[What qualifications should i get?]

im very much a php guy, ive done it ever since i could type, i love making online apps and learning, i wana know what kinda of qualifications i could/should get to help me get into this area, ive started doing msce as it was suggested to be, but other than that any ideas?

[School Filter]

well i didnt really care about the blocking but i wanted to see if i could write some php to get around it.

Our school has blacklisted pages address and word filters, very secure :D, it acctually filters the words for black listed words like porn hack etc.

i wrote a php script which i hosted on my own website which simply rebuilt the remote page in my webserver, it replaced all the links with a base64 encode which could be decoded by the script later which prevented the url filtration and to get around the word filter i replace every vowel with the ascii equivilent rendering it useless.

try that method :D and if u fail at least u learnt php

[Graphics Cards]

i have on bored which varries so meh could be 100gigs lol

[Login method]

yup all valid points and thanks, i do know the thing with md5, thats why i use sha1 because its slightly better, any one with access to the database has the ability to do harm in any situation and i see what you mean that they dont need to know the password because they could just modify the script to send the hash and the key if they wished to login, but if they had access tot he db they could fuck with alot more than that any way.

well this method does make mitm alot harder which was what i was aiming for, but ill go back to the drawing board and see if i cant fix it up a little more.

the idea for this was to try and make a more secure login for those who cant use ssl all the time, by all means ssl is the best choice!

thanks for your opinions cooper, have you got an msn address so i might discuss things like this with you more often?

[Login method]

I hear the RSA SecurID system is relitavely secure. I know it's used by some banks at least.

The basic idea (as far as I understand it... I've not looked into it much) is as follows...

The client has a little card a bit like this:

The number on the screen changes every minute. It's synced up with an appliance on the server end so that the keys change to the same thing at the same time. This is (I assume) done with a matching algorithm and synced system clocks... Let's just hope the battery doesn't die!

When the user logs into the server remotly (most likely through a VPN or something similar) they input their password, followed by the number on the SecurID card. This is then sent to the server over SSL to the server for authentification.

The idea being, if someone sniffs the password: they've got all of a minute at absolute maximum to log into the system.

this is what my method makes use of, but it leaves even less of a gap to get in because it regenerates the key or the number every login, so once someone logs in its to late because the key is changed

[Login method]

So you agree that it removes the MITM attack? now what i dont understand is how adding an extra colomn to the db effects the security? its just like having two passwords to get into a site rather than 1, but the server makes up the password so you dont gotta bother having two?

Please understand that in this situation at no point is there a check to see if the pwd value in MD5(pwd) is actually the original pwd. You've stopped testing pwd and are instead testing the result of MD5(pwd)

md5(pwd) is the same as just having pwd but in a different form, it still only creates a unique string that has its properties from the pwd so it cant be anything else unless the pwd is wrong?

What is the big hole and how did adding a new colomn make this hole apare?? give me an example please :D

[Login method]

it does not change a thing and the site admin STILL ONLY KNOWS THE PASSWORD IN THE HASH FORM please read carefully!

This is how a login works 99% of time time if not 100%

This is the form ----> |username|

|password| <- you type your password here, giving it in the RAW FORM, not encrypted!

when you click the SUBMIT button, it POSTS this raw data to the next page!!! got it? the next php page does md5($_POST[password]) to check against the database because its in a HASH got it? IN NO WAY HAVE I CHANGED HOW IT CURRENTLY WORKS! JUST ADDED TO IT! so there noone is able to see the password not even the sys admin because its an unusable hash!no one sees the password except the user! it seems secure as it is but if a person is packet sniffing your computer they can view all that posted data that is "invisible" to the oblivious users, all this method does is randomise the data sent at THAT POINT!

Man in the middle is a big problem, jump on cain and able and have a go your self you can easily sniff out passwords as people browse the net and log into webmails etc etc

Please read it carefully, no holes are opened, just closed!

[OS]

i know how to use linux just fine, but the amount of setup to get it working with the same effectiveness is larger and you cannot denie that, things like speedstep all the little nitty gritty things you probably dont think about also a big thing for me was boot up time and software suspend which is to slow for my liking. There are things i would use linux for and things i would use windows for, as far as my general use laptop goes, windows all the way.

[Where do you live?]

Dunedin, New Zealand

you people do know where New Zealand is right?

[Login method]

the server has MD5(pwd) and key stored, posted data is MD5(MD5(pwd), Key) from the client, which is checked against MD5(pwd, key) from the servers database thats exactly how my method works, see how the raw password is never transmitted in its plan form hence protecting the website from a MAN IN THE MIDDLE attack.

In your situation the person would have to have access to the webserver and database which is not what this is ment to stop. the guy might as well just go hit the guy over the head and interigate the poor guy.

[What Type of Job are You in?]

i dont think i will ever be happy working for someone, i wana make it on my own and thats the only thing i know atm.

[Your view on gay's]

The world is a misterious place, fill you life with the things you love and the people you love who ever or whatever they be and live your life to its fullest because you only get one!.

My only problem with homosexuals is that it destroys the family, and i hold family very dear to me thats my only issue

thanks, BTW australia isnt the futherest down under that watches hak5!! NEW ZEALAND WOOOP WOOOP

[What Type of Job are You in?]

yeah its just a part time job untill i finish school etc, i also do software engineering and webdesign etc on the side.

[Good Passwords]

well heres now i came up with mine, i took a random word that i could remember then used md5 to hash it, then i just remembered the hash and i vary the length depending on the importance, so 8-32chars, i also mix in a pattern of shifts + key.

[What Type of Job are You in?]

Well this will make me feel left out.... Im a support worker for the Intellectually disbaled! and i do love my job.

Big change from every other person that posted something to do with technology.

[Sexual Healing]

you forgot trisexual for those willing to try abit of anything

[Login method]

no it dosnt because javascript does all the hashing, the server has the key and the password hash, the client has the key and the password, so you hash the password first with javascript, now you have the exact same data, now if you hash these to together you have one nice hash that will validate on each end. still at no point is the password sent in its raw form :P

Dont think for any second that im being anal about this i like people ripping my methods to shreeds, thats how you find holes but does that give you a little more understanding?

[Login method]

no it dosnt, no matter what you do your password will be posted unencrypted, the password is still stored encrypted BUT it dosnt get checked untill the server loads the new page, so there for the info has already been sent and grabbed before its encrypted and checked against the database

i am not that much of a fool, i have from day 1 always encrypted my passwords in the database, this explores the man in the middle attack which happens before any login process is put in place

Login Form (has your password)

Sniffer steals your password here :D

Login script(hash's your password and checks against database hash)

OMG ITS TOO LATE CAUSE THEY GOT IT ALREADY!

[Login method]

As i sat at school with my laptop wired into the network with cain and able sniffing everybodys passwords out... i thought to my self... any one could do this... its so simple... of course its no good to sniff ssl passwords out, but that isnt to hard either in a Man in the middle attack like this.

This got me thinking, how could we improve our login systems to not post raw password data? My first idea was to simply md5 sha1 or what ever method u use to encrypt the password with javascript before it is posted YEAH GREAT IDEA but!...... all the attacker has to do is inject the hash back into the website to gain access :(

Hope wasnt lost! Supose each user along with there password had a key, the key was random and regenerated each time they logged in or attempted to login. Using javascript and a little ajax we can grab the key, hash it with the password then send it to the server for authenticion! THATS IT! any data ever posted will be completely random and inconsistent and seemingly unbreakable as its hashed like 3times depending on what kind of key u use (i used a sha1 of uniqid()).

heres a step by step run down if you dont quite get it.

1. Page loads!

2. User enters username and password

3. Javascript requests a key for user from server

4. Javascript hashs the password then hashs the hashed password and key together

5. Javascript posts the data

6. posted data looks like this on packet sniffer 832d5a9e459d2c91808b87ce4872ed519446c9cd

or this 8b87ce4872ed519446c9c8b87ce4872ed519446c9c

or this 897asd87ahs8d7tady8as7hd8a6stdy87a8d7ya8s7dy

and will never ever be the same!

7. Server hashs current key and password in DB together and checks for consistancy.

8. Even if it is not consistant the server generates a new key.

Possible flaw might be its dead easy to get the key for any given user something like key.php?username=username, but it would be completely usesless unless used with the password?

This can work as non ajax you just have to hardwire the key into the script as it loads, but then youd have to know the username 1st or do something with key's that have id's and an id can be sent with the id?

I made a ajax version in php and mysql if you wana to look just ask me and ill post my code, i can also wip up a non ajax version which works on a similar but different method.

Well thanks for your time anyway, let me know what you think

[OS]

windows, just cause im lazy and linux involves more effort, i do like it but i dont like the time it takes to get it how you want it.