Where does Pakistan stand in World Economic Freedom Index 2018?


According to the Time of Islamabad  report World Economic Freedom report has surfaced and Pakistan has not performed well even this year. *
Pakistan has achieved an economic freedom score of 54.4 in the “Economic Freedom Index” 2018 conducted by the Heritage Foundation.
Pakistan’s economy was ranked the 131stfreest in the 2018 index and its overall score rose by 1.6 points with a major improvement in fiscal health offsetting falls in government integrity and business freedom.
In the Asia-Pacific region, Pakistan’s economy was ranked at 31st amongst forty-three countries. The overall score of 54.4 remains below the world and regional averages which stood at 61.1 and 61.0 respectively.
In the last few years, some elements of economic freedom have proceeded timidly in Pakistan according to the “Economic Freedom Index” but years of internal political rows and low levels of foreign investment contributed to unpredictable growth and underdevelopment.
The immense meddling of the state in the economic affairs of the country and the inefficient but pre-eminent regulatory agencies discourage private business formation, the report said.
It added that a lack of access to bank credit threatened entrepreneurship and innovation had slowed down due to the isolation of the financial sector from the outside world.
Also, the “Economic Freedom Index” 2018 report said the judicial system was severely affected by a serious backlog and poor security and corruption keeps on tarnishing the civil service and judiciary.
In the rule of law section, property rights score stood at 36.0, down 0.4 from the previous year. Judicial effectiveness score was 34.0, down 0.1 and government integrity at 27.3, recording a fall of 3.2.
The report said “Pakistan’s legal system provides incomplete protection for the acquisition and disposition of property rights. Although technically independent, the justice system is marred by such endemic problems as corruption, intimidation, a large backlog of cases, and insecurity. Corruption is pervasive. Many public officials face allegations of bribery, extortion, cronyism, nepotism, patronage, graft, and embezzlement.”
In the government size section, tax burden recorded a score of 78.5, down 0.4 from the previous year. Government spending stood at 88.2, recording an increase of 0.9 and fiscal health saw the biggest up of 23.2 points, touching 54.0.
The regulatory efficiency section saw a score of 55.3 in the business freedom benchmark, down 5.9 points. Labour freedom benchmark saw a score of 40.6 points, up 2.8 points and monetary freedom benchmark posted a score of 40.6, registering a rise of 2.9 points.
The report highlighted business freedom was lagging in the country, with entrepreneurs facing major licensing and other bureaucratic hiccups. Also, legal protections for laborers was cited as very weak.
In the open market section of the report, the country scored 65.9 in trade freedom benchmark, registering a 1.3-point fall from the previous year, with investment freedom benchmark remaining unchanged at 55.0. Financial freedom benchmark score stood unchanged at 40.0

The Index of Economic Freedom is based on 10 categories:
1. Business Freedom,
2. Trade  Freedom,
3. Tax Burden,
4. Freedom from Government,
5. Monetary Freedom,
6. Investment Freedom,
7. Financial Freedom,
8. Property Freedom,
9. Freedom From Corruption,
10. Labor Freedom,

Thank U for reading


Stay Connect with us: amadahmad.blogspot.com
Continue Reading...

The last words of Steve Jobs


I have come to the pinnacle of success in business.

In the eyes of others, my life has been the symbol of success.
However, apart from work, I have little joy. Finally, my wealth is simply a fact to which I am accustomed.
At this time, lying on the hospital bed and remembering all my life, I realize that all the accolades and riches of which I was once so proud, have become insignificant with my imminent death.
In the dark, when I look at green lights, of the equipment for artificial respiration and feel the buzz of their mechanical sounds, I can feel the breath of my approaching death looming over me.
Only now do I understand that once you accumulate enough money for the rest of your life, you have to pursue objectives that are not related to wealth.
It should be something more important:
For example, stories of love, art, dreams of my childhood.
No, stop pursuing wealth, it can only make a person into a twisted being, just like me.
God has made us one way, we can feel the love in the heart of each of us, and not illusions built by fame or money, like I made in my life, I cannot take them with me.
I can only take with me the memories that were strengthened by love.
This is the true wealth that will follow you; will accompany you, he will give strength and light to go ahead.
Love can travel thousands of miles and so life has no limits. Move to where you want to go. Strive to reach the goals you want to achieve. Everything is in your heart and in your hands.
What is the world's most expensive bed? The hospital bed.
You, if you have money, you can hire someone to drive your car, but you cannot hire someone to take your illness that is killing you.
Material things lost can be found. But one thing you can never find when you lose: life.
Whatever stage of life where we are right now, at the end we will have to face the day when the curtain falls.
Please treasure your family love, love for your spouse, love for your friends...
Treat everyone well and stay friendly with your neighbors.
For More Stay Tune with Us: https://amadahmad.blogspot.com
Continue Reading...

Session Cookie Based SQL Injection

Short Description: SQL injection is most dangerous attack for web application, there are a lot of different websites are vulnerable to SQL injection. There are different variant for SQL injection like a simple SQL injection, blind SQL injection and Cookies based SQL injection. As you know the basic idea about cookies and their importance, cookies are represent some session and normally they count in cross site scripting attack (XSS) but what is cookies based SQL injection. In this article we will discuss cookies or session based SQL injection attack. 

Did you say a “Cookie” 

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data.
Cookies are not software. They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities – a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.[1]


Where can I find my cookies?


Here is one way to get your stored cookies using your browser. This method is applied for Mozilla Firefox:


  1. From the Tools menu, select Options. If the menu bar is hidden, press Alt to make it visible.

  2. At the top of the window that appears, click Privacy.

 4. To modify settings, from the drop-down menu under “History”, select Use custom settings for history. Then enable or disable the settings by checking or unchecking the boxes next to each setting:


  • To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click Exceptions.
  • To accept third-party cookies, check Accept third-party cookies. In the drop-down menu next to “Keep until:”, select the time period you wish to keep cookies on your computer.
  • To view the cookies stored on your computer, click Show Cookies… . In the window that appears, you can view the cookies on your computer, search for cookies, and remove any or all of the listed cookies.
  • To specify how the browser should clear the private data it stores, check Clear history when Firefox closes. Then, click Settings… . You can specify the items to be cleared when you close Firefox.

  4. Click OK until you return to the Firefox window.

To remove all cookies, from the Tools menu, select Clear recent history… . Check the items you want to clear, and then click Clear Now.



Are you talking about a Cookie Poisoning-like attack?


Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user’s computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.
Cookie poisoning is a known technique mainly for achieving impersonation and breach of privacy through manipulation of session cookies, which maintain the identity of the client. By forging these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.[4]
To sum up, cookie-based SQL Injection is far to be a kind of Cookie Poisoning.

Cookie variables as a vector of SQL Injections:


SQL injection overview

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
All data sent by the browser to a Web application, if used in a SQL query, can be manipulated in order to inject SQL code: GET and POST parameters, cookies and other HTTP headers. Some of these values ​​can be found in the environment variables. The GET and POST parameters are typically entered into HTML forms, they can contain hidden fields, i.e. information that is in form but not shown. GET parameters are contained in the URL and POST parameters are passed as HTTP content. Nowadays, and with the growth of Web 2.0 technologies, the GET and POST requests can also be generated by JavaScript.

Injecting malicious code in cookie:

Unlike other parameters, cookies are not supposed to be handled by users. Outside of session cookies which are (usually) random, cookies may contain data in clear or encoded in hexadecimal, base64, hashes (MD5, SHA1), serialized information. If we can determine the encoding used, we will attempt to inject SQL commands.



 function is_user($user) {

global $prefix, $db, $user_prefix;

if(!is_array($user)) {

        $user = base64_decode($user);

        $user = explode(“:”, $user);

$uid = “$user[0]“;

$pwd = “$user[2]“;

} else {

$uid = “$user[0]“;

$pwd = “$user[2]“;

}

if ($uid != “” AND $pwd != “”) {

    $sql = “SELECT user_password FROM “.$user_prefix.”_users WHERE user_id=’$uid’”;

$result = $db->sql_query($sql);

$row = $db->sql_fetchrow($result);

$pass = $row[user_password];

if($pass == $pwd && $pass != “”) {

return 1;

}

}

return 0;

}

The cookie contains base64 encoded form identifier, a field that is unknown and a password. If we use as a cookie 12345 ‘UNION SELECT’ mypass ‘:: mypass base64 encoded, the SQL query becomes:
  SELECT user_password FROM nk_users WHERE user_id=’12345′ UNION SELECT ‘mypass’

This query returns the password mypass, the same password as we have to provide. So we are connected.

How to inject the code in Cookies?

There are many HTTP interceptors and HTTP editors that can intercept the HTTP request before it is sent to the server. Then the tester can introduce his malicious SQL statement in the cookie field.
It’s like a get/post based SQL Injection, except that certain characters can’t be used. Forexample, ‘;‘ and ‘,‘ are typically treated as delimiters, so they endthe injection if they aren’t URL-encoded.

Conclusion

Cookie variables sometimes are not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code. For the web application audits, cookie variables should be added to the list of parameters to be checked.

For more Updates Visit: amadahmad.blogspot.com
Continue Reading...

What Is A DNA computer? How Can It Beat The World’s Fastest Supercomputers?

Short Description: The concept of DNA computing was first introduced in 1994. It deals with the “bio-chips” made of DNA that are able to perform billions of calculations at once by multiplying themselves in number. In other words, a DNA computer grows as it computes. In a recent development, the researchers from the University of Manchester have shown that the creation of this conceptual computer is possible in real life.
   I
ntel is struggling to increase the speed of their CPU's due to the limitations of Moore’s law. The other processor makers are also working hard to beat the speed records. There’s no denying the fact that researchers and scientists need to look for silicon alternatives for faster computing. The silicon-based computers have a finite number of processors and, thus, their capabilities are also finite.

What is a DNA computer? How does it work?

Long back in 1994, the concept of computing with DNA was first proposed to make calculations faster even with a small footprint. Its major highlight was the ability to multiply itself and carry out numerous calculations simultaneously. In other words, unlike a normal computer that performs calculations one after another, a DNA computer does those calculations at once by making multiple copies of itself.
Coming back to the introduction of the concept of DNA computing in 1994, it was invented by the famous cryptographer Leonard Adleman who used DNA to solve the “traveling salesman” problem. The problem aimed at finding out the shortest route between a number of cities by going through each city only once. Adleman showed that billions of molecules in a drop of DNA had so much computational power that can simply overpower silicon and the powerful human-based computers.
In his experiment, the strands of DNA represented 7 cities. The sequences of genetic alphabets A, T, C, and G represented cities and the path. After this, when the DNA molecules were mixed in a test tube, some DNA strands stuck together and the chains of strands were the possible answers. Using some chemical reactions, wrong molecules were removed. You can read more about the process in detail in this paper written by Adleman himself.
These DNA molecules are able to store billions of times more data as compared to tradition storage devices. Due to an abundance availability of DNA, it’s a cheap resource. Also, a DNA computer will be environment-friendly and compact in size.

What’s the latest progress? Is DNA computing going to be a reality very soon?

In 1997, the researchers at the University of Rochester developed basic DNA logic gates, which was seen as a breakthrough. Recently, a major development in the field of DNA computing was made by the researchers from the University of Manchester, which is famous for creating first stored memory electronic computer.
The researchers have shown that it’s possible to build a DNA computer that’ll grow as it’ll compute. This concept is also being called a nondeterministic universal Turing machine (NUTM).
As the DNA molecules are very tiny, a desktop “DNA” computer can utilize more processors than all the electronic computers in the world combined. “And therefore outperform the world’s current fastest supercomputer, while consuming a tiny fraction of its energy,” according to Professor King of Manchester’s School of Computer Science.
In a research paper, they have described the physical design for an NUTM that implements a universal Thue system. This design uses the DNA’s ability to replicate to execute an exponential number of paths. Their paper shows that this design works using in vitro molecular biology experimentation and computation modeling. You can read the research paper to know more details.
Currently, the field of DNA computing is in its nascent stage, and it’ll take a long time to develop a working DNA computer. But, whatever might be the rate of progress, the concept surely sounds exciting.
For more Updates Visit: amadahmad.blogspot.com
Continue Reading...

Most Popular Programming Languages, Frameworks, Libraries, And Databases | 2017


Stack Overflow has released its much-anticipated Developer Survey 2017. This year, over 64,000 developers took part in the survey and shared their preferences. The survey revealed that for the fifth time in a row, JavaScript was the most commonly used programming language, followed by SQL and Java.
Stack Overflow is the world’s largest online community for programmers where they can learn languages, share code, and help each other. The website also releases its annual developer survey which gives a pretty solid idea of current programming trends, the work lives of developers, their habits and preferences, etc.
Since 2011, Stack Overflow is conducting this survey each year. This year’s survey is the biggest in Stack Overflow’s history with 64,000 developers taking part. Over the course of next few days, I’ll be telling you about some of the major highlights of this survey.

Most popular programming languages:

For the fifth time in a row, JavaScript has topped the list of the most commonly used programming languages. JavaScript is followed by SQL and Java.
The growth of Python is notable. It has overtaken PHP for the first time in five years. Here’s the list of the most popular programming languages:

Most popular frameworks, libraries:

In this category, Node.js and AngularJS continue to be the most commonly used technologies:

Most popular databases:

For the first time in its survey, Stack Overflow asked the developers what databases they were using. MySQL and SQL Server turned out to be the biggest databases:

For more Updates Visit: amadahmad.blogspot.com
Continue Reading...
Subscribe to: Posts ( Atom )