ask you to Enter the url to clone. Here, I'm usingwww.facebook.com for demonstration but you can use the url of gmail or yahoo or whatever you want. After writing the URL hit Enter.



  • When its done with cloning again press Enter. Don't close this terminal because it'll display the password later. Now our site clone is ready all you need to do is to send its link to the victim who's account you want to hack. The IP address of the Backtrack will be treated as the address of the clone site.
  • So grab the IP address of Backtrack. Open a new terminal and shoot the command ifconfig and get its IP address. It'll look something like inet addr: 192.168.26.128
  • Since I'm running Backtrack on Virtual Machine so my IP is something like192.168.26.128 yours may can differ.
Note: The IP's of the figure 192.168.xxx.xxx shows its existence in a LAN or WAN. In that case this trick will work in those networks only.
  • Now, send your IP address directly to the victim or you can spoof it by shrinking the url using many online services like adf.ly or goo.gl or any similar one. Send the generated link to the Victim via chat or Email or by any means.
  • When the user click on the link, it'll redirect to the facebooks cloned login page.



  • After entering the email and password when the victim click Login. It'll get redirected to the original facebook login page and our SET terminal will display the results i.e. the email id and password.



  • Here, email ID: abc@xyz.com and Password: 12345
  • That's it you have successfully hacked facebook account via Site Cloner on Backtrack.
Note: This trick may not work globally if you're running Backtrack in virtual machine. For that purpose boot it as your main OS, either install it or use anyBootable USB or DVD of backtrack. Phishing usually work only on noobs but if you want to apply it on an expert use it smartly :)

"The quieter you are, the more you are able to hear"


Proxy Server

What is a Proxy Server and How it Works?

In a computer network, a proxy server is any computer system offering a service that acts as an intermediary between the two communicating parties, the client and the server. In the presence of a proxy server, there is no direct communication between the client and the server. Instead, the client connects to the proxy server and sends requests for resources such as a document, web page or a file that resides on a remote server. The proxy server handles this request by fetching the required resources from the remote server and forwarding the same to the client.

How Proxy Server Works?
An illustration of how a proxy server works is shown below:

As shown in the above example, whenever the client connects to a web proxy server and makes a request for the resources (in this case, “Sample.html”) that reside on a remote server (in this case, xyz.com), the proxy server forwards this request to the target server on behalf of the client, so as to fetch the requested resource and deliver it back to the client. An example of client can be a user operated computer that is connected to the Internet.
Types of Proxy Servers and their Uses:
1. Forward Proxies
A forward proxy is the same one described above where the proxy server forwards the client’s request to the target server to establish a communication between the two. Here the client specifies the resources to be fetched and the target server to connect to, so that the forward proxy server acts accordingly. Except for reverse proxy (discussed in the latter part of this article), all other types of proxy servers described in this article falls under forward proxy.

2. Open Proxy
An open proxy is a type of forwarding proxy that is openly available to any Internet user. Most often, an open proxy is used by Internet users to conceal their IP address so that they remain anonymous during their web activity. The following are some of the web proxies that fall under the category of open proxy:

Anonymous Proxy
An anonymous proxy is a type of open proxy that conceals IP address of Internet users so that the target server cannot identify the origin of the requesting client. However, an anonymous proxy identifies itself as a proxy server but still manages to maintain the anonymity of the users.

Distorting Proxy
This type of proxy server identifies itself as a proxy, but reveals an incorrect IP address of the client to the target server.
High Anonymity Proxy (Elite Proxy)
An elite proxy provides maximum anonymity as it neither identifies itself as a proxy nor reveals the original IP address of the client. In most cases, users have to pay for this type of proxy as it is seldom available freely on the Internet.

3. Reverse Proxy
Unlike a forwarding proxy where the client knows that it is connecting through a proxy, a reverse proxy appears to the client as an ordinary server. However, when the client requests resources from this server, it forwards those requests to the target server (actual server where the resources reside) so as to fetch back the requested resource and forward the same to the client. Here, the client is given an impression that it is connecting to the actual server, but in reality there exists a reverse proxy residing between the client and the actual server.
Reverse proxies are often used to reduce load on the actual server by load balancing, to enhance security and to cache static content, so that they can be served faster to the client. Often big companies like Google which gets a large number of hits maintain a reverse proxy so as to enhance the performance of their servers. It is not a surprise that whenever you are connecting to google.com, you are only connecting to a reverse proxy that forwards your search queries to the actual servers to return the results back to you.