Hi all,

Most of you might not recognize me… so here’s a quick intro, I was with EXUN way back in 1996-2000 era and was the President in 2000. Even post 2000, I was very much involved in the annual events till about 2004-05.

I have a blackberry 8700g handset which will soon become useless for me as I am transferring to the US and will get a new handset from my company there. I have therefore put my 7.5 month used handset on auctionon eBay at http://cgi.ebay.in/ws/eBayISAPI.dll?ViewItem&item=130141173668&ssPageName=ADME:B:EF:IN:11

Feel free to bid if you’re interested!

Cheers!

Ankit Wadhwa

We have won the overall at Gateway 2007 held in Montfort School.
The result is as follows:

Quiz– 1st Position

• Manas Gautam
• Kartikeya Asthana

Gaming– 1st Postion

• Digivijay Singh

Group Discussion– 1st Position

• Radhika Malik

Web Designing– 2nd Position

• Gaurav Mishra
• Aviral Goyal

Congratulations to everyone!

Last year, we participated in ThinkQuest Competition with a Topic – Open Source

“Open source describes the principles and methodologies to promote open access to the production and design process for various goods, products, resources and technical conclusions or advice. The term is most commonly applied to the source code of software that is made available to the general public with either relaxed or non-existent intellectual property restrictions. This allows users to create user-generated software content through either incremental individual effort, or collaboration.” – Wikipedia

To make the explanation clear, let us take an example: suppose there is a company ‘Centaur Music’. It creates cutting edge sound cards. Now, a global leader in the music industry, ‘Globo Musicals’ has started a new venture. They want to enter the lucrative DVD-player market. So, they enter into an agreement where Centaur will provide them the sound cards which they will use in their DVD-players. So this is how OEM companies function. Oh well, that was Wikipedia defining open source in its own way, now it is our turn. This site of ours is an effort to make people better understand, comprehend and know open source as well as they know their closest people.

To see our team’s website CLICK HERE

This year – the registration for ThinkQuest Competition is starting from August 15, 2007.
For more details – Visit http://www.thinkquest.org/

An Exun meeting is scheduled for Monday, the 30th of July during BREAK in Lab IV.
ALL members must report.

One of the most prominent loopholes, which almost every site has, is an SQL security loophole. Sites that use the SQL database system are the ones vulnerable to it.
An SQL Injection Attack is a form of attack that comes from user input that remains unchecked on the user end. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.
There are two main types of attacks. First-order attacks are when the attacker receives the desired result immediately, either by direct response from the application he is interacting with or by some other response mechanism, such as e-mail. Second-order attacks are when the attacker injects some data that will reside in the database, but the payload is not immediately activated.

To be very precise, it gives you the source of the files where all the important data is stored.
Here is an example-

1) Open the following site: http://www.sanjeevkapoor.com/ : I have already informed the administrator about the loopholes through a letter also, but no action has been taken.
2) Click on sign in and type the username as: admin OR 1=1—and password as: ‘OR”=’
Now you see how powerful this Injection Attack is. For me to explain how this happened, you need to know some amount of SQL. So this is what actually happens when you supply a password and login to a logon form.
SQLQuery=”SELECT Username FROM Users WHERE Username=’” & StrUsername & “ ‘ AND Password=’ “ & Strpassword & “ ‘ “
StrAuthcheck= GetqueryResult(SQL query)
If strAuthenticated=” “ then
Boolauthenticated=False
Else
Boolauthenticated= True
The logon and password actually form an SQL query, which goes through the user’s table, and tries to find a match for the username and password you supplied. If a match is found then a string is stored in a variable (strauthcheck) but if this string remains empty then you are not authorized. So by using the SQL queries like 1=1—(which means one is equal to one) you are able to fool the SQL sever which is actually checking for authentication.

Article by : – Ankit Srivastava
                       Head, Network Security – Exunclan

The result of CYBERFEST 2007 is as follows:

Senior Quiz – 1st Position

• Ananth Govind Rajan
• Kartikeya Asthana

CEO Hunt – 1st Position

• Aayush Kumar

Senior Event

• Quiz
  Kartikeya Asthana
  Ananth Govind Rajan
• Programming (C++, VB)
  Aayush Kumar
  Shikhar
• CEO Hunt
  Aayush Kumar

  Junior Events

• Mobile Phone Website
  Tanay Padhi
  Dwarkesh
• Treasure Hunt
  Aditya Jain
  Sakshi Gupta
• Video Editing
  

  Sub Junior Events

• Junior Quiz
  Shubham Goel
  Rishabh Marya
• Futuristic Gizmo
  Shubham Goel
  Tanay Padhi