sweeper-1687445_640

How to Clean a Massage Chair

A very common problem the buyers of Massage Chair face is its cleanliness. As it can cause an electric shock if they use any chemical, they are in the ambiguous situation what to use to clean it. How to clean a massage chair and what are precautions for its cleanliness. That’s why I am writing this guide for such users.

If you observe your massage chair, you will find three kinds of material on it. One is leather covering; another one is its knit trim to help the chair move smooth and the third one is Synthetic Leather. You should clean both of the parts carefully with different things. Otherwise, it cannot last for a longer time, and you will lose its beauty and functionality within a few years.

MassageTut.com - FDA Massage Chair Review Picture

Image credit: www.massagetut.com – A popular website for massage chair reviews.

Leather / Synthetic Leather Cleaning

Both of the Leather and Synthetic Leather can be cleaned by using the following two methods.

General Cleaning – You should use a piece of cotton cloth because it is very soft and it can remove the dust particles present on the leather seat properly. A daily dusting can give the leather seat a shiny surface. Some people use newspapers or tissue papers to clean it. That is not good for it. Both of these things cannot make the seat neat and shiny. So, you should use a cotton cloth that is absorbent and cleans finely. Don’t try to rub the surface hardly. Do the dusting with a mild hand.

Deeper Cleaning – If you want to clean the surface deeply, you should use a solution of soap and water. Dip the cotton cloth into the solution. Press the fabric a bit and then put it on the spots and stains. If you rub it slowly, it will give you a clean surface within a few seconds. Now use only distilled water with a sponge to clean the soap from the seat. Take another piece of clean cloth and rub mildly on the surface to make it dry.

Cleaning of Knit Trim

If you are dusting the chair on a daily basis, it needs no deep cleaning. However, it may get some stains of milk, wine, coffee or other liqueurs. You need to use a sponge for its cleaning. Just put the sponge in lukewarm water and squeeze it. Now put it on the mild soap and put it to the stains. Give a gentle rubbing on the stains to make them vanished. Now use another sponge in the fresh water to clean the surface. Wipe the soap. Let it dry by keeping in the open air for some time. When you see the affected area is not wet, take a soft bristled brush. With mild hand, use the brush on the fabric to give it a nice look.

The only precaution I would like to give you is that you should never use a glass cleaner, hard soap or aerosol spray on the massage chair. It will damage the leather and its shiny surface. You should not use any liquids that could stain the seat. It is antibacterial. So, they can damage the polished surface.

coffee-684069_640

How to Make Electronic Cigarette Juice

If you want to enjoy your desired flavors in vaping community, here is how to make e-juice of your choice. It’s not a difficult task, and you will feel like you are making your favorite cookies. Here we go.

Checklist

  • Diluted Nicotine
  • PG/VG (Propylene Glycol/Vegetable Glycerin)
  • Flavors
  • Small bottles to fill the e-liquid
  • Syringes
  • A pair of gloves

Method

  • First, you should determine how strong nicotine you require in the electronic cigarette? If you want a strong e-cigarette, you need to prepare 50mL of 8mg/mL e-juice. So, multiply 50 by 8 to get 400mg of the required strength of nicotine. If you can’t find or your authorities don’t allow you to buy nicotine then simple order one from  and save money and energy both.
  • Now put on your gloves. Put the required quantity of nicotine in a bottle by using a syringe. You are going to prepare 8mg/mL e-juice.
  • Now add your desired flavor to the diluted nicotine to give it a favorable taste. You can add two or more flavors too. But make sure you are using only 10% of flavor dilution only. For example, if you want to prepare 50mL e-juice, you need only 5mL flavor dilution. You need to use a new syringe for this purpose. Just add the dilution into a clean syringe and drip it into the bottle where it will be mixed to nicotine.
  • Now it’s time to add the VG into the bottle. You need to put 29mLs vegetable glycerin into the jar. For this purpose, you need to use another clean syringe. You should be careful while pouring the VG into the bottle of diluted nicotine and flavors. Do not pour it as a whole. Pour 1/4th quantity and wait for a while. Then pour another 1/4th and wait for a couple of seconds again. In this way put the entire solution into the bottle.
  • Now you need to put the cap on the bottle neck and shake the mixture well to disperse it. You should shake it at least for five minutes for an evenly mixing.
  • Now it’s time to fill up your cylinders flavor into the tank and vape to enjoy its taste.

Precaution: You should be very careful while selecting the bottles to prepare e-liquid. Always choose the same sized and shaped bottles. Pour an equal quantity of diluted nicotine in all bottles. If you put all three things without measurement, it may not give you the required taste. So, the measurement is an important factor in preparing electronic cigarette juice.

google-chrome-is-not-connecting-to-the-internet

Google Chrome is not connecting to the Internet (Fixed)

Looking for the ways to fix the error on Google Chrome “Unable to connect to the internet”? Here you will find some handy ways to work around this issue in no time. There may be different reasons for this problem. The problem is interrelated to DNS PROBE FINISHED NO INTERNET error that also occurs in Google chrome, these fixes will work for both error equivalently. I am going to share my personal experience with you. So, let’s start discussing all methods one followed by the other.

Google Chrome is not connecting to the Internet

Method # 1: Reboot the System

You should restart the system to try browsing in Chrome once more. When the computer restarts, just open Google Chrome and type your desired website to check whether it shows “” error or it is resolved.

Method # 2: Re-install the Browser

If the browser is still not responding, you should uninstall and re-install the browser to give it another try. For this, do the following steps.

  • You should go to the “Control Panel.”
  • In “Programs” category, you should select the option “Uninstall a program.”
  • Here, you will find a list of the programs installed on your system. You need to click “Google Chrome” and select “Uninstall” from above. It will uninstall this browser. Later, you can re-install it.

Method # 3: Disable the Firewall

If you are using an antivirus program, that may be blocking the way of Google Chrome for browsing. So, you need to disable its Firewall and try to browse your desired sites.

Method # 4: Clear the Cache

You should clear the cache from Google Chrome to remove this error. Use the following instructions to perform this action.

Go to the address bar and type “://net-internals/#dns” and press “Enter” key.

Method # 5: Use Command Prompt

You should be a bit technical this time if none of the above-discussed methods works well. Open Command Prompt with admin rights.

  • Go to the “Start” and type in the Search bar “Command Prompt”. As soon it appears in the search results, you should right-click on the Command Prompt and select “Run as Administrator.”
  • Now the Command Prompt window appears before you. Start typing the following commands one by one and every time press “Enter” to move below.

“ipconfig /release”

“ipconfig /all”

“ipconfig /flushdns”

“ipconfig /renew”

  • Now you need to type here two other commands given below.

“netsh in tip set dns”

“netsh winsock reset”

Method # 6: Change DNS Address

You should replace the DNS Address so that your browser may not show the “DNS_PROBE_FINISHED_NO_INTERNET” error again. You can follow the steps below that would fix this issue for sure.

  • Just go to the bottom right corner where you find the Network icon. You need to right-click on it to view its options.
  • Now select “Open Network and Sharing Center” to move ahead.
  • In the left pane, you will see “Change Adapter Settings” option. Just click this option to view its content.
  • When you right-click the active network connection, there you will find “Properties” at the bottom. Select this option.
  • In the Properties, “Networking” tab, you need to select “Internet Protocol Version 4 (TCP/IPv4)” and click “Properties.”
  • Click the radio button “Use the following DNS server addresses” and provide “8.8.8.8” in the Preferred DNS Server box and “8.8.4.4” in the Alternate DNS Server box.
iphone-6-1523232_640

How to make an iPhone Case at Home? [Guide + Video Tutorial]

Everyone is very caring for the safety of his iPhone and no doubt you will be too one of them if you use an iPhone. You won’t like to get scratches on its back and would prefer to protect it with a custom casing or skin. It can be bought from the market, but in my case, I never like buying a skin for my iPhone from the market. I would prefer to make it at home with my choice of colors, material and design because when I visited the market to get a cover for my iPhone, I found some covers too glossy with the colors I never like. Whereas some were good in material, but they were in matte and dull colors that were never my favorite. So, what to do the next is just to create my iPhone casing at home. The below listed things are must to create an iPhone case, if you don’t have, then avoid this guide and buy one from any trusted cell phone accessories shop, I personally buy and recommend if you’re looking for affordable accessories, otherwise you can order them on famous Online shopping site.. If you want to join me, you require some very ordinary things for this purpose to collect appreciation from your friends.

Required Items

  • Foam Sheet (It should be in matte, and I would prefer in dull yellow color as it is my favorite)
  • Glitter Foam Sheet (It is used to give a glossy look or design to the casing. If you want a casing in matte only, you can select another matte sheet in a bit different color, but it should be in darker color)
  • Cardboard
  • Pencil
  • Ruler
  • X-Acto knife (If that is not available, you can buy a sharp paper cutter)
  • Scissors
  • Glue (If you buy Super glue, it works the best instead of an ordinary glue. So, ask for super glue)
  • Velcro
  • Markers (In two different colors)

Method:

  • Take the flat colored matte foam sheet and use ruler and pencil to draw two lines each in 1 cm width.
  • Now use scissors to cut the strips. These strips will cover the four sides of your iPhone.
  • Paste some glue to the edges of the strips and join them to make one long strip.
  • Start putting the long strip to the four sides of your iPhone. Mark the place where is the “Off/On” button and the “Volume” key. You need to cut the area with X-Acto cutter.
  • Now take cardboard. Put your iPhone on it to trace its shape from the front and the rear side with 2 cm distance between them. (It is because when you open or close the casing after attending a call on your iPhone, it should be flexible enough to work accordingly)
  • Mark the places where the camera exists and cut that in squares. Cut the shapes of front and rear you have traced on cardboard.
  • Now you have front and rear sides of your iPhone in cardboard. Paste these sides on the glittering foam sheet you selected earlier.
  • Don’t forget to mark and cut the holes for camera and flashlight on the glittering sheet.
  • Now put some glue on the edges of the shapes of front and rear for your iPhone and put your phone between them.
  • The ring on the width of your phone you created with the matte foam sheet will fit the front and back covers. Press the sheet on all sides so that it sticks on every inch.
  • Keep it aside. Now you should draw some attractive shapes like stars, the flag of your country, your favorite fruit, bird or animal on the matte foam sheet with a marker. Cut these shapes and paste them with the help of glue to the rear and front covers on glittering foam sheet.
  • Take about 4 inches long and half 1-inch wide piece of the glittering foam sheet and paste at the mid of bottom side of the casing
  • Now put some glue on both sides of Velcro and stick it on the mid of the front side of the casing and join the 4 inches long piece you pasted on the back side of the casing. Now it is easy for you to open and close the casing.

Video Guide:

That’s all guys! Your creation is ready to collect the appreciation of the people.

Michael Daw Anthology

michaeldaw.org is pleased to announce the first “Michael Daw Anthology” award.

For those of you curious, anthology is a collection of published works. The original idea behind the michaeldaw.org website was to build stories upon a fictional hacking icon named, Michael Daw, as well as to host other security related material. As a close friend pointed out to me, the name is very relevant “when pondered upon”. Some believe that the archangel Michael holds the keys to the doors of Heaven.

Use cutting-edge security wizardry, use sci-fi… write a hacking story centered around Michael Daw and be 1 of 6 to stand the chance of winning.

The full details of the competition will be provided soon. We are currently seeking sponsors to donate towards the winnings. For more information please contact us.

Hacking HomePlug Networks

I don’t know whether HomePlug networks are growing in use or not, but the following statements caught my attention:

“Officials at Intellon, the chip maker that developed the HomePlug spec, say that hacking into a HomePlug network would require cracking the government’s DES encryption standard.” – link

My favourite:

“HomePlug specification products also protect data by utilizing powerful DES encryption, which makes hacking into a HomePlug network virtually impossible.” – link

If you are not sure what a HomePlug network is then maybe the following diagram will help:

As you can see above, HomePlug’s in many cases can replace a Wireless infrastructure or work along side it (i.e. your house or office has thick walls weakening the signal). You simply plug it into your wall socket and attach a network lead to it.

 

Now I didn’t really spend ages on coming up with advanced hacking techniques for these things. It would be overkill me thinks. These devices are insecure in their default state. They are also insecure in their “secured” state.

So lets put our attack together:
1. HomePlug Detection & Enumeration
2. Exploitation in its default state
3. Exploitation in its “secured” state
4. Hacker Countermeasures

1. HomePlug Enumeration

You need a compatible HomePlug to start. A single plug can cost between £20 – £30. Ensure that the plug is HomePlug v1.0 certified or you will most likely fail in your endeavor.

You will then require a target, testing your own network is easy enough, attackers will most likely test your network from an outside wall socket.

Install the software that comes with the plug – this software was exactly same with both my HomePlug makes (other then a few logo changes). Plug your HomePlug into the wall socket of the network you what to connect to. Load up the software and simply click “Scan Powerlines Network”. You could also just load a sniffer and check if your rogue plug has already joined the network.

2. Exploitation in its default state

I couldn’t find the v1.0 specification rfc, but it was trivial to work out that all these devices use a default network key of “HomePlug” to start with. Obviously this was done to allow for plug and play. Load up your sniffer and monitor network traffic. If the default key is used you should see NetBIOS broadcasts etc. Job done.

3. Exploitation in its “secured” state

56-bit DES encryption may have been considered cryptographically strong in the stone ages but not today.

Even though 56-Bit DES encryption (2^56 possible keys) is breakable, it may take a fair chunk of time to crack – although Rainbowtables has made this alot easier. Personally, I would try some weak passwords to begin with.

4. Hacker Countermeasures

Do the obvious. Use a very strong key to secure your HomePlug’s. Ensure thats your network devices are firewalled. Hopefully the newer versions will provide stronger encryption options.

Bypassing ASP.NET XSS Filters

This attack is only possible with Internet Explorer users as it exploits the old IE CSS comment hack; a very creative find indeed from the guys at ProCheckUp.

Proof of Concept:

Alert box injection - simply provided for testing purposes
(may cause DoS issues on Internet Explorer)
http://target/vuln-search.aspx?term=</XSS/*-*/STYLE=xss:e/**/xpression
(alert('XSS'))>

ASP.NET will also escape double quotes(“), so although a number .NET servers are vulnerable to this, it is somewhat mitigated by this fact.

ASP Auditor (with a little mod) could be used to test if your web server(s) are vulnerable. Let me know if your interested. I hope to add this check to the tool shortly.

AVs prove less-effective

Last year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the following:

  • A tool to aid penetration testers and web developers with security testing document management applications.

Recently I made a pre-v2 release of the tool, which has received even more feedback then the previous version and the project just got even more exciting.

During web applications security audits, I have come across a couple of situations where my uploaded file just vanished off the server – I am sure many reading this have come across this too. The reason behind this was that an Anti-Virus (AV) application had detected the malicious script and removed it. My future plans for this project is to check the effectiveness of AV filters against the scripts in WBC. Dancho Danchev has gone ahead and made a fantastic start to this!

I have gone ahead and added his research into the WBC table for easy viewing and as a centralised location for AV vendors and other interested parties. The results are certainly not a shocker but definately an eye opener. WBC has certainly demonstrated what all security researchers already know, this area needs work!

I can really see AV vendors catching a wake up call in this area or atleast I hope they do. The fun will soon begin to see how we can circumvent their restrictions and help improve some of these products!

Hotlinks and Persistent CSRF

[Hotlinking] is the placing of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located. Inline linking is also known as hotlinking, leeching, direct linking or bandwidth theft – wikipedia

Hotlinking has been around for ages, and the attack vector shown in this paper is not new either; I merely take two known attacks and merge them to create a super dangerous client side attack that is persistent!

I released the Web Hacking 2.0 mindmap at the beginning of this year (2007). Someone from the Phoenix OWASP chapter liked the idea and posted it on owasp.org. I have no problem with this, although an email saying how and where my work was to be used would have been nice. Enough of that, the point here is to demonstrate the concept of exploiting hotlink trust relationships. This is the primary problem with hotlinking. Site 1 is creating bandwidth problems for Site 2, however, Site 2 is now in a position of trust (persistent).

Two possible attacks are as follows:

  • Attack 1: We deface the page with a lovely picture of stallowned
  • Attack 2: We setup a 302 or 304 redirect on my web server with the image filename used on the site who’s trust we are exploiting. The redirect exploits a CSRF vulnerability. Everytime the page is loaded, the CSRF attack is executed. This is now persistent! Everytime a user loads the Site 1, our CSRF attack is executed.

Lets take this concept a little further. If the site is hotlinking an object or iframe type, it is now possible to turn a reflective XSS attack into a persistent XSS attack. For this attack we require both a reflective XSS vulnerability and a hotlink. What’s really neat and tidy is that an attacker can display the correct object after exploitation, remaining completely invisible to the user.

Our malicious redirects are as follows:

Redirect 302 /a.jpg http://www.owasp.org/index.php?title=Special:Userlogout
&returnto=http://michaeldaw.org
OR
Redirect 302 ^/flashobj.swf$ http://site/trusted.html?<script>alert(1)
</script>

This attack concept is a security catastrophe especially when taking Web 2.0 which is designed around this form of trust.

In summary, don’t hotlink. Rather download the file onto your local server, although with Web 2.0, this will become increasingly difficult.

Web servers can enable hotlinking protection to prevent this; however, since alot of browsers now restrict the referrer field, this security method will not really help.

Thanks to pdp (architect) for allowing me to bounce ideas off him.

References:

Input Validation Cheat Sheet

Related articles: SQL Injection Cheat Sheet

We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing.

Character(s) Details
NULL or null Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway.
{‘ , ” , ; , <!} Breaks an SQL string or query; used for SQL, XPath and XML Injection tests.
{– , = , + , “} These characters are used to craft SQL Injection queries.
{‘ , &, ! , ¦ , < , >} Used to find command execution vulnerabilities.
“><script>alert(1)</script> Used for basic Cross-Site Scripting Checks.
{%0d , %0a} Carriage Return Line Feed (new line); all round bad.
{%7f , %ff} byte-length overflows; maximum 7- and 8-bit values.
{-1, other} Integer and underflow vulnerabilities.
Ax1024+ Overflow vulnerabilities.
{%n , %x , %s} Testing for format string vulnerabilities.
../ Directory Traversal Vulnerabilities.
{% , _, *} Wildcard characters can sometimes present DoS issues or information disclosure.

These characters can be represented in many different ways (i.e. Unicode). It is important to understand this when restricting input to these character sets.

References:

 

Page 1 of 3

Powered by WordPress & Theme by Anders Norén