Social Icons

Thursday, November 04, 2010

Removing METADATA from JPEG & IMAGE FILES

1.    Invariably we all find various images from the net for our routine use,download them,modify them and use them in our sites and posts....but are we authorised to do so?...coz each jpeg and image file by a digital camera holds info in form of metadata and in few cases...the images may be copy right which may inadvertently rule against the user....so what to do to ensure safe...simple ...remove metadata from the image....but how?...here comes jhead for your help.Read and follow the instructions below :

- Press Start & Run or Windows key + R to open Run menu, type cmd.exe and press OK

- Type cd\     [To reach root directory]

- Type C:\md removemetadata     [To create a new directory by the name removemetadata]

- Type C:\cd removemetadata      [To reach the directory and Copy all pictures whose metadata is to be removed to this directory ]


- Download the program file jhead.exe to C:\removemetadata

- Type cd removemetadata

- To remove all metadata of all JPEG files in "this dir, type: jhead -purejpg * and press enter


- Done

2.    So doing this small,boring but important function will avoid case study like the mumbai case mentioned at an earlier post.

3.    Another easy way is to simply take a screen shot of the image and paste it in paint brush.But this would be cumbersome to do when the images are in bulk quantity.To download JHEAD...click here

Get Paid to Hack GOOGLE

1.    Google has made it official now vide which Google willl pay $500 and $3,133 to people who discover security vulnerabilities in its websites and online applications.......Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly and in real time to Google's security team thereby improving upon zero day exploit matters.
2.    This provisions  Google a chance to fix the vulnerabilities before it is exploited the way it should be. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. Thus depending on the extent and scale of vulnerability made known to google,so will be the prize money awarded....And Google says that participants shouldn't use automated tools to search for flaws
 

Tuesday, November 02, 2010

MICROSOFT & Failures!!!

1.     For a IT giant like MicroSoft,this would not sync well,but for Microsoft,the year 2010 has seen more of closures of major projects launched with lots of promises and fanfare but somehow unfortunately it did not go the way microsoft desired tooo...and so had to be shut down in the same year....the list goes like this with some details in few lines ....
  • February 2010 saw Microsoft announcing discontinuation of "Xbox Live service for original Xbox consoles and games.
  • April 2010, Microsoft confirmed stopped working on tablet project, codenamed Courier which was touted to be an Apple iPad rival. 
  • September 2010, Microsoft announced that the Windows Live Spaces blogging service will be Terminate gradually in favour of WordPress.com.
  • May 2010, Microsoft announced halt on the Response Point phone system. 
  • June 2010 saw Microsoft announcing discontinuation its new generation of smartphones.
  • September 2010, Microsoft announced closure of Vine, a service built to help keep friends and family in touch during emergencies. 

2.      Thanks TimesofIndia

Mozilla @ Prone again!!!!

1.    Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

2.    Thanks http://www.us-cert.gov

Monday, November 01, 2010

Bredolab grabs Attention

1.    A 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.Main features of this trojan botnet are enumerated below for info : 
  • Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection. 
  • Bredolab, known for spreading spam and rogue antivirus, is thought by some experts to have infected at least 30 million computers.
  • Spread via drive-by attack websites and spam email attachments.
  • Infecting machines with a backdoor that downloads additional malware without the victim's knowledge. 
  • Sends out spoofed password reset messages to Facebook users in an attempt to spread malware and infect users of the social network.
  • Has the power to obtain information on the user's computer including the ability to copy, change or delete files and other information," 
  • Pushdo botnet uses Facebook to spread malicious email attachment: A phony message warns users that their Facebook password has been reset.
  • Majority of infections are in the U.S. and the U.K. and many Western European countries.
  • Discovered by the Dutch High Tech Crime Team in the late summer.
  • Capable of infecting 3 million computers a month. The botnet network used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe.
  • Able to constantly change its appearance to avoid detection by traditional antivirus signatures. Like other botnets, the Trojan communicated with the command-and-control server using encrypted messages.

Adobe flash Player hit!!!!

1.    A critical vulnerability has been exposed in Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems & Adobe Flash Player 10.1.85.3 and prior versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component .

2.   This exploit (CVE-2010-3654) could cause a crash and provision attacker into the drivers seat to take control of the affected system. 

3.   Adobe has released recommendations of how to avoid becoming a target on the subject matter but is still working in labs to find a fix.....click here for more

Intel opens first chip plant in China??

1.    The article at this post here informs in detail about the location,capacity of the first Intel chip set plant in China.The new plant fulfills Intel's total investment commitment in China to $4.7 billion. Intel has also established an assembly and test site in Chengdu as well as R&D centers and labs in Beijing, Shanghai and elsewhere in China, it said.

2.    What made me took a second read on this article was that since about last 6 years,whatever Motherboards and Chipsets from intel I have bought and seen in various machines....all chip sets have a common imprint of MADE IN CHINA since then....so if this is the first plant being set up in china....where were the earlier ones being made or printed???????

6$ is all to shut down a Cloud Client site!!!!

1.    CaaS,as mention at an earlier blog post here,has come up with a new success(or is it failure?) story.Now this goes like this.....invest $6 and take down any client's server with the help of Amazon's EC2 cloud infrastructure!!!!!  

2.    The cloud-based denial-of-service attack was part of a presentation : Cloud Computing, a Weapon of Mass Destruction? An onsite demo during the presenatation by Bryan and Anderson involved entering a name and credit card number, the experts created a handful of virtual server instances on Amazon's EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client's company off the Internet.Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company's network. They reported that they can control the software directly or through a command left on a social network.Bryan and Anderson launched the attack to test their client's network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, "A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours -- and then telling the company that, if you don't pay me, then I will attack you again." Amazon reportedly failed to reply to complaints by the security consultants.

3.    This can provision customised Botnets availability on rent, giving "would-be attackers a criminal 'cloud' from which to buy services."......seems like it is still tooo early to rely 100% on CLOUDS!!!!!!