Cloud Threat : Shared Technology Issues

1.   When a computer processor is designed/manufactured...viz core 2 Duo or quad-core processor or for this purpose any processor,the processor doesn't know what will it be finally used for....I mean it may be used as a standalone machine or a server machine!!!Here's the issue..ie this processor was not meant to be used for cloud....but how does this matter?This matter because from the security point of view this processor was meant to support strong ISOLATION properties which is not the case in routine manufacturing.Only dependent on the hypervisors for the regular interface as discussed at an earlier post here.In cases of cloud we have to handle two platforms ..one is the OS running like windows or any other OS which comes along with inbuilt and already exploited vulnerabilities that keep getting patched(what about Zero day???) and the other is hypervisor vulnerabilities(just google on hypersvisor vulnerabilities and u see what's in store to get surprised).Both of these combined together would be deadly if not taken care of...because in the cloud world, reacting to a damage would be like taking some one to hospital after an accident or a bomb blast whereas it should be the other way round....remove all possibilities of the accident and ensure 100% secure Areas....latter being too tough to imagine in current environment.

2.   I read about this few years back when I was not very much clear on Cloud Computing concepts(though still naive but better then past!!! :-),there was an incident involving a hypervisor breach that was not widely publicized.Now if u know about XBox 360(is a video game console developed by Microsoft that competes with Sony's PlayStation 3 and Nintendo's Wii),it has an embedded hypervisor (surprisingly not Hyper-V),so it was some time in 2007, that there was a documented buffer overflow vulnerability in this hypervisor which could be exploited to gain access to the hypervisor mode and thus, to the entire system. Microsoft immediately released a patch for this.Now unlike regular Windows OS Option, patches are not optional for Xbox users. Thus,the patch was applied the next time a user connected to Xbox Live or installed a new game. Proof of concepts quickly appeared that exploited the hypervisor vulnerability as well as online documentation on how people have used the Xbox “hypervisor exploit” to crack their systems.(...got this info from http://blogs.gartner.com/neil_macdonald/2009/02/20/hypervisor-attacks-in-the-real-world/)

3.   Thus arises a need for strong secured compartments to ensure that the individual cloud users are not compromised in a manner that would ensure unmanageable losses in monitory terms as well as brand devaluation.The CSA gives the following point wise remidiation format for designing the policy boundaries to counter Shared Technology Issues : 

-  Promote strong authentication and access control for administrative access and operations.

-  Monitor environment for unauthorized changes/activity.

-  Enforce service level agreements for patching and vulnerability remediation.

-  Implement security best practices for installation/configuration.

-  Conduct vulnerability scanning and configuration audits.

Excellent posts on 3D Printing

Would like to share link to this wonderful site at              http://www.3dprinter.net/author/mark for the best info on 3D Printers.....

Unbelievable world of 3D Printers!!!

1.   I read about 3D Printers few years back and then just forgot to follow the developments...and now when I googled about these printers it was completely a happy shocking event for me.....what I saw was printing actual toys....printing real life machine components...just watch these videos below to see it with your own eyes of what could be in offering in the very near future now on but first see these videos :

(This one is original from BBC)

2.   Might as well have shocked you..but these are just few from the thousands stored on the internet already......now read further....shocking is yet to come....that allows eatable food to be printed

3.   Will not be a big thing if some one tells or u come to know from somewhere that Google  offers free meals to their employees in their onsite cafeteria...so whats the big deal about this...a billionaire company can afford that!!!!!now if I tell you that Google’s cafeteria has a 3D printer in the kitchen that prints out pasta.... With customized-everything all the rage, why not pasta? And of all places, of course it would be at Google. Chef Bernard Faucher says that since everyone has their own favorite style of pasta, he can program their 3D printer to create any conceivable, printable shape..........(I read this from http://www.3dprinter.net/mama-mia-google-cooks-up-some-3d-printed-pasta)

4.   3D printers in food applications have recently been in news,but this is a first of any kind...i know reading till this much would have let you believe all this to be a bogus....but its a fact...and it is just tip of the iceberg of whats in store for future....

5.  For more on 3D Printing...please google and shock your self!!!!!!!!!

Power Searching with GOOGLE :Get Certified

1.   Few weeks back I came across a link in some blog that said the following :

"Google is offering a new free, 13 days, certification program on 'Google Power Searching' .The course is totally free and registration ends on July 16th. The course will sharpen your internet searching skill and help you learn advanced tricks to make internet searches. There are several short activities as a part of the course. Once the course is completed, a printable Google certificate will be emailed to you."

So the next thing I looked for was registering for the same....and yes it happened exactly the same way as was expected....the course started on time....i attended on line classes with wonderful simple videos to understand by google itself...became more crued up with the serch engine tools and tricks...appeared for the exams and i got the certificate as shown below.

2.  Would like to recommend this to everi one who googles....it really makes you a stronger searcher....for more details what else...u GOOGLE....

The Amazing Spider Man BINGS!!! does not Google

1.    Watched yesterday...the new spider man movie that's THE AMAZING SPIDER MAN...and noticed one special thing which few of you might not have...the search conducted by our hero was on the search engine Bing....and I could see the Microsoft guys smiling.....but it snapped quiet a funny number of tweets of which my fav one is this one by one Sarahtb0

The Amazing Spider-Man was pretty realistic until Peter Parker used Bing as his search engine.

2.   Now was this some kind of a tie up between Microsoft and Spider Man to lure audience further damage the Google proprietary in the search engine web....or was it scripted like normal..it could have been google also!!!!

UNDO A SENT EMAIL :YES,IT IS POSSIBLE!!

1.   Ever thought like u shouldn't have sent that mail....or u sent it too early....like all things u can do UNDO in your PC and various applications...can u do it in EMAIL?......the answer is YES.....

2.   The feature is currently available in Gmail and Blumail only.How?...it goes like this

- Log into your GMail account

- Go To mail settings tab.

- Click on Labs

- Scroll down u will find UNDO SEND

- Enable it.

3.  That's it.Actually the feature sends the mail about 5 seconds late so just in case u immediately realize that u send it too early or should have sent it later.....u still have control over it.So when u click send a small link appears that says "UNDO"...click on it and that action will not conclude...ur email remains safe with you.... 

KOOBFACE guys CAUGHT : FACEBOOK

1. Koobface is not something new for the cybercrime followers.....some thing in brief for those reading about this first timehere :

- is a computer worm that targets users of the Facebook.

- koob is book spelled backwards, making the name koobface an anagram for the word Facebook.

- Koobface targets Facebook users via fake friend messages that encourages people to click on links that installs a malicious worm

- Messages like, "you look funny in this video" or "you look so stupid in this pic" are used to persuade somone to click on the link attached. Once the user clicks on them it takes you to a video which doesn't play and they ask you to download certain codecs which can be a fake 'flash_player.exe' file.

- If this file is downloaded, your computer becomes open to Koobface malware.

- It downloads a file 'tinyproxy.exe' which hijacks your PC.

- It even alters search results from Google, Yahoo etc and redirects to websites selling malicious softwares.

- Kaspersky Labs has estimated the network includes 400,000 to 800,000 PCs worldwide at its height in 2010.

- Victims are often unaware their machines have been compromised.

2. Facebook two days back unmasked the team behind the notorious Koobface virus that hit the social network for two years beginning in 2008.

ABOUT THE GANG

- Five men believed to be responsible for spreading this notorious computer worm on Facebook.

- Have pocketed several million dollars from online schemes.

- Are likely hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook.

- One member of the group has regularly broadcast the coordinates of its offices by checking in on Foursquare, a location-based social network, and posting the news to Twitter.

- Photographs on Foursquare also show other suspected members of the group working on Macs in a loftlike room that looks like offices used by tech start-ups in cities around the world.

- Ultimately, the Koobface gang was identified by the researchers as Anton Korotchenko, Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk, and Stanislav Avdeik.

3. Thanks http://www.pcmag.com

CHROME OS

Recently downloaded CHROME OS and ran it on a Virtual Box.....few screen shots....for those who wish to see how it looks!!!!Double click on the image to view it bigger and clear

Cookienator : Option to control cookie menace

1.   Cookienator is a tool that will helps us remain anonymous from search engines such as Google and other web-usage trackers such as Doubleclick or Omniture.This a simple program that will leave most of cookies alone but will remove the ones that put your privacy at risk. The best part about this is the size and ease of installation.....It is lightweight; it's a single executable, when run, it will tell you how many cookies it would like to remove. It is available for free to download and is available in two forms : msi windows executable and a zip file

2.   More at http://codefromthe70s.org/cookienator.aspx

CONTROL COOKIES TAKING CONTROL FROM UR BROWSERS

1.  In my earlier post here about cookies and types,I had mentioned about types and some relevant details.Now this one mentions about the steers and control available in prominent browsers to disable cookies digging into ur privacy !!!

Google Chrome

Go to 'Tools Menu'

Click on 'Options'

Click on 'Under the Hood'

'Cookie Setting' should be selected. Once done select 'Block all Cookies'

Now all cookies should be blocked on your Google Chrome

To clear existing cookies:

Go to 'Tools Menu'

Click on 'Options'

Click on 'Under the Hood'

Under 'Privacy' section select "Show Cookies'

A new window should open called 'Cookies' In here you can see all the cookies within your Google Chrome Browser.

Click on "Remove All" to remove all traces of cookies

If you wish to only remove a certain cookie, simply highlight and click "Remove"

Firefox

Go to 'Tools' in the menu bar

Click on 'Options'

Click on 'Privacy Tab'

Disable the box that says 'Accept Cookies From sites'

To clear existing cookies:

Go to 'Tools' in the menu bar

Click on 'Options'

Click on 'Privacy Tab'

Click on "Clear Now"

Select "Cookies"

Click on "Clear Private Data Now"

Internet Explorer (IE) 9.0+

Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options'

Click on 'Privacy' Tab on top

Move the slider up to the 'Block all Cookies' button

Important Notice: Blocking all cookies may prevent you from entering alot of sites.

The next two Internet Explorer privacy levels, High and Medium High, may be more suitable.

To delete existing cookies:

Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options'

Click on 'General' tab which should be under 'Browsing History' and click 'Delete'

2.  Thanks http://www.allaboutcookies.org

Our Browsing History Is Leaking into the Cloud!!!!

1. You do it on INCOGNITO mode or the PRIVACY mode or keep removing cookies to ensure that you are not being tracked or u think like your browsing history does not exist....this is going to shock you.....watch this video "DEFCON 19: Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud"....click down to see....

2.  The summary goes like this....

 - 350 services get at least 1 % of your browsing activity

 - 33 services get at least 5% of your browsing activity

 - 16 services get at least 10% of your browsing activity

3.  Any solutions for avoiding......yes...the video itself gives you the solution ....and as on date millions have already adopted it...now that includes me tooo.....download the plugin for your respective browser from http://www.disconnect.me/

JAVA SE DEVELOPMENT KIT NOT FOUND!!!!

1.   On way to experiment with android application with the stand SDK toolkit....i got messed up with the installation procedure so much that i thought of just leaving it..... in spite of all java installed  i got this screen.....

2.   I read all trouble shoots of on JAVA site.....some diverted me to registry editors and what not.......till i got the correct answer...simply click BACK and then NEXT again......khatam...thats the end of it.....

ANDROID APPLICATIONS CLONED : Developers make it spam

1.    The latest to add on to the growing web of spams is repackaged android applications.....though till now most of the descried repackaged applications are not reported to have any malicious code in them and also like the genuine ones they are also made available for free. These effected applications have the same module as the original, but include an advertisement module ,thus developers of these apps try making money off the clicks on the advertisements.

2.   The thing is easy on part of the developers since it is easier on thier part to just fiddle with original Android apps which are written in Java and are, therefore, easily cloned.....

3.   Thanks www.f-secure.com

ANDROID & GOOGLE : AT LOGGER HEADS????

1.    This news is bound for only one thing.....a first big dent on Google's untouched Kingdom in the cyber world.There is a reported discord among the Android developers who are irked at Google’s Android Market policies.They have formed the Android Developers Union to protest the policies.The new union has compiled a list of seven demands including renegotiation of the 32pc ‘Google Tax’ on app sales, public bug tracking, algorithmic transparency and increased payment options.They threaten Google that if these demands are not met they will cease development and move their efforts to rival platforms.

2.  "If the demands are not met, we will move our applications to alternative marketplaces or the web, cease Android development in favour of other more open platforms, we will dissuade other developers from developing Android projects, and we will work tirelessly to counter any of Google's hypocritical claims about openness in the media."

3.   This seems to be the first kind of big set back to google who may find loosing an edge in its battle for the smartphone operating system and applications market vis-a-vis Apple and Microsoft.The seven demands of the android union can be seen here...

4.   This writeup does not reflect my views of standing against anyone or supporting anyone but wishes to inform the readers only for info........

NOKIA should have merged with GOOGLE : Google CEO

This comes straight after the earlier post news spread across about the merge of Nokia & Microsoft......When asked about Nokia's choice of Windows Phone 7 as its smartphone system, Schmidt said "Google would have loved to see Nokia pick Android instead. Google tried to convince Nokia to choose Android, and it can still make that decision in the future".....(ha ha ha....Google still has hopes of a future revertive action by NOKIA....and who knows...it may just happen..we are just the readers!!!!!)

Get Paid to Hack GOOGLE

1.    Google has made it official now vide which Google willl pay $500 and $3,133 to people who discover security vulnerabilities in its websites and online applications.......Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly and in real time to Google's security team thereby improving upon zero day exploit matters.

2.    This provisions  Google a chance to fix the vulnerabilities before it is exploited the way it should be. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. Thus depending on the extent and scale of vulnerability made known to google,so will be the prize money awarded....And Google says that participants shouldn't use automated tools to search for flaws

 

Is ur Account Hacked ?- Common ways u get compromised.

1.    There is no doubt on the fact that Google users are growing phenomenally.....and with this growing rise also comes the phenomenal rise and ways to get compromised or become a botnet.Thus a Google Account is also valuable for spammers and other unknown citizenry looking to impair you with ur personal info and data on ur pc and account inbox. It’s not so much about your account, but rather the fact that your circle of relatives and friends see your Google Account and mails from it as reliable.

2.   Nothing new about this but the most common ways hackers can login to your Google password are:

• Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.

• Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.

• Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.

• Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“ujjwal3008”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “dosa” for “What is your favorite food?”

3.   Another common error that we all unknowingly is that we keep the password same for multiple accounts on yahoo,gmail,blumail and so on.......put on ur thinking caps......if one account linked to other user name is compromised ....then in a way all are....

How Google detects Invalid clicks?

More often then not,most of the registered Google Ad sense users are always tempted to increase their clicks on the ad to generate some monetary benefit....this one comes specially for all those who try tricks of trade....believe it or not their are none... Google is tooooooooo smart...read down below and links below :

1. IP Address

If those clicked on their own ads multiple times from the same IP address means you will sure get banned.

2. Sabotaged by third party

Sometimes, you may also be sabotaged. A third party may decide to do a series of illegal clicks on your advertisements for the purpose of getting you banned. If you notice any suspicious clicks of this nature, Google encourages you to report it to them.

3. CTR

The normal CTR ratio must be in between 0.5% – 15%. Anything more then 15% will be flagged.

4. Cookies

Few Adsense users, use the trick by using the dynamic IP address but it falls flat as cookies in computer can be used to track our cookies and help identify the invalid clicks.

5. Physical Location

Google has many software and bots to trace. They will trace the IP address of the small town and city. So do not click your own ads in different internet cafe and also in friend’s home. If you do this, your account will flagged.

6. Fake Web Traffic

Fake web traffic is anything that generates false impressions on your Google AdSense advertisements, including participating in link farms or link exchange directories.

7. Search Engine Ranking

If you got many clicks without the help of search engine ranking, social media traffic means Google will easily smell it.

More veri useful info here at https://www.google.com and http://www.ambabo.com

"GOOGLE STREET VIEW" - FIGHTING PRIVACY ISSUES

1. Ever heard of google's street view application...m sure many of you must have...for those who have not heard of it...in brief it refers to a technology featured in Google Maps and Google Earth that provisions isometric views from various positions along many streets in the world. Launched on May 25, 2007 the application displays images taken from a fleet of specially adapted cars. Areas not accessible by car are sometimes covered by Google tricycles. On each of these vehicles there are nine directional cameras for 360° views at a height of about 2.5 meters, GPS units for positioning and three laser range scanners for the measuring of up to 50 meters 180° in the front of the vehicle. There are also 3G/GSM/Wi-Fi antennas for scanning 3G/GSM and Wi-Fi hotspots.

2. No about the fighting issue that i have reffered in the subject topic.Now whether it is a facility for the world base users to utilize viewing live views of streets world vide or it is an attempt to log in to the private data of the users across.....yess...I repeat it is the private data of the users avaiable from the open WiFi signals from their home computers and laptops.The intresting thing is that Google has accepted this collection of data from unencrypted wireless networks....and they have put the blame on a masoom software engineer.Google says the massive furore over Wifi snooping by Street View cars was all the fault of one software engineer.In an interview ,CEO Eric Schmidt said the whole affair came about because a software engineer inserted unauthorised code into the Street View system software. The man is now under investigation internally by the company as per posts on google blog.

3. Now what ever answer that google may come up with in form a mistake or simply putting the blame on that software engineer(...where was the Software Testing deptt and QC then otherwise?),the point that I intend putting accross is that just take care of envryting your WiFi router.Google has at least accepted the fact and mistake and they are taking measures to rectify it...but it will not be always like that.....there are so many mis adventurists present all around that looking around that unencrypted wireless networks for misuse.....just read this post again to avoid becoming a target like others.

4. Thanks http://tech.blorge.com & http://en.wikipedia.org/

Google and Caffeine : The Secret Link

1. A little over year ago ,Google unveiled a “secret project” of “next-generation architecture for Google’s web search“ which was supposed to include crawling, indexing, and ranking changes. While the biggest visible changes in Microsoft’s relaunched search engine, Bing, was user-interface related, Google’s secret project was supposed to be only infrastructure related and proposed no UI changes.

2. Thus after an year of the unveiling,Google is now getting faster and more comprehensive with a new Web indexing system called "Caffeine.As per the Google Blog Post's , the project now stands on completion stage and now "provides 50 percent fresher results for Web searches".

3. The old indexing architecture was based on several layers, some of which were refreshed at a faster rate than others; the main layer would get updated every couple of weeks.To refresh a layer of the old index, entire web was analysed, which meant there was a significant delay between when we found a page and made it available to the user. With Caffeine, the web is analysed in small portions and search index is updated on a continuous basis.Thus more improvement on existing setup....that I say "there is no end to improvement"

4. Thanks http://www.trustedreviews.com