MangalMan's Perspective.

Apparently auto run was still running even if users disabled it through registry method or from gpedit. Finally though after a report from us-cert(Computer Emergency Readiness Team) highlighted this issue after this was successfully exploited by recently most talked about network aware worm called conflicker aka Downadup aka kido.

I am quoting us-cert statement here.

“The Autorun and NoDriveTypeAutorun registry values are both ineffective for fully disabling AutoRun capabilities on Microsoft Windows systems. Setting the Autorun registry value to 0 will not prevent newly connected devices from automatically running code specified in the Autorun.inf file. It will, however, disable Media Change Notification (MCN) messages, which may prevent Windows from detecting when a CD or DVD is changed. According to Microsoft, setting the NoDriveTypeAutorun registry value to 0xFF "disables Autoplay on all types of drives." Even with this value set, Windows may execute arbitrary code when the user clicks the icon for the device in Windows Explorer.”

What do you do then? One might ask. Well you download this reg file here and double click for XP.And then restart the computer.

For Vista

• Go to Windows Menu - All Programs - Accessories.
• Right-click on "Command Prompt" and choose "Run as Administrator".
• At the Command Prompt, run "regedit".
• In the Registry Editor program, go to File - Import, and open the noautorun.reg file you just downloaded . You should get a confirmation that the file was imported.Now close the registry editor.
• Restart the computer!

What does this have inside?

It has the following lines

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

This i kinda temporary fix. No don’t thank me for this one thank Nick Brown and his pal instead.

What will it do?

It will disable the autorun for good.

Why is my cd not running automatically after i do this ?

Hmmmmmm you tell me…

You might want to follow official channel advice. If that is the case you need to download a patch KB953252 from microsoft website and follow their advice. If you are stuck in a XP box (may be that is good!!!???!!%@#^) that is.

After installing this patch NoDriveTypeAutorun should work the way it is supposed to work.If you are unsure whether you have the patch installed in your computer then I can help check here. It will tell you if or not you have it installed.

Not much to say about this you have to actually follow the link to experience it for yourself and judge for yourself if this one is the worlds most annoying website.

http://home.comcast.net/~wolfand/


Warning:Do this if you have a bit of time to spare and don't forget to give comment.

I have been so frustrated not being able to download from the rapidshare site for so long. Various tricks were working before the major update by rapidshare people. But after the update nothing worked.The damn cat and dog thing was so evil.It was a evil trick to ward off the free users. Make there experience so worst that they won't try there hand at it any more and buy the premium account.But no more guys there seems to be a way to get around the catchpa and the download limit thing as for now.There is a program called cryptloader.New update of this program does the magic

"CryptLoad is a free software that can download from RapidShare as a free user as if they were a premium user. There is no need to wait to continue downloading the next file and also there is no need to enter the confusing CAPTCHA codes as it is recognized and entered automatically."

quoting Raymond's blog.

Download CryptLoad form here

People still use Internet Explorer heavily to surf the net.So i think this is useful.This runonce thing appears first time you try surfing internet using Internet explorer and also every time You change the setting of your internet explorer browser from tools>Internet Options >Advance Tab.The real reason behind Runonce page is to let you customize some settings like choosing default search provider,Enabling or disabling auto phishing filter and so on.

If one does not complete the runonce customization page it will load every time until you do that and regardless of what your IE homepage is set to.Which can be annoying at times.The tool i have created solves this problem.Just download unzip to a folder and double click NoRunOnceIE.exe



I just created this taking cues from http://raymond.cc/blog.
Download RunOnceRemover

I just compiled something to kill kinza/isetup.The batch file solutions floating around in the web did not completely clean the virus.So i thought why not to write something.So i did.You can get it from bottom of this post.

I did a bit of research into how this particular virus acted.Apparently there are at least 3 known variant of this virus in the wild.Anti Virus programs detect only a portion of its installed or rather implanted files.Also they don't reverse the registry key changes.

In my case some memory corruption was also observed because of this virus in ctfmon.exe and explorer.exe processes.
I got messages like

"The instruction at "0*00a4143d" referenced memory at "0*00a4143d".The
memory could not be read ".

Whenever i wanted to shutdown.Clicking ok did let me shutdown though.

Warning:(This needs restart)

You have to run this AntiKinza file twice to completely get rid of the virus if you are running in Normal mode.In the first run you will have to restart your computer.Second run won't need
restart.Run this in safe mode to remove the virus without restart.

Please save all your important documents and file and close all the running applications before running this program.
I won't be responsible for any damages caused by your actions.

Read carefully.
Steps to be followed.(important:-Follow Step no.5 strictly in normal mode)

1)Double click AntiKinza.exe
You will be presented with this prompt.


2)Click OK if you're done as it says.

3)Second prompt tells you wheather or not your computer has the virus in your system

Click Yes if you want to clean it.Click No to exit.If Your computer does not have virus then another prompt will show up telling you that you don't have virus and if you want to disable your autorun feature?



Clicking here will disable autorun.Which is a recommended thing to do.Because increasing number of the viruses are resorting to use this path to get into your computer.

4)If you computer has virus and if you click yes in step 3) Virus cleaning willstart.

5)Next prompt will ask you if you are running antikinza for the first time in Normal mode.If this is the case click Yes.This will restart your computer.After restart you will have to run the antikinza one more time to completely remove kinza/isetup if you running it from Normal mode. Click no if you are running antikinza for the second time in normal mode.



6)Running antikinza from the safe mode would completely get you rid of thevirus in one run.Click No if you are running antikinza from safe mode.


Your IE homepage will be set to back2mangalman.blogspot.com if you agree to run this program.Do you think i should be hanged for doing this? Please comment.I had to spend
a lots of time come up with this.

Today i went to a cyber for some work.I could not find firefox so i installed it well sort of tried to but the thing went haywire.Messege box appeared out of nowhere and started to scream that i was not allowed to run mozilla firefox.


Extact text was " USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA BUT USE IE `r OR ELSE... "


It would not close even if i try to.So i fired up the process explorer and noticed two processes named svchost.exe .The legitimate svchost.exe do not run like that so i killed both the processes and the firefox installed like butter.I found it quite funny so i decided to investigate on the subject at home.Reaching home i disabled my nod32 antivirus and then plugged in my pen device sure enough there was a hidden file named MicrosoftPowerPoint.exe and a autorun.inf in it.


I was about to deleberately infect my computer with this malware.I don't have any important file that if computer crashes would kill me. Don't try to infect yourself just because i did.

When i double clicked the MicrosostPowerPoint.exe it immiditely changed to svchost.exe.Ahha these were the ones i killed back at the cyber cafe.Lets see what else do they do.


It creates a folder named MicrosostPowerPoint in %temp% folder.Folder contained six files.Namely


2.mp3
drivelist.txt
Install.txt
Icon.ico
pathlist.txt
svchost.exe


Also it created a folder named heap41a in the c drive.This folder had the following files


drivelist.txt
2.mp3
Icon.ico
script1.txt
reproduce.txt
std.txt
drivelist.txt
svchost.exe


and a folder offspring in it file
autorun.inf
MicrosoftPowerPoint.exe exist.


What does it do?


It runs in the background as two svchost.exe process using your 2.2 Mb of memory.You can see them in action using Task Manager as it shows up as user initiated s vchost.exe processes.It scans for removable drives to reproduce.Changes three registry entries


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\Run\winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\Run\status
HKLM\Software\Microsoft\Windows\CurrentVersion\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL\checkedvalue


When one tries to run firefox it displays error messege saying USE INT ERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA BUT USE IE `r OR ELSE... with evil laugh and then terminates the firefox.


Also when you try to open youtube or orkut it says "ORKUT/youtube IS BANNED,Orkut/youtube is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!" this with same evil laugh and closes the Internet Explorer.


Now steps to get rid of it (Solution).


1)Open task manager/process explorer


2)Click Processes tab in task manager.


3)Look under Image name for svchost.exe with User Name user
and not the ones with SYSTEM/Network Service/Local Service as User Name
and terminate those 2 processes.


4)If you don't get no 3 download process explorer unzip it open it look for pair of svchost.exe with AutoHotKey in description section (pink ones in the picture.)





5)open regedit.exe from run and navigate to


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curren tVersion\policies\Explorer\Run\winlogon


right click winlogon and click delete also look for the entry named status and delete it as well.


6)Navigate to
HKLM\Software\Microsoft\Windows\CurrentVersion\CurrentVersion\Explorer\Advanced\
Folder\Hidden\SHOWALL\checkedvalue


right click the checkedvalue click modify and change the value from 0 to1.


7)Open My computer->Tools->Folder Options click View tab look for Hidden Files and folders click Show hidden files and folders radio button uncheck Hide extensions for known file types also uncheck Hide protected operating system files (Recommended) click apply and ok.


8)Don't double click your drives to so that the autorun.inf won't execute.Instead use start menu->run->type c: and click enter.


9)delete the folder named heap41a


10)type %temp% in start menu->run and hit enter then delete folder named MicrosoftPowerPoint


11)It is a good idea to disable the autorun feature altogether
do this by copy pasting line below saving it as whatever.reg and than double clicking it.


REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"


12)Look for and delete autorun.inf and MicrosoftPowerPoint.exe from all your pen/flash drives.


This particular malware seems to be created using AutoHotKey.

Some goon changed a line or two of a virusremoval.vbs script the infamous suijn script and made this a new one shyam.com.np. It had been on the circulation from probably few months though i was not aware of it.

Following are the changed lines in the script by this goon.

'Program developed by
'Shyam Uprety
'http://shyam. com.np
'shyamuprety@gmail.com

Shells.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Main\StartPage","http://shyam.com.np/"


Good news is my antisujin tool seeks and destroys this shyam.com.np thing.No more resource hijacking.Get rid of this browser hijack. Password is back2mangalman

Your home page will be changed to my blog which is totally reversible from Internet Explorer's properties.Some people might complain i do this but i had to put something other than sujin.com.np or in this case shyam.com.np. Would you be happy if i place google.com or yahoo or msn there? But i think that these are empires why should i be promoting internet empires?

Instead i choose to promote my individual no value blog. Love me or hate me just trying to help.I don't earn big buck from my blog.

And i would like to thank kingshuk for the comment here. For it made me investigate the problem.

Update:Even safyway.blogspot.com is the same thing get it removed from here.

I have been asked this question several times so a post had to be pushed for this. I must warn you people that editing registry has some risk involved so be sure about what you are doing before middling with the registry stuff.

Click start menu then run now type regedit and hit enter.
Navigate to this place

HKEY_CURRENT_USER -->Software -->Microsoft -->Internet Explorer -->Main

Look at right pane for "Window Title".Right click it and then click "modify"
This will present you with a box.You can enter what ever you want there and hit ok. This would change your Internet Explorers windows title to what ever you just typed in.

or alternatively you can press Ctrl+F once the registry Editor opens and type "Windows Title" without quote and then right click and modify it.




In case you are not able to open Registry Editor and you end up with the
message which says "Registry editing has been disabled by your administrator"
then either you have logged on from an account which does not have administrative privilege or your computer has some form of malware running.

Third possibliity would be that your computer might have had contracted a malware and cleaned but the changed brought by the malware persists.

Because i have been encountering a lots of computers with this virus these days i am compelled to write about it.I beg for your pardon for this one is not as organized as i would have liked it to be.

If you notice change in your pendrive or flash cards icon from the normal one to the one that resembles the "explorer.exe" or the "My computer" then you are infected with the virus. Ok lets get started.

It is a good idea to clean up temp files and turn off system restore for a while. I use ccleaner

If you have the virus running you won't be able to use task manager so i would recommend a download called process explorer and autoruns .Both are safe apps from sysinternals now accquired by microsoft.Just google search for it here on the box.

Extract it from zip file and double click "procexp.exe" .Now we will kill some processes.
Look for "wscript.exe" and right click then click kill process tree.kill any of these processes below if they are running just like you killed wscript.exe.

Very interesting xss injection in search feature of our very own trusted website
ntc.net.np which if you are dumb enough this can make you divulge your hotmail address and password. This is a complete rip off from nepali security google group. I am in no way the author of this particular exploit.

Just reporting the issue.This particular example highlights the need of awareness about xss amongst internet users.

click to see the xss at work.

If you people want to play safe please download firefox browser to surf the
internet and then install a extension to your browser called "noscript".One can
never expect 100% safety in online world but this move will make you
considerably safer and you won't regret it i promise.

You can download this addon either from extensions page from mozillla
http://en-us.add-ons.mozilla.com/en-US/firefox/2.0.0.14/extensions/
or from http://noscript.net.Its a freeware and will stop the xss injected link if the authentic looking link tries to trick you.

here goes the link to see what you have entered.

After a lot of delays the much talked about adsl service from Nepal Telecom has finally been started from today. The price of internet in Nepal can only go down from this point onwards. Very good news for everyone who have been paying unreasonably high price for the service till date.

You can get and fill up the form here.They will charge you Rs 500 as activation charge.
Lets do a quick price analysis.They have initially rolled out 2 data schemes.The first one at 128kbps and another one 256kbps.128kbps would be charged at Rs900 per month in prepaid basis the the other one at RS1500 this is excluding taxes.Now lets tax them to know the actual price a customer has to pay.

Rs900+900*10%=Rs990 (10% TSC)
Rs990+990*13%=Rs 1118(13% VAT)

This is my initial guess. I might be wrong here.Can anyone confirm?

Noticed something funny? Yes Nepal Telecom taxes the tax.First they tax you 10% TSC add it up and then again Tax the sum with 13% VAT.
You work out the second ones price.
Besides this price every adsl customer has to do a initial investment on buying adsl modem(ATU-R) the customer premises equipment and the splitter. I have no idea about these equipments local market price.Any idea?

Some very related and relevant links you guys might want to explorer
http://back2mangalman.blogspot.com/2008/03/nepal-telecom-says-adsl-coming-soon.html
http://back2mangalman.blogspot.com/2008/03/adsl2-what-is-fuss-about.html
http://back2mangalman.blogspot.com/2008/03/general-knowledge-about-dsl-and-adsl-in.html

Use the following information wisely. The information i am about to share is related to sms bombing hapless and clueless Nepal Telecom SIM card holder. Don't over do it.This is not my original. Passed on to me by my friend this information has been in forum for quite a long time.
Ok the link goes like this
http://crbt.ntc.net.np/colorring/randompwd.action?usernumber=9841XXXXXX&colorringtype=0

All you people have to do is copy paste the link in your browser, replace the XXXXXX with the desired ntc number hit enter and hit F5. 1min of pressing would yeild about 200 sms to the victim. If your connection is broadband then victim will get more than 700 SMS. Not good is it.

I have always wanted to try linux for a change. I came to know about ubuntu from my friend Shital. He told me that ubuntu comes free. They even ship it free yes you heard me right totally free. I asked him to get me some and some he did. Back then Ubuntu used to come as 2 cds. First one was leveled live cd and second was installation cd. I did not have any idea about which way is up back then. So tentatively inserted the live cd on to my cd player and let it boot. Because it was the first time ever i was getting something other that XP run in my box i was completely at sea.Fiddled around with the menus and nothing more. After few months of inactivity i thought what the hell and i installed it. I duel booted both the ubuntu and XP. But i never got the hang of this thing called ubuntu. After few days I wiped the partition out using partition magic. And that was it then. I did not know nor did i wanted to know how to fix the grub thing though and ended up wiping the whole Hard disk and reinstalling XP again. To be fair this adventure ended due to my lack of interest to learn.

This time around I have a Hard disk that is disintegrating by the day and I got hold of a new Ubuntu 7.10 cd in my hand.A perfect recipe i guess but there was a little problem. With the time my box has grown a few years old lost its youth days. I wondered if i could get this new one linux distro to mate my old pal box. Some Viagra yeah that was the answer to my problem a dose of viagra but can u buy one with empty pocket? Viagra in this case would be increment of memory in the slot. I have a 256Mb of ram but the cd says

"To use the live Cd, you must have a PC with at least 384MB of RAM. To install Ubuntu, you should have at least 4 GB of disk space."

I put the cd in and booted but this led to nowhere blank screen for 10 minutes and i got impatient and pressed the reset button. Tried it again and again after few more trials a finally got into the ubuntu desktop.Tried to install but everything was so slow.I then turned to google for the help(had to switch back to my XP installed hard disk).Typed in "installing ubuntu in a low ram machine" and hit the jackpot. The first article talked about how creating a swap partition in the pen drive would solve this porblem. Well i will try to explain what i did to get the ubuntu running.

First of all I booted from the CD and then inserted my pendrive into the usb port. Soon my pendrive was shown in the desktop.

Then i pressed Ctrl+Alt+F1 to get to the command line environment.

After that i become root by typing "sudo su -" without quote and with space.

You can type "free" without quote to view your memory and "mount" to view which drives are mounted.

Then I create a 200MB file on the USB stick:(Here MangalMan is the name of my drive change it to your drives name)

cd /media/MangalMan

dd if=/dev/zero of=swap bs=1M count=200

After that I turn this file into swap by typing

mkswap swap

And finally activate it by typing

swapon swap

here if you type "free" again you will notice addition of swap space.

I pressed Ctrl+Alt+F7 to get back to the Desktop and then double clicked the install icon the installation went without a hitch this time.Now I am using Ubuntu as operating system these days. There are limitations because of my low ram. I can't change the visual effect to aesthetically pleasing one that is perfectly all right for me though. Next in my priority is to get my existing modem to work with Ubuntu system. I have made it work with my netodragon (smlink chipset) but the connection gets disrupted way too often. I don't think this is because of the drivers rather it might be because my ISP does not like ubuntu to be connected to their server.

Having been reading many a posts about page rank few things i have learnt.I don't get a heavy traffic at my blog and yet my pagerank is 4 this implies that bigger traffic=! higher pagerank.

I am a lazy blogger laziest of all i can bet n this one.I don't update my blog as often as others.

Oh google please strip me off this rank i totally don't deserve this. Oh google the robinhood of the mordern world plz feed all is pageranks to poorest of poors. Oh google give it away to the ones not being able to put their hand on their mouth.

I read once in a book a story about a beautiful princess who threw away the flower she so loved to a poor chap who was so poor so hungry.I want to be that princess.

हामी मध्ये धेरै घरबाट इन्टरनेट प्रयोग गर्नेहरु कम्प्युटरमा रहेको मोडेम मार्फत टेलिफोन बाट इन्टरनेट सेवा प्रदायकले दिएको नंबरमा डायल गरी यो सेवा लिने गर्दछौं। यसरी गरीने इन्टरनेट प्रयोगलाई हामी डायल अप इन्टरनेटको नामले चिन्दछौं। यस प्रविधीलाई इन्टरनेट सेवा प्राप्‍तीको सबै भन्दा सरल विकल्पको रुपमा लिइन्छ।

सुचना प्रविधीको तीब्र विकास सँगै इन्टरनेटमा ठूलो परीणाममा डाटा,भ्वाइसको साथै भिडियो आदानप्रदान हुन थालेको छ। तर यी कुराहरुको लागि इन्टरनेट सेवा द्रुत हुनु आवश्यक हुन्छ। जुन कुरा डायल अप इन्टरनेट मार्फत सम्भव छैन। डायल अप इन्टरनेटबाट हामीले बढिमा ५६ kbps सम्मको गतिमा इन्टरनेट चलाऊन सक्छौं। kbps इन्टरनेटको गति नाप्न प्रयोग गरिने एकाई हो जसको पुरा रुप किलोबिट्स प्रति सेकेन्ड भन्ने हुन्छ। त्यसैले हामीले यस प्रविधी मार्फत इन्टरनेट चलाउँदा सामान्य वेबपेज हेर्न बाहेक अन्य काम गर्न ज्यादै ढिलो हुन्छ। झट्ट हेर्दा सस्तो देखिए पनि डायल अप इन्टरनेट यसमा जोडिने टेलिफोन खर्चको कारणले महँगो पर्न जान्छ। हुनत हामी कहाँ नेपाल टेलिकमले इन्टरनेट सेवा प्रदायकले दिएको ५ अङ्कको टेलिफोन नंबरमा इन्टरनेट कनेक्सनको लागि कल गर्दा अरु बेला ४ मिनेटको एक कल र राति १० बजे पछि ८ मिनेटको एक कल रजिस्टर हुने व्यवस्था मिलाएको छ। हालको दिनमा यसलाई बढाएर ६ र १० बनाउने तर्फ नेपाल टेलिकमले गृहकार्य गरी रहेको कुरा विभिन्न पत्रपत्रिका मार्फत बाहिर आएको छ। तर यसले पनि डायल अप इन्टरनेट सेवालाई त्यति सस्तो बनाउने देखिदैन। देशमा सुचना प्रबिधिको विकासका लागि इन्टरनेट सेवाको स्तर र पहुँच दुबैलाई बढाउनै पर्छ।

इन्टरनेट सेवाको स्तर र पहुँच बढाउनका लागि बिश्‍वमा प्रयोग भईरहेका प्रविधी मध्येको एक डि यस एल (DSL)प्रविधीको हामी चर्चा गर्न जाँदै छौं। DSL प्रविधीलाई हामी साधारण टेलिफोनको तार मार्फत डिजिटल डाटा आदानप्रदान गर्न सकिने प्रविधीका रुपमा बुझ्‍छौं।DSL को पु्रा रुप digital subscriber line or loop भन्ने हुन्छ। साधारण टेलिफोन लाईनमा एक जोडा तामाको तार हुने कुरा त हामीले देख्दै आइरहेका छौं। यिनै तार मार्फत हामीले बोलेका कुराहरु एक ठाउँबाट आर्को ठाउँ सम्म पुग्ने गर्दछ। यस तारमा हाम्रो आवाजका अतिरीक्त डाटा तथा भिडियो पनि आदानप्रदान हुन सक्दछ। DSL प्रविधीले साधारण टेलिफोनको यसै बिशेषताको उपयोग गरेर काम गर्छ। साधारण टेलिफोनलाई POTS (plain old telephone service) को नामले पनि चिनिन्छ। POTS मा ० देखि ३,४०० hertz को फ्रिक्वेन्सीको उपयोग आवाज आदानप्रदानको लागि हुन्छ। यसलाई मानिसले स्पष्‍ट सुन्न सक्ने आवाज को फ्रिक्वेन्सी ठानिन्छ। तर तामाको तारमा यो भन्दा धेरै बढि फ्रिक्वेन्सी प्रयोग बिहिनरुपमा रहिरहेको हुन्छ। पहिले टेलिफोन कम्पनीहरुले ती फ्रिक्वेन्सी प्रयोग नगर्नुको मुख्य कारण प्रविधीको महँगो हुनु थियो। प्रविधीमा भएको विकासको कारण यी समस्याको समाधान निस्किसकेको छ।DSL प्रविधी प्रयोग गरि इन्टरनेट चलाउँदा टेलिफोन कल महसुल लाग्दैन मात्र टेलिफोन कम्पनिले तोकेको मासिक महसुल तिरे पुग्छ।DSL प्रविधीका लागि प्रयोग कर्ताको कम्प्युटर DSL modem मार्फत टेलिफोन कम्पनिको कार्यलयको DSLAM (Digital Subscriber Line Access Multiplexer) सँग जोडिएको हुनु पर्छ। DSL modem ले डायल अप मोडेमले जस्तो modulation/demodulation सिग्नललाई डिजिटलबाट एनालग र एनालगबाट डिजिटल मा लग्ने काम गर्देन यसले कनेक्सनको लागि DSLAM सँग काम गर्छ। त्यसैले पनि DSL modem लाई टेलिफोन कम्पनिका ईन्जिनियरहरुले ATU-R(ADSL Transceiver Unit - Remote) को नामले चिन्दछन्। DSL को प्रयोग गरि इन्टरनेट चलाउन तथा टेलिफोन पनि रिसिभ गर्नको लागि splitter अथवा filter को प्रयोग गर्नु पर्दछ। यिनको काम आवाजको फ्रिक्वेन्सीलाई अन्यबाट छ्ट्याउनु हुन्छ। यसो नगरे DSL को स्तर कम हुनुको साथै टेलिफोन रिसिभ पनि गर्न सकिदैन। DSL को कनेक्सन स्पिड १२८ kbps देखि लिएर २४ mbps सम्मको हुन्छ।

DSL प्रविधीको सुरूवात विशेषत अमेरिकामा केबल इन्टरनेटको प्रतिस्पर्धीको रुपमा भएको पाइन्छ। केबल इन्टरनेटमा जस्तो प्रयोगकर्ता थपिदैं जाँदा DSL प्रविधी को इन्टरनेटको गति कम हुदैन। त्यसैले पनि DSL प्रविधीको लोकप्रियता बढ्दै गएको हो। तर DSL प्रविधीको नकारात्मक पक्ष पनि छ। DSL प्रविधीको इन्टरनेट गति DSLAM देखि DSL modem सम्मको दूरीमा भर पर्छ। अर्थात यो दूरी बढ्दै जाँदा गति घट्दै जान्छ।

DSL प्रविधीका पनि विभिन्न प्रकारहरु छन्। ती मध्य मुख्य निम्न छन्।

1)HDSL(high data rate DSL)

2)ADSL(Asymmetric DSL)

3)SDSL(Symmetric DSL)

4)VDSL(Very high bit rate DSL)

HDSL र SDSL प्रविधी हाल त्यति धेरै प्रचलनमा नभएको कारण यहाँ ADSL र VDSL प्रबिधिको मात्र चर्चा गर्ने जमर्को गर्दैछु।

ADSL:-
ADSL को पुरा रुप Asymmetric digital subscriber line भन्ने हुन्छ। यस खालको DSL को download speed upload speed भन्दा धेरै हुन्छ। यस प्रविधी बाट आवाज,डाटा र भिडियो सबै आदानप्रदान गर्न सकिन्छ। हालका दिनमा ADSL प्रविधीको लोकप्रियता संसार भर बढ्दै गएको पाइन्छ। ब्रिटेनको टेलिफोन कम्पनी BT ,भारतको टेलिफोन कम्पनी BSNL यस प्रविधी को प्रयोग गर्ने कम्पनीका उदाहरण हुन्।छिमेकी देश भारतमा Data One को नामले २ mbps गतिको इन्टरनेट ४०० नेपाली रुपैंया प्रति महिनाको दरमा उपलब्ध हुन थालेको छ। हालका दिनमा ADSL प्रबिधीमा पनि अझै बिकाशको हुदै यसको गति र कभर गर्न सक्ने दूरी दूबै मा बृद्धि भएको छ। जसलाई ADSL2+ को नामले चिनिन्छ। ADSL2+ भने ADSL कै बिकसित रुप हो। गुणात्मक हिसाबले हेर्ने हो भने ADSL2+ ADSL भन्दा ३ गुणा छिटो हुन्छ र यसले धेरै दुरी सम्म काम दिन्छ।

हालका दिनमा नेपाल टेलिकमले पनि ADSL2+ प्रविधीको प्रयोग गरी देश भर broadband internet इन्टरनेट सुबिधा पुर्‍याउन लागेको कुरा बाहिर आएको छ। साधारणतया२५६ kbps भन्दा माथिको कनेक्सन स्पिडको इन्टरनेटलाई broadband internet भनिन्छ। ADSL modem को मुल्य भने त्यति सस्तो छैन। बिकल्पका रुपमा टेलिकमले ग्राहकहरुलाई modem भाडामा उपल्ब्ध गराउन सक्ने देखिन्छ।

VDSL:-

VDSL फाइबर अप्‍टिक्समा आधारित DSL प्रविधी हो।फाइबर अप्‍टिक्स केबुलको मुल्यमा आएको कमी र यसका विशेषताहरुका कारणले गर्दा विश्‍व कतिपय देशका टेलिफोन कम्पनिहरु तामाको तारलाई बिस्तारै फाइबर अप्‍टिक्सले फेर्‍दैछन्। ADSL मा प्रयोग हुने उपकरणहरुले फाइबर अप्‍टिक्समा काम गर्न सक्दैन्न। त्यसैले यो नयाँ प्रविधीको खाँचो आइपरेको हो। यो प्रबिधी मा १६ mbps सम्म upload र ५४ mbps सम्म download हुन्छ।

भिडियो अनडिमान्ड जस्तो सुबिधा उपयोगका लागि चहिने इन्टरनेटको गति यो प्रबिधीबाट सजिलै पाउँन सकिन्छ। यो प्रविधी हाल सम्म महँगो भएका कारणले केहि सिमित ठाँमा मात्र यसको उपयोग भइरहेको हामी पाउँछौं।

(also published in yuvamanch few months ago re-published here with some edit)

Nepal telecom is deploying ADSL2+ shortly. Dial up is bad. It is expensive. It is slow. Surfing the net in dial up is getting increasingly difficult as the amount of data to be downloaded while doing so is increasing. Try watching a youtube video off a dial up connection and you will the get the idea. ADSL is Asymmetric Digital Subscribers Line over the loop. That means we can get this type of connection over our normal telephone line. Our telephone line has a pair of copper wire underneath the plastic cover. Our telephone line is also known as POTS as in Plain old telephone service. This POTS uses 0 to 3400 hertz of frequency range to exchange voice over the wire. However copper wire has lots of frequency left unused in it. In ADSL this unused frequency is deployed to carry the data. With an ADSL modem in place one can use the telephone as well as internet at the same time.

I have taken this picture from Nepal telecom's website

Asymmetry means the downstream data rate in this type of connection is far greater that the upstream data rate that means one can download stuffs from internet in much faster pace than one can upload say pictures or videos. All the DSL systems have had this problem of being distance dependent though. As the distance between telecom switching station and customer grows the quality of connection degrades. The difference between cable and ADSL is that cable does not have that problem. However with ADSL you can get dedicated connection directly from the switching station and the quality of connection is always maintained by the DSLAM device at telecom office end and the Customer premises device (ATU-R). Internet Service providers offering cable internet most of the times divide the whole connection amongst several users assuming that no single user uses all the bandwidth allocated. So 128 Kbit/sec internet connections are not actually as they say it is. ADSL2+ is latest ADSL technology increasing the capability. With it on, the distance covered by the System as well as the speed increases nearly three folds.

For ADSL2+ to work in our home one needs a ADSL2+ modem a splitter to split the voice and the data frequency from the copper wire and ADSL internet account from Nepal Telecom in Nepal's context or what ever your Telecom/Internet service provider is. ADSL2+ modem is not actually a modem because it does not modulates/demodulates as the dial up modem does.Signal are digital all the way in ADSL or any other DSL variant systems. Rather it does the handshaking with DSLAM device in switching station and later on works to maintain the quality of service through out the connection session.

NTC's adsl faq link

हुन त यी त्यति पत्यार लाग्दा कुरा होइनन् तर पनि भनि हालुँ नेपाल टेलिकमले ADSL2+ इन्टरनेट सेवा सुरु गर्न लागेको छ रे। नेपाल टेलिकमले ADSL सुरु गर्न लाग्दै छ भन्ने थाहा पाएको र लगत्तै साथीहरु माझ यो खबर दिएको पनि १ बर्ष भै सकेछ। सुरुमा ६४ सालको माघ महिना देखि प्रारम्भ गर्ने भनिए पनि पछि सर्दै गएर चैत्रको मध्यबाट अर्थात April बाट सुरु हुने प्रचार गरियो यो सेवा। माघमा सम्पन्न "Can infotech " मा NTC को stall रूङ्नेहरु नेपाल टेलिकमका कर्मचारी नै हुन भन्ने assumption लाई आधार मान्ने हो भने र जिम्मेवार कर्मचारीले सहि बोल्छन् भन्ने पत्याउने हो भने अप्रिल १ को दिनको आसपासबाट यो सेवा सुरु हुनु पर्ने हो। मैले त्यहाँ उनै कर्मचारीलाई सोधेको थिएँ के यो पनि हामी मुर्ख ग्राहकहरुलाई फेरि अप्रिल फूल बनाउने काम त होइन भनेर तर उनको सहज उत्तर थियो "होइन"। यस सेवाको tariff को बारेमा जान्ने प्रयासहरुबाट NTC का कर्मचारी "हाल सम्म तय भएको छैन" भन्ने उत्तरका साथ उम्किए पछि सँगै गएको मेरो साथीले यहि प्रश्‍न कुटनितिक तरीकाबाट राख्यो उसको प्रश्‍न थियो "मैले हाल घरमा साँझ ८ बजे देखि बिहान ८ बजे सम्म ६४केबि/sec को ईन्टरनेट महिनाको रु ५०० तिरेर चलाउँछु। के यो सेवा मैले तिर्ने रकम भन्दा कम हुन्छ? यो प्रश्‍नको उत्तर पनि सकारात्मक आएको थियो।

म डायल ईन्टरनेटको unreasonably high rate को भारले दबिएर र प्रबिधि विकाशका घटनाक्रममा केहि interest भएको कारणले यस सँग सम्बन्धीत news development लाई follow गर्दै आइरहेको छु। मेरो सुचनाको almost exclusive स्रोत भनेको नेपाल समाचारपत्र हुने गरेको छ। नेपाल टेलिकमबाट यस सम्बन्धी सुचना चुहिने बित्तिकै मैले ईमेल मार्फत आफ्नो सुझाव पनि पठाएको थिएँ। त्यसबेला ADSL को कुरा हुँदै थियो। मैले ADSL होइन ADSL पुरानो भईसक्यो अब नयाँ प्रबिधीमा लगानी गर्नु पर्छ त्यसकारण ADSL2+ तिर नेपाल टेलिकमको सोच पुगोस् भनि लेखेको थिएँ। मेरो ईमेल पढियो भन्ने कुरा त मैले त्यसको जवाफ पाए बाट पुष्टि भएको थियो सायद मेरो सुझाव पनि मनन गरिएछ।

यस सम्बन्धी लेटेस्ट समाचारका अनुसार नेपाल टेलिकम ADSL2+ सन्चालनको अनुमति लाईसेन्सको लागि proposed tariff का साथ नेपाल दुरसंचार नियमन संस्थामा पुगेको छ। त्यो भन्दा नयाँ खबर भनेको नेपालका १७ वटा ISP(ईन्टरनेट सर्बिस प्रोभाइडर) हरु मिलेर Nepal telecommunication authority मा उजुरी हालेका छन्। उनीहरुका अनुसार नेपाल टेलिकमले टेलिफोनबाट कमाएको नाफालाई ADSL सस्तो बनाउन प्रयोग गर्दैछ र ADSL सस्तो भए पछि निजी सेवा प्रदायकहरुको महँगो cable/wireless ईन्टरनेट सबैले लिनछोड्नेछन्। जसको कारण private ISP हरुको धरासायी हुनेछन्।

अब मेरो बिचार। ईन्टरनेट सेवा सस्तो हुनु नराम्रो होइन। बरु यी ISP हरुले आफ्नो सेवा सस्तो पार्न तिर पो लाग्नु पर्छ।हाल ईन्टरनेट सेवा महँगो हुनमा स्याटलाइटबाट bandwidth लिनु पर्नु,भारतले बनाईदिएको पूर्ब पश्‍चिम अप्टिकल फाइबर लाइनमा नेपाल टेलिकमको मात्र एकाधिकार रहनु आदि कारणहरु रहेको कुरा स्वयम् ISP हरुलेनै भन्दै आईरहेका हुन्। बरु यी कुरामा Nepal telecommunication authority लाई दबाब दिनुपर्छ ISP हरुले। त्यस्तै ADSL को बेलायती मोडललाई पनि फलो गर्न सकिन्छ कि त? U.k मा ब्रिटिस टेलिकम को टेलिफोन नेटवर्क अन्य ISP हरुले पनि प्रयोग गर्न पाएका छन् आफ्नो ADSL network का लागि।

सिद्धान्त: ADSL2+ बाट 24 Mbit/sec download achieve गर्न सकिन्छ तर Reality के पनि हो भने नेपाल टेलिकम ले त्यो स्पिडको ईन्टरनेट १० जना लाई दिँदा नदिँदै उसले किनेको Indian ISP बाट किनेको bandwidth सकिन्छ। र अन्त्यमा नेपालमा WiMAX नेटवर्क स्थापना गर्न एक युरोपियन कम्पनीले चासो देखाएको कुरा पनि बाहिर आएको छ। WiMAX लाई नेपालको सन्दर्भमा गाउँ सम्म ईन्टरनेट पुर्याउने बिकल्पको रुप हेरिएको छ।

Black hats and White hats that is how hackers are differentiated from crackers in the internet community. The good vs. the bad. Setting up a website in Nepal is catching on these days it seems. But web developers/administrators are not putting extra effort by researching about the security part. I don't really blame it to them though. Ask a science bachelor student in his third year in Nepal's TU and you will get an idea about Research in Nepal. The biggest joke about "research" for him/her is that the only way of passing it as a subject is to completely get the whole book in his/her mind word by word sentence by sentence paragraph by paragraph. Oh what an irony!!!. What a mockery of the word "Research".

They seem to be turning blind eyes over growing the trend of hostile website takeovers around the world. And not holding their diapers properly as put by Bipin from nepsecure. This has many implications. For example companies like Nepal Telecom may lose in millions of rupees in revenue if their insecure server systems are somehow taken over by the bad guys. Several penetration tests done by various internet security people have already indicated that this is within the realm of possibility.

Well I seriously think that all the so called government service providers be it Drinking water corperation or Electricity authority or Telecom for that matter are dacoits looting the poor Nepali people And The Grand Leader of This Clan is undoubtedly Nepal Telecom. (डाँकुको सरदार). I am itching to write few words in Nepali here.

नेपाल टेलिकमले क्यान इन्फोटेक २००८ मा आजकल दुई कुरा बाँड्दै छ।

१) नेपाल टेलिकम लेखिएको डटपेन

२) र संबिधान सभाको निर्बाचनको मिति सरे जस्तै lunching date सरी रहने ADSL2+ internet को खोक्रो आश्‍वासन ।

३ दिन अघि सम्म फेब्रवरी मध्य सम्ममा त पक्का भन्दै गरेको टेलिकमले त्यसलाई बढाएर अप्रिल फूलको दिन पुर्‍याएको छ।

coming back to the point

Case studies Black Hats Vs. White ones in nepali context

1)http://www.nepalgov.gov.np/ (Nepal government's web site hacked (defaced))

see it here http://www.meroguff.com/2007/12/nepalese-government-site-hacked-by.html

2) http://www.nepalpost.gov.np/ Nepal post offices web site hacked (defaced)

see it here http://calima.serapis.net/blogs/index.php?/archives/143-Department-of-Postal-service-in-nepal-Defaced.html

What we have seen in recent months in the above mentioned site are the perfect example of work by Black hat hackers doing damage. Imagine what would happen to NTC if this happens to them. Well in the worst case scenario communication lines across all Nepal would come in Stand still. Or redirection of landline calls combined with the spoofing of caller id number can damage anybodies personal life. I don't think NTC engineers would even accept that serious holes in the system exist let alone fixing them. Oh and hiding your error message or the version or apache installation page is not equal to securing a server.

Now about some penetration testing done by some Afnai Bari ko(आफ्नै बारीको) White Hat Internet Security enthusiast com pen tester com Hacker.

Some dorks included

1) http://web.ird.gov.np/ (Gov of Nepal Inland Revenue Department security breached)

2) http://websms.ntc.net.np/websmss/login.jsp (Nepal Telecoms web sms service password brute forced)

3) http://ksl.edu.np/ (Kathmandu School Of Law Website sql injected )

4) http://www.cybersansar.com/ (One Of the most popular web entertainment portal of Nepal's xss vulnerability )

5) http://www.kec.edu.np/ (Kantipur engineering college sql injection )

.The main diffenence between this guy and Iranian Hackers is that he is doing it for good. Informing the site admins about these issues.Read this guy here

http://hamrosecurity.blogspot.com/

Thanks to Bipin from nepsecure for making me aware.

I have a small suggestion for this guy though

plz change this "यो बल्ग मा नेपाली websites हरूमा रहेको सेक्युरितिका बारेमा लाखिने छन्। " to this "यो ब्लगमा नेपाली websites हरुमा रहेका सेक्युरीटि issues का बारेमा लेखिने छ।

It takes a little bit of getting used with this Unicode thing I must admit। Just trying to help . Don't take it otherwise.

some update: looks like another site http://www.thikthak.com too is
vulnerable to XSS thing

click Here to see for yourself this will fire up an alert box.

This will load back2mangalman inside thikthak website

And finally This will redirect you to this blog.

Well i did not find it by myself this was from some baabal forum

Well i call it Antisujin 2.0
fixed issues
-Now it says whether or not your computer has the virus
-It completely removes all traces of this virus from your computer

So i would advise you to re-download the file one more time and double click Antisujin.bat file.
from here

Update: 12:00 PM Nepali Time

It seems that in the heat of excitement I released the AntiSujin 2.0 packed inside three folders all named AntiSujin how can I be so dumb? Did you notice that in the file produced by unzipping? Sorry for that. I fixed that + a performance upgrade.

So it’s AntiSujin 2.1 now.

Well there were 3 VBScript files before all glued together by a batch file now there are only two. Just unzip the AntiSujin2.1.zip file and double click the AntiSujin.bat file. Password is back2mangalman download from here