United We Stand  
english
design studio portfolio I.D.S
WEBSITE DESIGN
Flora Pacifica
flora.jpg
zoom

visit site

Bob Zawaski P.C., ABR
bob.jpg
zoom

visit site

Ann MacLean
maclean.jpg
zoom

visit site

SurfSide-Realty
surfside.jpg
zoom

visit site

Tiny Caudell Real Estate
bluepacific.jpg
zoom

visit site

Blue Pacific Realty
blupac.jpg
zoom

visit site

Erka
erka.jpg
zoom

visit site

Elease Returns (now in work!)
e_lease.jpg
zoom

visit site

Golden Bear Auto Leasing
bear.jpg
zoom

visit site

Suzie Etchart
suzie.jpg
zoom

visit site

Harper
harper.jpg
zoom

visit site

South Coast Humane Society
society.jpg
zoom

visit site

North Gate Auto
northgate.jpg
zoom

visit site

Opal Jewelry Cleaner (now in work)
opal.jpg
zoom

visit site


FLASH BANNER DESIGN


Management Ventures, Inc (www.mventures.com) We developed an interactive questionnaire for users of this site. The administrative part includes sorting and analyzing of information which was displayed in the format of diagrams and graphs. The questionnaire was realized in ASP and using MS SQL Server 7.0 for data storage.


Security analysis of Perl scripts.

www.buildereferals.com Security analysis of Perl scripts. After we had discovered some security flaws (script source access, full database access) and the site had been patched, the second step of analysis was performed. During this stage some other flaws (not related to scripting) were found and reported.

www.companionbar.com The site is closed now. It was similar to Spedia and other companies paying for viewing advertisement. The client part was written in VB6, while paid ad views were registered on the server via SSL connection (as TCP sniffer showed), so at TCP protocol level the client-server communication was secure, but it was possible to sniff API calls to the wininet.dll. Our security analysis was one of the reasons of project suspension.

www.platinclicks.com The site is closed now. Tracking of the users logged into the site was done by username and DES-encrypted password in URL. But after thorough inspection a security flaw was discovered - an incorrect encryption algorithm. Instead of crypt(password, salt) a crypt(salt, password) function call was used. As only 2 firs symbols of salt are significant, the password (a two-symbol string which is identified by site as a correct password) of any user could be found in some minutes (36^2 combinations of alpha-numeric symbols). The owners of PlatinClicks were informed about the problem, but no actions were taken on their side (perhaps they thought it better to close the site).

portfolio
|about us|services|partners|
|portfolio|your project|members|contact|
 
Copyright © 2001-2014 International Data Service. All Rights Reserved.