Wednesday, December 21, 2011

Protect your files and folders

Many of you might have faced this situation. Whenever you try hide some of your personal files or folders , your brother or your friend comes and says damn i never knew you had this file .

You will be thinking can't i have any privacy in ma pc. Yes , you can have all you have to do is simple.

1.First the basic way id to create a password for your user account . In this way you can stop others from accessing your account without knowing your password.

2. If you can't do that , there are many softwares available in the net . you can download and protect your files and folders . The steps will be explained below. Truecrypt and Safehouse are some of the best encryption tools which you can use.

These two work in a similar way only.Here i will explain the working of Safehuse.

1. First you download the software from the internet.(Links are given below) and install it your pc.
2. once you have finished installing it , create a new volume which will house your files and folders which you want to be encrypted.

3.  After that open your Explorer by pressing (win key + e) . you can see a new virtual drive. copy all the files and folders which you want to encrypt into it. goto safehouse explorer and select file and then close volume and you have encrypted all your files.

5. now if you want to access your files and folders just navigate to that houses your SafeHouse volumes and double-click the corresponding volume file to open it. Type the password and you should see all the files and folders under a virtual drive in Windows Explorer again..

note:delete the original contebt after copying it to the virtual drive in step 3 as anyone can access it since it is not password protected.


President of Guyana's website hacked

“To the ignorant observer Israel may appear modern, vigorous and democratic largely thanks to the outrageous bias in Western media and the $$$ whom have become our wake up!!!”

This message was posted on the President of Guyana’s official website, which was hacked by a member ‘The Disaster’, from a group named ‘The hacker army’.

The group doesn’t seems to be ‘just another hacker group’. It took down one of the websites, used by the famous hacktivist group, Anonymous.
They also took down the ESET Thailand, the official website of ESET antivirus and security solutions.

The president's website hasn't been restored yet.

President of Guyana's website:

Common mobile application vulnerabilities

Although there a number of vulnerabilities in mobile apps, we will have a look at the three vulnerabilities which are very common. The term ‘mobile application’ refers to both the app as well as the web service.
Unsecure storage of data:
This seems to be the most prevailing issue.
Insecurities in the implementation include,
a)      Storing plain text credentials in a SQLite database
b)      Storing XML files that contain plain text credentials or other sensitive account details
c)       Storing plain text credentials in a system wide database(like accounts.db/Android)

The result of this is that if a mobile device is stolen or lost then the credentials are readily available to pick up. Physical access is not always required. A newbie who has spent five minutes on the Google can find out where you are storing your metaphorical “house keys”.
Some solutions to this problem are to use Android SQL-cipher and also keep in mind about the platform API solutions as well.

Poor session handling:
You will come across pure basic-authorization schemas in SOAP. For those who are not familiar with basic authorization, it means the user’s credentials are sent in the standard basic authorization format (Base 64 encoded username: password).
 The problem occurs when, instead of using a session handling schema, the username/password is sent with every request to the web service as a means of authenticating the user for the requested action. There are many disadvantages to this. Namely if, SSL isn’t in use, the username/password is more vulnerable to get stolen. Additionally, because you haven’t a session to destroy, there is no inactivity lock out. Obviously the credentials are stored on the device and retrieved by the app and then sent in the request on a per-request basis.  
Another session related problem is leveraging device identifiers or client side data to control privileges of a user.

API keys and test accounts:
From the test account credentials along with the test URL, which provided deep insight into the internal workings of an architecture to the personal email addresses of developers(think – social engineering/username enumeration), the list of things put into the source code can be fairly surprising.
                These applications are reversible. Especially the android apps, between dex2jar/apktool/jd-gui, its pretty easy to see things not intended for you. Developers should eliminate any sensitive data prior to sending the code out for production. And make sure you aren’t hard-coding API or encryption keys.

I suggest those interested to check out the OWASP Mobile Top 10 Risks!

12 Chinese hacker groups behind attacks

WASHINGTON - China directs and supports hackers, stealing away billions of dollars of intellectual property and data from US. 12 different government supported Chinese groups perform chunk of china-based cyber attacks stealing critical hi-tech info from US, says US cyber security analysts and experts. The aggressive attacks have signatures which can be linked to certain hacking groups being tracked by US officials.

Former vice-chairman of the Joint Chiefs of Staff, James Catwright says "industry is already feeling that they are at war". The vice chairman is in full favor of strong efforts from the US to hold china and other countries accountable for the cyber attacks. However, it is almost impossible for US to prosecute hackers in china, since it requires concrete proof that the hacking came from a specific region.Your browser may not support display of this image. 

Frustrated officials say, just as during the cold war with Russia, US needs to make clear that there will be repercussions for cyber attacks. The hacking tools include malware that can record keystrokes, steal and decrypt passwords, and copy and compress data, which can then be transferred to the attacker's computer.

Cartwright says, coming up soon would be a full-throated policy by the US, that makes it quite clear for the stealthy attackers, that US is not gonna sit back and relax, rather reporting an attack to the state department, asking the respective country to stop the attack, if the latter doesn’t, US would have the right to stop the server from sending the attack by whatever means possible.


Carrier IQ: The pre installed root-kit

Android developer Trevor Eckhart had released information (some pretty
bad info) about a widespread rootkit called Carrier IQ that can track
everything on your phone and even more worse is that it comes
preinstalled on a large number of smart phones including various
Androids, Nokia phones and BlackBerrys. Let us see how it works and
how to get rid of it.

Some time ago Eckhart discovered a hidden application on some phones
that have the ability to log everything on your device from your call
log, location, text messages, etc... This mysterious program is called
as Carrier IQ, and it’s different from the android malware, this
Carrier IQ comes preinstalled by the manufacturer of your phone. 

rootkit is a program with massive privileges and it hides it presence
from the user. It was originally designed to make a log of things like
dropped calls and bad network connections for troubleshooting and
rectification of problems. But manufacturers like HTC and Samsung have
modified it to run in background, completely undetectable.

It can slow down your phone and the big problem is that anyone on the
other side can read your text messages, see what you browse and a lot
of other things.
But phone manufacturers and wireless carriers claim that they aren't
doing anything wrong. And they cannot look at the content of messages,
photos or videos. But Eckhart claims different things. I recommend
reading the Eckhart’s article for a deeper look at how Carrier IQ

Let us see how to detect it’s presence on your phone:
Right now only Android users are the only ones who are able to detect
and remove it.
First of all you need to root your device. Then using the Logging Test App v8 app( it can be downloaded from
You need to run the CIQ Checks task in this app on XDA will tell you
whether it’s running on your system.

If you are running an Android Open Source Project (AOSP) based ROM like Cyanogen Mod then you do not have Carrier IQ on your phone. If you are using a modded version of your manufacturer’s ROM you have chances of Carrier IQ installed. To avoid this either flash AOSP based ROMs or flash ROMs with Carrier IQ removed.

How to remove it from your device:
To remove Carrier IQ from your device you have two options. Either to flash a custom ROM that doesn’t contain Carrier IQ or use Eckhart’s Logging Test App to remove it. For both these things your phone needs to be rooted. The Logging Test App can be downloaded from the Android Market for 1$. Then open that app, select the Menu button and then tap “Remove CIQ”. This will completely remove it from your device.

Wednesday, October 26, 2011

Download Exploit Pack - An open source security framework

Download Exploit Pack - An open source security framework

Exploit Pack is an open source security framework developed by Juan Sacco. It combines the benefits of a Java GUI, Python as Engine and well-known exploits on the wild. It has an IDE to make the task of developing new exploits easier, instant search features and XML-based modules.

A GPL license for the entire project helps to ensure the code will remain free. It also features a ranking system for contributors, tutorials for everyone who wants to learn how to create new exploits and a community to call for help. 

It has a module editor that allows you to create your own custom exploits.
There is an instant search feature built-in on the GUI for easier access to modules.
Modules use XML DOM, so they are really easy to modify.
It uses Python as its Engine because the language is more widely used on security related programming.
A tutorial is also provided. If you want to earn money, they will pay you for each module you add to Exploit Pack.

Download Here:

Download Havij 1.1.5

Download Havij 1.1.5

Havij is the one of the best tool for SQL injections which is used by most of the persons to hack website databse. This is a nice automated tool which takes tha URL and give you complete database of the website

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

What's in this

  1. Webknight WAF bypass added.
  2. Bypassing mod_security made better
  3. Unicode support added
  4. A new method for tables/columns extraction in mssql
  5. Continuing previous tables/columns extraction made available
  6. Custom replacement added to the settings
  7. Default injection value added to the settings (when using %Inject_Here%)
  8. Table and column prefix added for blind injections
  9. Custom table and column list added.
  10. Custom time out added.
  11. A new md5 cracker site added
  12. bugfix: a bug releating to SELECT command
  13. bugfix: finding string column
  14. bugfix: getting multi column data in mssql
  15. bugfix: finding mysql column count
  16. bugfix: wrong syntax in injection string type in MsAccess
  17. bugfix: false positive results was removed
  18. bugfix: data extraction in url-encoded pages
  19. bugfix: loading saved projects
  20. bugfix: some errors in data extraction in mssql fixed.
  21. bugfix: a bug in MsAccess when guessing tables and columns
  22. bugfix: a bug when using proxy
  23. bugfix: enabling remote desktop bug in windows server 2008 (thanks to pegasus315)
  24. bugfix: false positive in finding columns count
  25. bugfix: when mssql error based method failed
  26. bugfix: a bug in saving data
  27. bugfix: Oracle and PostgreSQL detection

Download Here:

A-ddos - Kernel solution to prevent ddos attack

A-ddos - Kernel solution to prevent ddos attack

a-ddos is a kernel patch in order to prevent DDos attack at the low-hardware-level. It works well on a netbridge.

DDos is short for distributed denial-of-service,it becomes a serious threat nowadays. There hasn't been a perfect solution yet. a-ddos uses 512M(128M in current version) memory to keep tracks of every ipv4 address and a kernel-level timmer to record connections pre-second. While under attack, only the available IPs are allowed to be connected to the server.

Highlighted features
In order to determine every connection, only one memory-access is needed.

The implementation is simple and fast, while under syn-flood attack a-ddos takes less than 10% cpu time to handle.

It's easy to extend the memory usage, nevertheless 4G/8 bit = 512MB can handle the whole IPV4 space!


Read more:

download AnDOSid - DOS tool for android

download AnDOSid - DOS tool for android

A new product released by SCOTT HERBERT for Android mobile phones,Its AnDOSid - the DOS tool for Android Phones. The rise of groups like Anonymous and LuzSec, as well as constant India / Pakistan cyberwar has raised the issue of cyber-security high(er) in the minds of web owners.

Pentesting tools exist to simulate such attacks and help website security people defend against them, however for the most part they currently only exist for desktop computers. Mobile phones have, over the last few years, grown from simple devices that send and receive calls to mobile computing platforms which can be purchased for less than $100 a device.

AnDOSid fills that gap, allowing security professionals to simulate a DOS attack (An http post flood attack to be exact) and of course a dDOS on a web server, from mobile phones. AnDOSid is actively being developed and I welcome feedback from the security community as to how you would like the application to evolve.

Requires Internet access to send the http post data
Requires phone state to access the IMEI (one of the two identifiers sent with each post)

Download Here:

download bsqlhacker | Advanced SQL Injection Framework

download bsqlhacker | Advanced SQL Injection Framework

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits.

Key Features

  • Easy Mode
  • SQL Injection Wizard
  • Automated Attack Support (database dump)
  • MySQL (experimental)
  • General
  • Fast and Multithreaded
  • 4 Different SQL Injection Support
  • Blind SQL Injection
  • Time Based Blind SQL Injection
  • Deep Blind (based on advanced time delays) SQL Injection
  • Error Based SQL Injection
  • Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
  • RegEx Signature support
  • Console and GUI Support
  • Load / Save Support
  • Token / Nonce / ViewState etc. Support
  • Session Sharing Support
  • Advanced Configuration Support
  • Automated Attack mode, Automatically extract all database schema and data mode
  • Update / Exploit Repository Features
  • Metasploit alike but exploit repository support
  • Allows to save and share SQL Injection exploits
  • Supports auto-update
  • Custom GUI support for exploits (cookie input, URL input etc.)
  • GUI Features
  • Load and Save
  • Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
  • Visually view true and false responses as well as full HTML response, including time and stats
  • Connection Related
  • Proxy Support (Authenticated Proxy Support)
  • NTLM, Basic Auth Support, use default credentials of current user/application
  • SSL (also invalid certificates) Support
  • Custom Header Support
  • Injection Points (only one of them or combination)
  • Query String
  • Post
  • HTTP Headers
  • Cookies
  • Other
  • Post Injection data can be stored in a separated file
  • XML Output (not stable)
  • CSRF protection support (one time session tokens or viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)
Read More:

Download Here:

download bsqlbf-v2.7 - Blind Sql Injection Brute Forcer

download bsqlbf-v2.7 - Blind Sql Injection Brute Forcer

This is a modified version of ''. This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. Databases supported:

1. MySQL
2. PostgreSQL
3. Oracle

The tool supports 8 attack modes(-type switch):-

Type 0: Blind SQL Injection based on true and false conditions returned by back-end server
Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.
Type 2: Blind SQL Injection in "order by" and "group by".
Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)
Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)
Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)
Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit
Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs
-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first
Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions
-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first

Download Here

Bot and botnets

The term bot, derived from “ro-bot” in its generic form. It is a script or set of scripts or a computer program which is designed to perform predefined functions repeatedly and automatically after being triggered intentionally or through a system infection. Bot runs automated tasks over internet. According to the type of working we can say that there are two of Bots.

Benevolent bots: Bots that are used to carry out legitimate activities in an automated manner are called benevolent bots. These are used in search engines to spider online website content and by online games to provide virtual opponent.
Malicious bots: Bots that are meant for malicious intent are known as malicious bots. bots used for DDos attack and spam bots are example of Malicious bots.

The first bot program Eggdrop created by Jeff Fisher in 1993 originated as a useful feature on Internet Relay Chat (IRC) for text based conferencing on many machines in a distributed fashion.

An IRC malicious bot program runs on an IRC host or client each time it boots in a hidden manner and controlled by commands given by other IRC bot(s). It is typically an executable file with a size of less than 15 KB in its compressed form. An IRC host computer running an IRC bot malware program becomes a Zombie or a drone (Choo – 2007). 

The first malicious IRC bot, Pretty Park Worm that appeared in 1999 contained a limited set of functionality and features, such as the ability to connect to a remote IRC server, retrieve basic system information e.g. operating system version, login names, email addresses, etc.

A collection of such type of bot affected systems are know as BOTNET (Bot Networks). A collection of compromised hosts or bot-infected machines running malware such as worms, Trojan horses, or backdoors under command & control (C&C) infrastructure.

Types of Botnets:  There are a variety of botnets in existence today. The three most commonly seen on home and office client computers are HTTP botnets that exploit vulnerabilities in web browsers, IRC botnets that allow operators to control the computers of unsuspecting users through an internet relay chat (IRC) channel, and Peer to Peer (P2P) botnets that infect files shared on P2P services like Gnutella or Limewire.

HTTP Botnets:HTTP typically is used for creation and control of botnets. Bots will sign in to an http server and wait for commands from a bot herder, or they will simply visit pre-designated sites to get commands that are coded into the site’s files.  Many HTTP bots have their own servers for downloading malware, phishing, etc. 

P2P Botnets:Many P2P applications are utilized by bot herders to share files that have bots and malware attached. In most cases, these bots are pre-programmed to perform specific functions when a file is opened, or when a container application like a game or desktop application is installed.

IRC Botnets: The most abundant use of botnets is accomplished using IRC applications. This is because the IRC protocol has been around the longest, and that is where earlier botnets operated before HTTP came along. IRC is used by a wide variety of applications to allow users to have simple text based chatting environments. Infected IRC clients log into a specific IRC server and wait for specially formatted text messages that contain commands. Commands can also be encoded into the title or name of the chat channel, so that every bot entering can be given commands. More sophisticated versions of this will group bots into sub-nets based on the tasks to be performed, or some other distinction. IRC Botnets are generally the most complex and the hardest to detect.

this is the diagram which shows how an attacker spread his bots on victims computer and control those bot program. Mostly these Affected systems are use for illegal activities by attacker without the knowledge of system owner. 

Look at the figure which shows how botnets are used in DDos attacks.

How to Avoid Botnets: 
  • Install an antivirus program from a trusted provider.
  • Make sure the operating system’s firewall is turned on, as well as the firewall of any connected router(s).
  • Keep your operating system, web browser, firewall and antivirus applications up to date.
  • Keep all media players up to date.
  • Pay close attention to the options available when installing downloaded software. Installing toolbars or other gadgets that come from sources other than the site they were created on may have bots attached to the install. Also be skeptical of installation options that ask for permission to change your browser’s home page.
  • Learn to be very critical of emails containing links of any kind or ask you to go to a specific site that you’re unfamiliar with.
if you have any query regarding this post please comment.

Buffer Overflow tutorial

Buffer Overflow tutorial

Buffer overflow vulnerabilities are one of the most common vulnerablities. For understanding buffer overflow you must have the knowledge of c or any other high level language.

When a program is executed, a specific amount of memory is assigned for each variable. The amount of memory is determined by the type of data the variable is anticipated to hold. The memory set aside is used to store information that the program needs for its execution. The program stores the value of a variable in this memory space, then pulls the value back out of memory when it's needed. 

Buffer overflow occurs when a program allocates a block of memory of a fixed length and then tries to fill the data of more length in this memory.

take a look at the simple c program:
int main()
int buffer[10];
The above C program is a valid program, and every compiler can compile it without any errors. However, the program attempts to write beyond the allocated memory for the buffer, which might result in unexpected behavior.

In tha case of buffer over flow in a software program, data runs over the memory section it was alloted. The extra data overwrites the another portion of memory address that was meant to held something else, like part of the programmer's instruction. This can allow attacker to overwrite data that controls the program and can take over control of the program to execute the attacker's code insted of program. The overflow consequence could result in the program crashing or allowing the attacker to execute their own code on the target system.

This problem exists because C++ and some other programming language do not perform bound checking when passing data to the memory.


for coder:
The defence is to have perfect programs. Every input in every programs should do bound checks to allow only given numbers of characters.

for user:
Make sure your systems are fully patched in order to protect yourself from exploits targeting vulnerabilities. 
Apply vendors patch or install the latest version of the software.
No unnecessary privileges should be granted to users or applications. This is a best practice.
All suspicious traffic should be routed at the perimeter itself.

please comment below if this post is useful for you..

Critical vulnerability found in VLC player

Critical vulnerability found in VLC player

A critical vulnerability is found in the latest version of VLC media player. These are heap corruption vulnerabilities. VLC p;ayer is a powerful cross-platform multimedia player. It is capable of playing most media formats, without the need to install additional codecs.
These flaws were reported by Dan Rosenberg from Virtual Security Research (VSR). The VLC media player includes a decoder for the relatively rarely used CD+G format; this has two critical
heap corruption vulnerabilities.If you use VLC to play manipulated video of this format, it could cause heap corruption. This could in turn be exploited to inject and execute malicious code. The bug has already been eliminated in the corresponding repository, but not in the the official binaries of the VLC player. 
A source code patch for VLC version 1.1.5 is available from Git. Since the code of the decoder has undergone only minor changes since previous versions of VLC, the patch can probably be used to fix the vulnerability in older versions prior to 1.1.5.

How to create proxy chaining

How to create proxy chaining

Download Proxy server Agent from the given link.

  • Open 'Proxy Server Agent' and then click on 'Proxy Chains' and then click 'Add' to open the 'Add new proxy chain' window.
  • change the proxy chain name and port number. The port number must be unique.
  • Select the proxy chain type
  • Add proxies to the proxy chain by clicking the 'Add proxy' or 'Add random proxy' button.
  • The type of a proxy chain and last proxy in a chain should be the same.
  • then Click OK.

Comment if you like this post or any query

Free Proxy Servers and Hide Your IP

I have collected a lots of url of proxy servers and create a proxy server list.Use any of these to hide your ip address.

please comment below if this post is useful for you..

Seven Steps to become a world class / professional computer Engineer

Reasons for writing this post:

  • I feel I have not done enough to become a good computer engineer. May be I did not have someone who could guide me properly. We were only the second batch of Computer Engineering at Nirma Institute of Technology, Ahmedabad, so we had no mentors in the industry.
  • Second reason, may be we were not mature enough.
  • Third reason, 3 Idiots was not released at that time.
  • So this post is dedicated to all the fellow computer engineering students who are still having a good time by bunking the classes but not doing good enough to become a world class computer engineer otherwise.
But what can I do?

1. Have the right infrastructure

  • Get yourself a decent laptop. (I prefer Mac but any decent Dell laptop is also ok)
  • Get yourself a nice internet connection with highest speed available. (Take a cut from your pocket money if you have to but this is a must)
  • Get yourself an iPhone (I know it is expensive in India but you will have to use world class gadgets to become world class engineer)
  • Make your home or hostel room WiFi enabled. (This is not expensive. You will get a decent router in 2-3k.)
  • If you are not able to do any or all of the above things, don’t worry you can still become a good computer engineer. So hang on and keep reading.

2. Learn to use Google Reader

  • Google reader will become the best companion of yours for lifetime if you use it properly.
  • It is nothing but a cool RSS reader from Google using which you can subscribe to blogs to get latest updates and posts. So if you have a gmail account you are ready to go. What? You do not have a gmail account yet!! Go get one right now. Stop reading. Open a gmail account now and come back. I am waiting.
  • I am still waiting.
  • Ok great, so you have a gmail account now, good. Watch this video . It explains in plain english how to use google reader.
  • Software, Web Search Strategies, Wikis, Social Bookmarking, Social Networking, Blogs, Podcasting and Cloud computing on (Now you understand why I told you get the fastest internet connection available?). You don’t have to see them all at once but do check them all and understand.
  • Done? Ok so you are ready to become a world class computer engineer now.
  • Now you understand Google Reader, so it’s time to subscribe to interesting blogs. Subscribe to following blogs.
  • There are many such blogs but to start with these are ok. You will keep finding other interesting blogs as and when you will come across some.
  • Getting used to read on computer takes time and patience so just keep reading it.
  • So I guess we are done with Google Reader part here. This means you have to open up Google Reader as soon you bunk the classes or as soon as you get the time to check your mails.

3. Academic Earth

  • Do you want to see how professors teach in Harvard and Stanford? Do you want to see how their lectures are conducted? You can now, we were not able to do that in our time.
  • Go to and you will see videos of actual lectures and courses of Harvard, Yale, Stanford. Now you know whose lectures to watch after bunking the classes or after getting back to home.
  • You do not want to miss the chance of studying in these universities without going to US to giving them millions in fees right? and guess what? Attendance is not compulsory here :)

4. Learn any web language quickly and start building

  • I would suggest PHP or Ruby. ASP.NET C# is also fine if you already know something about it.
  • And start building something on it. It can be anything. But start programming on web now. Most of you are never going to write a program C, C++ or COBOL in your lifetime. I would not advise against learning them though.
  • After you know something about web programming, read “Getting Real” from 37Signals.
  • Now again build something using whatever you learned from the above book.

5. Assume you are in Sillicon Valley

  • I know this sounds little weird but that’s the way it is.
  • The best of the minds in the world are there and you do not want to miss out on that right?
  • Thousands of things happen everyday in Sillicon Valley and you can remain updated by reading above blogs I mentioned.
  • So start feeling the air :)

6. Start asking why?

  • When you are attending a lecture or reading anything, have a habit of asking why?
  • For e.g. Why we have to study “Strength of Materials” when most of us are going to write web applications in PHP or ASP.NET?
  • When you ask why often, you start understanding the logic, the reason behind doing anything.
  • Same as they have said in 3 Idiots, don’t learn to get marks but learn to know something, to achieve the excellence. When you start asking why, you start on the right path.

7. Understand computer hardware

  • Most people thinks this is boring and unnecessary.
  • May be it is, but it will certainly make you better programmer, even if you will never touch the inside of the computer again.
  • Basic understanding of hardware is necessary to understand how computer works.
  • You have to understand following 100% without any doubt in your mind.
    • How your high level programming code becomes 0s and 1s and execute?
    • The text which you are reading now is also consisting of 0s and 1s only then how come you are reading the alphabets here?
    • FYI I am still not 100% clear on this. But I will be one day. Till then I am not a good computer engineer.
I guess I have get you started here.
By following any or all of the above steps you are destined to become world class computer engineer. By no means I am asking you to stop whatever you are doing right now in your college.

These are additional things you have to do. It takes hard work to become world class right?

You are always on your own to achieve the path of excellence. Friends and Tutors can only guide you, they can not make you one.

I would request my fellow classmates to add points in this post. I believe our batch 99CE in Nirma Institue of Technology had one of the best and brightest minds in the world. Do you have any doubt? Well this guy is one of them. 99CE people are in MIT, Google, Apple, Barclays, Bank of America to name a few. They are spread across the world and are on their way to become future leaders.

I would also request people who have read this post and feel they can add something here to help students of computer engineering. My aim is to have great people coming out of Nigeria Engineering Colleges.

Last words, by no means above list is exhaustive and complete. There are “n” number of ways to achieve excellence. These are my personal views and I have learned them long and hard way. I hope to make your journey little easier by this post.