historyStealer

I have started writing some malicious code for fun lately. The first one is a chrome history stealer. As the name goes, it uploads the history file to a remote FTP server of the attacker’s choice.

Why History?
I believe in this quote

“Show me a man’s browser history, i will tell you who he (is) (was) (will be)”

Browser history is one of the most sensitive information on your computer, it can be as sensitive as a passwd file. The reason being, the amount of time people spend on the Internet. Going through one’s browsing history is like pop opening one’s brain and walking right through it. The whole human thought process can be visualized on examining a browser history.

Okay, you’ve got me watching pr0n, is that it?
Browser history contains more interesting things to analyze than just to determine if someone is watching pron or not. It is like robbing a car parked on the garage of an unlocked house, instead of going for the whole house. Browser History contains patterns, what you like, what you don’t like. What you do when you are happy, what you do when you are sad. Who do you stalk on Facebook, what all the shameless ‘How to’s’ you googled for. Infact, this the patttern which Google uses to determine appropriate ads for you and display. In other words the Internet’s browsing pattern is worth 42 Billion $.

The pattern can be used to predict behavior, uncover lies, expose desires, determine knowledge and even more. A wonderful research area would be to work on generating a model based on browser history which would determine/predict/assert possible actions that might be taken by the owner of the browser history.

Code:
I decided to write this one off in C#, to stay in touch with it since my initial encounter on last summer. A throwaway free hosting account is all you need to get started with this. The downside of free hosting was, i cannot have a single file of more than 10Megs in size.
Hence i had to compress the file before uploading.

DISCLAIMER: Do not run this code on a machine without the owner’s permission, For education purposes only.

Advertisements

nktService.py

It is here, a service to report back how many times your friend changed his picture in Facebook. Thanks to my friend Naveen for changing his picture quite often which eventually gave birth to this tiny script.

An ideal way to do such tasks would be to put the graph API in use, but i wanted to roll out this feature in an hour since someone already complained about, him changing his picture frequently. It’s all about the timing, no?

This script uses your personal Facebook RSS Notification feed, from which items of interest are parsed. Since i didn’t want to bind my RSS Notification Feed URL in a program and distribute it to all, i made this as a client server program. The client can be a custom written one or a standard utility like netcat.

For more information on how to get this running, visit the repository.

Happy Hacking!

90 days of Summer

No, not a sequel of the movie ‘500 Days of Summer’. This is about my 3 month long internship at TradeHero.

I peaked my productivity chart once again after a very very long time (read, after 3 years). The last time i was this productive, was during my 3rd year at college. It all started with a long travel on 28th May, 2013 from Göteborg to Singapore via Köpenham and Zurich.

I reached Singapore on 29th and navigated myself to the booked accommodation at Jalan Bukit Merah. 30th May was my first day at TradeHero. Ajay was the first one i met, he introduced me to Abert, Tho, Arup, Brendon and every one else. Julien, Dominic, Gary and Maddy were at the conference room when i came in.  After meeting every one, Julien and Maddy helped me to set up the dev environment.

The thing i like more about TradeHero is, they are a lot like Facebook. They have very high goals and they move very fast. It was my first day and by after noon, i was asked to design a permanent solution for the bug i found before i joined and i had to explain it on the White Board, which i duly did.  Arup had some questions on the security of the Algorithm which was answered by me and Dominic (The CTO) gave the go.

I was a lot less productive during my first week, thanks to my addiction to vi and nano, that was the first time i used a proper IDE on a windows platform after VB6. I got up to a very slow start, .aspx, C# everything were new to me. If you know me, you would have known that i was more of a C/C++/Python/php/Linux/Apache/AWS guy. But the dev environment at TradeHero was like, C#/asp.net/IIS/Windows Server/Azure, It was a sharp learning curve and i’m really happy about picking up a couple of languages over the summer.

A couple of weeks onto my internship, i was already peaking my all time commit levels, i reached my  longest 8 day streak and when people ask me how did my internship go, i show them this

That’s 31,527 lines of code and 62 commits, i think that qualifies my internship experience to be mentioned in some sort of superlative tense.

[really_simple_share button=”facebook_like”]

A cheap phone, that isn’t cheap!

If you happen to read my previous post, you would know how sorry i am. Yes, strategy gone wrong. The first mistake i did, was to misread the price of iPhone 5C. I thought it would be sold at 25K, but apparently AAPL decided to sell it at 40K. Yes, 40 frickin thousand rupees for a plastic phone.

I can’t believe apple failed to do a proper market research on what a ‘Cheaper price’ means in emerging markets.  Why would someone buy a plastic iPhone 5C for 40K, when they could go for a iPhone 4S which is sold at 29K. I still stand by my original hypothesis; had apple made a real low cost iPhone at 20K, even if they made it less powerful than the iPhone 5S, Indian markets would have gone crazy for it.

So, the trading lesson learnt from this incident is, ‘ Buy on rumor and sell on news, if the news is not what the rumor was (in a negative way) ‘

AAPL

This time i put my tech knowledge in combination with my recently acquired love for economics and bought 50 Shares of AAPL on TradeHero. I bought them a couple of weeks before, for 495.39$. My intuition said that, Since now a cheap iPhone 5C is almost certain (going by the rumors), it will boost their sales in emerging markets like India and China. The rumored price point seems to be around 450$, which roughly translates to 24K INR. Which is pretty much affordable, when compared to the previously 45K Rs priced iPhones. Right now, the AAPL is hovering around 505$, lets see how much does it increases after tomorrow’s official Apple Event.

Quora’s anonymous answers and Facebook Graph Search

The reason for providing an Anonymous answering functionality is to prevent someone from tracing the answer back to you (perhaps to prevent a flame war or you getting fired or God knows what could happen). But if you give reasonable information in your anonymously written answer, which in combination with your  badly configured Facebook profile, can be quite lethal to you.

Let us take this answer for an example. From the question and the answer, anyone can understand that the OP was a student at College of Engineering, Guindy, An ex-employee at Voltas and a current student at North Carolina State University.

The below mentioned Facebook Graph Search query seems to pick the right individual

People who studied at College of Engineering, Guindy and worked at Voltas and study at North Carolina State University

It is evident that people are not quite aware of their involuntary privacy leak through their Facebook profile, there is no reason why you have to make all these information about your grad school, previous employers; public. People may say, it helps their lost friends to get back in touch with them, which i agree, but at what cost?

Facebook Graph Search is a two edged sword that can be quite useful as it was to me when i used it to reunite with a family friend after nearly 14 years of no contact and also be equally dangerous as in the anonymous poster’s case!

ps: This post has nothing to do with my recent outrage against CEG. Infact, i agree with the OPs answer 🙂

Sinking Indian Economy

The below post is a comment made by me on one of my friend’s Facebook wall in reply to why Indian economy is sinking and what could we do to arrest it.

People’s Mistake:
I would say, we are saving too much on Gold. According to BBC[1], Indian House wives have 11% of the total world’s gold reserve. You have to note this 11% does not comes under India’s Gold Reserve (which is owned by the Reserve Bank). Majority of this 120 billion$ worth gold is sitting useless either in bank lockers or in house holds. This money must be put into some useful investments, either by buying government bonds or investing in private equities.

How it affects[2]:
With this much Rupee Idling, we have created a demand for Rupee within India, The government cannot print more Rupee like what Zimbabwe did, so they had to borrow externally. Borrowing outside, increases our already high fiscal deficit (Fiscal Deficit = Exports – Imports, wherein India; Imports >> Exports). To add up to it, few people ask relatives returning from outside India to buy gold since it is comparatively cheaper outside, what they don’t realize is, it increases our Imports, thereby the Deficit as well.

Possible Aftermath:
If Fiscal Deficit Increases beyond a certain percentage of our GDP, then rating agencies will downgrade our already low rating to Junk[3], and then all these FDI investments will be pulled out just like that.

Falling Rupee is not bad always:
When Rupee gets devalued against dollar, it means foreigners can buy Indian goods for a cheaper price and this gives an edge for our exporters in the global market. So countries often devalue their currency to gain market [Japan Yen few months ago which led to a huge gain in Toyota’s sales [4]]. But clearly what we have now is not this.

Problems/Solutions:
* Corruption: Our politicians are so corrupt that, they get bribes from companies that wants to invest in our country. So, many mid-sized manufacturing companies which doesn’t has much lobbying power circumvents Investing in India [But now our FM is literally begging investors[5][6] to invest in India during major economy summits, but that’s a different story].

* Bad Start: We are more of a reactive country than a proactive one. Our economy was liberalized only in early 90’s. Thanks to Nehru and his BS (No Offence) Licence Raj[7], the policy makers then thought that, if they allow Foreign companies to setup bases/invest in India, then it will become the story of English East India Company again. Then in 1991, when we were close to default, we let the shores open[8]. Had we did this so early, we could have been more richer than the likes of Singapore and Malaysia.

* Quality of Products: Most of our high quality goods (from tirupur) are being exported to global co’s[9] (like H&M) and local manufacturers don’t give a damn about the quality. So we people start buying products from those global co’s who bought their raw materials in India.

* The so called Freebies: First of all, nothing is free. The TV, Grinder and all the crap you got are bought out of yours or someone’s hard earned tax money. The government could have used that money to a more useful purpose like to set up more of these restaurants or in some infrastructure projects, instead of bribing you to get your votes.

* Education: This is one of the important thing, there must be some sort of school for giving a crash course to Politicians or make them hire a bunch of goddamn MBAs for each and every Ministry.

[1] http://www.youtube.com/watch?v=IpdoRUMeshw
[2] http://articles.economictimes.indiatimes.com/2012-03-25/news/31234318_1_gold-imports-gold-demand-import-bill
[3] http://www.hindustantimes.com/business-news/WorldEconomy/S-amp-P-warns-India-of-rating-downgrade/Article1-1061685.aspx
[4] http://www.businessweek.com/articles/2013-04-25/japan-needs-more-than-a-devalued-yen
[5] http://timesofindia.indiatimes.com/business/india-business/Chidambaram-promises-fair-transparent-regime-for-foreign-investors/articleshow/21016727.cms
[6] http://www.moneycontrol.com/news/economy/chidambaram-arrivesus-to-pitch-for-investmentindia_914799.html
[7] http://en.wikipedia.org/wiki/Licence_Raj
[8] http://en.wikipedia.org/wiki/1991_India_economic_crisis
[9] http://articles.economictimes.indiatimes.com/2013-06-30/news/40286848_1_knitwear-exports-crore-worth-rs

Did i adequately answer your condescending question?

I recently came across this post in the interwebs where the OP makes some baseless claims which calls for this rage filled blog post.

The OP seems to be a graduate of CEG and ISB, in his post he talks about branding CEG and preventing the contamination of the name Anna University by Affiliated Colleges’s Students. The reason which he states for branding CEG is one of the stupidest thing i ever read this year. I’m quoting the OP from his original post and this is almost the same reply which i left as a comment in his blog which i think will never get published.

Truth be told, there is a widespread and rampant abuse of the Anna University brand wherein both current and past students of private engineering colleges claim themselves to be Anna Univ alumni.

As a alumni of a affiliated college, i can assure you that my degree does not has a single reference to my college name. So when i go for an interview or write a SoP, i mention myself as an Anna University graduate (because my fucking degree says so)

Fyi, the issue is very serious now as we have come to know of people who are claiming jobs, getting admission in to IIMs and US universities misusing the Anna University brand.

This, This, leave the job part aside for a while. Seriously i have no idea how one would be admitted to an IIM without taking the damn CAT + clearing the Panel Interview; just by mentioning that you are an alumni of Anna University. Do not even speak about US universities, To make it to the Elite schools, no matter where you come from you ought to have at least a couple of publications, To get into Tier 1 and Tier 2, a good/decent GRE with a good profile is needed. Tier 3 and below cares least about where ever the fuck you studied, they just want you to pay the fees to them. So, you think affiliated college students who got into IIMs or US universities cheated their way in by saying they are alumni of prestigious ‘Anna University’. LÖL!

While we want to standout as smart individuals beyond whatever college we studied in we cannot allow our brand value to be diluted

wohh, wohh. You want to standout as smart individuals and all okay, but slide #5 in your presentation is quite contradictory to what you say you want to achieve or whatever. Here are the contradictory points
* Current students do not get recognized as cream
* Employers already perceive Anna University students as average
* Admissions to top tier universities are difficult (Now i can see why you want to brand CEG)
* Alumni job prospectus are getting difficult.
Had you been a smart individual beyond whatever the college you had studied (like you said), these things are the least you have to bother about, but since you base your branding opinion on this reason, i assume you aren’t as smart as you think.

Before you question about my opinion on CEG, i wish to clarify this. I have more friends who studied in CEG than the friends i have in my affiliated college.  so i know how cool CEG is. I’m quite familiar with how things work there and in fact i felt bad for almost two full years for missing out a 10 Mark question in Math and Physics.  But the problem is people like you, who blog under a closely related CEG domain, make your fellow college mates look like a jackass. So please, never ever write an article on a blog under that domain name. Not every one knows the truth.

I simply can’t resist posting this ‘Did i adequately answer your condescending question’ GIF

The Internship

If you are looking for a heads up review about the upcoming movie ‘The Internship‘ then you are probably in the wrong place, but i wouldn’t force you to skip reading this post. This post is rather a dramatical one, a collection of events that happened during the last couple of days in my life, which led to a Summer Internship offer.

Winter break of 2012-13: I was looking for a online stock market simulation game, like the good old rediff money to practice my trading skills, but had no luck in finding one, most of them were paid ones and the rest were absolute BS.

Early March 2013: Vignesh’s facebook feed showed something interesting, he was using an iPhone app, which was exactly the one i was looking for. what to say, ‘like minds think alike’.

Early March 2013: I made some wise investments and already started reaping out profits, had almost a constant 3% ROI.

Mid March: Thanks to my third quarter examinations which coincided with Cyprus’s credit rating getting downgraded to crap, i was not online for a couple of days till my exams got over and guess what, every stock i had suffered a 7-10% loss. Vignesh made a smart move to sell them when they started to fall and decreased his loss ratio, but i crossed beyond that point and made almost a 2K$ loss in a week.

27th March (whatsapp conversation):
……….
……….
Vignesh: Flaw with ———-
Vignesh: I found one
Me: To change the values?
Vignesh: 28% Increase
Me: How come?
Vignesh: It showed 14% when i was about to sell but after selling it showed a 28% increase
Vignesh: Probably because of bad internet at college
………….
………….

28th March: I started to pentest the application, had a breakthrough the first day, but wasn’t able to exploit anything.

29th March – 2nd April: Was hanging out with Sathya anna and his TCS folks at Gothenburg, i was explaining about my area of interest in security to kaushik, who happened to be a program manager/consultant in TCS and suddenly an idea to exploit the app sparked in my mind.

2nd April: Successfully exploited the app and had an ROI of 432% 😛

3rd April: Contacted the Lead developer of that app to report security problems

3rd April: Received a e-mail from CTO of that company thanking for reporting it and a possible employment offer

3rd April: I showed interest in working with them.

3rd April: I was asked to take a ACM-ICPC style programming test which i took the same day mid night

4th April: Skype Interview with the CTO and a formal contract was offered.

Credit goes to Vignesh, if it wasn’t him i would have never used this awesome application and if it wasn’t his whatsapp message, perhaps i would have never thought about testing it for flaws.

What went wrong!

Welcome to my series of articles on Finance and Economy. I don’t know how i got my interest in Economics suddenly, but it gives a turing feel when you see something coming from a mile away.

The Sub-prime mortgage crisis and the Lehman Brothers Collapse:

The story beings with the low interest rate set by Federal Reserve of the USA. Due to the low interest rate (1%), investors who were buying treasure bonds were not making sizable profits and they have to think of alternative investment plans. On the other hand, low interest rates means, banks can get more credit from the Federal Reserve with a 1% interest, which is a super deal for them.

The usual way:

Families who want to buy a house contacts a mortgage broker, who in turn sets them up with a mortgage lender (usually a bank which got credit at 1% interest from the federal reserve). The family agrees for a down payment and the mortgage lender issues them a mortgage  monthly. In case the family failed to pay their mortgage, the bank can claim the house and sell it for a higher price, since the housing prices were rising.

Investment banks saw this as a good place to invest their investors money, and they thought it was risk free as housing prices were sky rocketing.   So, Investment banks like Lehman brothers and Goldman Sachs, contacts the Mortgage lender to buy mortgage contracts which the lender has issued. The investment bank buys a bunch of such mortgage contracts from many mortgage lenders. They pile up all the obtained mortgage contracts and classify them into three  (Safe, low and risk). The classified mortgage contracts are called as CDO (Credit Default Object). They sell this CD’s to their investors. So every one in the system were making good money and in case a CDO failed (if some one didn’t pay their mortgage), the investor can claim their house, sell it and still make profit.

The Greed:

The investors were very happy with their investment on CDOs, so now they want more such investments. But, how come?.  All the people who could afford a house, already have a house. So, to have profits, the mortgage lenders started offering mortgage for people who weren’t qualified, for people who didn’t had any proper job and lesser financial stability. This kind of mortgages are called as sub prime mortgages. Again the cycle continued, the Investment banks payed large cash to rating agencies to rate these risky subprime mortgage as AAA and BBB, so that they are can be sold easily. Every ones life was normal till the bubble  burst. Many subprime mortgages started to fail. Investors, claimed the houses and decided to sell them. This resulted in lots of houses in the market against the demand, which pushed the housing price down. Since now housing prices were falling down, people who were paying mortgages properly started to move out, because they are paying for a $300,000 house which now costs just $100,000.

The Aftermath:

Investors soon realized that CDOs are not safe option now, and they started saying no thanks for CDOs offered by investment banks. But the investment bank is already sitting on a stock file of horse shit CDOs and no one wants to buy it.  With almost no money to repay the credit they obtained from the federal reserve they started filing bankruptcy.