ELI5: How do hackers find/gain 'backdoor' access to websites, databases etc.?

Gunna try doing this like ELI10. Back door access is just a way of saying “not-expected"access. Sometimes its still done through the front door, and sometimes its through a window.

Something like the front door would be if your Mom told you you could have one glass of coke, and you went and got the big glass flower vase, and poured 6 cokes into it. By following the rules in an unexpected way, you’ve tricked the machine. When mom asks you later how many glasses of coke you had, (of course with her trusty polygraph), you can truthfully answer, "One”. This might be like an SQL injection. Instead of answering 5+8=__ with “14”, you might answer with “14&OUTPUT_FINAL_ANSWER_LIST”. Since it has no spaces and starts with numbers, it might satisfy the rules.

Another way would be if your Mom said you could invite some friends over to play. After the 5th friend walks in, your Mom declares, “That’s it, not another kid walks through that door!” If you open a window and let Johnny climb in with his crayons, technically you didn’t break the rules (for the eventual polygraph) AND when you and your 5 friends go downstairs for homework, Johnny can color all over the walls without someone suspecting he’s there. This is as though you made new login names and used one of the names to give another person administrative, or Mommy, rights. Sometimes you need to make a new login screen, or just knock open a hole in the wall and cover it with a poster, but the idea is still to break the intention of the rules while following them to the letter.

What’s also important to remember is this goes very smoothly when someone lives in the house already, but becomes much harder when you’re trying to get into a stranger’s house. You might have to try to sell them cookies or magazines and then write down where the windows are. Or you might have to offer to clean their whole house for only $5, and then leave a window unlocked for your friend to come back later. Getting inside is a major step.

Explain Like I`m Five: good questions, best answers.

A lot of people talk about how Abstergo lies but reading some of Shaun’s database entries, especially in Syndicate, his own bias shows pretty thoroughly. He starts his description of the Phoenix Project with an accusation and continues to promote common Assassin misconceptions (that the canon has declared false). I don’t see the Assassins misinforming the Initates as any different than Abstergo misinforming the public in their own databases. They’re all liars.

image from madeinmasyaf

General Search Engines and Databases

These databases and search engines for databases will provide information from places on the Internet most typical search engines cannot.

  • DeepDyve. One of the newest search engines specifically targeted at exploring the deep web, this one is available after you sign up for a free membership.
  • OAIster. Search for digital items with this tool that provides 12 million resources from over 800 repositories.
  • direct search. Search through all the direct search databases or select a specific one with this tool.
  • CloserLook Search. Search for information on health, drugs and medicine, city guides, company profiles, and Canadian airfares with this customized search engine that specializes in the deep web.
  • Northern Light Search. Find information with the quick search or browse through other search tools here.
  • Yahoo! Search Subscriptions. Use this tool to combine a search on Yahoo! with searches in journals where you have subscriptions such as Wall Street Journal and New England Journal of Medicine.
  • Librarians’ Internet Index (LII) is a publicly-funded website and weekly newsletter serving California, the nation, and the world.
  • The Scout Archives. This database is the culmination of nine years’ worth of compiling the best of the Internet.
  • Daylife. Find news with this site that offers some of the best global news stories along with photos, articles, quotes, and more.
  • Silobreaker. This tool shows how news and people in the news impacts the global culture with current news stories, corresponding maps, graphs of trends, networks of related people or topics, fact sheets, and more.
  • spock. Find anyone on the web who might not normally show up on the surface web through blogs, pictures, social networks, and websites here.
  • The WWW Virtual Library. One of the oldest databases of information available on the web, this site allows you to search by keyword or category.
  • pipl. Specifically designed for searching the deep web for people, this search engine claims to be the most powerful for finding someone.
  • Complete Planet is a free and well designed directory resource makes it easy to access the mass of dynamic databases that are cloaked from a general purpose search.
  • Infoplease is an information portal with a host of features. Using the site, you can tap into a good number of encyclopedias, almanacs, an atlas, and biographies. Infoplease also has a few nice offshoots like for kids and Biosearch, a search engine just for biographies.
Applications and Databases

This blog is about startup technology, for tech startups. Essentially any startup which uses software to build a scalable system. There are several classes of software startups.

The most common tech startup is a(n aspiring) webscale one. Facebook is the archetype. It has a user app where user logs in and manages his state. The state almost always contains a profile, where you upload your photo and write a few things about yourself, e.g. your Twitter bio:

startup coder, coffee lover, knitter. Boulder, CO

The state can become quite complex, such as Facebook timeline and news, including friend updates. Facebook is showing only the most current data to you, moreover what it deems most relevant. as danah boyd reports, teenagers found about it and started adding trigger words to their messages, such as “let’s go to the mall nike” to make Facebook show the message for sure. The state is stored in a database. Since the state must be updated and synchronized, the database must be fast, so often it is even cached or in-memory. The database must be efficiently synchronizable since the user may alternate between multiple devices.

The consumer startups have several evolutionary trajectories through technology stacks. In the past they often started out as LAMP – Linux, Apache, MySQL, PHP. The next stage was Ruby on Rails, still on Linux and usually with MySQL and Apache or nginx or even mongrel. Recently is it all JavaScript and Node.js, still on Linux and MySQL but often on MongoDB and occasionally Riak, rarely Couchbase or more esoteric NoSQL databases. This tech stack lets a startup grow to the point where it gets funded and grows more towards its ceiling. The ceiling usually coincides with MySQL throughput, rarely more than 1,000 queries per second.

At this point growth pains begin, startup loses some of its earlier script kiddies and brings in a veteran manager, who hires a few old hands, who move the stuff to JVM. After all, servers run around the clock and restarting them is harder and harder, so it happens less frequently on JVM due to its superior garbage collection (GC).

However the database is still hard. What folks at Facebook and Pinterest and other truly web scale startups that made it do is good old MySQL, now shared with some kind of middleware.

A whole bunch of middleware grows around MySQL. Tungsten replicator can siphon a lot of API servers into Hadoop. Percona can do a synchronous cluster. Monitoring and backups proliferate. Alternative engines promise faster execution and realtime backups – XtreDB, TokuDB, etc.

As MongoDB grew in popularity, the need for a replicated setup grew, and it evolves to address it. However, the inherent limitation of MongoDB not designed in a truly distributed fashion hamper its progress and lead to challengers such as RethinkDB. Still it’s not enough.

The true giants of the space are Cassandra and HBase, and HBase is the only big database playing tag with Hadoop. Hence it is suitable for both real-time serving and analytics. We’ll continue with the database landscape in the next post.

Hints and Strategies

Searching the deep web should be done a bit differently, so use these strategies to help you get started on your deep web searching.

  • Don’t rely on old ways of searching. Become aware that approximately 99% of content on the Internet doesn’t show up on typical search engines, so think about other ways of searching.
  • Search for databases. Using any search engine, enter your keyword alongside “database” to find any searchable databases (for example, “running database” or “woodworking database”).
  • Get a library card. Many public libraries offer access to research databases for users with an active library card.
  • Stay informed. Reading blogs or other updated guides about Internet searches on a regular basis will ensure you are staying updated with the latest information on Internet searches.
  • Search government databases. There are many government databases available that have plenty of information you may be seeking.
  • Bookmark your databases. Once you find helpful databases, don’t forget to bookmark them so you can always come back to them again.
  • Practice. Just like with other types of research, the more you practice searching the deep web, the better you will become at it.
  • Don’t give up. Researchers agree that most of the information are hidden in the deep web is some of the best quality information available.
Warning: Geek joke.

There’s a brief that can’t be broken.
There’s a bug goes on and on,
Empty chars in empty tables,
Now TRUNCATE has been and gone.

Here they talked about INDEXes.
Here is was they set the KEY.
Here they normalized the data,
And tomorrow: build in C.

CREATE TABLE in the corner,
and the database was born!
And they wrote with keyboards singing!
And I can hear them now!
The clacky keyboards they prefered!
Became their very downfall,
when they missed XSS testing.
And pushed the new site live, at dawn.

Oh my friends, my friends forgive me,
That I work and you are gone.
There’s a brief that can’t broken,
There’s a bug that can’t be done.

Phantom strings outside of slashes,
Phantom commands into core,
Empty CHARs in empty tabless,
Where our data rests, no more.

Oh my friends, you didn’t ask me,
What parameterize was for!
Empty CHARs in empty tables,
Where our data rests, no more.

Seeking Heat: Army Project Working to Recognize Faces Through Thermal Imaging

by Morgen E. Peck

Imagine this scenario in a combat zone. An insurgent plants an explosive device on a road in the middle of the night under the veil of darkness. Meanwhile, a night-vision surveillance camera records every moment. The insurgent turns several times toward the camera, but he’s a blotchy, spectral smear. The heat signature from his face is full of information, but ultimately, it’s useless because there’s no way to run it through a mug shot database.

Being able to take a thermal image and find a match for it in a repository of photos that were taken in normal light would be a significant advance for the U.S. military. That’s why they’ve begun building a system capable of doing just that.

Keep reading

Collaborative Information and Databases

One of the oldest forms of information dissemination is word-of-mouth, and the Internet is no different. With the popularity of bookmarking and other collaborative sites, obscure blogs and websites can gain plenty of attention. Follow these sites to see what others are reading.

  • As readers find interesting articles or blog posts, they can tag, save, and share them so that others can enjoy the content as well.
  • Digg. As people read blogs or websites, they can “digg” the ones they like, thus creating a network of user-selected sites on the Internet.
  • Technorati. Not only is this site a blog search engine, but it is also a place for members to vote and share, thus increasing the visibility for blogs.
  • StumbleUpon. As you read information on the Internet, you can Stumble it and give it a thumbs up or down. The more you Stumble, the more closely aligned to your taste will the content become.
  • Reddit. Working similarly to StumbleUpon, Reddit asks you to vote on articles, then customizes content based on your preferences.
  • Twine. With Twine you can search for information as well as share with others and get recommendations from Twine.
  • This collaborative site offers shared knowledge from its members through forums, blogs, and shared websites.

patulives  asked:

I have often thought about creating an archive of POC images from the Early Modern Era, for teaching purposes. You've done something similar, but so much cooler. So my question is this: how do you deal with copyright issues? This was the biggest hurdle for me. I looked into the costs of obtaining images, along with the reproduction rights to post them online, at it was extremely expensive. So, are you only posting license-free unrestricted images? Or does this fall under fair use somehow?

??? Weird! Almost all of these images are Public Domain for certain uses. Educational purposes absolutely fall under that category.

Now, if I wanted to use them in a book, (which I am/do), there are some that require specific licensing, it’s true. I plan to see if there is interest sufficient enough for crowdfunding a project like that; i have reason to believe there is. As for educational use, do you not have access to databases that are for educators?

There have been a few times where people have preferred that I not use their personal photos or blog photos, in cases where that ended up happening, through various mistakes of attribution that were my own, I have removed the images and replaced them with links.

In addition, I don’t know if you are in the U.S., but copyright cases over the use of photos of an artwork to which the copyright expired or never existed, there is no reasonable assumption that you can own copyright to a photograph of an artwork intended to show the artwork. Does that make sense?

It’s like….there’s a reason you can do this:

Although it’s possible they paid someone who took the photo. YMMV. Also, many, many many museums offer these works, downloadable at very high resolution, for free.

Some of them, like Rijksmuseum, even encourage people to create their own works of art derivative or using these other works. The Getty Museum is barfing out free hi-res images from their collection like nobody’s business. As you can see here, the Metropolitan Museum of Art clearly states that while some use of its images are restricted, those are mostly going to be uses like the one above. The British Museum offers its Digital Manuscript Collection for the delight of academics and scholars everywhere, with the ease of reading these ancient, fragile papers as if you were holding the dusty tomes yourself. They ask only that your use of the material is respectful, and in the spirit of sharing knowledge.I mean, they recently uploaded over one million images to Flickr.

I could go on, but I just wanted you to know that if your project is respectful and for the purposes of education, there is no reason to assume you’d have any restrictions. Anything that’s behind a paywall might have additional considerations, and anything that says it is explicitly copyrighted should be used cautiously or not at all.

All in all, what I’m doing here is much more copyright-friendly than your average, run of the mill Star Trek slashfic. XD Overall, most of these museums and institutions are much more interested in getting people to give a crap and hopefully pay for tickets to go see the silly thing in person than they are about slapping random online academics with cease-and-desist orders.

In fact, I sort of hope that by writing about these amazing works, more institutions and museums will actually PUT THEM ON DISPLAY and/or create more touring exhibits like Revealing the African Presence in n Renaissance Europe and Lacas Namban: Huellas de Japón en España.

Now, as a last issue, I am actually the luckiest person in the world because I have followers willing to go to a fricken museum that allows photos, or some small town Gothic Church, and they submit their photos to medievalpoc, and it makes this blog SO MUCH BETTER! Because some of these works are squirreled away in churches in Europe, and I even had someone interview a local historian and submit it-along with photos!!!!

I owe everyone who submits a great debt, as do my readers. Anyhow, you should definitely go ahead with your project. One of my biggest motivations with this project is to encourage others to enjoy and share their research as well!


A friend of mine made this while procrastinating on studying for the midterm. What ever possessed him to do this? XD

Scientific Search Engines and Databases

The scientific community keeps many databases that can provide a huge amount of information but may not show up in searches through an ordinary search engine. Check these out to see if you can find what you need to know.

  • This search engine offers specific categories including agriculture and food, biology and nature, Earth and ocean sciences, health and medicine, and more.
  • Search for science information with this connection to international science databases and portals.
  • CiteSeer.IST. This search engine and digital library will help you find information within scientific literature.
  • Scirus has a pure scientific focus. It is a far reaching research engine that can scour journals, scientists’ homepages, courseware, pre-print server material, patents and institutional intranets.
  • Scopus. Find academic information among science, technology, medicine, and social science categories.
  • GoPubMed. Search for biomedical texts with this search engine that accesses PubMed articles.
  • the Gene Ontology. Search the Gene Ontology database for genes, proteins, or Gene Ontology terms.
  • PubFocus. This search engine searches Medline and PubMed for information on articles, authors, and publishing trends.
  • Scitation. Find over one million scientific papers from journals, conferences, magazines, and other sources with this tool.

le-jardine-d-eden  asked:

What databases do you use for art? I need something other than ArtStor.

I use a lot of databases!

These are 100% free and accessible to everyone:

Web Gallery of Art

The Getty


The Met’s Heilbrunn Timeline of Art History

Art History Site Database and Search (AHDB)


The Bridgeman Art Library

Yale Center for British Art

The National Gallery

Also: most museums have a large database of works,odten works not currently on display.

Followers, feel free to reblog with your favorite Art History resources and Databases!

No Access For You!

I am not a huge expert, but within my company, I am considered the MS Access guru.  Our IT department doesn’t support software (they’re just network folks), so if someone asks them an Access question, they always refer them to me.  

I often get phone calls that ask “Is um…Sally…there?”.  I’ll answer yes, that’s me.  They’ll often hang up right then, wait a few minutes, and then call me back.  When they get me the second time, they’ll explain “Well, when I called, a LADY answered, so I had to call IT to make sure they’d given me the right number!  Ha ha ha.” Despite the obviously female name, they were still expecting a man, maybe a foreign one to explain the “odd” name.  

The hanger-uppers then go on to say, “Well, IT said you could maybe help me.  You see, I’m working in Access, that’s a DATABASE program - I’m not sure if you know about databases”. I’ll answer that yes, I do, and in fact, that is why IT refers people to me.  The worst ones STILL won’t get it and will start by explaining that there are these FORMS, and god forbid, CODE… I just say “I’m sorry, but I’m going to put you on hold while you explain Access 101 to yourself.  I’ll check back with you in 10 minutes to see if you’ve gotten around to an actual question.”  

I’ve had a few actually wait the 10 minutes and apologize.  

Tumblr Engineering @ Percona Live MySQL Conference

We’re pleased to announce that Tumblr’s Database Engineering team will be attending the Percona Live MySQL Conference next week in Santa Clara, CA!

We’ll be giving a talk on our open source automation software, Jetpants, which has helped us scale to over 175 billion distinct rows of relational data to date. We’re also looking forward to attending a number of amazing sessions from our friends at Percona, Facebook, Oracle, Palomino, Etsy, and more.

If you haven’t registered yet, use code SpeakMySQL to save 15%. Hope to see you there!

Big Data Is Too Big for Scientists to Handle Alone

Much of the recent data frenzy — from the physical and life sciences to the user-generated content aggregated by Google, Facebook and Twitter — has come in the form of largely unstructured streams of digital potpourri that require new, flexible databases, massive computing power and sophisticated algorithms to wring out bits of meaning from them, said Matt LeMay, a former product manager at the URL shortening and bookmarking service Bitly.”