Search This Blog

Wednesday, December 26, 2007

Sourcesafe Hackability

Peace be upon you,
Today I am going to hence about something that is critically dangerous, it's SourceSafe, I recommend to read the coming paragraph it will save lot of explanation

"Quoted" -

Visual SourceSafe (VSS) has a very weak password management system. There is one file stored within the VSS directory structure on the VSS server called um.dat (usually in the data sub-directory). This file contains all user names together with a hash of their passwords. The hashing process is poorly designed and insecure, not just due to the size of the resultant hash (2 bytes!) but also due to the extremely simple algorithm used to generate it. Such is the weak nature of the hashing algorithm that there are literally hundreds of easily obtained passwords that result in the same hash as the real password. In other words, the hashing algorithm used is extremely prone to collisions. So just bear in mind -- the passwords that this program produces are not necessarily (and in fact are probably NOT) the actual passwords initially created by the user, but will still give you the same level of access to VSS as if you had used the same original password. As an example, using a largish word list, my own password hash produced nearly 600 equivalent matching passwords, none of which was the true original but any of them could have been used in place of it.

Now after you read that, it is matter of minutes to crack the toughest password in SourceSafe, I just want to draw your attention that there is lots of other tools that work as source control with more safety and flexibility also it's open source which means you can develop your own version of source control with custom security you made or install from anywhere as plug-in, By the way, threre is HELL of tools that crack SourceSafe Password, also there is no way to secure it, as long as user has access to the Password file, it is done, anyways here is some recommendation for source control application that can be used to protect our code,

Personal recommendation for client tools

Hope this article informative and helpful

P.S: there is many tools around I didn't want put any of it, to avoid anything that may cause trubles

Ahmed Essam

Some way to hack GSM Networks

Peace be upon you

how are you guys? I will just hint for this thing, it's small device for GSM software developers, this device is used to test the application that is on the SIM Card that is provided by GSM Network provider, here is link for the device I am talking about it, it's Called detective,
I hope to get one :D, I don't think that it is available to anyone to buy it.
I am not saying go hack GSM networks, this things is very simple I am just telling that there is device monitor the commands that is going out and coming in, :D I am not saying more :D

Thanks for your time

Ahmed Essam

Tuesday, December 25, 2007

Egyptian Companies Part 1

Peace be upon you

This days I have many struggling things in my mind, here is listing in what I am thinking about:
  1. I wanna have a good chance in big respectable company (for me Microsoft is my Dream)
  2. I wanna do something extra ordinary by doing what I am thinking about, I wanna makeover the Software industry in Egypt, I have a very nice thoughts that could make it better with practical way go on with this ideas.
  3. I wanna start my POOR company and start running my own shows

To have the right answer I have to find the right question, that's what's killing me right now, actually I can't find the "Question" , right now all I am thinking about that I am lonely in what I am thinking about, I need someone to share what I am thinking about, all people here are so negative no one wanna take his shot and make his dream real,

sometimes I feel that I should take it as it is of course not for life, but this is not creative way to solve the problem, to solve problem, I have to be like the problem, I have to behave like the problem to understand it, this point I call the surrendering for the sickness, but it's not for life, sometimes u need to have a break to fight back with more powerful attack that is really give you back what you want, this what I think I am in now, I am taking my breath, to fight back this sleepy community that's can't have a very tiny step to make the life better, I think I have now my decision I will keep on in what I have now,

head capital, as many of limited vision of managers here they never think that "Head capital of any software company is its Employees", they never think like Bill gates "Microsoft" and Steve Jobs "Apple" they were the First employees that make their companies the best can that it can be, What I am dreaming is to have my chance,

actually I am so depressed of the point we have here, Software companies in Egypt consider the Employee

  1. as asset, they have life time then throw it and find someone else to do the job.
  2. as Consumable, they try to make use of the employee as much as they can
  3. as number, some big companies treat their employees as number, any one working is just number, this number is do what is suppose to do, if this number didn't they will get anther number to do that, they don't care about the Employee it self.
  4. as container, they suck the employee they take what ever they can take
  5. VERY FEW, treat Employee as Human "I heard a lot about ITWorx" that they do so with their employees, they try to give them what they need to be creative,

Most of the Types that I have sort up there are common on thinking that they giving over deserved salary, when you talk to the higher management they always think about the money, they never think about the spiritual part that give the mind the power of creativity, this managers are not so creative because they keep thinking in the numbers they never looks what is behind it, they never believe that there is something else beside the numbers, it's numbers soul, the number soul can give you more than the number it self, anyways it will take hell of time to talk about it

something funny, I have been working now for almost 3 years in software development, I work for 5 Companies

  1. EgyComp Very Good team, Very Ugly Management
  2. Agiliance ME Good team, Bad spirit ( bad enough until the company totally fall )
  3. InfoSoft Very Good Team, Very Good Management, inconvenient market
  4. Imaginet software Very Good Team, Very Good Management, bad resources handling
  5. GET Group Struggling great good team,great international projects, Cold feeling of employees (Cold to death)

Why I keep move on, I like to work with a free mind, Software industry totally depend on the creativity, you can't just put people in bad atmosphere and push them to do things they don't want to do and expect that they will give something back to you, this is what really happen, every one is working in software company in Egypt is like a slave, this is what American guy said to some of my colleague at the work, this is true, we are slaves why do the WRONG things and we can't say NO, we have minds that can clearly separate between right and wrong, for me I am sick of the word "Just make it work", this is not right, making it just work doesn't mean that it is working right,

at the End I hope that you didn't get depressed because of what I am saying, it is just me that have this feeling, I don't know if the others has the same or not, but this what my eyes can see, but I am not that negative, I always take steps to change things, for me I am satisfied of what I am doing, I am move a lot and I will move again until I get what I want, also in moving I learn a lot, I learn things about people I see and types of customers, I work in many great things, I was working for mobile development ( thousands using the software that i am doing ) in other hand I did International E-Government projects (Millions are connected to my Server) ( hundreds using my Embedded application ), I believe all of that was very good for me it cause that my knowledge got wider in the software industry and give me a lot that others can't really have.

thanks for your time :)


Ahmed Essam

Sunday, December 09, 2007

Linux Manual

Peace be upon you

When I was in the institute, I was working at some place "Online Magazine", this Magazine had published Linux Mandrake CDs, and I was responsible for the support for any a technical issue, in my free time, I have translated the manual,

but no one ever take it, now it is free between your hands :)
I hope that it will be helpful for you

thanks for your time.

Tuesday, December 04, 2007

How Do Arabization Works? The Idea behind Arabization

Peace be upon you,

as requested from many guys I am writing this topic, some people was asking how the Arabization works?
here is a brief answer for this question, I will sort it be stages,
First: you have to ensure that the system has a free font type support
why is it so important?
simply, the free type gives you a very good ability which is the system will draw the character for you, you don't have to think how the fonts will look like, how will u draw it all of this question will be disappear with simple idea, it is simple but powerful
What if the system doesn't support Free Type?
you will have to do it your self, you will have to draw the character by your self, for example, you can put the character in BMP or JPG, and do some graphics engine that put characters together and make it look like one sentence
Second: Bi Di, this stage is very important and take a lot of time to be done, if you are going to do it by your self,
fortunately that there is library and it is open source, it is called "FriBiDi"
here is links for this GREAT project
this library will help you to rearrange the Arabic Characters, because Arabic from right to left, the whole words will be reversed, so you will have to fix it, also there is many consideration that this library solve, like what if there is English word in the middle of the statement, then it will be MESS, this library will solve the problem

there is one more thing, when I was implementing the algorithm I face a very nice problem, the whole word length, when you fix the string you make like, the first character will be the last and vise versa, when you put this statement in Text Box or any object to display, you will have this problem which is , the lines will be reversed :D
the problem can be solved by detecting the character width, and display area width, so you only put what is enough to display per line, this will help to avoid this problem

Last : Shaping, shaping is very nice and it is totally take no time to do it, simple you will detect the character location ( Start, Middle, End or Standalone ) because Arabic character has 4 shapes, you have to do this part, after that you will find the Arabic string looks OK, and ready to print

How did I do that with Android?

simply when I was watching the Introduction video, I notice that the guy said "Free Type Support"
I smiled then I open the Emulator, and I started looking for the font folder,
as I don't know how to register new font in Android, I replaced the Original font
the cool part comes when I noticed that they have already done the Bi Di support
at the moment I released that all it needs is just Reshape the character the statement
I did this part and guess what it WORKS

there is other many consideration about the Arabization, if you face some please don't hesitate to ask

I hope that this topic was informative for you :)

Thanks for your time

Ahmed Essam