Social Icons

Showing posts with label password. Show all posts
Showing posts with label password. Show all posts

Sunday, June 08, 2014

Encrypted Mail without being Technical : PROTONMAIL for You

1.    Often when we discuss about encrypting messages in emails we see it is generally confined to PGP extensions using Thunderbird, exchanging public keys and generating private keys and other encryption techniques incl Enigmail or installing GPG etc...but even after doing all this the whole thing is a bit complicated ....and no one likes complications....so when techies get complicated...it actually becomes kind of out of bounds for the common user anyway to use encryption in routine mails with each other.But with increasing rise in concern over security and privacy matters by the common user specially after Snowden revelations,the need has given us PROTONMAIL.

2. PROTONMAIL This new encrypted email service, called ProtonMail is a super-secure email service created in collaboration with the scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.It offers a user-friendly experience with full “end-to-end” encryption and encrypts the data on the browser before it communicates with the server, therefore only encrypted data is stored in the email service servers. So, even if someone gains complete access to the server, it will find only the encrypted data. Moreover, there is even a “self-destruct” feature in the email service which ensures your emails are only available for a limited period of time.Isn't it interesting?....

3.  At Protonmail,the decryption uses a combination of asymmetric (RSA) and symmetric (AES) encryption.So we have two cases wherein the user sends a mail from a Protonmail account to another user with Protonmail account and the other in which he sends a mail message to a non Protonmail user....

- For Protonmail to Protonmail emails, implementation of PGP is used where  key exchange is handled. So we have all the public keys. As for the private keys, when an account is created, it is generated on the browser, then encrypted with your mailbox password (which we do not have access to). Then the encrypted private key is pushed to the server so it can push it back to user whenever he/she logins.

- For PM to Outside emails, encryption is optional. If one selects to encrypt,  it uses symmetric encryption with a password that one can set for that message. This password can be ANYTHING. It should NOT be the Mailbox password. It needs to be somehow communicates to the recipient....few useful screenshots seen below :

 This is the screen at LOGIN
 Here you LOGIN
 Here is the second password before you finally LOGIN to the user interface
 Here is as you LOGIN
 This is the screen as you compose a mail.The point to be seen is the feature for choosing to encrypt your message and the expiration time.
 This is the mail received to a non PROTONMAIL user and we see there is a mail link it refers to!!!
 Once you click that link..you get a pop up for a password
 You enter the password and you will be able to decipher the password.


Tuesday, March 19, 2013

Keystroke Dynamics Software : We all type UNIQUELY

1.     As on date Passwords are the most common form of identification but at the same time they are also the weakest. Though they are gradually being offered with replacements from the field of bio metrics,picture passwords and OTPs etc...still it will take its time before passwords are a forgotten past..now comes another cool option to identify uniquely....the concept is likely to surprise you if you have not heard of it before!!!!this is known as Keystroke Dynamics.The key points about this are bought out below in brief :

- Know as  Deepnet Security’s TypeSense keystroke dynamics software.


- TypeSense is an authentication solution based on the science of typeprint recognition that uses keystroke dynamics to accurately identify a user by the way they type characters across a keyboard. 

- Keystroke Dynamics technology extracts the distinctive characteristics found in typed sequences of characters, and creates a statistically unique signature from the typing patterns of a person. 

- These distinctive features include the duration for which keys are held and the elapsed time between successive keystrokes. This type of software runs in the background and constantly monitors your key stokes, learns your style, and can detect if your computer’s been hijacked.

- It’s relatively user-friendly and low-cost. 

- It’s mobile and can be used to access your online accounts from anywhere and can be easily integrated in your existing authentication infrastructure.

2.    But as on date the limitation is that typing style can vary greatly depending on whether you are tired, distracted, angry, medicated, or any number of other circumstances. These variations can cause the software to make false positive or negative errors.



3.    At DEFCON : 17, Andrea Barisani and Daniele Bianco demonstrated how to sniff keystrokes using unconventional side channel attacks. Wires in PS/2 keyboards leak information from the data wire into the ground wire which acts like an antenna. The leaked information about the keyboard strokes can be detected on the power outlet, as well as other wires on the same electrical system. By slicing open one of these lines, cutting the ground wire and attaching a probe, the line can be monitored and the signal isolated by filtering out the noise using software such as Scilab. The waves from the oscilloscope and the data can be streamed to the hacker’s computer where additional software is used to extract the victim’s keystroke information.Well..well ..well......there is no end!!!!

4.     Thanks https://www.mafiasecurity.com/access-control/keystroke-dynamics/ and http://www.deepnetsecurity.com/tokens/bio/typesense/

Wednesday, March 13, 2013

BACKTRACK 6.0 aka KALI LINUX

1.      This will  be a surprise news for those who have were updated till Backtrack 5R3....the same team has come up with some thing more powerful thats named...KALI LINUX....:-)....and not BACKTRACK 6.0......few key points about KALI....

-    Based upon Debian Linux, instead of Ubuntu 

-    New streamlined repositories synchronize with the Debian repositories 4 times a day.

-   Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repository...now start distributing your own ISO....


-   More than 300 penetration testing tools, completely free, Open source, Vast wireless device support, GPG signed packages and repos, Multi-language, Completely customizable make this distribution one of the best available masterpiece of  hacking community.

-    Once again, default root password is same “toor“, you can download Kali Linux here.

2.    My download will start tomorrow morning....will keep me busy for few days and hours...:-)

3.     Thanks http://thehackernews.com

Wednesday, February 01, 2012

AVOID OPENING MULTITABS IN BROWSERs

1.  Has it ever happened that you get a mail in one your various Email IDs from Facebook or some other site that you never linked up with....?I am sure if you are a regular browser on social networking sites,this must have happened once...and it must have kept you thinking...HOW ??

2.   This happens when you have that email id open in some other tab and your Facebook account open in other...typically in a multitab session wherein you have opened many sites under one browser in various tabs..... that's when info gathering sites get your email id and things related to their interest.....TAKE CARE

Friday, December 16, 2011

TOOLS & SITES OFFERING EFFECTIVE PASSWORD CRACKING


Below is a list of sites that offer tools and ways to crack passwords.The idea behind posting all these sites at one place is not to attract and promote users to try password cracking.The idea is to always remember ways and means to create and promote stronger passwords which can not be cracked.All these sites do have limitations to crack the stronger passwords and related info...



Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.










Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future. Brutus was written originally to help me check routers etc. for default and common passwords


The source of independent information about cryptosystem weakness and password recovery.

Monday, October 10, 2011

nVidia GeForce GPU cracks six character password in four seconds

1.  An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours.So guys ...have mentioned it so many times earlier...even a password upto 14 character in length has been shown easy to crack when i discussed at a post here about one year back....so better take care of ur passwords...small case with few caps and special characters with numbers upto a length of 10-15 should do it for the time being....things r getting nasty in the hacking world.....take care....

2.  more about this at...here...here...here....here...
Powered By Blogger