h1

Beginning C# 2008 Databases-From Novice to Professional….

July 30, 2016

beginning c# 2008 databases

Just got this book from PNM (National Library) this month. The book tells us about using programming in C# by making databases using SQL Server. This book focuses on accessing databases using C# 2008 as a development tool in conjunction with the new release of Visual Studio 2008 and .NET Framework 3.5. The SQL Server that it uses is SQL Server 2005.

SQL Server 2005 is one of the most advanced relational database management systems (RDBMSs) available. An exciting feature of SQL Sever 2005 is the integration of the .NET CLR into the SQL Server 2005 database engine , making it possible to implement database objects using managed code written in a .NET language such as Visual C# .NET or Visual Basic .NET. Besides this , SQL Server 2005 comes with multiple services such as analysis services , data transformation services , reporting services , notification services , and Service Broker. SQL Server 2005 offers one common environment , named SQL Server Management Studio , for both database developers and database administrators (DBAs).

Query by Example (QBE) is an alternative , graphical-based , point-and-click way of querying a database. It differs from SQL in that it has a graphical  user interface that allows users to write queries by creating example tables on the screen. QBE is especially suited for queries that are not too complex and can be expressed in terms of a few tables. Each database vendor offers its own implementation of SQL that conforms at some level to the standard but typically extends it. T-SQL does just that , and some of the SQL used in this book may not work if you try it with a database server other than SQL Server. Common table expressions (CTE) are new to SQL Serve 2005. A CTE is a named temporary result set that will be used by the FROM clause of a SELECT query. You then use the result set in any SELECT , INSERT , UPDATE , or DELETE query defined within the same scope as the CTE.

Most queries require information from more than one table. A join is a relational operation that produces a table by retrieving data from two ( not necessarily distinct) tables and matching their rows according to a join specification. Different types of joins exist , which you’ll look at individually , but keep in mind that every join is a binary operation , that is  , one table is joined to another , which may be the same table since tables can be joined to themselves. The join operation is a rich and somewhat complex topic.

Stored procedures can have parameters that can be used for input or output and single-integer return values (that default to zero) , and they can return zero or more result sets. They can be called from client programs or other stored procedures. Because stored procedures are so powerful , they are becoming the preferred mode for much database programming , particularly for multitier applications and web services , since (among their many benefits) they can dramatically reduce network traffic between clients and database servers.

p/s:- Quite an interesting book to read…Good book to read for people or students who want to learn C# in writing programming in databases…Some of the article is an excerpt from the book Beginning C# 2008 Databases – From Novice to Professional written by Vidya Vrat Agarwal and James Huddleston publish by Apress.

 

macs_all-in-one

Macs – All-In-One for Dummies.

Borrowed this book from National Library ( PNM ) this month..This book tells us about the history , architecture of the Mac Computers and Notebooks and the Mac Operating System.

The type of processor in your Mac can determine the applications (also known as apps or software) your Mac can run. Before buy any software , make sure that it can run on your computer. To identify the type of processor  used in your Mac , click the Apple menu in the upper-left corner of the screen and choose About this Mac. An About this Mac window appears , listing your processor as Intel Core 2 Duo , Core i3 , Core i5 , Core i7 , or Xeon. If your Mac doesn’t have one of the previously mentioned processors , you won’t be able to run Mac OSX Mavericks , version 10.9. This means that Core Solo and Core Duo models can’t run Mavericks. What’s more, to use Mavericks , you also need at least 2GB RAM (random access memory).

The dock is a rectangular strip that contains app , file , and folder icons. It lies in wait just out of sight either at the bottom or on the left or right side of the Desktop. When you hover the pointer in the area where the Dock is hiding , it appears , displaying the app , file , and folder icons stored there. When you use your Mac for the first time, the Dock already has icons for many of the pre-installed apps , as well as the Downloads folder and a Trash icon. You click an icon to elicit an action , which is usually to open an app or file , although you can also remove the icon from the Dock or activate a setting so that app opens when you log in to your Mac.

The Finder is an app that lets you find , copy , move , rename , delete , and open files and folders on your Mac. You can run apps directly from the Finder although the Dock makes finding and running apps you use frequently much more convenient. The Finder runs all the time. To switch to the Finder , click the Finder icon on the Dock ( the Picasso-like faces icon on the far left , or top , of the Dock) or just click an area of the Desktop outside any open windows. You know you’re in the Finder because the app menu is Finder , as opposed to Pages , System Preferences , or some other app name.

iCloud remotely stores and syncs data that you access from various devices – your Mac and other Apple devices , such as iPhones , iPads , and iPods , and PCs running Windows. Sign in to the same iCloud account on different devices , and the data for activated apps syncs ; that is , you find the same data on all your devices , and when you make a change on one device , it shows up on the others. The initial setup on your Mac or the creation of an iCloud Apple ID as explained previously activates your iCloud account and places a copy of the data from Mail , Contacts , Calendar , Notes , Reminders , and Safari from your Mac to the cloud ( that is , the Apple data storage equipment). Here , we show you how to work with the iCloud preferences ,sync devices , and sign in to and use the iCloud website.

p/s:- This books begins by focusing on the basics for all the aspects of using Mac with the  latest operating system , OSX 10.9 Mavericks. A good book to have…Some of the articles are excerpt taken from the book Macs – All-In-One for Dummies written by Joe Hutsko and Barbara Boyd , publish by John Wiley & Sons Inc , 4th Edition.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

h1

Introduction To Expert Systems…

June 4, 2016

expert system

Introduction To Expert Systems. 

Borrowed this book from National Library – PNM – last month. An expert system can be distinguished from a more conventional applications program in that : It simulates human reasoning about a problem domain , rather than simulating the domain itself. This distinguishes expert systems from more familiar programs that involve mathematical modeling or computer animation. It performs reasoning over representations of human knowledge , in addition to doing numerical calculations or data retrieval. The knowledge in the program is normally expressed in some special-purpose language and kept separate from the code that performs the reasoning. These distinct program modules are referred to as the knowledge base and inference engine , respectively.

Expert systems encode the domain-dependent knowledge of everyday practitioners in some field , and use this knowledge to solve problems , instead of using comparatively domain-independent methods derived from computer science or mathematics. The process of constructing an expert systems is often called knowledge engineering , and is considered to be ‘applied artificial intelligence’.

In the field of expert systems , knowledge representation implies that we have some systematic way of codifying what  an expert knows about some domain.However , it would be a mistake to suppose that representation is the same thing as encoding , in the sense of encryption. If one encodes a message by transposing its constituent symbols in some regular fashion , the resultant piece of code would not be a representation of the contents of the message from an artificial intelligence point of view , even if the code were machine-readable and easy to store in the memory of the machine.

The notion of a symbol is so pervasive in the current theory and practice of artificial intelligence that its importance is easily overlooked. It is this notion that forms the crucial link between artificial intelligence and formal systems of logic and mathematics. In the simplest possible terms , a symbol is something that stands for something else. This ‘something else’ is usually called the designation of the symbol. It is the thing that the symbol refers to or represent. The designation may be a physical object or it may be a concept , but the symbol itself is physical. The idea behind symbolic computation is that we want to allow symbols to stand for anything at all. Programming languages based on this paradigm provide a number of primitive data structures for associating symbols with other symbols , as well as primitive operations for manipulating symbols and their associated structures.

p/s:- Some of the article above is an excerpt from the book Introduction to Expert Systems , written by Peter Jackson and published by Addison Wesley.

 

Programming Engineering Computations in Java.

Programming engineering computations in java

Borrowed this book from National Library (PNM) last month . It’s quite an interesting book to read for those who taken Java language as one of the programming language as a subject to study..The basic module of a Java program is referred to as the class. The definition of the module is the class. A class contain the information (data) and the functionality (method). The Java libraries have several classes.

A Java program contains the definition of the classes. The statements in a Java program are written in the body of the method in a class. The variables and the methods in a Java program are written in the body of the class. This makes Java , a structured language.

The compilation of the Java source code file is performed by typing the statement, javac filename.java in the command prompt of the Java bin folder. The CLASS_NAME.java program is compiled by typing javac CLASS_NAME.java in the command prompt of the Java bin folder. If the program compiles without error message , the java compiler creates a class file in the name of the Java source code file and the command prompt will be displayed as j2sdk1.4.1>bin>  in the console window.

The java class file is executed by typing java filename in the command prompt of the Java bin folder , without the class extension. The output of the java program is displayed in the console window. The compiled CLASS_NAME.java program is executed by typing java CLASS_NAME in the command prompt of the Java bin folder.

The data type  used in the numerical computations in engineering are: 1. Integer 2. Floating Point 3. Double Precision. 4. Character. 5. Boolean. An integer variable in Java is declared using the syntax, int variable_name;  . The initialization of the variable is performed as int variable_name = initial_value ;

The Java compiler has the java.lang.String class for the creation of the instances of the String class. The String class has several methods to process the instances of the String class. The instances of the String class can be created by reading the text from the console window or the input file , and using statements in the program.

Error messages can be obtained from the methods performing the tasks in the Java programs using exceptions. An exception in Java is performed by using a try block , catch block , and finally block. A try block enclosed in the curly braces performs a task. If a statement in the try block throws an exception , a catch block can be written to receive a specific type of exception. The statements in catch block instruct the computer to perform a specific task after receiving a specific  type of error message from the try block. A finally block is written to specify the task to be performed after the try and the catch blocks.

In summary , this book covers topics about File Processing in Java , Matrix Computations in Java , Exceptions in Numerical Computations in Java , Classes , Inheritance and Polymorphism , Graphical User Interface , Graphics , Java Applet and Programming Threads in Java.

p/s:- Some of the article above is an excerpt from the book – Programming Engineering Computations in Java – written by Dr. Raja Subramaniam and published by Firewall Media.

 

 

 

 

 

h1

Systems Programming…

May 7, 2016

system programming

Borrowed this book from National Library (PNM) last month. A book that’s tell us about compiler , compiler’s data structure , interpreter , parsers , how to build and encode compilers and what happens when a program code build , run and compile…Assembler is also discussed in this book , using an assembly language to write a program..also discussed is about linkers and loaders , how linkers and loaders run in the background when a certain program compiles…

When our program is compiled , initially the compiler takes the input source program and breaks it into stream of tokens. The tokens can be keywords , identifiers , relational operators and so on. these tokens are gouped together by the syntax analysis phase of compiler in order to detect the syntax of  programming constructs. If from a group of tokens the syntax can not be identified then a syntax error may get generated.

Creating a compiler is a critical task. Hence we can automate the process of building compiler by using automated tools for generating various phases of compiler. LEX and YACC are such tools. The LEX is used for generating the lexical analyzer program for the compiler and YACC is used to generate the syntax analyzer program automatically.

Recursion is the basic problem for implementing macro calls within macros. If a macro call is encountered during the expansion of a macro, the macro processor will have to expand the included macro call and then finish expanding the enclosing macro. The second call might be expanded by a second macro processor , which would look up the macro definition in the MDT and return the expanded code to the first macro processor. Having many macro processor is neither efficient nor general. If a single macro processor is to handle such nested macro calls, it must in some way save its status when it encounters nested calls.

To handle macro calls within macros , the macro processor must be able to work recursively i.e. to process one macro before it is finished with another , then continue with the previous one.

In Conclusion , its a good book to read . It tells us about operating system and it’s components , how assembler and compilers works , dynamic linking , i/o , file and memory  management , cpu scheduling and process synchronization.

p/s:- Some of the article above is an excerpt from the book Systems Programming written by A.A.Puntambekar and I.A.Dhotre publish by Technical Publications Pune – Fourth Revised Edition 2010.

BuddyPress…

buddypress

Borrowed this book from National Library (PNM) last month…It’s quite an awesome and an interesting book to read about BuddyPress. BuddyPress is a platform to create a social community on your website. It integrates with the WordPress blogging platform , such as member blogs and blog tracking features.

One of the most attractive features of the WordPress and BuddyPress platform is the ease in which you can install , set up , and use the platform to manage and maintain your web site. You don’t need to be a programmer to get BuddyPress up and running. Even someone new  to WordPress and BuddyPress can have a full featured web site , blog , and social community up and running in a relatively short period.

Another way to extend your BuddyPress social community is to customize the look and layout of your site with BuddyPress themes and templates. BuddyPress comes packaged with themes for you to use.The BuddyPress default themes include all the basic elements that you need when starting a new BuddyPress social community on your web site. you can extend your community in several ways by using the plugins and themes released by members of the BuddyPress community , but these default themes are an easy way to get started.

First thing first , you need to visit the BuddyPress Settings page to configure the general settings of your BuddyPress community. BuddyPress comes packaged with several different components and features that you can enable within your community. You do not have to use all of the available components – as a site administrator , you have the option to use only what you need  and leave the rest. The following steps take you through the basic settings:-

1- Log in to your WordPress MU dashboard

Point your browser to http://yourdomain.com/wp-login.php ,          enter your WordPress admin username and password , and                then click the Log In button.

2- Expand the BuddyPress menu.

On the left side  of your WordPress MU dashboard , click the              drop-down arrow on the BuddyPress menu. This expands the            BuddyPress menu and displays several links beneath the                    menu title.

3- Browse to the BuddyPress Settings page.

Click the general settings links on the BuddyPress menu.                    This loads the BuddyPress Settings page.

Lastly , you have to install WordPress plugin , install BuddyPress as a plugin in your WordPress installation , and there you go…You have your own WordPress and BuddyPress…

p/s:- Some of this article is taken from the excerpt from the book BuddyPress for Dummies , written by Lisa Sabin Wilson , publish by Wiley Publishing Inc.

 

 

 

 

 

 

 

 

 

 

h1

Professional PaperVision3D….

April 9, 2016

professional papervision3d

This book I borrowed from PNM (National Library) and it’s quite an interesting book to read. It tells you about the installation of papevision3d , some computer graphics stuff and how to code using papervision3d and java. The view frustum contains everything that’s visible in a 3D scene. The view frustum is pyramid-shaped and at its apex is the camera. The viewable volume is bounded by a polyhedron. Its entry plane is called the near clip plane and the end of its viewing volume is called the far clip plane. The cube inside the viewable volume shown above is projected onto the viewport while the pyramid outside is not drawn ; it’s culled.

To succesfully map  x and y coordinates to the projection plane ( or viewport ) you must map the view frustum shown above to a cube. Without going into all the details , you accomplish this using a projection matrix. Most 3D operations are accomplished using matrix algebra , which is beyond the scope of this book but addressed on the book’s website. The depth in the view frustum is what determines the z-sorting values.

Running a Papervision3D application is like simultaneously recording and projecting your 3D scene . The scene is the middleman. It’s what the camera films and what the projector projects. You can think of the whole process as a combination of a movie camera and projector that both films and projects your 3D scene simultaneously. The scene is what the camera is pointed at and the objects are the items that the camera films. the material are what your objects are dressed in and  determine how the light interacts with the scene elements. The reels  on your projector are your renderer and as your reels turn ( using onEnterFrame or Timer methods ) they cast the recorded scene onto your screen which is your viewport. Finally , at a the heart of Papevision3D is the DisplayObject3D class.

Crucial to understanding how Papervision3D handles objects is to grasp how vertices are manipulated to create 3D computer graphics. The most important thing to remember when dealing with 3D graphics in Papervision3D is that “a vetex is a vertex”. No matter how complex your 3D objects become , it all eventually boils down to a group of vertices arranged in triangles. Papervision3D’s vertex class is Vertex3D. It holds the 3D position of your vertices and a few methods for those vetices. Technically speaking a vertex is an instance of a data structure. That instance contains the attributes of your point in space…wherever it may be.

Lastly , Papervision3D is a framework that encompass computer graphics that can manipulate objects , graphics and media in one application using java language. Papervision3D can be downloaded in the internet…

p/s: – Some of the article above is taken from the excerpt of Professional PaperVision3D written by Michael Lively published by John Wiley and Sons , Limited.

 

Data Structures and Algorithm Analysis in Java…

data structures and analysis in java - pearson

This book also I borrowed from PNM ( National Library ) that tells us about data structure – linked list , queue , stack , trees , hashing , heaps , sorting , algorithm and much more…But the coding of the data structure now we are using is java language.

The most important resource to analyze is generally the running time. Several factors affect the running time of a program. Some , such as the compiler and computer used , are obviously beyond the scope of any theoretical model , so , although they are important , we cannot deal with them here. The other main factors are the algorithm used and the input  to the algorithm. Typically , the size of the input is the main consideration. We define two functions , T avg (N) and T worst (N) , as the average and worst-case running time , respectively , used by an algorithm on input of size N. Clearly , T avg (N) ≤ T worst (N). If there is more than one input , these functions may have more than one argument.

The most confusing aspect of analyzing algorithms probably centers around the logarithm. We have laready seen that some divide-and-conquer algorithms will run in O(N log N) time. Besides divide-and-conquer algorithms , the most frequent appearance of logarithms centers around the following general rule. An algorithm is O(log N) if it takes constant (O(1)) time to cut the problem size by a fraction ( which is usually 1/2). On the other hand , if constant time is required to merely reduce the problem by a constant amount ( such as to make the problem smaller by 1 ) , then the algorithm is O(N).

It should be obvious that only special kinds of problems can be O(log N). For instance , if the input is a list of N numbers , an algorithm must take Ω(N) merely to read the input in .Thus , when we talk about O(log N) algorithms for these kinds of problems , we usually presume that the input is preread.

Once an analysis has been performed , it is desirable to see if the answer is correct and as good as possible. One way to do this is to code up the program and see if the empirically observed running time matches the running time predicted by the analysis. When N doubles , the running time goes up by a factor of 2 for linear programs , 4 for quadratic program , and 8 for cubic programs. Programs that run in logarithmic time take only an additive constant longer when N doubles , and programs that run in O(N log N) take slightly more than twice as long to run under the same circumstances. These increases can be hard to spot if the lower-order terms have relatively large coefficients and N is not large enough. An example is the jump form N=10 to N=100 in the running time for the various implementations of the maximum subsequence sum problem. It also can be very difficult to differentiate linear programs from O(N log N) programs purely on empirical evidence.

Lastly , this book mainly talks about data structure , algorithm analysis , coding data structure in java language and some exercise that can strenghten your basic subjects in data structure.

p/s:- Some of the articles is an excerpt from Data Structure and Algorithm Analysis in Java – Second Edition written by Mark Allen Weiss published by Pearson Education Inc.

 

 

 

 

 

 

 

h1

Microsoft SQL Server 2008 Programming and Cascading Style Sheets – Separating Content From Presentation…

February 13, 2016

professional_microsoft_sql_server_2008_programming

Microsoft SQL Server 2008 Programming.

This is book is mainly about the usage and programming using Microsoft SQL Server 2008 , how to do database setup , inserting , updating , deleting tables and so on…I borrowed it from the National Library (PNM). It teaches us the basic syntax of using Microsoft SQL Server 2008 programming language. Databases are made up of many things , but none is more central to the make-up of a database than tables are. A table can be thought of as equating to an accountant’s ledger or an Excel spreadsheet. It is made up of what is called domain data (columns) and entity data (rows). The actual data for the database is stored in the tables.

SQL Server is a large product and the various pieces of it utilize a host of services that run in the background on your server. A full installation will encompass nine different services , and seven of these can be managed from this part of the SQL Server Configuration Manager ( the other two are services that act as background support ).

SQL Server provides several of what are referred to as Net-Libraries (network libraries) , or NetLibs. These are dynamic-link libraries (DLLs) that SQL Server uses to communicate with certain network protocols. NetLibs serve as something of an insulator between your client application and the network protocol , which is essentially the language that one network card uses to talk to another , that is to be used. They serve the same function at the server end , too. The NetLibs supplied with SQL Server 2008 include Named Pipes , TCP/IP (the default) , Shared Memory and VIA ( a special virtual interface that your storage-hardware vendor may support ).

Every time you run a query , SQL Server parses your query into its component parts and then sends it to the query optimizer. The query optimizer is the part of SQL Server that figures out the best way to run your query to balance fast results with minimum impact to other users . When you use the Show Estimated Execution Plan option , you receive a graphical representation and additional information about how SQL Server plans to run your query. Similarly , you can tun on the Include Actual Execution Plan option. Most of the time , this will be the same as the estimated execution plan , but you will occasionally see differences here due to changes that the optimizer decides to make while running the query , as well as changes in the actual cost of running the query versus what the optimizer thinks is going to happen.

p/s:- Some of these articles are excerpt from the book –  Beginning Microsoft SQL Server 2008 Programming – written by Robert Vieira and publish by Wiley Publishing Inc.

cascading style sheets

Cascading Style Sheets – Separating Content From Presentation

This book i borrowed from the National Library (PNM). It tell us about how to use the Cascading Style Sheets , the origin of it , the foundation and concepts , the XHTML and CSS. CSS at its core is extremely simple and powerful. It allows you to attach style rules to HTML markup elements , such as the <p> or <a> element. These rules define the presentational aspects of the HTML elements to which they apply, such as color or typeface.

The <style> element appears in the <head> element of an XHTML document. Its type attribute declares that the style language is CSS , and it overrides the default stylesheet language used by the browser when rendering stylesheets. Actually, there are no other style languages in use by browsers today , except for Netscape Navigator 4.x’s proprietary JavaScript Stylesheets (JSSS) , which use the type attribute value “text/javascript” , now virtually obsolete as the browser fades from existence. However, as with many things in CSS , the type attribute looks forward to a time when browsers provide support for multiple style languages.

The popularity and power of a general-purpose SGML document type such as HTML wasn’t lost on XML’s designers , however , and as a transitional step toward the future , the HTML vocabulary wan reimplemented in XML as XHTML , the basis of most of our examples in this book. By making use of a well-known and proven generic document type , XML’s creators hope to leverage the knowledge of millions of web author while tightening down the screws with regard to syntax. As a result , a valid XHTML document may be viewd in any modern browser ( and even in most legacy browsers ) without much difficulty , and it may also be used by tools designed to interpret and manage XML documents , because it is itself an application of XML. Eventually , the Web’s architects expect that we’ll all be suing XHTML with our own , or with widely adopted , XML formats such as SVG , MathML , RDF , RSS , and others.

If you’re using XSLT or some other transformation language , you may need to document the naming convention several times or show the relationships between the storage format ( whether document repository , object database , relational database , or flat files ) , the transformation rules (whether XSLT or some other software package with XML support ) , the output format (whether another custom XML document , XHTML , legacy HTML , or another format ) , and the associated files , such as CSS stylesheets , Javascript files , and so forth.

p/s:-  Some of these articles are taken form the excerpt  from the book – Cascading Style Sheets – Separating Content From Presentation – written by Owen Briggs , Steven Champeon , Eric Costello and Matt Patterson – publish by Friendsof – an Apress Company.

 

 

 

h1

Professional WordPress – Design and Development Review….

January 15, 2016

Professional WordPress - Design and Development

 

 

 

 

 

 

Professional WordPress – Design and Development Review….

The WordPress source code features many different PHP , Javascript , and CSS code files. Each file serves a specific purpose in WordPress. The beauty of open source software is that all code is publicly available , which means you can easily explore the code to better understand how WordPress functions. The best resource for learning WordPress is the WordPress software itselft.

WordPress comes with three directories by default: wp-admin , wp-content , and wp-includes.Core files are all files in the wp-admin and wp-includes directories and the majority of the files in the root WordPress directory, The wp-content directory holds all of your custom files , including themes , plugins , and media. This directory contains the code that controls content manipulation and presentation in WordPress. WordPress HTML content , such as pages and posts , is stored in the MySQL database along with metadata such as tag and category structures, both of which are covered in detail in Chapter 6.

The most important file in any WordPress installation is the wp-config.php file. This file contains all database connection settings , including the database name , username , and password to access your MySQL database. This file also stores additional database and other advanced settings. The wp-config.php file was originally named wp-config-sample.php. Renaming the file to wp-config.php is one of the first steps to installing WordPress.

The wp-config file is typically stored in the root directory of WordPress. Alternatively , you can move the wp-config file out of the WordPress root directory and into the parent directory. So if your WordPress directory is located here,

/public_html/my_website/wp-config.php

you can safely move the file to here:

/public_html/wp-config.php

WordPress looks for the wp-config file in the root directory first , and if it can’t find that file it looks in the parent directory. This happens automatically so no settings need to be changed for this to work.

Initially , you set up WordPress in the document root of your local Apache.If you wanted more than one local website , you could set each website in its own folder. This works and you use it for many development sites. However ,  you can also set up each web server to respond to a local “fake” domain name. Sometimes , when moving to production , using this method makes the conversion from development to production easier.

p/s:- This is some of the excerpt of the article taken from the book – Professional WorPress – Design and Development – written by Brad Williams , David Damstra and Hal Stern – publish by John Wiley and Sons Inc ..

 

 

 

h1

Seven Deadliest USB Attacks Review …..

January 15, 2016

seven deadliest usb attacks

 

 

 

 

 

 

 

Seven Deadliest USB Attacks Review…..

The Universal Serial Bus (USB) Hacksaw was devised by a posse of self-proclaimed “IT-Ninjas” acting on behalf of the Hak.5 organization. The Hacksaw is one mutation of many USB-related hacks that have been released on this site.

The U3 smart drive was co-developed by SanDisk and M-Systems in 2005. U3 smart drives are USB flash drives with a unique hardware and software setup. The flash-drive hardware configuration causes Windows disk management to provide dual partitions. An emulated read-only CD drive partition contains the autorun.inf and LaunchPad software. The additional drive is a standard file allocation table (FAT) partition , which includes a hidden “SYSTEM” folder for installed application. This configuration allows a U3 flash drive to launch automatically when inserted into a computer.

The regulation of the U3 platform did not stop the hacking community from targeting it. Instead , they utilize a modified U3 LaunchPad called the Universal Customizer , which can overwrite the existing U3 software , enabling an open-source platform for global development with minimal governance. Many administrative and forensic-type applications are finding their way onto this and other open-source versions.

The USB Hacksaw tool is designed to work with Windows 2000 , XP . or 2003 systems only . although some success has been achieved on Vista. The program will manually install onto Windows 7 although Stunnel v4.11 is not compatible , resulting in a failure to establish a connection to the e-mail server. A Windows XP operating system was used to build the Hacksaw version outlined in the next section. In order to get the programs on the U3 drive , you must replace the launcher with the open-source code. The tool is designed to run automatically if autorun has not been disable by the user policy.

An antivirus (AV) kill script was initially released for the original verion of the USB Switchblade. It has since been taken down from the site due to mounting inconsistencies and failure caused by vendor updates and adaptations. Some AV vendors have already tagged the AV kill program released on the Hak.5 web site (csrss.exe) for the USB Switchblade as a virus , rendering it ineffective from the get-go. Since administrator access is required for Switchblade to run successfully , there are other techniques that can be used to disable AV before the payload execution.

p/s: – Some of the excerpt are taken from the book – Seven Deadliest USB Attacks – written by Brian Anderson and Barbara Anderson – publish by Syngress.

  • Just finish interview with iContro Software Sdn Bhd – Position : Software Developer at Kota Damansara  this week….

 

 

Follow

Get every new post delivered to your Inbox.