Thu 18 Mar 2010

Watch this video. Think before you post on Facebook. Specially for girls.

Precautions required if you want to be safe in this evil world.

Be Careful & Take Care...

 

======================================================================================================== 

========================================================================================================


To control your privacy that only the person you know can view your posts, photos, and other personal information, follow the following instructions

 Click on Account link on top right corner of facebook page. Then click on Privacy Settings, following page will be displayed.

 

Facebook+Privacy+2010+a.JPG

 

To set privacy settings of your personal information, click on Personal Information.

To set privacy setting of your contact information, click on Contact Information

 

Facebook+Privacy+2010+b.JPG

 

 

 

Set all drop down value to Only Friends by selecting it after click on the dropdown. So only your friends can see your personal / contact information.

 

Facebook+Privacy+2010+c.JPG

========================================================

 

Facebook+Privacy+2010+d.JPG

 

 

Hope this will help you to secure your personal information to some extent.


Be aware of the Evil World. Think before you post, any where, over the Internet

 

 

 

Categories : Thoughts / Lessons
E-mail this post to someone or Comments here
Mon 15 Mar 2010

This post posted by Vladimir Kuzin on 15th Oct 2009. For Quick reference posted here.

Few weeks ago I was working on project which required data to be encrypted using C# and then decrypted using JavaScript. In my case JavaScript was an internal scripting language, which wasn’t exposed to public so I didn’t have to worry about people accessing encryption keys. Project objective was to encode parameter in URL preventing users from substituting it with sequential numbers.

Research:

At first I’ve decided to use symmetric algorithm and looked online for available JavaScript libraries. In my search I’ve found few AES libraries to choose form. After further analysis it was determined that most people had good luck with slowAES, and I’ve attempted to implement it. After spending some time I was unable to decrypt any data encoded with RijndaelManaged class in C#. Since I had to find solution fast I’ve moved on.

Next I’ve decided to try asymmetric encryption algorithm, and after quick research I went with RSA. After downloading most popular RSA library for JavaScript I’ve run into several issues with its implementation. I was able to use C# to decode everything what was encoded in JavaScript, but it didn’t work when data was flowing in opposite direction. After looking into the issue it appeared that JavaScript library was missing padding, however using patched versionof the library didn’t help.

Solution:

Due to lack of time I’ve decided to use simpler encryption algorithm and went with RC4. After downloading RC4 JavaScriptlibrary I’ve got it to work within minutes. Since there is no such thing as RC4 cryptographic provider in the Security.Cryptography namespace I had to use open source RC4 library.

After encrypting data I’ve also converted it to hex (base 16) in the same way as it was done on the JavaScript RC4 demo page.

Encrypting URL parameter with RC4 didn’t completely meet the objective, since it still was possible for users to use sequential numbers. Take a look at example of encrypted data below:

Input Output
10001 49845da1c0
10002  49845da1c3

Notice that only last digit of the encrypted data has changed, therefore substituting it with sequential numbers will cause an issue. To solve this I’ve added random prefix and suffix blocks to data before encrypting. Prefix and suffix blocks consisted from random letters and were anywhere between 10 and 25 characters in length. Now data looked like this:

Input:
JQNLAZXAHHSHMIL;10001;GURUOTCBBNHDCZUNFXIGKP
Output:
32e523ddb00fbf2465002bc1b4251dd12876677d47d6a 6a3101a68517dfb6a86fa525139300d65225e365a38

Every time encrypted value is changing, since it’s generated from new random data. After transferring and decrypting this data on the JavaScript side I’ve spited string by semicolon to get the actual parameter value.

I am sure there are different and possibly better solutions somewhere out there, but this one worked for my client and was implemented within a small project budget.

This is post is from original Post @ vkuzin.com/post/Passing-encrypted-data-between-C-and-JavaScript.aspx

 

Tags: , ,
E-mail this post to someone or Comments (3)