1 Hungarian Forint = 0.3743 Nepalese Rupee

1 Philippine Peso = 2.395 Nepalese Rupee

1 Kenyan Shilling = 1.1404 Nepalese Rupee

1 Latvian Lat = 199.9306 Nepalese Rupee

1 Egyptian Pound = 7.7704 Nepalese Rupee

1 Botswana Pula = 9.9583 Nepalese Rupee

1 Bulgarian Lev = 66.9824 Nepalese Rupee

1 Canadian Dollar = 86.275 Nepalese Rupee

1 Euro = 132.6728 Nepalese Rupee

1 Mexican Peso = 5.1087 Nepalese Rupee

1 Brazilian Real = 21.0973 Nepalese Rupee

1 United Arab Emirates Dirham = 32.9243 Nepalese Rupee

1 Sri Lanka Rupee = 0.6484 Nepalese Rupee

1 Algerian Dinar = 0.9423 Nepalese Rupee

1 Indonesian Rupiah = 0.0081 Nepalese Rupee

1 Lithuanian Lita = 40.9572 Nepalese Rupee

1 Nigerian Naira = 0.3101 Nepalese Rupee

1 Czech Republic Koruna = 4.8119 Nepalese Rupee

1 Bolivian Boliviano = 17.5379 Nepalese Rupee

1 Japanese Yen = 1.1337 Nepalese Rupee

In the book “The World of _____” by Bennett Alan Weinberg and Bonnie K Bealer, there is a photograph of a label from a jar of pharmaceutical-grade crystals. It reads:

“WARNING: MAY BE HARMFUL IF INHALED OR SWALLOWED. HAS CAUSED MUTAGENIC AND REPRODUCTIVE EFFECTS IN LABORATORY ANIMALS. INHALATION CAUSES RAPID HEART RATE, EXCITEMENT, DIZZINESS, PAIN, COLLAPSE, HYPOTENSION, FEVER, SHORTNESS OF BREATH. MAY CAUSE HEADACHE, INSOMNIA, VOMITING, STOMACH PAIN, COLLAPSE AND CONVULSIONS.”

Fill in the blank.

Workoutable © 2007 IndiaUncut.com. All rights reserved.
India Uncut * The IU Blog * Rave Out * Extrowords * Workoutable * Linkastic

Technical Cyber Security Alert TA07-059A - A worm is exploiting a vulnerability in the telnet daemon (in.telnetd) on unpatched Sun Solaris systems. The vulnerability allows the worm (or any attacker) to log in via telnet (23/tcp) with elevated privileges.

Technical Cyber Security Alert TA09-088A - US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067.

No Starch Press: $49.95

If you are a security engineer, a researcher, a hacker or just someone who keeps your ear to the ground when it comes to computer security, chances are you have seen the name Michal Zalewski. He has been responsible for an abundance of tools, research, proof of concepts and helpful insight to many over the years. He recently released a book called "The Tangled Web - A Guide To Securing Modern Web Applications".

Normally, when I read books about securing web applications, I find many parallels where authors will give an initial lay of the land, dictating what technologies they will address, what programming languages they will encompass and a decent amount of detail on vulnerabilities that exist along with some remediation tactics. Such books are invaluable for people in this line of work, but there is a bigger picture that needs to be addressed and it includes quite a bit of secret knowledge rarely divulged in the security community. You hear it in passing conversation over beers with colleagues or discover it through random tests on your own. But rarely are the oddities documented anywhere in a thorough manner.

Before we go any further, let us take a step back in time. Well over a decade ago, the web was still in its infancy and an amusing vulnerability known as the phf exploit surfaced. It was nothing more than a simple input validation bug that resulted in arbitrary code execution. The average hacker enjoyed this (and many more bugs like it) during this golden age. At the time, developers of web applications had a hard enough time getting their code to work and rarely took security implications into account. Years later, cross site scripting was discovered and there was much debate about whether or not a cross site scripting vulnerability was that important. After all, it was an issue that restricted itself to the web ecosystem and did not give us a shell on the server. Rhetoric on mailing lists mocked such findings and we (Packet Storm) received many emails saying that by archiving these issues we were degrading the quality of the site. But as the web evolved, people starting banking online, their credit records were online and before you knew it, people were checking their social network updates on their phone every five minutes. All of a sudden, something as small as a cross site scripting vulnerability mattered greatly.

To make the situation worse, many programs were developed to support web-related technologies. In the corporate world, being first to market or putting out a new feature in a timely fashion trumphs security. Backwards compatibility that feeds poor design became a must for any of the larger browser vendors. The "browser wars" began and everyone had different ideas on how to solve different issues. To say web-related technologies brought many levels of complexity to the modern computing experience is a great understatement. Browser-side programming languages, such as JavaScript, became a playground for hackers. Understanding the Document Object Model (DOM) and the implications of poorly coded applications became one of those lunch discussions that could cause you to put your face into your mashed potatoes. Enter "The Tangled Web".

This book puts some very complicated nuances in plain (enough) english. It starts out with Zalewski giving a brief synopsis of the security industry and the web. Breakdowns of the basics are provided and it is written in a way that is inviting for anyone to read. It goes on to cover a wide array of topics inclusive to the operation of browsers, the protocols involved, the various types of documents handled and the languages supported. Armed with this knowledge, the reader is enabled to tackle the next section detailing browser security features. As the author puts it, it covers "everything from the well-known but often misunderstood same-origin policy to the obscure and proprietary zone settings of Internet Explorer". Browsers, it ends up, have a ridiculous amount of odd dynamics for even the simplest acts. The last section wraps things up with upcoming security features and various browser mechanisms to note.

I found it a credit to the diversity of the book that technical discussion could also trail off to give historical notes on poor industry behavior. When it noted DNS hijacking by various providers it reminded me of the very distinct and constantly apparent disconnect between business and knowledge of technology. When noting how non-HTTP servers were being leveraged to commit cross site scripting attacks, Zalewski also made it a point to note how the Internet Explorer releases only have a handful of prohibited ports but all other browsers have dozens that they block. The delicate balance of understanding alongside context is vital when using information from this book and applying it to design.

Every page offers some bit of interesting knowledge that dives deep. It takes the time to note the odd behaviors small mistakes can cause and also points out where flawed security implementations exist. This book touches on the old and the new and many things other security books have overlooked. Another nice addition is that it provides security engineering cheatsheets at the end of each chapter. To be thorough, it explains both the initiatives set out by RFCs while it also documents different paths various browser vendors have taken in tackling tricky security issues. Google's Chrome, Mozilla's Firefox, Microsoft's Internet Explorer, Apple's Safari and Opera are compared and contrasted greatly throughout this book.

In my opinion, the web has become a layer cake over the years. New shiny technologies and add-ons have been thrown into the user experience and with each of them comes a new set of security implications. One-off findings are constantly discovered and documented (and at Packet Storm we try to archive every one of them), but this is the first time I have seen a comprehensive guide that focuses on everything from cross-domain content inclusion to content-sniffing. It is the sort of book that should be required reading for every web developer.

 -Todd

The downfall of two leading marine- energy developers is damping hope that the emerging industry, which has already lost almost $1 billion, will ever get the technology to market.

Labor, business, and environmental leaders have formed a unique coalition that will urge Illinois lawmakers to pass new standards for energy efficiency and renewable energy, leading to tens of thousands of new, local jobs.

Yale University police cited 19 students after they staged a sit-in outside President Peter Salovey’s office to push for divestment from fossil-fuel companies.

The possibility of producing shale gas in some European countries has triggered a very heated debate about the environmental and social impacts of the technique used to extract gas from shale rocks (today only in the US and Canada); this technique is widely known as hydraulic fracturing or fracking.

Orix Corp., a Tokyo-based finance and leasing company, plans to build as many as 15 geothermal power stations in Japan in the next five years.

Yale University police cited 19 students after they staged a sit-in outside President Peter Salovey’s office to push for divestment from fossil-fuel companies.

The provincial government in Pakistan's Sindh province is planning a literacy program to reach women and girls in remote areas via cell phones.

Realisation of security by mortgagees is a hot topic in current economic circumstances, and Horsham Properties Group Ltd v Clark is a case that underlines that mortgagees' powers can sometimes appear draconian. In this case, the mortgagee appointed...

Photographs of Hawke's Bay taken from space almost a year apart show the effects of its drought.The photos, taken by National Aeronautics and Space Administration (Nasa), compare the region on May 2, 2019, and April 29 this year....

British Prime Minister, Boris Johnson, is expected to unveil a coronavirus warning system when he outlines his plans to gradually ease the lockdown while dropping the "stay home" slogan.

[Zimbabwe Standard] HE might have just made a paltry eight appearances for Belgian Pro League football side Anderlecht, scoring just one goal since his big move in July 2018, but Warriors captain Knowledge Musona is the fourth highest paid player at the Brussels club earning over US$1 million annually.

'Fact: my Office is executing its mandate concerning Palestine situation with utmost professionalism, independence and objectivity in strict conformity with the Rome Statute'

“I did not feel any pain at all. I do not know how to explain it," said Kamel Abdel Rahman. "The rod just went through, one side to the other," recalled one of the Hadassah doctors.

Recent praise and PFLP work with Tehran in Lebanon may point to increased Iranian support for the group.

Sonko claims agency's actions are politically motivated.

We all need some cheering up and need something to do with all the time we find ourselves with.

Channelling Trump, Baldwin dispenses some words of advice to the class.

Voters in Bolivia rejected by a slim margin a constitutional amendment that would have allowed Morales to run again

Feb. 29 approaches, with advocates pushing hard for long-shot changes