Social Icons

Tuesday, February 15, 2011

NOKIA & MICROSOFT : A MERGER TO READ ABOUT

1.    In todays shrinking world when we hear of merger of giants...its part of normal breaking news which hardly puts together rolling eyeballs 7 pop ups ....But this one is slightly different or if not different it is really BIGGGGGGG.This is about merger of fantabulous phone hardware NOKIA and the operating system giant MICROSOFT coming toether to produce and try beating the phones across?

2.    The deal which was in the rumour rounds already went much ahead of the expectations.....in effect, Nokia is handing over its future - in smartphones at least - to Microsoft and Windows Phone 7.  That means Good bye & Happy journey Symbian . So can the combo really become the third horse in the race, giving Apple and Android a run for their money ?I have my doubts....

3.    Crux of the acquisition pointwise listed below :

- Nokia to embrace Windows Phone as its principal smartphone.
- Nokia to contribute its expertise on hardware design, language support.
- Both would closely collaborate on joint marketing initiatives .
- Bing would power Nokia’s search services(nobodys guess!!!)

- Nokia Maps would be a core part of Microsoft’s mapping services.

4.    Just to mention,a year earlier when this merger was being talked about, was once declared an april fools rumour. And now about a year later it is on official Microsoft site.Thanks Microsoft site for info

Sunday, February 13, 2011

The Gawker case : EXPERIENCING A HACK


1.   A six-letter password in lower-case text takes a hacker's computer just 10 minutes to crack. But make those letters upper-case and it takes 10 hours for it to randomly work out your password. Thus simply upper-casing your password can minimise a hacker's chance of finding out your account.Add numbers and/or symbols to your password and the hacker's computer has to work for 18 days.Despite widespread warning, 50 per cent of people choose a common word or simple key combination for their password.The most used passwords are 123456, password, 12345678, qwerty and abc123. 

2.   I read about the Gawker case recently wherein the subject media firm Gawker urged subscribers to change their passwords after its user database was hacked and more than 1.3 million passwords were stolen.Now imagine some one like Yahoo or Google requesting one fine day on a similar line....won't our heart come out????

3.   The exact Gawker announce ment goes like this 

“Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords. We’re deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

4.   The problem emanated when Gawker recently launched a multi-site redesign thatthat failed spectacularly, leading visitors to blank pages. The culprit was a misbehaving piece of JavaScript, but when a single line of JavaScript causes your entire suite of sites to fail you no longer have websites, you have, well, nothing.The problem with Gawker’s redesign is that it uses JavaScript to load everything. That means that, not only is there no chance for the site to degrade gracefully in browsers that don’t have JavaScript enabled, the smallest JavaScript typo can crash the entire website.

5.   Now we all have seen it personally as we sometimes tend to have the same password for multiple accounts on the web.....this could be a simple fall like a pack of cards...one point failure leads to the complete fort coming down.....so guys...take care....change ur passwords for better and stronger security.....

Wednesday, February 09, 2011

MALWARE & AUTORUN : LOVE BIRDS OF PROPOGATION


1.    All the family members of trojans,malware and adwares few of which are mentioned above have one similarity in form of a common propagation method. They all ab"use" the autoplay feature of Autorun, many by creating or manipulating Autorun.inf files on network drives and removable media, so that when a user connects, the malware is automatically executed on their system. Newer operating systems, like Windows Vista and Windows 7, have made changes to the way Autorun is configured (Windows Vista) and how it works by default (Windows 7). These changes appear to have had a significant difference in the ability for autorun-abusing malware to successfully infect these newer operating systems, especially for Windows 7.

2.   More interesting details here

INTERNET KILL SWITCH????


1.   Recent events in Egypt and the debate over the “Cyber Security and American Competitiveness Act of 2011”, has introduced the cyber world with a yet another jargon term “INTERNET KILL SWITCH”.Whats this all about and what does this mean.....crux in brief as i understood after going through few good informative sites....read onnnnn!!!!!

2.   The term would give US the best tools available to swiftly respond to a significant CYBER threat.Thus if the U.S. detected a serious cyberthreat at some point of time, this switch would enable the US President to instantly shut down any infrastructure connected to subject infrastructure.It is not a mandate to be able to shut down the entire Internet but rather authorizes the president to order turning off access to “critical infrastructure” .

3.   Our interest here is to look at just one dimension of the issue – the technical feasibility; the political and policy aspects, we’ll leave to others.

Tuesday, February 08, 2011

DATA STORAGE IN BACTERIA : 9,00,000 GB stored in 1 gm of Bacteria

1.  Earlier discussed here & here in my 2009 posts when the study,the concept and experiments were on test bench have now touched reality....

2.  A team of undergraduates and instructors from the Chinese University of Hong Kong (CUHK) has found a way to store a whole lot of data onto living bacteria cells through a process they call “massively parallel bacterial data storage.” And in addition to storing huge amounts of data, they have also figured out how to store and en/decrypt data onto living bacteria cells.

3.  The team has managed to squeeze more than 931,322GB of data onto 1 gram of bacteria (specifically a DH5-alpha strain of E.coli, chosen for its extracted plasmid DNA size) by creating a massively parallel bacterial data storage system. Compared to 1 to 4GB per gram data density of conventional media, the 900,000GB per gram figure the team has returned is genuinely stupefying ie like  to fit the equivalent of 450 2TB hard disks (900TB) on a single gram of E.coli bacteria.

4.   A small ppt straight from the team can be seen here.


5.   Thanks devilsduke.com for the pic

Sunday, February 06, 2011

DRIVE BY ATTACK

1.   A small and easy to infer article on DRIVE BY ATTACK here

2.   Thanks http://www.bitesofapple.com

Win32.Hlux : January 2011 " King of worms"


1.   Email-Worm.Win32.Hlux was talk of the E-town in January across the webosphere. This mail worm spreads via emails containing malicious links that prompt users to install a bogus Flash Player, supposedly to view an e-card. The link leads to a dialog window that asks if the user agrees to download a file. Irrespective of the response, the worm sets about to penetrate the system. In addition to propagating via email, Hlux also has bot functionality and adds infected computers to a botnet before connecting to its command center and executing its commands, which are primarily directed at sending pharmaceutical spam.

2.   Kaspersky Lab also detected a Trojan dropper masquerading as a key generator for the company's products. The old adage "There's no such thing as a free lunch" is particularly fitting here as the dropper goes on to install and launch two malicious programs. One of them steals program registration data and passwords for online games. The second is a backdoor that also has keylogger functionality.

3.   Kaspersky Lab also found the mass distribution of malicious short links on Twitter. After a number of redirects, the attention-grabbing links led users to a page promoting a rogue AV program.

4.   Apart from these two hardworkers(?????..i mean mal hardworkers) in january,the other shining star in the E-crime world is AdWare.Win32.WhiteSmoke.a which if clicked, will download a program that demands payment to rectify errors it supposedly detects on the system.

5.   More detailed report on http://www.kaspersky.com

Tuesday, February 01, 2011

AMD comes up with FUSION

1.   A small mention made earlier at this blog about ISTANBUL,an AMD launch...now comes up with the next gen processor known as FUSION.

2.  The 'Fusion' family will utilize a single-die design that combines multi-core CPU (x86) technology with a powerful DirectX 11-capable graphics and parallel processing engine. The APUs will also include a dedicated high-definition video acceleration block and a high-speed bus that transmits data across differing types of processor cores within the same design and will include power-saving features enabling all-day battery life. 


3.     More about FUSION here

IE users stand vulnerable again : Warning from MICROSOFT

1. This one is a real eye (....or more simply account) opener of so many IE Web browser users across the globe and this one comes straight from the horses mouth....ie MICROSOFT which has warned that the approx 900 million users of its Internet Explorer Web browser are at risk of having their computers commandeered and their personal information stolen by hackers.Microsoft has issued a 'critical' security alert over a newly-disclosed flaw that impacts all versions of the company's Windows operating system, including Windows XP (SP3), Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 (R2).

2. The trouble is meant primarily for users of IE only since no other major web browser available supports MHTML files.Microsoft also adds that the bug is inside Windows, (else who is going to use IE??????).Till date/hr as of now no hackers have been reported to exploit the vulnerability. 

3. An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicks that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.Such a script might collect user information (e.g. email), spoof content displayed in the browser, or otherwise interfere with the user's experience.

4. For the otherwise already loosing users at a quick pace,this release would pacen up the loosing percentage of IE users across.

5.   Thanks http://www.smh.com.au

Saturday, January 29, 2011

BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

Trojan.Spy.YEK : The Corporate Spying Tool


1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 

FBI : A Parent's Guide to Internet Safety

A must read guide from  The Federal Bureau of Investigation (FBI), an agency of the United States Department of Justice for all the parents in the world, advising & trying to make them understand the complexities of online child exploitation.....please click HERE

Case of Albert Gonzalez : The Largest Online Fraud in U.S. History


1. This case that I recently read in brief pertains to an interesting online fraud case against Albert Gonzalez.I have made it in a sequential point to compress the complete story for easy reading and grasping :

(a) Albert started using computers at an early age, and while in high school, managed to hack into the Government of India's website[ :( ]. Sadly, he was not charged at this stage and only warned to stay away from computers for six months.

(b) At the age of 19, he started his own group of hackers, named ShadowCrew, which trafficked over a million credit card numbers for use in online fraud. When the FBI finally managed to shut the group down, Albert was charged. However, he worked with the investigators and gave away vital information on his cohorts and did not need to serve a sentence. 

(c) Still on,Albert after two years worth of hardwork(????) compromised on sensitive data including 45.6 million credit and debit cards.

(d) TJX Companies notified the authorities of their data leakage. Albert had the abilities to crack and hack his way through, but the low security measures didn't help TJX. Albert was able to install his malware and sniffing software onto the networks of TJX and all the stores operating under them, even outside of the United States. TJX discovered the breach in December of 2006 and was under the belief that they had only been losing data for the past six to seven months, dating back to May 2006. After further investigation, they found that they were losing sensitive data since 2005. Albert had already moved on to bigger and better operations by the time TJX had even started discovering the extent of their security breach.

(e) Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

(f) During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke.(ha ha ha.....wow!!!!anyway)

(g) Gonzalez had three federal indictments:
- May 2008 in New York for the Dave & Busters case (trial schedule September 2009)
- May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)
- August 2009 in New Jersey in connection with the Heartland Payment case.

(h). On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

2. For details of the case with many links please visit HERE

Tuesday, December 28, 2010

Sunday, December 05, 2010

Full stop from being tracked online :An attempt from FIREFOX

1.  Firefox is working on a system which will provision web surfers to stop from being tracked online.We all know how  behemoths viz Google,Facebook and a plethora of OWMs use such information to sell targeted adverts and make money without ever asking the consent of the user.Such a move would be welcomed by privacy campaigners who have long complained that Google & Facebook are taking indecorums with the information .Currently these information seeking companies make use of 'cookies' that automatically save themselves onto users computer when they surf the web, and then keep a track of the browsing history.This data is then sold on to advertisers who put highly lucrative targeted ads on the individual's screen, depending on what internet pages they have recently been looking at. 

2.  Vice president of engineering at Mozilla,Mike Shaver,summed up the plan by saying the aim was to "put the user in control but not overwhelm them".And this would not only be a welcome step being used against information thefts but also actually be a booon for users who have been taken on a ride for so long on which they never ever desired to also......

Thursday, November 04, 2010

Removing METADATA from JPEG & IMAGE FILES

1.    Invariably we all find various images from the net for our routine use,download them,modify them and use them in our sites and posts....but are we authorised to do so?...coz each jpeg and image file by a digital camera holds info in form of metadata and in few cases...the images may be copy right which may inadvertently rule against the user....so what to do to ensure safe...simple ...remove metadata from the image....but how?...here comes jhead for your help.Read and follow the instructions below :

- Press Start & Run or Windows key + R to open Run menu, type cmd.exe and press OK

- Type cd\     [To reach root directory]

- Type C:\md removemetadata     [To create a new directory by the name removemetadata]

- Type C:\cd removemetadata      [To reach the directory and Copy all pictures whose metadata is to be removed to this directory ]


- Download the program file jhead.exe to C:\removemetadata

- Type cd removemetadata

- To remove all metadata of all JPEG files in "this dir, type: jhead -purejpg * and press enter


- Done

2.    So doing this small,boring but important function will avoid case study like the mumbai case mentioned at an earlier post.

3.    Another easy way is to simply take a screen shot of the image and paste it in paint brush.But this would be cumbersome to do when the images are in bulk quantity.To download JHEAD...click here

Get Paid to Hack GOOGLE

1.    Google has made it official now vide which Google willl pay $500 and $3,133 to people who discover security vulnerabilities in its websites and online applications.......Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly and in real time to Google's security team thereby improving upon zero day exploit matters.
2.    This provisions  Google a chance to fix the vulnerabilities before it is exploited the way it should be. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. Thus depending on the extent and scale of vulnerability made known to google,so will be the prize money awarded....And Google says that participants shouldn't use automated tools to search for flaws
 

Tuesday, November 02, 2010

MICROSOFT & Failures!!!

1.     For a IT giant like MicroSoft,this would not sync well,but for Microsoft,the year 2010 has seen more of closures of major projects launched with lots of promises and fanfare but somehow unfortunately it did not go the way microsoft desired tooo...and so had to be shut down in the same year....the list goes like this with some details in few lines ....
  • February 2010 saw Microsoft announcing discontinuation of "Xbox Live service for original Xbox consoles and games.
  • April 2010, Microsoft confirmed stopped working on tablet project, codenamed Courier which was touted to be an Apple iPad rival. 
  • September 2010, Microsoft announced that the Windows Live Spaces blogging service will be Terminate gradually in favour of WordPress.com.
  • May 2010, Microsoft announced halt on the Response Point phone system. 
  • June 2010 saw Microsoft announcing discontinuation its new generation of smartphones.
  • September 2010, Microsoft announced closure of Vine, a service built to help keep friends and family in touch during emergencies. 

2.      Thanks TimesofIndia

Mozilla @ Prone again!!!!

1.    Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

2.    Thanks http://www.us-cert.gov

Monday, November 01, 2010

Bredolab grabs Attention

1.    A 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.Main features of this trojan botnet are enumerated below for info : 
  • Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection. 
  • Bredolab, known for spreading spam and rogue antivirus, is thought by some experts to have infected at least 30 million computers.
  • Spread via drive-by attack websites and spam email attachments.
  • Infecting machines with a backdoor that downloads additional malware without the victim's knowledge. 
  • Sends out spoofed password reset messages to Facebook users in an attempt to spread malware and infect users of the social network.
  • Has the power to obtain information on the user's computer including the ability to copy, change or delete files and other information," 
  • Pushdo botnet uses Facebook to spread malicious email attachment: A phony message warns users that their Facebook password has been reset.
  • Majority of infections are in the U.S. and the U.K. and many Western European countries.
  • Discovered by the Dutch High Tech Crime Team in the late summer.
  • Capable of infecting 3 million computers a month. The botnet network used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe.
  • Able to constantly change its appearance to avoid detection by traditional antivirus signatures. Like other botnets, the Trojan communicated with the command-and-control server using encrypted messages.

Adobe flash Player hit!!!!

1.    A critical vulnerability has been exposed in Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems & Adobe Flash Player 10.1.85.3 and prior versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component .

2.   This exploit (CVE-2010-3654) could cause a crash and provision attacker into the drivers seat to take control of the affected system. 

3.   Adobe has released recommendations of how to avoid becoming a target on the subject matter but is still working in labs to find a fix.....click here for more

Intel opens first chip plant in China??

1.    The article at this post here informs in detail about the location,capacity of the first Intel chip set plant in China.The new plant fulfills Intel's total investment commitment in China to $4.7 billion. Intel has also established an assembly and test site in Chengdu as well as R&D centers and labs in Beijing, Shanghai and elsewhere in China, it said.

2.    What made me took a second read on this article was that since about last 6 years,whatever Motherboards and Chipsets from intel I have bought and seen in various machines....all chip sets have a common imprint of MADE IN CHINA since then....so if this is the first plant being set up in china....where were the earlier ones being made or printed???????

6$ is all to shut down a Cloud Client site!!!!

1.    CaaS,as mention at an earlier blog post here,has come up with a new success(or is it failure?) story.Now this goes like this.....invest $6 and take down any client's server with the help of Amazon's EC2 cloud infrastructure!!!!!  

2.    The cloud-based denial-of-service attack was part of a presentation : Cloud Computing, a Weapon of Mass Destruction? An onsite demo during the presenatation by Bryan and Anderson involved entering a name and credit card number, the experts created a handful of virtual server instances on Amazon's EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client's company off the Internet.Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company's network. They reported that they can control the software directly or through a command left on a social network.Bryan and Anderson launched the attack to test their client's network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, "A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours -- and then telling the company that, if you don't pay me, then I will attack you again." Amazon reportedly failed to reply to complaints by the security consultants.

3.    This can provision customised Botnets availability on rent, giving "would-be attackers a criminal 'cloud' from which to buy services."......seems like it is still tooo early to rely 100% on CLOUDS!!!!!!

Sunday, October 31, 2010

OPERATION CISCO RAIDER

1.   Counterfeiting is not new....since we were born we have been seeing dupli's and counterfiets of Reebok,nike,hmv etc...the list is actually endless....this endless list is now augmented with IT inventory....to cite you an example which has rocked the nations across is about OPERATION CISCO RAIDER.

2.    Relevant original EXTRACT FROM http://www.coastnetwork.com is produced below : 

" Cisco made a decision a decade ago to manufacture product in China as a way of cutting production costs. A great deal of Cisco manufacturing is now done overseas, specifically in China. What has happened is that many of the companies that do the outsourcing for Cisco now run an extra shift and sell the now counterfeit hardware out the back door. After all, they have the manufacturing capability, the expertise and the full blessing of Cisco. The result? More and more counterfeit Cisco hardware is now showing up on American shores. Part of the problem is that China does not have strong intellectual property protection laws. This is a situation that Cisco and many other companies are still struggling to solve and one that does not promise to be resolved soon.

Warning signs of a possible counterfeited item:

If you are getting discounts of 40-55% off the list price for brand new hardware, i.e. sealed boxes, then it is a red flag. The largest of Cisco’s customers – the Bank of Americas, Ford Motor Company, United Airlines, AT&T, etc. get these discounts. You don’t. If it is any consolation, even dealers do not get the top corporate discounts.       

While it is flattering and tempting to receive big discounts for new Cisco hardware, it is also unrealistic and should be treated with the utmost caution. 

Ask what the retail price is and compare it to the price you are being quoted. If you are getting a 15-25% discount from the list price for new/sealed hardware, then you are being quoted a fair and realistic price. Expect a reasonable discount, however; too big a discount often spells trouble.

Another sign to be aware of is the receipt of unsolicited email from unknown dealers offering you Cisco hardware at very good prices. This warning is doubly true if the email or company originates from mainland China.

VIRUS in Boot Sector in Hard Disk fresh from OEM!!!!

Have recently heard of this in reputed makes and model of Top list hard disks OEMs.Would like to know if some has ever encountered this or has any form of info on this?

Image Ballistics : Incredible IT

1. In a typical crime or a murder case anywhere involving a pistol or a firing weapon,the forensic or the investigating personnel's involved can make out the make and model of the firing weapon with the help of the bullet found on site.The field dealing with this is known as ballistics.Now sync this with the field of IT....now imagine that u have shot a photograph or are analyzing some pic and you wish to know which camera was used to shoot that pic.......can u find out???????Yes....the answer is yesss!!!the field is known as Image Ballistics.

2. In a recent case,i read about a rave party being organized at outer skirts of a city with about a 200  plus people ,all collegites and similar age group....all of them had a blast and a few with some wrong ideas caught hold of a girl...drugged her and made some obscene mms and clicked some pics...next day it was uploaded on the you tube and the social networking sites.....now how to find the culprit?pretty difficult when about a 200 plus strength of personnel's have to be inquired.....the answer is Image Ballistics....the investigating agency got hold of the pics...came to know which model the pics were clicked from...yes the answer was a famous Nokia Model mobile.....so the owners were now limited to 8 out of the 200 plus strength...there mobiles checked and the simple recovery software's were enough to find out the culprit......imagine....isn't it astonishing.....
 3.   I checked up the state of pics clicked from my camera years back and all answers were correct.....few Nikon,few sony.......one easy and free tool for such investigation is JPEGSNOOP.Simple to download,very small size and great analysis report.....

Tuesday, October 26, 2010

Crack 14 Character passwords in Seconds : Objectif Sécurité

1.    There have been articles and forums on the powerful high speed GPU (video card) processors being able to easily provision cracking passwords very apace.A new technology steps here to rule the roast and allow password cracking upto 14 characters in seconds.....this is  called Objectif Sécurité ,by a Swiss security company,which uses rainbow tables on SSD drives.Seemingly it is the hard drive access time and not the processor speed that slows down cracking speed. So using SSD drives can make cracking faster, but just how fast? This technique has a phenominal capacity that could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds.

2.    A real time demo of cracking is available on line at Objectif’s free online XP hash cracker.Just visit the link and see urself by mentioning the hash in the text box.....astoundingly simple....

Wednesday, October 20, 2010

Tuesday, October 19, 2010

Service Packs & Infection Rates

1.  First it was windows XP..then it was SP1(Service Pack 1)...followed by SP2,SP3 ...further by Vista SP1,SP2 and now Windows 7...how the upgrades in these packs have been reducing the infection rates is briefly reflected as per stats from Microsoft Security Intelligence Report.

- Infection rate for windows XP with SP3 is less then half of that for SP2 and less then a third of SP1.

- Windows Vista SP2 has a lower inefction rate then SP1 which is about 50% lower then Windows Vista Basic.

- In case of Server Operating SystemS,the infection rate for windows server 2008 with SP2 is about 20% less then the predecessor ie Windows Server 2008 RTM.

Monday, October 18, 2010

CaaS : CRIME WARE AS A SERVICE at offer now

1. Bhaigiri...Supari..khokha...and similar terms have been till date used in reference with the crime world...now come to terms like Software as a Service(SaaS), Hardware as a service(HaaS) ,Platform as a service(PaaS) etc and the list is all set to become endless with cloud computing...whats the relation here?????..it goes 2 merge these two separate worldsie CRIME & IT....the earlier terms mentioned pertain to the world of crime and the later once refer to the vast possibilities and power knocking the users....thus refers to Crimeware as a Service(CaaS)

2. The controverting side is the world of hackers & cyber criminals who seem to exploit their technical tools to great effect. However, even for newbie hackers eager to join this world don’t need to possess the required levels of technological expertise. CaaS (Crimeware-as-a-Service) pulled out of some distant Cloud can provision the necessary tools, be they Virus/Worm Creation Kits, Denial of Service (DoS) applications or more simply estabilishing a botnet.A recent research proved they can be just a mouse click away! Kits were easily located to build a variant of ‘Indra’ Malware, as well as a manifestation of Badboy , providing the user with the power to create their own version to send on to their targets.

3. Granted these are not examples of cutting-edge malware, but they do however still pose a threat to the unprepared and unsuspecting organisation. As amazing as it may seem, even today there are large organisations who permit access to sites, and allow the download of Malware Construction Kits – and even more worrying, there are still pockets of companies who do not maintain their anti-virus or patches in an up-to-dtate condition.

4. Crime is going to be a inherent part in the cyber world and the cause of worry is that unlike army and mil est in the real world...no concrete effort and source is there to resist these evil forces.We are still acting to a situtaion when need of the hour is to be more then PROACTIVE.....

Saturday, October 16, 2010

Stuxnet : Some more good info

1.     Recently,after i mentioned Stuxnet on Meliorate...I found some more good info and FAQs at http://www.newscientist.com/........must read....

Is ur Account Hacked ?- Common ways u get compromised.

1.    There is no doubt on the fact that Google users are growing phenomenally.....and with this growing rise also comes the phenomenal rise and ways to get compromised or become a botnet.Thus a Google Account is also valuable for spammers and other unknown citizenry looking to impair you with ur personal info and data on ur pc and account inbox. It’s not so much about your account, but rather the fact that your circle of relatives and friends see your Google Account and mails from it as reliable.

2.   Nothing new about this but the most common ways hackers can login to your Google password are:
  • Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.
  • Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.
  • Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.
  • Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“ujjwal3008”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “dosa” for “What is your favorite food?”
3.   Another common error that we all unknowingly is that we keep the password same for multiple accounts on yahoo,gmail,blumail and so on.......put on ur thinking caps......if one account linked to other user name is compromised ....then in a way all are....

Friday, October 15, 2010

CANURE : 100 on ACID3 Test

1.    Last year in March 09,I wrote on my acquaintance with ACID3 and then CHROME scored the highest among the then present browsers.....now here comes a little known CANURE and u believe it or not...whats the score?...100 on 100......perfect 100....m sure worth a try...when chrome is scoring about 80 in 100 ,this claims getting 100/100 in Acid 3 Web Tests and 145/160 in HTML 5 Test.

Another Wowwwwww!!!!-CYBERTECTURE

1.   First watch this video and then read few lines on what CYBERTECTURE is?



2.  A state of art technological concept that appropriates a emblematic relationship between the urban fabric and technology. It excogitates both hardware of built environment and software system and technologies from micro to macro scales of development.I am sure the video would have opened thinking horizons to what mroe can be done with this.....wish to read more....click here

Tuesday, October 12, 2010

Biggest release of Patch update by MICROSOFT

1.    Patches by MS to be released today are said to be the biggest and largest batch of updates by Microsoft since Oct 2003.According to Microsoft, this batch will be the LARGEST in its history with no less than 16 security updates designed to address a total of 49 vulnerabilities in Windows, Internet Explorer, MS-Office and the software giant's .NET Framework.

2.    All this effort and size of the patches by MS reflects how vulnerable each one of us remains to the hacking and leak of personal info in wrong hands....the batch of updates will include Windows 7 critical updates,updates for Internet Explorer, MS -Office 2010.And all those happy using the pirated copies of OS across remain as vulnerable as they are already....

Monday, October 11, 2010

Stuxnet : A Milestone in Malicious Code History

1. Stuxnet,the internet worm,intent of which was thought to effect Iran's nuclear programme has now taken a U Turn towards HINDUSTAN....

2. American cyber warfare expert Jeffrey Carr has assured the GoI,that China the originator of this worm which has terrorised the world since Mid 2010. Ascribing the break down of ISRO's INSAT 4B satellite a few months ago ,Carr said it is China which gained from the satellite failure. Although he re affirms that the conclusions are not definite.Invariably the effected systems are loaded with a Siemens software which have been specifically targetted to which Siemens has released a detection and removal tool.Siemens recommends installing the Microsoft patch for vulnerabilities and disallowing the use of third-party USB sticks.It is further contemplated that incorrect remotion of the worm could cause irrepairable damage.

3. Jeffrey Carr says "The satellite in question (INSAT 4B) suffered the power `glitch' in an unexplained fashion and it's failure served another state's advantage -- in this case China," he said.The connecting link between INSAT 4B and Stuxnet is that the Siemens software is used in ISRO's Liquid Propulsion Systems Centre ie S7-400 PLC and SIMATIC WinCC.Something about Stuxnet...these attack Windows systems using four zero-day attacks and targets systems using Siemens' WinCC/PCS 7 SCADA software. It is initially spread using infected USB flash drives. Once inside the system it uses the default passwords to command the software.Few intretsing things about this :

- Half a megabyte in size 
- Written in different programming languages (including C and C++) 
- Digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. - Capabable to upgrade via peer to peer.
- Eric Byres, an expert in maintaining & troubleshooting Siemens systems, expects that writing the code would have taken many man-months.

4. Stuxnet is a threat aiming a specific industrial control system such as a gas pipeline,satellite systems & power plants. The ultimate goal of Stuxnet is to sabotage the facility by reprogramming programmable logic controllers (PLCs) to operate as the attackers intend them to, most likely out of their working and identified boundaries.This worm represents the first of many milestones in malicious code history ,it is the first to exploit four 0-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator. Whether Stuxnet will usher in a new generation of malicious code attacks towards real-world infrastructure,overshadowing the vast majority of current attacks affecting more virtual or individual assets—or if it is a once- in-a-decade occurrence remains to be seen.Stuxnet is of such great complexity requiring significant resources to develop—that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear. However, Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.The real-world implications of Stuxnet are beyond any threat we have seen in the past. 

5. When is India actually going to work for itself rather then performing across the globe...y is the world telling us that we are effected here...even in the case of SHADOWS IN THE CLOUD...we were told by the Shadow server foundation that our institutes have been compromised inspite of the fact that we have all it takes to take the IT world by storm...but we are all working for ourselves...and not for own country...cream is flowing out and getting outsorced..IT IS ACTUALLY SAD THAT THE WORLD KNOWS INDIA'S POTENTIAL BUT THE INDIANS DONT KNOW THIER OWN.....

Friday, October 08, 2010

Here comes Trojan-PWS-Nslogm to steal Passwords and credentials from Mozilla

1. I am sure we all endeavor to keep the antivirus updated,keep the OS patch updated,keep cleaning registries,keep cleaning browser history at regular intervals,keep ensuring regular complete scan of the precious PC Machine that we own....we all do this to ensure that we r safe while we browse...now read further to find out how it all goes in vain even with the best and leading browser company......

2. Antivirus company Webroot have identified an information extracting trojan, which alters a Firefox file, so that the browser stores passwords automatically.The trojan is named as Trojan-PWS-Nslogm and is capable of stealing usernames and passwords stored by both Internet Explorer and Firefox browsers.By default, whenever Firefox detects that login credentials are submitted through a Web form, it offers to remember them for future use.When this happens, the user is presented with several options which include "Remember", "Never for This Site" or "Not Now". If they choose remember, the browser stores the username and password in a local database.Since it's easier to steal credentials from this database instead of injecting the browser process and grabbing them as they are submitted, the author of this trojan thought it would make more sense to have Firefox remember all passwords without asking users for confirmation.To achieve this, he created a routine to patch the nsLoginManagerPrompter.js file in the Firefox installation by adding new code and commenting out some already existent lines."The Trojan then scrapes information from the registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox’s own password storage, and tries to pass the stolen information onward, once per minute," Andrew Brandt, a malware researcher at Webroot, explains.

3. The password stealer installs itself in the c:\windows\system32 folder as a file called Kernel.exe. The captured data is send to a command and control server via a deprecated ActiveX control called msinet.ocx.

4. So kya solution hai?...whats the solution to this?...simply stop using internet....just joking...solution being worked out still at FIREFOX labs.Thanks http://news.softpedia.com

RISK MANAGEMENT : Beware while u update with Patches

1. A zero-day exploit as discussed at an earlier post in this blog .....Some thing more to it...

2. A good extract straight lift from Infosecurity-magazine.com

"For a vendor, developing the update is not the part that takes time – testing is. We have more than 600 million downloads when we publish an update. If we “just” break 10% of the systems the update is installed, it would be a huge denial of service. So testing is the name of the game. How well is an unofficial patch tested?Often the vendor publishes workarounds (at least we do). This should be part of your risk mitigation strategy. Would the workaround be acceptable to buy you time?

How far do you trust the author of the unofficial update? How big is the risk that the update comes with pre-installed malware? The question immediately comes up: Why should we trust a vendor? Well, you bought or downloaded the software at the first hand – so, you decided to trust the vendor at the beginning.

What do you do once the vendor releases an update? Can you de-install the unofficial update?

Basically, it is a risk management decision, which should include at least the questions I raised above. Do not just run for the unofficial update – to me it should be really the last resort, if even!"

3. A good site to follow : Check out http://www.infosecurity-magazine.com

ALL izz WELL!!!!!inside this- Check out FREE STUDIO

My routine surfing on net invariably includes few video downloads,uploading videos to you tube and other sites sometimes,convert various available audi video formats to compatible formats with the help of so many convertors available accross,fiddling with audio formats,burning CDs & DVDs with videos and data files....in a typical scenario all this would be done on arange of softwares of different companies.....came across this absoutely free software ie FREE STUDIO...one single window solution to evri task as mentioned above and much more....and yes it is absolutely free...try it must...

Security Enabled Hardware :INTEL - McAfee Merger

1.      “Security is more effective when enabled in hardware” provisions for something in the pipe known as Security Enabled Hardware.Howzzz that???? There has been a lot of speculation about the rationale behind Intel's recent acquisition of McAfee....well if u r not aware of this Intel’s proposed $7.7billion purchase of McAfee that comes as the most magnanimous takeover deal in the chip giant’s 40-odd-year history....u better be now....although there is no product roadmap to speak of yet.




2.       McAfee technology deeply desegregated into Intel products would mean adding security functionality into Intel’s chip. But would this pushing security into silicon be able to negate the increasingly sophisticated and dynamic threats from cyber crime? Though components of security could be significantly enhanced if chips were designed integrating this way. What about updates,patches etc


3.       Security in the 21st century is about being dynamic, responding to the ever-changing threat landscape in real-time, which you can do with a cloud-based system powered by a network of threat intelligence sensors and reputation-based technologies that stop threats before they even hit the device. Pushing security down to the hardware level makes it very difficult to be reactive, agile or fundamentally secure.

Thursday, October 07, 2010

CLEANERS & FOOTPRINTS

1. Off late I have been experimenting with few software's which claim to do a 100% cleansing action of removing every browsing marks and history of any kind on your computer that u use for work and surfing.These incl the following :

2. Among these I have no doubts of who is leading?....CyberScrub Privacy Suite v 5.1 & PC Tools Privacy Guardian v4.5.Though CyberScrub Privacy Suite v 5.1 does leave Chrome traces and does't have Chrome included in its list of browsers......It does a pretty neat job by giving options of wiping that include Navy Staff Office Publication (NAVSO PUB) 5239,Russian Gost,Brouce Schneier algorith and many others with options of selecting passes......on the other side ie PC Tools Privacy Guardian v4.5...includes chrome as a option to be selected with similar wiping algorith options.....

3. Try you must.......all of them to know the real difference or simply follow the recommendations......
Powered By Blogger