Lure of a FREE PEN DRIVE : MALWARE'd

1.   If you are one of those guys who are regular to attend workshops, seminars, product launches , lectures...you must have got varying opportunities of getting hold of freebies in form of bags,brochures and PEN DRIVES....yess m sure the last one is a pure lure and most of the times everi one of us falls for it...be it a small capacity or a large capacity...the hand does not think twice before picking it up....but does any one of us realise that it may be these pen drives who become the first source of uploading some malware or a virus in your PC or laptop...the moment it is plugged in .....the machine is compromised.....unless the autorun is disabled...which in most of the cases is not.....

2.  The concept of zero day exploits has made it more dangerous....coz even if the user decides to run a antivirus scan...it will be shown free of any kind of virus or malware...the result is a silent compromise of the machine...however updated it remains in respect of OS or browsers or any application....the silent action in the background defies every lock of the user.Now all this is not based on some kind of imagination...there have been real life cases of which the one which made lots of noise is the IBM-AusCERT conference on the Gold Coast, Queensland, in which the free pendrives were infected by not one, but two pieces of malware.The details available at this link http://nakedsecurity.sophos.com/2010/05/21/ibm-distributes-usb-malware-cocktail-auscert-security-conference/

(CLICK ON THE IMAGE TO ENLARGE)

3.   In what must have been a highly embarrassing admission, IBM Australia sent an email to all AusCERT attendees warning them of the security screw-up...as shown in the screen shot above...besides this the famous stuxnet example was via pendrives lure....so if this is happening at such high levels of interactions,can the workshops u and me attend be left behind!!!!no way....so whats the way out?....best way is to buy one from a genuine store...(not sure how clean will that be?)...or still better refrain your self from picking one free pendrive.

Attacks@Image WaterMarking

1.    We keep exploring new grounds but also without realizing the pits it offers,we start playing games on it.Such is the world of IT,we keep discovering so many new technologies to strengthen and exploit for our use and we keep ourselves vulnerable!!!!

2.   Without wasting more words,this post would briefly mention about Image water marking and the type of attacks it remains vulnerable to.So first whats Image Water Marking??...an easy way to describe digital watermark is simply comparing it to a traditional paper watermark or a power point water mark which most of us might have even used at some point of time.Like Traditional watermarks offer proof of authenticity by being imperceptible, digital watermarks offer a way that allows a computer to read the mark but not by the human 6/6 eye....there are actually four essential parameters which are commonly used to determine the quality of water marking these are :

- Robustness

- Imperceptibility

- Payload 

- Security

3.   Now each of these parameters has a unique characteristic that makes the purpose of image water marking strong and adaptable.So when we speak about attacks on image water marking...the attacks again are classified as :

- Image Compression Attack : Primarily used to reduce the size of image in transmission.The original image remains most of it that it was but requires lesser bandwidth to move.

- Image Contrast Attack : To a human eye a slight change in contrast of colors makes a huge difference in overall perception

- Cropping Attack : A part of image gets cropped from original

- Re sizing Attack : The image gets re sized from the original coords

- Rotation Attack : A simple clockwise or a anticlockwise attack would rotate the image from its original coords

Another categorization of the image water marking attacks contains four classes :(Source here : Abhishek Goswami)

Removal Attacks : Aim at the complete removal of the watermark information from the watermarked data without cracking the security of the watermarking algorithm

Geometric Attacks : Do not actually remove the embedded watermark itself, but intend to distort the watermark detector synchronization with the embedded information.

Cryptographic Attacks : Cryptographic attacks aim at cracking the security methods in watermarking schemes and thus finding a way to remove the embedded watermark information or to embed misleading

watermarks.

Protocol Attacks : Aim at attacking the entire concept of the watermarking application. This type of attack is based on the concept of invertible watermarks. The idea behind inversion is that the attacker subtracts his own watermark from the watermarked data and claims to be the owner of the watermarked data. This can create ambiguity with respect to the true ownership of the data. 

DAEDALUS : Monitor Cyber-Attacks Realtime 3D way

1.    Whether it is the Die Hard ver 4.0 movie scene or Mission impossible recent one or any hi tech cyber movie....we have have all seen the mega sized dark halls equipped with gigantic screen displaying all sorts of real time ridiculous hacker related information and monitoring tracks of the enemy or the protagonist....so how good or effective or even real are these in the real sense....can some thing like these seen and shown over years on the silver screen be REAL....yesss...first watch this video and then read few points as bought out below :

2.   A company in Japan named NICT just unveiled a system dubbed Daedalus that will revolutionize the way companies and even countries can monitor cyber-attacks in full real time 3D representation.The key features about this is bought out as below :

- Daedalus is not only a way to monitor cyber-attacks from outside, but also what’s going on inside it. 

- So if someone receives an email with a virus for example, the system can quickly identify the IP address that is currently spreading it and shut it down immediately.

- The NICT recently gave a demonstration and tracked 190,000 IP addresses in real-time  

- Daedalus can monitor multiple entities at once and get notified, once again, via 3D graphical representation when a cyber-attack occurs. 

- This is not only when it happens, but instantly where it happens and who the attacker is.

3.      So when the objective is envisaged on a higher scale....ie the complete global internet monitoring.....will this be the start to control spam(90% of mails exchanged on the web is spam)....or will this be able to control cyber attacks across.....well not a bad start to a start whose objective is MISSION IMPOSSIBLE type...another thing that may have come to your mind is about the name...of all what does Daedalus mean?...well in Greek mythology, Daedalus means "Clever Worker"

4.  Debriefed from http://www.bitrebels.com/technology/daedalus-3d-cyber-attack-alert-system/ and http://www.nict.go.jp/

Linkedin Confirms being HACKED

1.    Most of us who surf web regularly do have our identities associated with popular social networking sites...like gmail...orkut...facebook and linkedin etc.So the latest news is that if u have a profile on LInkedin....please change ur password.....the news in brief goes like this....

2.     LinkedIn has confirmed on 6th Jun 12 that at least some passwords have been compromised in a major security breach correspond to LinkedIn accounts. First reported by Norweigan IT website Dagens IT the breach that about 6.5 million encrypted passwords were posted on a Russian hacker site.Thus those most of the users with compromised passwords noticed that their LinkedIn account password are no longer valid.The file uploaded only contains passwords hashed using the SHA-1 algorithm and does not include user names or any other data. However, the breach is so serious that security professionals advise people to change their LinkedIn passwords immediately. An SHA-1 hash is an algorithm that converts your password into a unique set of numbers and letters. If your password is “test_123,” for example, the SHA-1 hex output should always be “ab7a614854d2ef5ee9d9cc30e6f2bdcd19fe49ea.” As we can see that is problematic since if we know the password is hashed with SHA-1, we can quickly uncover some of the more basic passwords that people commonly use.

3.     The most common password used was “123456,” followed by “12345″ and “123456789.” All in all, more than half a million people chose passwords composed of only consecutive numbers. So, if a hacker tried to log in to all RockYou accounts with just one password attempt–123456–every hundred or so attempts would yield a compromised account. Dozens of attempts can be scripted every second, so Imperva estimates that using this technique would only take around 15 minutes to hack 1,000 accounts.

4.    Another site offers you to know if ur linkedin username was actually amongs the hacked lot or not.Not sure about how genuine it is...it is available at

http://venturebeat.com/2012/06/07/was-your-linkedin-password-hacked-heres-how-to-find-out/

5.    Thanks http://thehackernews.com/2012/06/linkedin-confirms-millions-of-account.html

NIMDA VIRUS : COMMENT BY CISCO VP(Security)

The question was asked by me at a NCW(Network Centric Warfare) seminar held last year on 21 Apr 2011 at Manikshaw Centre,New Delhi.It is relates to what did CISCO do to cover up the damage of NIMDA Virus!!!

TOR : ITSELF VULNERABLE!!!

At my earlier post here about TOR...the one who makes you anonymous online is now vulnerable it self....:-)..all the features that I mentioned just few days back...are all vulnerable....latest from Gentoo Linux Security Advisory gives the following details :

- Prone to multiple vulnerabilities as on date.

- Most severe of which allows execution of a arbitrary code by a remote attacker.

- Can cause a Denial of Service.

- A remote relay that the user is directly connected to, may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections

SOLUTION : ALL TOR LOVERS TO UPGRADE TO THE LATEST TOR ASAP.

BOY in the BROWSER attack

1.  Funny names keep propping up...and keep getting accepted too...first it was Man in the Middle attack....then Man in the Browser...and now comes Boy in the Browser attack....actually, is a trojan that reroutes its victim's web traffic information through an attacker’s proxy site.  ....a cool video here explains it in a simple language....

Resurgence of Boy-in-the-Browser Attacks

View more videos from Imperva

Malware in the name of Kim Jong-il death : BEWARE!!!

1.   A "malicious spam mail" in the name of the dead North Korean leader Kim Jong is doing the rounds of the webosphsere and biting anyone whoever clicks it.The malicious spam carries a fake name as "brief_introduction_of_kim_jong_Ill_pdf.pdf". The subject file exploits vulnerabilities in Adobe reader and leads to remote code execution in the victim PC.

2.   The emails contain a simple line of text announcing the death, likely copied and pasted from the CNN website, and carries an attachment named brief_introduction_of_kim-jong-il.pdf.pdf.Once downloaded and executed, the malicious file opens a non-malicious PDF file containing a picture and information about the deceased man in order to hide its true activity on the victims' computer.In other variants of the same theme, the attached file is named Kim_Jong_il_s_death_affects_N._Korea_s_nuclear_programs.doc and, once opened, it drops backdoor-opening malware into the system, which then connects to a remote Command & Control server for further instructions.After this much code execution...its JAI HIND.....

3.  So don't open this one from ur PC if u have read this much.....

4.  Thanks http://www.net-security.org