This is how i get free access to ACM Portal, A Security Hole

Yes, its true! I got free access to ACM Portal from a network which is not subscribed. This Portal will allow us to view the abstract of desired paper. But if we want to download the paper we must either have membership account with ACM or our network must be subscribed as most of the educational organizations do. Failing the 2 options we cant get access to download the paper(through the acm portal).

Till now, me and my friends have an illusion that the requests are tracked based on the IP address and if the IP address is not in the subscription list, it would be treated as normal request. But it may not be true. When I type a paper title in google search and selects a result link which is targeted to acm portal, i can get access to the acm portal page as a genuine user from Google, Inc, and can download the desired paper. It gives us full access as a subscribed user. I tested with Firefox and Konqueror browsers and friends working in other companies are tested on windows IE as well. Its only possible with google search, but not with other search engines like Yahoo Search, ASk.

Observe some of the screenshots I got through while experimenting. Sometimes its showing Google,Inc; sometimes CILEA Consortium; and sometimes FUJITSU Ltd. I guess its a security hole. And one more thing is that the search result must contain CFID and CFTOKEN. May be these two attributes are the driving factors for me to get access. Try the Sample search. Select the result which is pointing to acm portal (It would be in the first 10 entries). When i search for those two variables, i came to know that CFID and CFTOKEN are the ColdFusion session variables. They are used to track the user's browser session. By default, all ColdFusion versions write CFID and CFTOKEN as persistent cookies in the client browser. An important security note is: Coding sensitive data such asCFID and CFTOKEN in the URL string is a security risk. Even though they are designed as per-session cookies, its still possible for us to access with Google search.

I am still wondering why its only possible with Google Search and not with any other search engines. May be I need to dig into ColdFusion programming.

Update:
Seems Google Search is not providing such results. But this link would directly allow you to access acm portal under the 'Google Inc' network. The reason is, as i said earlier, the query result should include the CFID and CFTOKEN arguments.

Am i a Dreamer????

Am i a dreamer???, as the title of this post asks, i came across this questions many times, but i eventually supressed that thought upon doing the things and converting my self into a do-er, rather than dreamer.

Few days back, i been to read an article in Times of India, a survey that dwells about the qualities of planner / do-er/ dreamer. According to the survey, a Planner is one who like to have everything in order and spend hours before making decision. A Doer is one who takes the things as they come into and go ahead. But a Dreamer is one who do more planning than doing. The dreamer is one who spent much of his time planning, rather to fail (or lag) at implementation, and a bit idealist and want things to be done perfectly.

But my conception of Dreamer is one who can think of an idea, and plan it for implementation (i mean, a perfect plan), and go ahead with it. A dreamer can only lead the world!. A goal is a dream with a deadline, according to the author, An idea without at least some element of absurdity is not worth further consideration. Small businesses don't grow bigger without a dreamer, planner, risk taker, and doer. Enterprenuer is one who is more a dreamer in addition who can plan, take risks and implement. Today world is renovating more with dreamers, so the start-up boom. Without Dreams, you can not set a goal, without goal, you cannot plan, without plan, you cannot control, and without control you cannot manage either yourself or others. So i continue dreaming...!

temp2.exe (irc.momma worm) - How i got to remove it successfully

temp2.exe and/or temp1.exe, both these two viruses irritated me for some time yesterday. While i was copying some files using flash drive, my machine got to threaten of this virus. Some anti viruses treated it as worm, though it harms seriously. Mainly it deteriorates the data flow. So its related to network security. I clearly came to evidence that temp2.exe and temp1.exe are running on my system and until i ended them, i cant be able to detach the removable devices. In addition, when i tried to open other windows partitions, they are opened as new window, even though i havnt used that option. I addition it adds autorun option in the context menu explorer.

When i digg into the details, i came to know much about the virus, how its working, and all. If we are copying from infected machine, this virus puts three files along with the data into the disk.
They are: copy.exe, host.exe and autorun.inf
autorun.inf file contains only two lines.

[autorun]
open=copy.exe

when we open the infected disk, autorun will invokes and virus starts acting by running the copy.exe file. It creates a dump of above three files in root directory of each partition and make a copy of copy.exe in system32 directory. Also a copy of temp1.exe and temp2.exe wlould be kept in system32. Along with it corrupts the xcopy.exe and svchost.exe files in system32.exe. It also kept registry entry.

Steps to remove the virus:
So to remove the virus one has to be careful. First off the system restore monitoring. Then delete the three-files from root directory of each partition. Also remove copy.exe, xcopy.exe, temp1.exe, temp2.exe and svchost.exe from system32 directory. And the remaining is deleting the entries in registry. So to do that search in the registry for each of the file entries and manually delete them. After that restart your machine. So u will be out of that little dragon. a old copy of svchost.exe and xcopy.exe will be written back into your machine.

To check whether the virus got cleared or not, by observing the file properties of these two files. They must indicate the company info as 'Microsoft Corporation...'. If they are not from microsoft corporation, and anything which are residing in system32 directory must be from microsoft, else u can suspect of a malicious entry. After successful removal of the virus, u can continue by checking the system restore monitoring.