Social Icons

Showing posts with label email. Show all posts
Showing posts with label email. Show all posts

Saturday, August 16, 2014

Maltego : Open source Intelligence and Forensics Application

1.  In this post I am giving a stepped screen shot for installing and using the application MALTEGO that comes inbuilt to Kali Linux.Maltego, is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of information in a meaningful way. Coupled with its graphing libraries, Maltego, allows  to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool in the forensics.security and intelligence fields.

2.   Maltego permits creating custom entities, allowing it to represent any type of information in addition to the basic entity types which are part of the software. The basic focus of the application is analyzing real-world relationships between people, groups, websites, domains, networks, internet infrastructure, and affiliations with online services such as Twitter and Facebook.

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

(CLICK TO ENLARGE)

Sunday, June 08, 2014

Encrypted Mail without being Technical : PROTONMAIL for You

1.    Often when we discuss about encrypting messages in emails we see it is generally confined to PGP extensions using Thunderbird, exchanging public keys and generating private keys and other encryption techniques incl Enigmail or installing GPG etc...but even after doing all this the whole thing is a bit complicated ....and no one likes complications....so when techies get complicated...it actually becomes kind of out of bounds for the common user anyway to use encryption in routine mails with each other.But with increasing rise in concern over security and privacy matters by the common user specially after Snowden revelations,the need has given us PROTONMAIL.

2. PROTONMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.It offers a user-friendly experience with full “end-to-end” encryption and encrypts the data on the browser before it communicates with the server, therefore only encrypted data is stored in the email service servers. So, even if someone gains complete access to the server, it will find only the encrypted data. Moreover, there is even a “self-destruct” feature in the email service which ensures your emails are only available for a limited period of time.Isn't it interesting?....

3.  At Protonmail,the decryption uses a combination of asymmetric (RSA) and symmetric (AES) encryption.So we have two cases wherein the user sends a mail from a Protonmail account to another user with Protonmail account and the other in which he sends a mail message to a non Protonmail user....

- For Protonmail to Protonmail emails, implementation of PGP is used where  key exchange is handled. So we have all the public keys. As for the private keys, when an account is created, it is generated on the browser, then encrypted with your mailbox password (which we do not have access to). Then the encrypted private key is pushed to the server so it can push it back to user whenever he/she logins.

- For PM to Outside emails, encryption is optional. If one selects to encrypt,  it uses symmetric encryption with a password that one can set for that message. This password can be ANYTHING. It should NOT be the Mailbox password. It needs to be somehow communicates to the recipient....few useful screenshots seen below :

 This is the screen at LOGIN
 Here you LOGIN
 Here is the second password before you finally LOGIN to the user interface
 Here is as you LOGIN
 This is the screen as you compose a mail.The point to be seen is the feature for choosing to encrypt your message and the expiration time.
 This is the mail received to a non PROTONMAIL user and we see there is a mail link it refers to!!!
 Once you click that link..you get a pop up for a password
 You enter the password and you will be able to decipher the password.


Sunday, November 03, 2013

ENCRYPTED E-MAILS @ DARK MAIL ALLIANCE

1.   How often we keep reading so much about privacy and IT security issues across the web and daily surf's!!!....but we only have more to believe that privacy with times to come will be a matter of past...be it your mobile with loads of applications inbuilt already or your exchange on yahoo or gmail etc..every one is trying to vie for your data in some form or the other...your sms..your mms...your contacts..your stored data on the SD card,your browsing history or your location at various times of the day etc etc.....every one wants all this to make your profile and then in the long run use all this to market or even blackmail you(who knows!!!!!)...future will buzz a lot with our past....

2.  In such times it is good to read about "Dark Mail Alliance". Extract from their website is produced below for general direction of purpose :

" To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email. As founding partners of The , both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind."

3.   Silent Circle’s team as mentioned in the extract is a unique and eclectic mix of world-renowned cryptographers, Silicon Valley software engineers, German VoIP engineers, Latvian system analysts and former US Navy SEALs & British Special Air Service (SAS) security experts....while Lavabit was an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government.So the combo of these two majors can be a force to reckon with provided the policies and strategies do not bar them again in some manner...till then lets give a "good night" to privacy!!!

4.   More at http://darkmail.info/

Tuesday, July 23, 2013

Best IT SECURITY INFO & NEWS SItes

1.         IT Security enthusiasts guys/girls always keep looking forwards to discovering new sites that keep them enriched with latest happenings in the buzzing IT SECURITY world...I am listing out a list of sites that I keep abuzz with.These are not necessarily in the order of my preference or have any kind of ratings or ranking....but a whole lot of enriching info is available for every cyber security guy!!!

http://www.schneier.com/

http://thehackernews.com/

https://www.privacyrights.org/

https://www.owasp.org is specific to web application security subjects

http://www.itsecurity.com/

http://technet.microsoft.com has more of MS related aspects

http://csrc.nist.gov/

http://www.sans.org/

http://www.securityfocus.com/ : by Symantec

http://www.cert.org/

http://www.scmagazine.com/

http://www.securityweek.com/

http://nakedsecurity.sophos.com/

http://www.darkreading.com/

....surf few of them and enrich your self!!!!all the best

Treat your E-Mail address classified : ADVISORY

1.    Do you know that simply your E-MAIL disclosure to a person with malicious intent can be a key to disclosing your E-mail content and other personal attributes of life?...I mean it can invade your privacy...and just for info this is an active organised crime in the cyber world.

2.   What is the most important first thing that a hacker desires to know?....and the answer is the IP Address of the victim..and all it takes to know the IP address is to send a dummy mail at the victims id.. that's it....strange it may sound but there are so many websites offering you free solutions on how to get not only the IP address but also the browser and OS system details of the victim.One of the leading sites offering a free solution is SPYPIG...this site facilitates to let you know when your email has been read by the recipient! ...this happens in form of a intimation by SPYPIG as and when the e-mail is read by the recipient.

3.   Now some thing about SpyPig ....is a simple email tracking system that sends you a notification by email when the recipient opens your message.It works with virtually all modern email programs: Outlook, Eudora, Yahoo Email, Gmail, Hotmail, AOL Email and many others.In addition to the notification it actually sends you additional but undesired details also which can be exploited by malicious intent person.Thde details that can be used and exploited are shown here in the screen shot below in one test mail....

Red Encircled are the Critical Info

4.     But sadly,the recipient will never know of the fact that he is being tracked and so much of critical info has already swapped hands with unknown guys...I mean the OS,the browser with their respective versions etc....so in the state today the following preventions can be taken to avoid such a hijack :

-           Avoid opening E-mails from unknown sources

-      Disable Image display by default in E-Mail settings.This is important because this works on the funda of a hidden script in the image sent along with the mail.So if you disable the images display by default,it is unlikely that this will be executed.

-           Avoid sharing and disclosing your E-Mail addresses openly.

5.     To know about spypig visit : http://www.spypig.com

Saturday, April 20, 2013

Self Destructing E Mails : Receiver reads them only Once

1.   It has always remained a question for typical email users like u and me of how to send a self destructing E-Mail...an email that is read once and destroyed that moment like how about your office messages with vendors or love mails with your present Girl Friend/Boy Friend or u can imagine situations for such requirements....

2. Earlier it had been the disposable email solution and now there are many solutions that offer this particular requirement of Self Destructing E Mails.Below are few such sites and solutions :

http://www.self-destructing-email.com/

Offers free trials last for two weeks or 25 emails (whichever comes first) and u need to register with it.It lets you decide what happens to your email after sending.

https://privnote.com/


Privnote is a free web based service that allows you to send top secret notes over the internet. It's fast, easy, and requires no password or user registration at all.

Just write your note, and you'll get a link. Then you copy and paste that link into an email (or instant message) that you send to the person who you want to read the note. When that person clicks the link for the first time, they will see the note in their browser and the note will automatically self-destruct; which means no one (even that very same person) can read the note again. The link won't work anymore.(Courtesy : https://privnote.com/ )


http://www.destructingmessage.com/

DestructingMessage.com is a free service which enables you to send a self-destructing message to someone. This means, once they read the message they will no longer be able to read it again after the timer has reached zero. This ensures your message is read by no one but the reader and all evidence of the message is erased. Messages are also anonymous unless you add any identifiable information to your message.(Courtesy : http://www.destructingmessage.com/)

https://oneshar.es/

-  Uses HTTPS (SSL; Port 443) to encrypt the data from your web browser to our servers.

-  All data is stored encrypted.
-  When someone views the unique URL that you send them; your encrypted message is deleted from our system.
-  The datacenter maintains the latest security updates and patches on our server.
-  Google Analytics is used on our site for web analytics.

Thursday, January 31, 2013

DAEDALUS : Monitor Cyber-Attacks Realtime 3D way


1.    Whether it is the Die Hard ver 4.0 movie scene or Mission impossible recent one or any hi tech cyber movie....we have have all seen the mega sized dark halls equipped with gigantic screen displaying all sorts of real time ridiculous hacker related information and monitoring tracks of the enemy or the protagonist....so how good or effective or even real are these in the real sense....can some thing like these seen and shown over years on the silver screen be REAL....yesss...first watch this video and then read few points as bought out below :


2.   A company in Japan named NICT just unveiled a system dubbed Daedalus that will revolutionize the way companies and even countries can monitor cyber-attacks in full real time 3D representation.The key features about this is bought out as below :

- Daedalus is not only a way to monitor cyber-attacks from outside, but also what’s going on inside it. 

- So if someone receives an email with a virus for example, the system can quickly identify the IP address that is currently spreading it and shut it down immediately.

- The NICT recently gave a demonstration and tracked 190,000 IP addresses in real-time  

- Daedalus can monitor multiple entities at once and get notified, once again, via 3D graphical representation when a cyber-attack occurs. 

- This is not only when it happens, but instantly where it happens and who the attacker is.

3.      So when the objective is envisaged on a higher scale....ie the complete global internet monitoring.....will this be the start to control spam(90% of mails exchanged on the web is spam)....or will this be able to control cyber attacks across.....well not a bad start to a start whose objective is MISSION IMPOSSIBLE type...another thing that may have come to your mind is about the name...of all what does Daedalus mean?...well in Greek mythology, Daedalus means "Clever Worker"

4.  Debriefed from http://www.bitrebels.com/technology/daedalus-3d-cyber-attack-alert-system/ and http://www.nict.go.jp/

Saturday, February 18, 2012

UNDO A SENT EMAIL :YES,IT IS POSSIBLE!!

1.   Ever thought like u shouldn't have sent that mail....or u sent it too early....like all things u can do UNDO in your PC and various applications...can u do it in EMAIL?......the answer is YES.....

2.   The feature is currently available in Gmail and Blumail only.How?...it goes like this

- Log into your GMail account
- Go To mail settings tab.
- Click on Labs
- Scroll down u will find UNDO SEND
- Enable it.

3.  That's it.Actually the feature sends the mail about 5 seconds late so just in case u immediately realize that u send it too early or should have sent it later.....u still have control over it.So when u click send a small link appears that says "UNDO"...click on it and that action will not conclude...ur email remains safe with you.... 
Powered By Blogger