windows server



Windows Server 2008 features major upgrades to Terminal Services. Terminal Services now supports Remote Desktop Protocol 6.0. The most notable improvement is the ability to share a single application over a Remote Desktop connection, instead of the entire desktop. This feature is called Terminal Services RemoteApp. Other features new to Terminal Services include Terminal Services Gateway and Terminal Services Web Access (full web interface). With Terminal Services Gateway, authorized computers are able to connect securely to a Terminal Server or Remote Desktop from the Internet using RDP via HTTPS without implementing a VPN session first. Additional ports do not need to be opened in the firewall; RDP is tunneled through HTTPS. Terminal Services Web Access enables administrators to provide access to the Terminal Services Sessions via a Web interface. TS Web Access comes with an adjustable Webpart for IIS and Sharepoint, which advertises the possible applications and connections to the user. Using TS Gateway and TS RemoteApp, the whole communication is via HTTP(S) and the remote applications appear transparent to the user as if they are running locally. Multiple applications run in the same session to ensure that there is no need for additional licenses per user. Terminal Services Easy Print does not require administrators to install any printer drivers on the server, but guarantees successful client printer redirection and availability of all printer UI and properties for use in remote sessions. Terminal Services sessions are created in parallel, instead of a serial operation - the new session model can initiate at least four sessions in parallel, or more if a server has more than four processors.

Windows XP



Windows XP is a family of 32-bit and 64-bit operating systems produced by Microsoft for use on personal computers, including home and business desktops, notebook computers, and media centers. The name "XP" stands for eXPerience.[1] Windows XP is the successor to both Windows 2000 Professional and Windows Me, and is the first consumer-oriented operating system produced by Microsoft to be built on the Windows NT kernel (version 5.1) and architecture. Windows XP was first released on October 25, 2001, and over 400 million copies were in use in January 2006, according to an estimate in that month by an IDC analyst.[2] It is succeeded by Windows Vista, which was released to volume license customers on November 8, 2006, and worldwide to the general public on January 30, 2007. Direct OEM and retail sales of Windows XP ceased on June 30, 2008, although it is still possible to obtain Windows XP from System Builders[3] (smaller OEMs who sell assembled computers) until January 31, 2009 or by purchasing Windows Vista Ultimate or Business and then downgrading to Windows XP.[4][5]

The most common editions of the operating system are Windows XP Home Edition, which is targeted at home users, and Windows XP Professional, which offers additional features such as support for Windows Server domains and two physical processors, and is targeted at power users, business and enterprise clients. Windows XP Media Center Edition has additional multimedia features enhancing the ability to record and watch TV shows, view DVD movies, and listen to music. Windows XP Tablet PC Edition is designed to run ink-aware applications built using the Tablet PC platform. Two separate 64-bit versions of Windows XP were also released, Windows XP 64-bit Edition for IA-64 (Itanium) processors and Windows XP Professional x64 Edition for x86-64. There is also Windows XP Embedded, a componentized version of the Windows XP Professional, and editions for specific markets such as Windows XP Starter Edition.

Windows XP is known for its improved stability and efficiency over the 9x versions of Microsoft Windows.[6][7] It presents a significantly redesigned graphical user interface, a change Microsoft promoted as more user-friendly than previous versions of Windows. New software management capabilities were introduced to avoid the "DLL hell" that plagued older consumer-oriented 9x versions of Windows.[8][9] It is also the first version of Windows to use product activation to combat software piracy, a restriction that did not sit well with some users and privacy advocates. Windows XP has also been criticized by some users for security vulnerabilities, tight integration of applications such as Internet Explorer 6 and Windows Media Player, and for aspects of its default user interface. Later versions with Service Pack 2, and Internet Explorer 7 addressed some of these concerns.

During development, the project was codenamed "Whistler", after Whistler, British Columbia, as many Microsoft employees skied at the Whistler-Blackcomb ski resort.[10]

debian linux


Have an old PC gathering dust? Use it for a Linux server! Linux runs great on older hardware giving it new life and it's easy to do. Just follow along with our guide pages and we'll walk you through installing the Debian Linux OS and setting up a network with the most common types of Internet and LAN servers all on one system. You'll learn some things about operating systems, networking, and the Internet in the process, and you may just have some fun along the way. Even if you have never worked with Linux before, you'll be able to use our guide pages to go from zero to "sysadmin" in no time, as well as get a solid start in the knowledge needed for the Linux+ certification.


Why Not Red Hat ?

Red Hat is in a tough spot. Most of their revenue streams are based on sales, support, and training while the open nature of Linux has resulted in thousands of freely-available Linux resources on the Web. Their survival depends on having a product that is proprietary enough to make you dependent upon them for upgrades and support. And now that they are a publically-held company they are under pressure to meet the expectations of Wall Street analysts for revenue growth and cash flows every quarter. (Did you think it was just a coincidence that they churned out new versions at an average of two a year?) In time, Red Hat's dominance will likely kill off smaller commercial distributions like Mandrake and TurboLinux and dealing with Red Hat will be no different than dealing with Microsoft.


Why Debian ?

Debian is the world's leading non-commercial totally free Linux distribution. Remaining loyal to the concept upon which Linux was created, it is produced by hundreds of volunteer developers around the world. Contrary to a common misconception, Debian is not for Linux gurus only. As a matter of fact, as you will see on the guide pages, its advanced package management system makes it one of the easier distributions for new Linux users to work with. Here are just a few of its advantages:

* Non-Proprietary: Debian is a true GNU/Linux distribution using the standard UNIX style commands. This ensures that what you learn today won't be obsolete in two years and makes it easier to also learn how to work with UNIX systems.
* Easy Maintenance: A seamless, totally-integrated package management system makes it easy to keep your system up to date and free of orphan files and incompatible products. Most dependent packages are handled automatically so you don't get the "Failed dependencies" error commonly encountered when trying to add software on RPM-based systems like Red Hat and Suse.
* Automated Patching: The Debian package system also allows you to use a single command to update your entire system (operating system and installed packages) over the Internet. This allows you to use a scheduler to routinely run a shell script to automatically update your system with the latest program, OS, and security patches.
* Extensive: Only free software packages (applications, utilities, etc.) are allowed to be included in the official Debian distributions, and the current binary distribution comes on 21 CDs or 3 DVDs because there are over 18,000 of them. With Debian, you don't have different "server" and "workstation" or "personal" editions. It's everything all in one.
* Support Options: Peer support is available through a community of listservs (mailing lists) and chat rooms. Replies to messages may even be from those who helped develop the product. And since you're likely not the first person to encounter a given issue, there are also searchable archives of listserv messages. If your company requires commercial support contracts fear not. Numerous for-profit support operations offer a variety of technical support options. With Debian, you don't have to worry about forced upgrades due to vendors dropping support for older versions.
* Minimal Investment: Debian's peformance is excellent even with the modest hardware requirements Linux is famous for. While most OSs require newer, faster, bigger hardware, Debian allows you to utilize those old Pentium systems instead of throwing them into a landfill. This, along with the fact that you can load a single copy of Debian on as many systems as you want, means you can set up a full-blown enterprise at very little cost.
* Reliable: Debian's focus on stability and reliability results in servers that you may have to reboot once a year, rather than once a month.
* User-centric: New versions of Debian are developed when major changes warrant one, not to generate revenues from upgrades. (You need only look at the version numbers of the various distributions to verify this.)

Debian disc images are available for download from www.debian.org. If you download the images, be sure to download the current "stable" release (get the "i386" set for an Intel PC system). However, downloading and burning 21 CDs or 3 DVDs takes some time and effort. You can also purchase ready-made DVD sets from Web vendors for around $20 with CD sets costing a little more. (We now sell CD/DVD sets to help fund the ad-free operation of this site.)

If you don't have a spare computer we've got good news. Linux doesn't need much. You can pick up a Pentium-III on sites like eBay for well under $100. A system with 128 meg of RAM and a 4-gig drive is more than enough for our needs. (If you have a network be sure to pick up a network card for it also. Used 3Com 3C905s are going for around $10.) If money is tight you could always just pick up a used 2-gig hard-drive and mount that in your current system (we cover this option in more detail on the Installation page).


Why Not Debian ?

If you're the type who likes to base your operations on the bleeding edge, Debian isn't for you. Debian's focus on providing a stable, reliable operating system across all hardware platforms means it will never be "first to market" with new bells and whistles. They are incorporated into new releases once the bugs have been discovered and worked out.


Why Us ?

First of all, No Advertising! With so many sites out there being so cluttered with banner and pop-up ads that it's down-right painful to use them, we wanted to keep your Linux learning experience free of such distractions. As an alternative, we have chosen to use Amazon book links and sell Debian discs and gear to try and raise the funds necessary to keep this site operating. We feel this approach offers a win-win situation in which we raise operating revenue and you get some great books, software, etc. in the process.

Secondly, Linux resources tend to fall into two categories; those for newbies that cover the basics but never get into the "fun stuff" like servers and firewalls, and those that do get into the fun stuff but assume the reader has a lot of experience with Linux.

We take the middle ground here, "fun stuff for newbies" if you will. We feel the best way to learn is by doing. So after covering the basics on the Linux Basics page, and getting a system up and running on the Installation and Packages pages, we dive right into the fun stuff. When you learn by doing and then buy some Linux books you'll better understand what's being presented and better appreciate the depth of the material.

Messin with BackTrack v.1.3


Saint - SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego - The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Nessus - Tenable would not allow for redistribution of Nessus.

Kernel - 2.6.21.5. Yes, yes, stop whining....We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

Tools - As usual, updated, sharpened, SVN'ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.



General Info

* We have released a 784 MB USB / DVD image, as well as a stripped down 695 MB iso and a 689 MB VMWare image.
* Dual core issues have been fixed (mostly due to the new kernel - 2.6.21.5).
* Wireless card compatibility has maximized, and injection patches applied wherever possible.
* Xorg configuration scripts have been improved.
* Updated exploit repositories, updated metasploit exploit framework and dependencies.
* Get BT3 final Kernel Sources

Backtrack Oracle



The following short tutorial explains how to do a (limited) pentest against Oracle (8.1.7.4 –
10.2.0.2). This tutorial will be extended in the future…
The following tutorial explains how to do an Oracle pentest with Backtrack 2.0. I want to
thank the entire Backtrack-Team for this great collection of security tools and Max for the
collaboration.
Nowadays there are many Oracle 10g databases around. Oracle did a good job (but not a
perfect) hardening the database out of the box. Most tutorials still describe how to break older
8i/9i databases. Most of the older tools are not working against the new 10g listener. We will
show how to connect to an Oracle database, decrypt Oracle passwords, hack the TNS listener
and escalate privileges.
Questions and comments are welcome.
Nov. 2006 - http://www.red-database-security.com 1 / 19


At a glance:
1. Find the Oracle database + port of the listener (with nmap/amap)
nmap –v
2. Get the version number of the database (with tnscmd)
tnscmd10g.pl version –h
3. Get the SID/servicename (with tnscmd or sidguess)
tnscmd10g.pl status –h (unprotected listener)
sidguess host= port= sidfile=sid.txt
4. Connect to the database (with sqlplus)
sqlplus user/password@//:/
5. Check the database for weak passwords(with checkpwd)
checkpwd user/password@//:/
default_password.txt
6. Hacking the TNS Listener with tnscmd10g.pl
7. Escalating Privileges via sqlplus
a. dbms_export_extension
b. more coming soon.

Computer vision





Computer vision is the science and technology of machines that see. As a scientific discipline, computer vision is concerned with the theory for building artificial systems that obtain information from images. The image data can take many forms, such as a video sequence, views from multiple cameras, or multi-dimensional data from a medical scanner.


As a technological discipline, computer vision seeks to apply the theories and models of computer vision to the construction of computer vision systems. Examples of applications of computer vision systems include systems for:

* Controlling processes (e.g. an industrial robot or an autonomous vehicle).
* Detecting events (e.g. for visual surveillance or people counting).
* Organizing information (e.g. for indexing databases of images and image sequences).
* Modeling objects or environments (e.g. industrial inspection, medical image analysis or topographical modeling).
* Interaction (e.g. as the input to a device for computer-human interaction).

Computer vision can also be described as a complement (but not necessarily the opposite) of biological vision. In biological vision, the visual perception of humans and various animals are studied, resulting in models of how these systems operate in terms of physiological processes. Computer vision, on the other hand, studies and describes artificial vision system that are implemented in software and/or hardware. Interdisciplinary exchange between biological and computer vision has proven increasingly fruitful for both fields.

Cascading Style Sheets

CSS is a stylesheet language used to describe the presentation of a document written in a markup language. Its most common application is to style web pages written in HTML and XHTML, but the language can be applied to any kind of XML document, including SVG and XUL.

CSS can be used locally by the readers of web pages to define colors, fonts, layout, and other aspects of document presentation. It is designed primarily to enable the separation of document content (written in HTML or a similar markup language) from document presentation (written in CSS). This separation can improve content accessibility, provide more flexibility and control in the specification of presentation characteristics, and reduce complexity and repetition in the structural content. CSS can also allow the same markup page to be presented in different styles for different rendering methods, such as on-screen, in print, by voice (when read out by a speech-based browser or screen reader) and on Braille-based, tactile devices. CSS specifies a priority scheme to determine which style rules apply if more than one rule matches against a particular element. In this so-called cascade, priorities or weights are calculated and assigned to rules, so that the results are predictable.

AJAX

An Ajax framework is a framework that helps to develop web applications that use Ajax, a collection of technologies used to build dynamic web pages on the client side. Data is read from the server or sent to the server by JavaScript requests. However, some processing at the server side may be required to handle requests, such as finding and storing the data. This is accomplished more easily with the use of a framework dedicated to process Ajax requests. The goal of the framework is to provide the Ajax engine described below and associated server and client-side functions.

Ajax component frameworks

These frameworks offer pre-built components, such as tabbed panes, which automatically create and manage their own HTML. Components are generally created via JavaScript or XML tags, or by adding special attributes to normal HTML elements. These frameworks are generally larger, and intended for web applications rather than web sites.

Some component frameworks require the developer to have extensive HTML/CSS/Ajax experience and to do cross-browser testing. For example, grids, tabs, and buttons may be provided, but user input forms are expected to be authored directly in HTML/CSS and manipulated via Ajax techniques. Other frameworks provide a complete component suite such that only general XML and/or JavaScript abilities are required.

Ajax component frameworks can enable more rapid development than direct Ajax frameworks, but with less control, hence it is key that an Ajax component framework provides the following:

* customization APIs, e.g., an event that fires when the user stops editing within a grid
* skinning facilities, where appearance can be changed without affecting behavior or layout
* programmatic control, e.g., dynamically adding tabs or dynamically creating components based on user data
* extensibility—creation of new components based on other components, so that the benefits of a component-based framework are not lost

XML

The Extensible Markup Language (XML) is a general-purpose specification for creating custom markup languages.[1] It is classified as an extensible language because it allows its users to define their own elements. Its primary purpose is to facilitate the sharing of structured data across different information systems, particularly via the Internet,[2] and it is used both to encode documents and to serialize data. In the latter context, it is comparable with other text-based serialization languages such as JSON and YAML.



It started as a simplified subset of the Standard Generalized Markup Language (SGML), and is designed to be relatively human-legible. By adding semantic constraints, application languages can be implemented in XML. These include XHTML,[4] RSS, MathML, GraphML, Scalable Vector Graphics, MusicXML, and thousands of others. Moreover, XML is sometimes used as the specification language for such application languages.
XML is recommended by the World Wide Web Consortium (W3C). It is a fee-free open standard. The recommendation specifies both the lexical grammar and the requirements for parsing.
To the new PHP programmer, XML is quite the mysterious thing. Recently I began writing a website that uses an XML template system, so I needed to find an easy way to parse my XML, and output it the way I needed it to be outputted. With PHP4 you have to build your own XML parser that will read and output your XML. So, with that idea I decided begin to explore PHP5, because of its simpleXML extensions.

Before jumping ahead and just building my parser, I knew that I’d have to replace elements in the XML document with data from my database; after all what would be the point of using XML for a template system if you couldn’t replace elements with your own data. So, keeping that in mind I know that I’d have to load each element of my XML document into a variable then send it through my own function to replace the things I need to replace, with the correct information. Now, let’s get started.

javascript

JavaScript is a scripting language most often used for client-side web development. It was the originating dialect of the ECMAScript standard. It is a dynamic, weakly typed, prototype-based language with first-class functions. JavaScript was influenced by many languages and was designed to look like Java, but be easier for non-programmers to work with.
Although best known for its use in websites (as client-side JavaScript), JavaScript is also used to enable scripting access to objects embedded in other applications (see below).


JavaScript, despite the name, is essentially unrelated to the Java programming language, although both have the common C syntax, and JavaScript copies many Java names and naming conventions. The language was originally named "LiveScript" but was renamed in a co-marketing deal between Netscape and Sun, in exchange for Netscape bundling Sun's Java runtime with their then-dominant browser. The key design principles within JavaScript are inherited from the Self programming language.
"JavaScript" is a trademark of Sun Microsystems. It was used under license for technology invented and implemented by Netscape Communications and current entities such as the Mozilla Foundation.
What is JavaScript?
JavaScript is Netscape's cross-platform, object-based scripting language for client and server applications. There are two types of JavaScript:
Navigator JavaScript, also called client-side JavaScript LiveWire JavaScript, also called server-side JavaScript JavaScript in Navigator
Netscape Navigator 2.0 (and later versions) can interpret JavaScript statements embedded in an HTML page. When Navigator requests such a page, the server sends the full content of the document, including HTML and JavaScript statements, over the network to the client. The Navigator then displays the HTML and executes the JavaScript, producing the results that the user sees. This process is illustrated in the following figure.