Do all ANTIVIRUS companies research independently ?

1.   Ever wondered how a Antivirus signature is made? Not so difficult actually....the answer goes like you detect a virus and then make a anti dote for that and subsequently release it as a signature.But as you think at a slightly larger level...i mean signatures being released by various antivirus companies for the same virus.Does each antivirus company re invent the wheel for each virus every time a new virus is detected..... Do they actually work differently to first find and then create a signature separately....Are all the viruses/malware's created by various hackers and agencies detected independently by all these antivirus companies?I doubt...!!!!But if my doubt is incorrect, then it is a SAD issue.....Because with the speed of population explosion of these various malware's and viruses....there can not be so many separate fighters and if there is one way to fight this gigantic threat...these all antivirus companies have to fight together...We should indeed realize that the threat is not individually existing to you and me but it exists to US...ie not United States...but you and me together ie ALL OF US....:-)

2.  But fighting together will not be so easy as the Economics of this War will defy competition ...so is there a need of funding at national level or at cross country level?Will it one day become a UN issue....ha ha ha!...like poverty..food scarcity and other issues being undertaken by UN,will there be a day when UN funds these antivirus companies because global dependency on IT is increasing and so are all vulnerable to so many threats.....:-)

3.   The earlier this is made a common issue...the more safer will the world become in future...because this threat is common to world...so should be the solution...

Is your ANTIVIRUS spying you ?

1.    Now as the Cyber Crime grows exponentially,so has the world of antivirus companies....the list is pretty endless....now how do all these antivirus companies work.Do they all research separately and develop separate signatures for each virus/malware found or do they have such common platform or standard wherein they share each others views and technologies.As I see on Wiki about the list of antivirus companies,they originate in different countries.Details of the page showing a compare of all such antivirus companies can be seen here.Well....what I am going to discuss here is importance of the country origin.

2.  Lets say I have antivirus company by the name of ABC that has its origin and complete team of researchers and developers from India.Now there is a user in some XYZ Country that uses this antivirus.Now while installing the antivirus,while he accepts the terms and conditions(who reads it anyway?),who stops the ABC antivirus from issuing some malware/spyware for that user PC.In the scan it can not be detected since it is being scanned by the installed antivirus.Now with some vested interest, the ABC Company can actually play havoc with confidential info of the user without giving a cue to the user.Who knows what all signatures released by the company contain? Even while submitting a sample virus,it is done mostly in a encrypted or a bundled form!!!!

3. Although institutes like EICAR (European Institute for Computer Antivirus Research) are there,but they also do not have any control over such issues!!!!If any one  has some idea on the subject ...please let me know vide email or comment here.....

Hacking a HEART : Lover's Dream vs Hacker's BEAT IT!!!

1.    I think this is yet to come even on screen...but has unfortunately happened in real life.So we have all heard of Pacemakers that keep connected to internet to provision live feed of diagnostic parameters to their doctors mobile phone!!!smart....veri smart.....so those of you who read this for the first time....the cardiac pacemaker's based on internet call essential parameters to assist in diagnosis and fine-tuning.The patient's data is sent automatically on a daily basis to their cardiologist. This greatly simplifies patient care and can improve quality of life significantly..but now read on whats the worry about.One top google search led me to this vendor St. Jude Medical.Details of such selling pacemakers at this site.

(Photo Courtesy : http://www.popsci.com/scitech/article/2009-08/first-patient-implanted-pacemaker-communicates-wirelessly-her-doctor)

2.     So hacking a heart has been a lover's dream for ages....but in this age it can be hacked and controlled in all means.I read this article by Nick Barron at http://www.scmagazineuk.com and another one by GREGORY FERENSTEIN at http://techcrunch.com.

At a recent developer conference, a pacemaker was wirelessly hacked to send deadly 830 volt shocks. Even worse, it would be “100 percent possible” that virus could spread to other devices in a wave of “mass murder”.The demonstration showed how to rewrite the devices onboard software (firmware). 

3.   So now what?.....this means that all those light hearted guys who are surviving on such internet based pace makers for actually facilitating live feed to their respective doctors now also need to worry about eating Antivirus Tablets and wearing Firewall Clothes!!!!uuh!!!!Although the recipe bought out here 

makes a perfect movie story but is actually a pretty worrisome worry!!!

4.    The image shown above is for reference only for the readers to see how actually a internet based pacemaker looks like.Case in point hacking of the device has got no link to the company and any of its product.

Operation b70 : New OS from Mall comes preloaded with Malware

1.   For last few years since Cyber Crime has been making news,it has been always discussed that all free stuff on internet comes preloaded with some kind of malware or spyware or some kindda ware!!!Here's about a one month old news worth a share that defies this logic....it actually says that Malware comes inbuilt to the OS from the mall showroom from u where u made the purchase!!!!!!!!

"Microsoft’s Digital Crime Unit (DCU) has recently made this astonishing announcement.DCU conducted a study to get a sense of how much of the counterfeit software available is preloaded with malware.  Microsoft researchers purchased 20 new computers from PC malls.  These systems had counterfeit software preinstalled on them by the distributor. DCU examined the files on these PCs and found malware on four of the 20 computers that were purchased, a 20 percent infection rate.Several types of malware were pre-installed on the computers purchased from the PC mall.  This malware enabled the attackers to perform a range of actions including DDoS attacks, creating hidden access points onto the systems, keylogging and data theft.

The researchers also identified one type of malware found on these systems attempting to connect to the command and control servers of a known botnet.  The ensuing study uncovered that attackers were building this botnet by infecting digital products, like computers or software, that were then distributed through an unsecure supply channel.  The malware was also designed to spread via flash drive memory sticks. The subdomains that hosted the botnet’s command and control servers link to more than 500 different types of malware.  Some of this malware is capable of turning on cameras and microphones connected to infected systems."

4.   More on the story here. uuuuhh!!!!isn't it scary...a fresh piece of digital device that you buy comes with an inbuilt spy to spy on you and your data...... In fact it is a bold step and brave announcement by the Microsoft DCU...it could have been hidden but they found it ok to declare it open so that the user gets braver on its use...!!!

5.   DCU took legal action to disrupt the malware hosted in the subdomains, in Operation b70.  You can read more about Operation b70 and the DCU’s efforts here: http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx

6.   Thanks Microsoft and http://blogs.technet.com

Anti Keylogger : KeyScrambler

1.   How would u ever know that all your key logs on the PC are not being logged by a key logger working incognito in the background?...if u r not the SMARTEST....m sure u will never know....so what can u do to avoid that when u know u r equally prone like anyone across the web space?...stop typing...or use OSK(on screen keyboard) or use KEY SCRAMBLER....which would encrypt every key stroke that u type on your pc immediately as you type....available in three versions....at this site at http://www.qfxsoftware.com/index.html.The good news is that one version is free that will take care of most of you.....

2.   Something about KeyScrambler.....is an anti-keylogging program that encrypts user keystrokes at the keyboard driver level, deep in the operating system. The scrambled keys are indecipherable while they travel to the destination app so that no keylogger can steal your passwords or other crucial information. Thus it defeats known and unknown keyloggers.The unobtrusive overlay window lets realtime encryption in process so you know how and when KeyScrambler is working. 

Image Courtesy : http://www.qfxsoftware.com/index.html (Click to enlarge)

HOW IT WORKS ?

-   As u type, this simultaneously encrypting your keystrokes at the keyboard driver level. Because KeyScrambler is located in the kernel, deep in the operating system, it is difficult for key loggers to bypass the encryption.

-   While the encrypted keystrokes travel along the crucial path, it doesn't matter if they get logged, or whether the keylogging malware is known or brand new, because your keystrokes remain completely indecipherable the whole time.

-   When the encrypted keystrokes finally arrive at the destination app, the decryption component of KeyScrambler goes to work, and you see exactly the keys you've typed.

3.   Thanks http://www.qfxsoftware.com/

Cross OS Trojan : @ If...Then...else :-)

1.    Got this at THN.We often feel stronger when we use some kind of a open source linux OS instead of the regular pirated or even genuine Windows OS incl XP/WIN7 etc.But what i got here was a simple trojan dropper code that is based on the found out OS...IF LINUX then this trojan...or if windows then the other one....the snap shot from the original THN site is here @ http://thehackernews.com/2012/07/cross-platform-trojan-mac-windows-linux.html

2.    F-Secure has found this web exploit that detects the OS of the computer and drops the relevant trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation.It detects if you're running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249.

3.  Thanks http://thehackernews.com

9TH JULY 2012 : R u a Victim?

1. All the fuss about 9th July that says about the risk of "DNSChanger" malware, which will result in your computer getting disconnected from the Web on July 9 if you don't clean it up. You won't be able to go online, and you'll need to contact your service service provider for help getting the malware deleted before you can reconnect to the Internet....strange it may sound...but it is true...even the FBI has given a warning sort at its link here at https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS

2.  Just to check if u r a likely victim,McAfee has created a link at www.mcafee.com/dnscheck for you to find out if u r a likely victim or not ? I checked out the same on my PC....it showed the following screen shot.....

3.   Do check out urs....and rectify if need be....

Cloud Computing : A dummies over view!!!! - 1

1.   Cloud computing is ALREADY the next stage in evolution of the Internet. The cloud in cloud computing provides the means through which everything from computing power to computing infrastructure,applications, business processes to personal collaboration — can be delivered to you as a service wherever and whenever you need.Cloud computing is offered in different forms:

- Public clouds

- Private clouds

- Hybrid clouds, which combine both public and private

2.   In general the cloud is similar to fluid that can easily expand and contract. This elasticity means that users can request additional resources on demand and just as easily deprovision (or release) those resources when they’re no longer needed. This elasticity is one of the main reasons individual, business, and IT users are steadily moving to the cloud.In the traditional data center it has always been possible to add and release resources but we all know how much effort generally goes in. 

3.   This doesn’t mean that all applications, services, and processes will necessarily be moved to the cloud. Many businesses are much more cautious and are taking a hard look at their most strategic business processes and intellectual property to determine which computing assets need to remain under internal company control and which computing assets could be moved to the cloud.

4.   The cloud itself is a set of hardware, networks, storage, services, and interfaces that enable the delivery of computing as a service. Cloud services include the following :

- IaaS(Infrastructure as a service) : Infrastructure as a Service is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis.

- PaaS(Platform as a Service) : Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones.

- SaaS ( Software as a Service) : Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.

5.    Besides these services,new delivery models such as Crimeware as a Service are also building up in the parallel...for that just google else from the name u can make out it is crime ware as a service as I mentioned in one of the posts in my blog about two years back here.....

6.   Now that goes as the most simple intoruction for a cloud computing over view...the main part starts now...how about the security aspects for each of these...that will be in slightly more detail in subsequent posts...

7.    Thanks http://searchcloudcomputing.techtarget.com

Internet Explorer : Vulnerable as always!!!

1.   Microsoft IE vulnerability CVE-2012-1889 is the latest to generate interest amongst avid cyber security readers. The special thing about this vulnerability is that it focusses on users using Gmail, MS Office and Internet Explorer. And the sad thing is that this is still a ZERO day exploit...... Rapid 7,Security software company,explains the vulnerability as follows:

“This is an uninitialized memory bug found in MSXML. According to Microsoft, such a component can be loaded from either Internet Explorer and Microsoft Office. This vulnerability is rumored to be “state-sponsored”, and what makes it really critical is it’s still an 0-day hijacking Gmail accounts. That’s right, that means if you’re using Gmail as well as Internet Explorer or Microsoft Office, you’re at risk. We expect this vulnerability to grow even more dangerous since there’s no patch, and it’s rather easy to trigger.”

2.    Whatever may say...majority of the users still by default keep using IE across the globe....when I see my own blog stats,about 60 % of the visitors use IE...and as we all keep seeing the exponential growth in the users of internet across the globe....but sadly the awareness level of how vulnerable they all are is unknown and is growing at a similar rate!!!

3.    Got the reference from here.Thanks https://community.rapid7.com.

FLAME on way to commit SUICIDE ?

1.    Further to my post on FLAME earlier which made a point wise summary based on my various reads across the web,here is something more interesting.....

2.    The creators of Flame have sent a 'suicide' command that removes it from infected computers ie  it has gotten orders to vanish, leaving no trace.As was mentioned in the post earlier that Flame may delete itself from systems that have been fully exploited without leaving any trace has come true soon......

3.   More on the subject at the link ahead and Thanks THN

 http://thehackernews.com/2012/06/flame-spy-virus-going-to-suicide.html

The Lightest Browser : BROWZAR

1.  In the world of browsers when we have chrome...mozilla...safari...opera..and many others.fight it out at ACID3 benchmarking levels...we have a small browser here....thats only in KBs....by the name of BROWZAR.Few good things and features are mentioned below :

-  Takes seconds to download

-  No installation

-  No registration

-  One of the smallest, fastest browsers in the world

-   Just download and go

-   Doesn't save Cookies, History, Temp files, Passwords, Cache

-   Secure delete

-   Great for Banking and Cloud applications

-   Carry it with you on a USB stick

-   Great for shared computers

-   Use it on a friend's PC, Internet Cafe, Work PC, on Holiday

-   Automatically cleans up when you've finished

-   Only 222Kb...u read that right!!!only 222Kb

2.   Test and Download at http://www.browzar.com/.

Linkedin Confirms being HACKED

1.    Most of us who surf web regularly do have our identities associated with popular social networking sites...like gmail...orkut...facebook and linkedin etc.So the latest news is that if u have a profile on LInkedin....please change ur password.....the news in brief goes like this....

2.     LinkedIn has confirmed on 6th Jun 12 that at least some passwords have been compromised in a major security breach correspond to LinkedIn accounts. First reported by Norweigan IT website Dagens IT the breach that about 6.5 million encrypted passwords were posted on a Russian hacker site.Thus those most of the users with compromised passwords noticed that their LinkedIn account password are no longer valid.The file uploaded only contains passwords hashed using the SHA-1 algorithm and does not include user names or any other data. However, the breach is so serious that security professionals advise people to change their LinkedIn passwords immediately. An SHA-1 hash is an algorithm that converts your password into a unique set of numbers and letters. If your password is “test_123,” for example, the SHA-1 hex output should always be “ab7a614854d2ef5ee9d9cc30e6f2bdcd19fe49ea.” As we can see that is problematic since if we know the password is hashed with SHA-1, we can quickly uncover some of the more basic passwords that people commonly use.

3.     The most common password used was “123456,” followed by “12345″ and “123456789.” All in all, more than half a million people chose passwords composed of only consecutive numbers. So, if a hacker tried to log in to all RockYou accounts with just one password attempt–123456–every hundred or so attempts would yield a compromised account. Dozens of attempts can be scripted every second, so Imperva estimates that using this technique would only take around 15 minutes to hack 1,000 accounts.

4.    Another site offers you to know if ur linkedin username was actually amongs the hacked lot or not.Not sure about how genuine it is...it is available at

http://venturebeat.com/2012/06/07/was-your-linkedin-password-hacked-heres-how-to-find-out/

5.    Thanks http://thehackernews.com/2012/06/linkedin-confirms-millions-of-account.html

Windows 7 Hacked @ BACKTRACK

(DOUBLE CLICK TO VIEW BETTER)

Nothing new for the active Cyber Sec community...but since I had recently recorded a screen cord I thought like uploading the same for everi one.....This is my second "hands on" a windows machine after I attempted on XP last year at  http://anupriti.blogspot.in/2011/10/backtrack-5-how-to-use.html

HELIX : ADEPTO USAGE@SCREEN CORD

DOUBLE CLICK ON THE VIDEO TO VIEW BETTER

INCIDENT RESPONSE,ELECTRONIC DISCOVERY,COMPUTER FORENSICS LIVE CD : HELIX

HELIX INCIDENT RECOVERY AND FORENSIC LIVE CD

A small pptx introducing to the HELIX FORENSIC LIVE CD.

The Brain Virus : Some thing I missed.....

This is about BRAIN virus...a name heard in the late 80S and early 90S and recognized as the first computer virus for MS-DOS that infects the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system....This was written by two brothers, Basit Farooq Alvi and Amjad Farooq Alvi who were from Lahore, Pakistan......so what makes a mention here is that I was recently watching a TED Video wherein the speaker Mikko Hypponen shares his interesting piece of interaction with these two brothers...do watch it...worth it for inviting a smile...

HACKERS & TERRORISTs ARE NOT IDIOTS

1.    You have to go through all the classes from 1st to 12th standard to be eligible to be admitted into a college.But does the Govt think so? sorry for a bad connotation...I will come to the point...

2.     Recently,in the name of cyber security preparedness,the Government,in a first of its kind, conducted a live competition between two spy systems developed by reputed tech arms of India's national security apparatus. Expectantly...(though not from the Govt point of view)...both failed to capture 100% internet data traffic, one system even crashing a number of times during the test.

3.   Point wise summary comes as follows :

- Competition held near the Air Force Station, Arjangarh.

- Conducted between a system developed by Centre for Artificial Intelligence and Robotics (CAIR)@'Netra' and NTRO's @'Vishwarupal'@developed in collaboration with a Paladion Networks.

-  A high-level committee(???) declared Defence Ministry's 'Netra' system a winner.

-  During conduct of the test , "Vishwarupal", crashed a number of times and had to be restarted. 

-  Both the systems did not capture entire internet traffic passing via its probes installed at Sify Technologies premises in Delhi. 

-  Both could return results only after repeated attempts and that too with a high latency@15 minutes.

-  Netra will now be made a robust system, to scan all tweets, status updates, messages, emails, internet calls, blogs and forums for keywords such as 'attack', 'bomb' and 'drill'

-  The committee also directed NTRO, to wrest the design and source code of its system, exclusively from Paladion, due to a risk on national security.

4.   Now if the criteria of search is still to look after key words like Bomb,drill,attack etc,I think its time to rethink again.No real world terrorist would actually use similar words since they think much ahead and are sadly making use of the technology more efficiently then the other side.Are we not aware of latest unbreakable cryptography,stegnaography and other such related field standards?.....the SRS for building such a system should be exhaustive,based on dynamic@changing and improving technology standards.

5.   We are a country who is unable to exploit the inhouse talent and strength.We still keep searching and associating ourselves with outside country companies....We are already late...and we will be more late!!!!

6.  Source of Info @ www.techgig.com

BOY in the BROWSER attack

1.  Funny names keep propping up...and keep getting accepted too...first it was Man in the Middle attack....then Man in the Browser...and now comes Boy in the Browser attack....actually, is a trojan that reroutes its victim's web traffic information through an attacker’s proxy site.  ....a cool video here explains it in a simple language....

Resurgence of Boy-in-the-Browser Attacks

View more videos from Imperva

HUMANE COMPUTING

1.  The cyber space keeps coming up with such new terms and will continue doing so for years to come.So this is one term I heard of when I recently got an opportunity to attend a Two day symposium conducted by CSI ie COMPUTER SOCIETY OF INDIA,Indore Chapter.The Computer Society of India is the first and the largest body of computer professionals in India.

2.  So whats exactly HUMANE COMPUTING to which even google has limited answers....what i could gather from the forum which was presided by distinguised and expert speakers is produced below in as brief to understand possible words.

3.  The concept would be easier to understand with the help of few examples cited by the speaker :

-  Firstly imagine one typical branded washing machine getting faulty after few months of completion of warranty.Is it typical? or could it have been programmed to do so intentionally?

-  Secondly ,remember the movies I-Robot@Will Smith or Robot@my favorite Rajini Sir......both the movies revolve around the protagonist struggle to control his creation, the  robot whose software was upgraded to give it the ability to comprehend and generate human emotions.....so in both the cases laws of robotics failed and the plan back fired!So both the movies were based on imagination that may be possible in future...both were runaway hits...

-   Thirdly, the matrix series(triology)...that depicts a future in which reality as perceived by most humans is actually a simulated reality created by sentient machines to pacify and subdue the human population, while their bodies' heat and electrical activity are used as an energy source. So the lead computer programmer is drawn into a rebellion against the machines, involving other people who have been freed from the "dream world" and into reality.

-   Fourthly....any time a computer programme is made ...the code is written...so many aspects are considered at design level but any where is human thought process or kind of human psych is involved?.....no!!!m sure on that...windows or linux OS has got nothing to do with human emotions....person who is drunk and is in inebriated state would be able to conduct some kind of damage via the system that he might not have attempted if he was not drunk!!!!!

4.   So by giving these examples here I am trying to make you think the reverse way....@we all are getting IT/Computer savvy in our life but when we see it from the top...do we need to become COMPUTER SAVVY?...or it should have been the reverse way...the gadget/IT around us should have become HUMAN SAVVY....u might need to read this sentence twice since I might have just pinged ur thought process and not actaully conveyed the actual meaning.The field is actually just setting in and will take much time to evolve.....its neither black nor white...its just grey...and its upto the present genre of scientists and developers to actually start sorting out black and white!!

5.   "The term Humane Computing comes to encourage study of ethics, empowerment,empathy, equality, environmental sustainability with reference to the use of technology. Since it involves coming together and study of humans as well as computers, it involves technical as well as soft subjects and diverse disciplines

ranging from computing technology to soft disciplines like sociology, psychology, education, medicine, behavioral science and communication theory. The study of Humane Computing will be able to provide insights, which may make it possible to bridge the digital divide and which may help tilt the usage of computing in a direction, which makes it work for promoting ethical practices."

6.   So thats HUMANE COMPUTING in the most grey manner...the field as on date is not even an understood thing but yes...the field is enough to create a mind start thinking of ahead ie FUTURE....

Single malicious document can expose your whole LAN via ur trusted MFD

1.   "Imagination is the key to Success" in the world of IT....specially applicable to the world of cyber crime....this one i read at one of my fav news feed destinations at http://thehackernews.com...now when we keep covering up the PCs with ideas like antivirus/anti-malware and all sorts of anti's and virus'cides....this thing has come up fresh.....attack the LAN after altering the firmware of the masoom MFD ie multifunction device.Sequence of the main article at http://thehackernews.com is produced below :

- At Chaos Communications Congress (28C3) 

- Ang Cui presents Print Me If You Dare

- He explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers

- He showed how he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. 

- Performed two demonstrations 

- In the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet.

- In the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access through the firewall.

- Actually found a method to exploit the firmware update capability of certain Xerox MFPs to upload his crafted PostScript code. 

- Was able to run code to dump memory from the printer. This could allow an attacker to grab passwords for the administration interface or access or print PIN-protected documents.

2.  So now start taking care of your firmware updates of your MFDs......

3.  More at http://thehackernews.com.