Social Icons

Saturday, March 16, 2013

Attacks@Image WaterMarking

1.    We keep exploring new grounds but also without realizing the pits it offers,we start playing games on it.Such is the world of IT,we keep discovering so many new technologies to strengthen and exploit for our use and we keep ourselves vulnerable!!!!

2.   Without wasting more words,this post would briefly mention about Image water marking and the type of attacks it remains vulnerable to.So first whats Image Water Marking??...an easy way to describe digital watermark is simply comparing it to a traditional paper watermark or a power point water mark which most of us might have even used at some point of time.Like Traditional watermarks offer proof of authenticity by being imperceptible, digital watermarks offer a way that allows a computer to read the mark but not by the human 6/6 eye....there are actually four essential parameters which are commonly used to determine the quality of water marking these are :

- Robustness
- Imperceptibility
- Payload 
- Security

3.   Now each of these parameters has a unique characteristic that makes the purpose of image water marking strong and adaptable.So when we speak about attacks on image water marking...the attacks again are classified as :

- Image Compression Attack : Primarily used to reduce the size of image in transmission.The original image remains most of it that it was but requires lesser bandwidth to move.

- Image Contrast Attack : To a human eye a slight change in contrast of colors makes a huge difference in overall perception

- Cropping Attack : A part of image gets cropped from original

Re sizing Attack : The image gets re sized from the original coords

- Rotation Attack : A simple clockwise or a anticlockwise attack would rotate the image from its original coords


Another categorization of the image water marking attacks contains four classes :(Source here : Abhishek Goswami)

Removal Attacks : Aim at the complete removal of the watermark information from the watermarked data without cracking the security of the watermarking algorithm

Geometric Attacks : Do not actually remove the embedded watermark itself, but intend to distort the watermark detector synchronization with the embedded information.

Cryptographic Attacks : Cryptographic attacks aim at cracking the security methods in watermarking schemes and thus finding a way to remove the embedded watermark information or to embed misleading
watermarks.

Protocol Attacks : Aim at attacking the entire concept of the watermarking application. This type of attack is based on the concept of invertible watermarks. The idea behind inversion is that the attacker subtracts his own watermark from the watermarked data and claims to be the owner of the watermarked data. This can create ambiguity with respect to the true ownership of the data. 




Thursday, March 14, 2013

Power of PING

In our respective interactions with various networks accessible to us.....as administrators we keep pinging so many IPs for testing the connectivity at various times like ping 192.121.23.1 etc....and we get a response...but ping it self has so many switches that most of us hardly use......i came across a chart today that in a summarized form tells the switches of ping command with examples and a brief explanation.....sharing here with you...thanks http://www.activexperts.com

ping -c countping -c 10Specify the number of echo requests to send.
Ping -dping -dSet the SO_DEBUG option.
Ping -fping -fFlood ping. Sends another echo request immediately
after receiving a reply to the last one.
Only the super-user can use this option.
Ping hostping 121.4.3.2Specify the host name (or IP address) of computer
to ping
ping -i waitping -i 2Wait time. The number of seconds to wait between
each ping
ping -l preloadping -l 4Sends "preload" packets one after another.
Ping -nping -nNumeric output, without host to symbolic name lookup.
Ping -p patternping -p ff00Ping Pattern. The example sends two bytes, one
filled with ones, and one with zeros.
Ping -qping -qQuiet output. Only summary lines at startup and
completion
ping -rping -rDirect Ping. Send to a host directly, without using
routing tables. Returns an error if the host is not on
a directly attached network.
Ping -RPing -RRecord Route. Turns on route recording for the
Echo Request
packets, and display the route
buffer on returned packets (ignored by many
routers).
ping -s PacketSizeping -s 10Sets the packet size in number of bytes, which will
result in a total  packet size of PacketSize plus 8
extra bytes for the ICMP header
ping -vping -vVerbose Output. Lists individual ICMP packets, as well    
as Echo Responses

Wednesday, March 13, 2013

BACKTRACK 6.0 aka KALI LINUX

1.      This will  be a surprise news for those who have were updated till Backtrack 5R3....the same team has come up with some thing more powerful thats named...KALI LINUX....:-)....and not BACKTRACK 6.0......few key points about KALI....

-    Based upon Debian Linux, instead of Ubuntu 

-    New streamlined repositories synchronize with the Debian repositories 4 times a day.

-   Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repository...now start distributing your own ISO....


-   More than 300 penetration testing tools, completely free, Open source, Vast wireless device support, GPG signed packages and repos, Multi-language, Completely customizable make this distribution one of the best available masterpiece of  hacking community.

-    Once again, default root password is same “toor“, you can download Kali Linux here.

2.    My download will start tomorrow morning....will keep me busy for few days and hours...:-)

3.     Thanks http://thehackernews.com

DRDO HACKED : NO....YESS...NO...YESS!!!!goes on...


1.    Now nothing new about this news....its just another hacking news among-st the millions of hacking news and scrolls daily....but it has become an eye popper because it has the word DRDO in it..... that's the Defence Research and Development Organisation.

2.   Though DRDO straight away denies it that it can never happen(whats the basis behind is a well guarded secret...)...but Pawan Duggal,a known Cyber Expert says that never in the history of "India Hacked" past has such voluminous data transferred and resided in servers outside the country borders.....video down here






3.    The hacking is suspected to have been carried out by Chinese hackers and there are fears that some sensitive information could have been compromised.When asked about it, Defence Minister A K Antony said, "Intelligence agencies are investigating the matter at this stage and I do not want to say anything else."

Commenting on the issue, DRDO spokesperson Ravi Gupta said, "As per our information, no computer or network of the DRDO has been compromised."(Offcourse they have records to prove that all sentries and guards were on duty at the moment hackers claim they hacked DRDO....pun intended SIR!!!!!)

4.     Today things in context of Cyber Security at national level stand at a very critical juncture...infact I feel that juncture is past now....we are already late...but still we read and hear that Cyber Security Policy of India will arrive soon.....(i know cut paste also takes time....pun intended!!!!!)..READ HERE

5. India I am sure will keep busy with hiding elephants......jantar mantar.......elections...2014....italy guards.....bhagwan etc etc...but if the priorities don't change the order soon...India will be backed up and downloaded in some other country sooon....it will be veri sad...we are one of the leaders in IT industry....specially software but we have not been able to exploit this potential for in house strengthening...we are all concerned for individual growth...vo subah kabhi to aaayegi....vo subah kabhi to aaayegi!!!!!

Tuesday, March 12, 2013

Graduating from Fedora 18 to Ubuntu 12.10

Had waited for months to see Fedora 18 release and then finally getting a hold of it last month.....was indeed a sad experience....the common bugs that I found in routine working with the Beefy Miracle included TOO SLOW and issues with installations of common third party applications ...everi one coming up with some dependency issue.....so finally downloaded 12.10 Ubuntu yesterday and now working on that...for me its bye bye Fedora 18....but now I am fighting skype cam installation issue with Ubuntu......no luck till now

Friday, March 01, 2013

Browser fight continues : CHROME continues topping too!!!


1.    Not long back we all have seen or might have experienced when violent and pornographic images were fed across facebook profiles of FB friends without the knowledge of the online FB user when he used to simply click on a tempting link!!!!All that happened owing to so many malwares but the exact launching vulnerability was indeed in the BROWSER!!!!!

2.    The openweb is full of options for seemingly good browsers viz Mozilla Firefox, Google Chrome, and Microsoft’s Internet Explorer. But who is the best?.....though when u google u find so may individual claims but third party tests are always welcome on such issues...specially when they have huge evidence to support....like few years back I posted on ACID3 test for the browsers...this one comes from Accuvant...and its actually huge in terms of a conclusive report that's 139 pages in toto......:-)

3.   The full report can be accessed by clicking here...so the Accuvant study revealed that Chrome ranks as the most secure web browser when compared to Internet Explorer and Firefox. Interestingly, German government named Chrome the most secure browser, perhaps lending weight to the study. 

4.   The criteria to test these browsers included factors like ASLR,GS,Sandboxing,JIT Security etc as shown below :

(CLICK ON THE IMAGE TO ENLARGE)

5.   Please google if you wish to know the criteria factors mentioned above in the image.Thanks http://www.accuvant.com/

Tuesday, February 26, 2013

UPDATING FEDORA 18

From terminal,updating Fedora 18 goes like this :


thats


                 su -
Password: ******
                 yum update

Thursday, January 31, 2013

DAEDALUS : Monitor Cyber-Attacks Realtime 3D way


1.    Whether it is the Die Hard ver 4.0 movie scene or Mission impossible recent one or any hi tech cyber movie....we have have all seen the mega sized dark halls equipped with gigantic screen displaying all sorts of real time ridiculous hacker related information and monitoring tracks of the enemy or the protagonist....so how good or effective or even real are these in the real sense....can some thing like these seen and shown over years on the silver screen be REAL....yesss...first watch this video and then read few points as bought out below :


2.   A company in Japan named NICT just unveiled a system dubbed Daedalus that will revolutionize the way companies and even countries can monitor cyber-attacks in full real time 3D representation.The key features about this is bought out as below :

- Daedalus is not only a way to monitor cyber-attacks from outside, but also what’s going on inside it. 

- So if someone receives an email with a virus for example, the system can quickly identify the IP address that is currently spreading it and shut it down immediately.

- The NICT recently gave a demonstration and tracked 190,000 IP addresses in real-time  

- Daedalus can monitor multiple entities at once and get notified, once again, via 3D graphical representation when a cyber-attack occurs. 

- This is not only when it happens, but instantly where it happens and who the attacker is.

3.      So when the objective is envisaged on a higher scale....ie the complete global internet monitoring.....will this be the start to control spam(90% of mails exchanged on the web is spam)....or will this be able to control cyber attacks across.....well not a bad start to a start whose objective is MISSION IMPOSSIBLE type...another thing that may have come to your mind is about the name...of all what does Daedalus mean?...well in Greek mythology, Daedalus means "Clever Worker"

4.  Debriefed from http://www.bitrebels.com/technology/daedalus-3d-cyber-attack-alert-system/ and http://www.nict.go.jp/

Saturday, January 19, 2013

SOLVED: VLC installation Issues : FEDORA 18

1.      After installation of the spherical cow Fedora 18 64 bit on my machine,there was this popping message while i tried installing the VLC media player :


GPG key retrieval failed: [Errno 14] Could not open/read file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-18-x86_64


(CLICK TO ENLARGE)

2.    But this could be solved as shown below :

su -c 'yum localinstall --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-18.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-18.noarch.rpm'

and now do 

yum install vlc


Thursday, January 17, 2013

Like in PATCO case,DO OUR BANKS GUARANTEE CYBER SECURE ACCOUNTS ?

1.   Suppose you have a SBI or HDFC or ICICI Bank or any bank account and you keep doing your regular transactions via their internet banking services like you pay your electricity bills or your mobile or phone bills etc.So ALL is WELL till every thing is going as expected.But then one day you realize that there were transactions that happened without your knowledge or worse some money gets siphoned off without your permission.....Now a journey starts......wherein the account holder will keep expediting with bank of what happened,why it happened,when will he get his money back???? and on the other hand bank will keep trying to prove that it is you or the account holder who acted irresponsible in his transactions and thus became the victim....the typical tu tu....mein mein.....

2.    Keeping this typical story in the background,now just think that did u ever make a attempt to know of what bank standards are maintained in respect of IT Security infrastructure....does bank conduct third party audits seriously?..... in fact the list to know answers to all these questionnaire pertaining to IT security issues of the bank will end up getting complex which would go beyond the understanding level of a typical user...so the simple question is WHO GUARANTEES A SECURE IT INFRASTRUCTURE for a BANK?...is it the bank itself that says " I am secure " or some one else has some authority or some standard that guarantees security....ie Can your savings bank account ever be guaranteed for being HACK FREE?Although the immediate answer in the current setup is sadly "NO"...but there is good news here....for this u need to read this article on " PATCO FRAUD CASE DISPUTE "

3. Brief of this good news goes like this in a Short ppt



Powered By Blogger