Social Icons

Showing posts with label Crimeware as a Service. Show all posts
Showing posts with label Crimeware as a Service. Show all posts

Wednesday, December 12, 2012

SMART TVs : OUTSMARTED & HACKED



1.   In the land of Hacking,no one can be spared.We all keep hearing about how websites have been hacked,how smartphones are getting out smarted by various exploits in recent times.Now comes something new ,that makes smart TV owners prone .Yess!!all the proud owners of Smart TVs(SAMSUNG LEDs specifically)...can start checking if they are the lucky ones to get bitten here..this one is all about SMART TVs getting HACKED...So now on all the data that is available in their respective HDDs connected vide the USB is vulnerable to be accessed by undesired third party.So now it is not just that you watch the TV....its time for the TV to watch you.Few valuable briefs given out here :

- The Vulnerability exposed in all Samsung's Smart LED TV Software.

- This Vulnerability allows remote attackers to swipe data.

- ReVuln,a Malta-based security firm claims to have discovered this vulnerability.

- Remains a zero-day vulnerability as on date.

- A demo video by ReVuln shows how a "vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device.Click on the video below to have a glimpse of how the vulnerability is exploitable.


2.   I am sure whatever efforts are made by the typical user as on date,he remains vulnerable round the clock in all the fields.How can a normal user who is not so tech savvy be aware of securing his PC,his Laptop,his smartphone,his TV,his external HDD with his personal data without encryption,his pendrives and the list is actually endless.He simply remains one of the choices by any hacker..if he is chosen he is gone...or he can remain lucky ..but how long can anyone remain lucky? The hackers community is growing at a pace which is pretty fast owing to the lure of what else but DOLLARs and more DOLLARs.With "Crimeware as a Service" readily available as a service at the click, NO ONE IS SECURE.It will actually take years to stabilize the current security environment from perspective of a typical user as he understands that giving an equal importance to his IT assets security is more important then locking his house as he leaves for work.

Monday, August 27, 2012

Cloud Computing : The Darker Side


1.            Cloud computing…the word has generated enough buzz already across the corporate…the techies…the possibilities in future but all this comes at a backend question on security. If there is one thing that stops 80% of possible users using this powerful technology,it is only one aspect of it and that’s SECURITY….The question that comes in an auto mode to any possible cloud service enthusiast like how safe will be my data stored with them…even if its private who controls the key generation algorithms code…who is the single point of contact and so many…but perhaps evry question on this comes under one umbrella by the name of SECURITY…..

2.            So …are they right in thinking so?…when a technology that’s coming up so strong and so globally accepted  is it possible that the giant rise comes without an inbuilt security module? Actually it goes like right they are…the users…their fears stand right when they think about their data ownership.Released by https://cloudsecurityalliance.org,  in Dec 2010,they have identified few imminent threats in the sphere of cloud computing which they have meticulously covered under few major heads as identified below.These are not in the sequence of severity of threat as no seniority levels in this have been identified by the CSA.The original version of this paper by the Cloud Security Aalliance is at https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

Threat  1: Shared Technology Issues
Threat  2: Insecure Interfaces and APIs
Threat  3: Unknown Risk Profile
Threat  4: Malicious Insiders
Threat  5: Data Loss or Leakage
Threat  6: Abuse and Nefarious Use of Cloud Computing
Threat  7: Account or Service Hijacking

3.            Each of these security threats, I plan to discuss further in other posts within the week or as I am able to spare time….read some from CSA and put it in the manner I understand that.Thanks https://cloudsecurityalliance.org

Wednesday, July 04, 2012

Cloud Computing : A dummies over view!!!! - 1


1.   Cloud computing is ALREADY the next stage in evolution of the Internet. The cloud in cloud computing provides the means through which everything from computing power to computing infrastructure,applications, business processes to personal collaboration — can be delivered to you as a service wherever and whenever you need.Cloud computing is offered in different forms:

- Public clouds
- Private clouds
- Hybrid clouds, which combine both public and private

2.   In general the cloud is similar to fluid that can easily expand and contract. This elasticity means that users can request additional resources on demand and just as easily deprovision (or release) those resources when they’re no longer needed. This elasticity is one of the main reasons individual, business, and IT users are steadily moving to the cloud.In the traditional data center it has always been possible to add and release resources but we all know how much effort generally goes in. 

3.   This doesn’t mean that all applications, services, and processes will necessarily be moved to the cloud. Many businesses are much more cautious and are taking a hard look at their most strategic business processes and intellectual property to determine which computing assets need to remain under internal company control and which computing assets could be moved to the cloud.

4.   The cloud itself is a set of hardware, networks, storage, services, and interfaces that enable the delivery of computing as a service. Cloud services include the following :

- IaaS(Infrastructure as a service) : Infrastructure as a Service is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis.

- PaaS(Platform as a Service) : Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones.

- SaaS ( Software as a Service) : Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.


6.   Now that goes as the most simple intoruction for a cloud computing over view...the main part starts now...how about the security aspects for each of these...that will be in slightly more detail in subsequent posts...

Monday, October 18, 2010

CaaS : CRIME WARE AS A SERVICE at offer now

1. Bhaigiri...Supari..khokha...and similar terms have been till date used in reference with the crime world...now come to terms like Software as a Service(SaaS), Hardware as a service(HaaS) ,Platform as a service(PaaS) etc and the list is all set to become endless with cloud computing...whats the relation here?????..it goes 2 merge these two separate worldsie CRIME & IT....the earlier terms mentioned pertain to the world of crime and the later once refer to the vast possibilities and power knocking the users....thus refers to Crimeware as a Service(CaaS)

2. The controverting side is the world of hackers & cyber criminals who seem to exploit their technical tools to great effect. However, even for newbie hackers eager to join this world don’t need to possess the required levels of technological expertise. CaaS (Crimeware-as-a-Service) pulled out of some distant Cloud can provision the necessary tools, be they Virus/Worm Creation Kits, Denial of Service (DoS) applications or more simply estabilishing a botnet.A recent research proved they can be just a mouse click away! Kits were easily located to build a variant of ‘Indra’ Malware, as well as a manifestation of Badboy , providing the user with the power to create their own version to send on to their targets.

3. Granted these are not examples of cutting-edge malware, but they do however still pose a threat to the unprepared and unsuspecting organisation. As amazing as it may seem, even today there are large organisations who permit access to sites, and allow the download of Malware Construction Kits – and even more worrying, there are still pockets of companies who do not maintain their anti-virus or patches in an up-to-dtate condition.

4. Crime is going to be a inherent part in the cyber world and the cause of worry is that unlike army and mil est in the real world...no concrete effort and source is there to resist these evil forces.We are still acting to a situtaion when need of the hour is to be more then PROACTIVE.....

Powered By Blogger