Search This Blog

Sunday, December 31, 2006

Snap shoot for other sites in youe ASP.NET project

Peace be upon you

I think a lot of people who works on CMS ( Content Management System ) or portals, were always asking how can do we make a live preview for the user in Image, Now I will start with this snap shoot for a web site for Mobile software -if the web is not snapped you will see "Thumoo"-

now lets begin this story :), first download the source code for Thumoo http://thumboo.com/
after that you can use it, sometimes you want to make a quick preview for the website + you don't want to open the web site you want to preview, what I am explaining here is little Fancy :D, which means it's not essintial , you can live wihtout it, but I like the idea and actually I like the way of this "Thumoo", I think it's so professional, the code is cool,it needs some enhancement but it's ok, you can do it your self when you use this code,
I wish this topic is useful for all of you


Please kick it for me :) kick it on DotNetKicks.com

Monday, December 25, 2006

What is Session ID and session hi-jacking?

Peace be upon you
My Dear Friend Mohamed Shehata asks about the session ID, now I am explaining it,
First have a look for this figure


When the user hit the web site name, what is happening?
actually there is a lot of hidden things happen and even some developers don't know what is happening or how is it happen, here we start
User hit the site name: The server do inital things to connect you to the excution of script (ASP,PHP,...)
Server creates a cookie in the client machin, this cookie called Session ID,
for sure any developer know and uses the Session Object, but do anyone think how the session id works, and how the session ID get to you the right information, it is simple, Script Engine(ASP Engine, PHP engine,...) do this for you, the engine creates the session ID which is the Key for the whole data row, the data row is the data you save in the session object, which is filtered by the session id which is save in the Client machin
did you got it ?:D
who the Hacker uses all of this, simply there is technique called session hi-jacking, this is depending on stealing the session from the client machin,this way when the engine tries to get the session id from the hacker machin the engine will not say anything it will give the web application the information depending on the session id,
this is way the hacker appear to the web site as the normal user,
how can the user get out of this trick, NO WAY FOR THE USER TO PROTECT HIM SELF
because as long as the hacker got your session id, then he is you :D, it's like passport without photo, as long as u carry it then anyone carry it will be the one,
How can developer protect his application from such attacks?
the beloved MSDN give us a little solution check this link out
MSDN TOPIC ABOUT SESSION HIJACKING
it really gives the key to protect your application and user from such attacks,


How do this thing used in hacking hotmail account?
when you login, someone send you link, you open it
the page redirect you to infected page of MSN ( infected with XSS Exploit ), the script is passed in the query string, but I grantee you will never see it, the encode it to HexaDecimel,
the script simply get all cookies in your session and pass it to other site, that save your data,
as long as you don't sign out, your session is a life, so u have to kill it by "SIGN-OUT", after that you are disappear for the site, if the hacker take your session ID and tries to use it, he will find that you are not signed in, simply he will be asked to enter the user name and the password, this way protect you but not so much, as I said before , you have to open any link came to you in other browser, WHY
because when you click on the link and when new window open, it inherit all of it's cookies with it, which means
when you open link, it will popup new window, this window contine the link that will still your information, when the hacker redirect you to MSN again (to steal your session id) he will get your data,
I wish it is useful

thanks for your time
Ahmed Essam

Kick it Please
kick it on DotNetKicks.com

Sunday, December 24, 2006

Intel has video repository

Peace be upon you

I think all of you like the idea that you don't have to read content in Channel 9 at msdn http://channel9.msdn.com/
I foundn that intel did something similar, and really it's amazing to have the video content which make you able to save some time and enjoy your self by videos,

here is the link I wish you all like it as I do, have fun :)

Intel Videos

Kick it for me ;) kick it on DotNetKicks.com

Friday, December 22, 2006

How do hackers Hack hotmail accounts?

Peace be up on you

some people talk to me before was wondering "How do hacker change thier hotmail accounts?"
simply I will explain how this thing works but I will not tell you how to do it :D because it's so evil, anyways let's begin

first of all the hacker depend on a famous error that no "Web Developer" full into it this Error is called XSS or Cross Site Scripting, the cross site scripting is a little problem that enable anyone to change something in the page content through the query string, that is passed between the web pages in a site, this is the first thing that hacker look for on the sites like "MSN" and "Hotmail"
the next stage is "Stealing your Session ID", but what is the session ID, Session Id is something like that enable the server to know that you is you :D, in anther way you can say that this Session ID hold a key when you request something from the server the server will check something like a table and get the rest of your information by it,
what is the problem then ? the problem is that this session ID is stored as cookies which means that anyone can get and it's so simple-check this topic "I have wrote it before" http://www.codeproject.com/useritems/externalmenuArgument.asp- after that the hacker send you something so normal that you will never doubt, the hacker will send you a link that will redirect you to any page that has the "XSS" problem, and it will contain a small script that take your session id and send it to anther site,
now the hacker has your session ID, but how he will use it, simply did you use opera browser before, this is the simplest way he will use opera to change his/her session id to appear to hotmail or MSN that he/she is you, after that he can , so anther trick that enable him/her to change your Email password, it depend on the same issue,
how to protect your self? it's little tough but you have to do it
Don't open any link by just clicking on it, copy it and open in anther browser
the other way it will be more tough is to disable the Javascript on the browser
the last note is to sign out after you do what you want to in your Email account,

I wish it really help please if you find anything wrong please post comment, we all seeking to learn :)
thanks for your time reading it :)

if you don't mind kick it for me :) kick it on DotNetKicks.com

Tuesday, December 19, 2006

Sending mail through Telnet

Peace be upon you

I think a lot of people uses the SMTP wrong :D, why am I saying this, simple because every referance I have read about it was about simple tasks for the mail
nothing complex, I have never seen anyone talk about authintication in SMTP, anyways lets begin doing this cool thing , I will explain every step

Open Start -> Run
type Telnet

here it comes black screen -lets suppose that our mail server called SMTP.Ahmed-Essam.com -

let's begin in the black screen

U : o smtp.Ahmed-Essam.com 25
S : 220
U : HELO MyDomain
S :250
U:AUTH LOGIN
S:VXNlcm5hbWU6 in this point you will need a base 64 convertor http://makcoder.sourceforge.net/demo/base64.php
U: "your user name after encoding with base 64"
S: 334 UGFzc3dvcmQ6
U: "your password after encoding with base 64"
235 Authentication successful
U:MAIL From: <Mail@ahmed-essam.com>
250 Ok
U:RCPT TO: <Target@mail.com>
S:250 Ok
U:data
S:354 End data with .
U:

To:Z3Zo3@Network.com
CC:Koar3@Masmt.com
Subject:Don't think about it a lot.
Date: Wed, 20 Jun 2029 20:18:47 -0400
Content-Type:text/html
testing the mail trhough telnet.
.

S: 250 Ok: queued as 3A60D32C036


did anyone notice something, the date and the all fake information we have put about the Email, here appear a little threat, U can't be so sure that ur Freind send u the Email you are reading,

anyways I wish u like this post :), C U next post,

I forgot to tell u, if anyone want to read his mail through the Telnet :) tell me to write post about it :)

I wish you like, thanks for your time.



Kick it for me kick it on DotNetKicks.com

Microsoft release Service Pack for VS2005

Peace be upon you

I felt so happey when I read this on Ayman Shoukry's blog, finally a lot of bugs had been fixed and this fixes had been collected in one package, anyways here is links to the Service pack and the topic for more details

Direct link to download the SP
http://www.microsoft.com/downloads/details.aspx?familyid=BB4A75AB-E2D4-4C96-B39D-37BAF6B5B1DC&displaylang=en
Link from VS Team
http://blogs.msdn.com/vsdteam/archive/2006/12/18/vs-2005-sp1-is-now-available.aspx

Sunday, November 05, 2006

Memory Troubles in C++

Peace be upon you

today it's a little strange topic :D, I will talk about memory & Stack"the precious thing for c++ developers",
I will tell you some troubles that you could meet,
  1. Memory Allocation and De-allocation.
  2. Memory fragmentation.
  3. Heap over flow.
  4. Stack over flow.
  5. Buffer over flow.
  6. which to use ( Virtual memory or heap )

ahhhhh, all of this could turn your life into hell if you don't use it right, if you miss use memory or stack, you will start cutting your hear one by one :D

first of all when you miss use "Memory Allocation and De allocation." you got something called memory leaks, which means that you ask operating system to allocate some memory space, and operating system reserve it for you.

all of that is cool, but where is the problem

the problem that when you don't allocate the memory, the memory still reserved, which means that you eat some of system memory which will cause slow down the whole system by time,

to avoid that you may be aware of your pointers and allocated memory, or you can use the smart pointers, it got a very cool solution for this problem,

the second one is memory fragmentation, this one is amazing :D this one may make you kill your self :D because it's so hard to find, the only way to find it is to check up the design or your code, memory fragmentation came by allocating and deallcating memory in high frequently way, I mean allocating 500 bytes 30000 times, this may cause memory fragmentation, the only way to solve this problem is to allocate enough piece of memory and keep working on it.

Heap over flow, this bug is simple one and you can avoid it by check your heap space and data you want to put, from it's name you can guess that it happen when you try to put a lot of data in not enough space, this will cause application crash,

Buffer over flow, this one may turn your application into a virus host, HOW COULD IT BE? simple the buffer you allocate in stack , when you exceed it you will be able to put SHELL CODE and run it as much as u want, this topic is little complicated ( you have to know the STACK object and heap object ), also you should know the dynamics of stack and stack pointer.

stack over flow, this happen by recursive calls, you should solve it by doing some algorithm with good design that a void this problem,

the virtual memeory, it's cool but how to use it, I think you should use it when your data exceed the limit of 1 or 2 mega, and do some algorithm that synchronous the data between the virtual memory and the heap,

I think the final word is before you start doing C++ code, write a good class for memeory management to have some peace while you writing the rest of the application.

thanks for reading this

thanks for trusting me ;)




at last :D

Please can you kick it? :Dkick it on DotNetKicks.com

More about ASP.NET book -> Using Webservice right

Peace be upon you

first of all, all written here is my own opinion and it mustn't be right all time :D,

someone send me and ask me to talk about "Using Web Service right."
this is issue !!!
really I mean it, a lot of people mess use it, Web service is amazing but over reacting with it cause a lot of problems to ur application, you have to use it wisely, you can make a 100% integratable system but you will also get a 100% unmaintainable system,
Web service has a lot of aspect that you have to care about when you are designing your system, and also you have to know that the decision of using the Web service must came in the architecture design level, before anything you have to decide that usage of your resources,

web service require more security + more Performance wise,
what I really like about web service is it's absolute control in your application against your customer, also you can do a great business by web service.

I will continue if I saw any comment :D, I will not keep writing to my self all time :D

Iterative Enhanced Waterfall model

Peace be upon you

It seems wired what I am talking about, some people like the idea of iterative development which is implicitly includes waterfall model, no one can deny that the most important model is waterfall, because it the base of all other models, what I am thinking is to merge the both iterative and Enhanced waterfall model.
this style will grantee highest insurance of right software, but it will consume some time, about 10 to 20 %, but I think this is fear percentage for getting right software, it will not make a big difference with small software, but it will be amazing and helpful for large software, that it's requirement is unsatable, I think this topic needs some sort of discussion to find how much we can get from it,
anyways I wish to see any comments for this topic :D I know

thanks for reading this


Kick it for me :) kick it on DotNetKicks.com

Monday, October 30, 2006

Performance Book

Peace be upon you

do you remember my little paper about performance , it was taken from "VTun Performance Analyzer", I think I am gonna right back and complete this paper, because I promise to finish it

I know that I seem over loading on my self :D, but as you know my , my day is a year :D like government, the most important thing about it is that we will learn new amazing stuff that make us lose our mind while we are developing application, and how to avoid some stuff that make us like that :D "NUTS", anyways I am always waiting for yout replies guys.

My ASP.NET Book

Peace be upon you
as anyone read my book about ASP.NET he will notice that it still need some topics
so I start looking for new topics and here it is the topics which I want to expand

- Right way to Desgin your web application.
- Globalization and Localization ( Multi Langauge and Culutre Switching -It has some tricks- )
- Security ( Hacking -SQL Injection, XSS Attacks, Clinet side validation breaking, ... etc- )
- Using C++ & Assembly with ASP.NET ( ATL Webservices )
- Using VSTS facilities easily to fullfill your application in less possible time
- Using Webservice right

this topics I will not write more chapters about it, I will write some this topics here in my blog in Arabic and English if I got the power to do it :D,

please inform me with what you really need to start on it.

Finally I found Aymans Shoukry Blog address

Peace be upon you

this guy is great you can find a lot of interseting things in his blog , by the way he is working in VC++ Team
http://blogs.msdn.com/aymans/

Windows Vista Blog

Peace be upon you

I think it's great to follow up what's new about the Beloved product windows vista ;)
http://windowsvistablog.com/
here is the team blog , I think it would be great to share ideas
enjoy it

Saturday, October 14, 2006

Arabteam Community Breakfast

Peace be upon you
it was amazing day I will tell all of the deails soon :D I have no time ;)
here is the photos
http://www.flickr.com/photos/62574211@N00

Tuesday, October 10, 2006

Laptop Game Programming

Peace be upon you

I wish you are all in good health :)
I found a very cool topic at intel web site it's about game programming and it's not like any game programming :D it's for laptop
http://www3.intel.com/cd/ids/developer/asmo-na/eng/311794.htm
there is critical factor in this game issue, it's performance must be as good as possible becuase it effects on a lot of thing in the laptop :) continue in the topic :)

Monday, October 09, 2006

Nice Topic about Windows Vista

Peace be upon you
I think this topic is nice for people who liketo play with GUI (Graphical User Interface) enjoy it ;)
http://www.istartedsomething.com/20060919/vista-choose-own-adventure-ui/

Monday, September 18, 2006

ASP.NET and Config file encryption

peace be upon you

mmm, I don't know how to start this but I think all of us like his work to be in safe so it is simple with ASP.NET 2.0 just encrypt the configuration files :) simple ha, ok let's go to the pratical part of it which can be found on this link :)
http://channel9.msdn.com/ShowPost.aspx?PostID=134210#134210

It is just amazing you can navgiate anywhere by PPC

Peace be upon you
Can you beleive that
you have the whole world in your hands, Microsoft mobile team made it just for you
I did some quick view and I saw it, I got this snaps for you check the this out IT IS SO DETAILED



anyways I know that you want to test it here is the CAB file
http://blogs.msdn.com/windowsmobile/attachment/757207.ashx
or if you want keep up2date here is the Microsoft mobile team
http://blogs.msdn.com/windowsmobile/archive/2006/09/15/757207.aspx

I wish you like it ;)

Thursday, September 14, 2006

Tuesday, September 05, 2006

Wireless Developer Forum Dubai

Peace be upon you

here is something ammazing happening in middle east it's the "Wireless Developer Forum" it will be in Dubai the Arabian Beatiful city, anyways for anyone that cares about this stuff here is the link to the web page that has the details
http://www.event-solutions.info/SOLE2/pages/event.asp?ecode=CD1041

:) wish luck to you, ALLAH bless you

Sunday, September 03, 2006

Cool episode for SQL Server 2005 for Mobile

Peace be upon you Borthers and Sisters

here is a very short and cool episode for MSDN TV that has a very nice introduction to SQL Server 2005 Mobile Edition ,

http://msdn.microsoft.com/msdntv/episode.aspx?xml=episodes/en/20060831MobileRB/manifest.xml

I wish you got some use for it :)

Friday, September 01, 2006

Nice Quotes

Never leave till tomorrow, which you can do today.
Benjamin Franklin
Any fact facing us is not as important as our attitude toward it, for that determines our success of failure.
Norman Vincent Peale
You may be disappointed if you fail, but you will be doomed if you don’t try.Beverly Sills

Start by doing what is necessary, then what is possible, and suddenly you are doing the impossible.
-St. Francis of Assisi

Knowledge is potential power, wisdom is real power.
-Shiv Khera

Winners recognize their limitations, but focus on their strengths. Losers recognize their strengths, but focus on their limitations.
-Shiv Khera

My First Words as blogger

Peace be up on you

this is my technical blog in English, as Muslim I have to give what I have learned to all humans so here I will try to give my best and all I know for you

:) just wait for me ;)