Social Icons

Saturday, December 03, 2011

Windows 8 Developer Pre BETA : How to get full screen on a VM?

In continuation with my earlier post here about windows 8 Pre Beta edition,one thing that bugged me for a while was not getting the display across full screen in spite of choosing "view full screen" from drop down.The answer to this goes like this

..SIMPLY CHOOSE A HIGHER RESOLUTION AND U WILL GET IT....

Simple to get till u know!!!!!!!!!!!

Friday, December 02, 2011

Snake oil Cryptography

1.     While reading a post about unhackable codes here , I came across a interesting term know as SNAKE OIL CRYPTOGRAPHY......as Alex Gostev, chief security expert at Kaspersky Labs, dismissed ENIGMA-DS "snake-oil cryptography,"....so found out in brief from wiki...where else!!!

In cryptography, snake oil is a term used to describe commercial cryptographic methods and products which are considered bogus or fraudulent. The name derives from snake oil, one type of quack medicine widely available in 19th century United States.Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user. 

2.  Thanks WIKI

LogMeIn HAMACHI


1.   The law of market keep seeing fights to be at par with each other ie DEMAND & SUPPLY.Today when security in IT is a burning issue,we have so many utilities floating that there is no way one can be trusted blind foldly.Here come another security utility that actually stands out to work in a direction not taken up by so many prominent software security utillities in market.This is HAMACHI

2.   Hamachi is a nice ,free 2 try,tool that connects two computers via the internet by creating a virtual private network (VPN) and protecting it with proven industry-standard encryption algorithms.This will ensure that all communications between the two PCs at a time are safe from the spying eyes.It easily sets up in 10 minutes, and enables secure remote access to network, anywhere there's an Internet connection.The basic advantage that immidiately stand out are :

-   LAN over the Internet - Arrange multiple computers into their own secure network, just as if they were connected by a physical cable.
-   Files and Network Drives - Access critical files and network drives.
-   Zero-configuration - Works without having to adjust a firewall or router.
-   Security - Industry leading encryption and authentication.
-   Cost Effective - Free for non-commercial use.

3.   It features a simple interface that enables to create personal safe networks in just a couple of steps. Also the connection is conveniently protected by an AES-256 algorithm.The problem lies that it supports only chat....and not yet what we desire most ie "FILE SHARING".A new,nice attempt to take on security but still a long way to go....

Thursday, December 01, 2011

Windows 8 Developer Preview : Pre Beta Version for Developers


I recently downloaded the Windows 8 Preview Developer edition from http://msdn.microsoft.com/en-us/windows/apps/br229516 and then tried running it as a virtual machine.Found the following issues :

- does not run on VMWARE 7
- runs on VMWARE 8
- Donno y...but runs at a pathetic speed on VMWARE 8 inspite of a good resourceful machine with upto 1.5 GB of RAM.
- Even on installation on VMWARE 8...doesnt show the NIC card so it has no access to Internet.So no updates.
- Runs at a horse's pace in VIRTUAL BOX.
- No NIC issues in virtual box.

Sunday, November 27, 2011

Cookienator : Option to control cookie menace


1.   Cookienator is a tool that will helps us remain anonymous from search engines such as Google and other web-usage trackers such as Doubleclick or Omniture.This a simple program that will leave most of cookies alone but will remove the ones that put your privacy at risk. The best part about this is the size and ease of installation.....It is lightweight; it's a single executable, when run, it will tell you how many cookies it would like to remove. It is available for free to download and is available in two forms : msi windows executable and a zip file



CONTROL COOKIES TAKING CONTROL FROM UR BROWSERS


1.  In my earlier post here about cookies and types,I had mentioned about types and some relevant details.Now this one mentions about the steers and control available in prominent browsers to disable cookies digging into ur privacy !!!

Google Chrome

Go to 'Tools Menu'
Click on 'Options'
Click on 'Under the Hood'
'Cookie Setting' should be selected. Once done select 'Block all Cookies'
Now all cookies should be blocked on your Google Chrome
To clear existing cookies:

Go to 'Tools Menu'
Click on 'Options'
Click on 'Under the Hood'
Under 'Privacy' section select "Show Cookies'
A new window should open called 'Cookies' In here you can see all the cookies within your Google Chrome Browser.
Click on "Remove All" to remove all traces of cookies
If you wish to only remove a certain cookie, simply highlight and click "Remove"

Firefox

Go to 'Tools' in the menu bar
Click on 'Options'
Click on 'Privacy Tab'
Disable the box that says 'Accept Cookies From sites'
To clear existing cookies:

Go to 'Tools' in the menu bar
Click on 'Options'
Click on 'Privacy Tab'
Click on "Clear Now"
Select "Cookies"
Click on "Clear Private Data Now"

Internet Explorer (IE) 9.0+

Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options'
Click on 'Privacy' Tab on top
Move the slider up to the 'Block all Cookies' button
Important Notice: Blocking all cookies may prevent you from entering alot of sites.
The next two Internet Explorer privacy levels, High and Medium High, may be more suitable.

To delete existing cookies:

Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options'
Click on 'General' tab which should be under 'Browsing History' and click 'Delete'


COOKIES & TYPES ?

1. How often we blame it on cookies for tracking,invading our privacy.......but whats these cookies all about?How many types exist?Are all of them dangerous?What can I do to avoid them? All answers ahead in my posts ahead....

2. A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site.The state information can be used for authentication, identification of a user session, user's preferences, shopping cart contents,or anything else that can be accomplished through storing text data.Cookies are not software.They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer .

SESSION COOKIE

A session cookie only lasts for the duration of users using the website. A web browser normally deletes session cookies when it quits. A session cookie is created when no Expires directive is provided when the cookie is created.

PERSISTENT COOKIE

A persistent cookie will outlast user sessions. If a persistent cookie has its Max-Age set to 1 year, then, within the year, the initial value set in that cookie would be sent back to the server every time the user visited the server. This could be used to record a vital piece of information such as how the user initially came to this website. For this reason, persistent cookies are also called tracking cookies or in-memory cookies.

SECURE COOKIE

A secure cookie is only used when a browser is visiting a server via HTTPS, ensuring that the cookie is always encrypted when transmitting from client to server. This makes the cookie less likely to be exposed to cookie theft via
eavesdropping.

HTTP ONLY COOKIE

The Http Only session cookie is supported by most modern browsers.On a supported browser, an Http Only session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). 

FIRST PARTY COOKIES 

A first-party cookie either originates on or is sent to the Web site you are currently viewing. These cookies are commonly used to store information, such as your preferences when visiting that site.

THIRD PARTY COOKIES

Third-party cookies are cookies being set with different domains than the one shown on the address bar.For example: Suppose a user visits www.example1.com, which sets a cookie with the domain ad.foxytracking.com. When the user later visits www.example2.com, another cookie is set with the domain ad.foxytracking.com. Eventually, both of these cookies will be sent to the advertiser when loading their ads or visiting their website. The advertiser can then use these cookies to build up a browsing history of the user across all the websites this advertiser has footprints on.

ZOMBIE COOKIE

A zombie cookie is any cookie that is automatically recreated after a user has deleted it. 

TEMPORARY / SESSION COOKIES

A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close your browser.

UNSATISFACTORY COOKIES

Unsatisfactory cookies are cookies that might allow access to personally identifiable information that could be used for a secondary purpose without your consent.

Thursday, November 24, 2011

THREATS TERMINOLOGY & GLOSSARY : PART 1

1. The term VIRUS is still used in talks amongst the victims of so many threats which are relatively unknown to the normal user.Here I am putting down the commonly known present day threat terminology.I am missing out on the regular ones that include Malware,adware,spyware,spam etc....

BACKDOOR 

2. A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network. These utilities may be legitimate, and may be used for legitimate reasons by authorized administrators, but they may also be misused by attackers. A backdoor is usually able to gain control of a system because it exploits vulnerabilities, bugs or undocumented processes in the system's code. 

A Variation: The IRC Backdoor 

3. There also exist IRC backdoors, which are controlled via bots hidden in specific invite-only IRC channels accessible only to the attacker; these bots serve as the client component of the traditional client-server backdoor arrangement. 

BLUE TOOTH WORM 

4.  A platform-specific type of worm that propagates primarily over a Bluetooth network. This type of worm is almost always designed to function on mobile devices, which make more use of Bluetooth connectivity than computers. 

BOT 

5. A malicious program that, on being installed onto a computer system, allows the attacker to enslave the system into a network of similarly affected systems known as a botnet. The individual computers in a botnet may also be referred to as a bot or a zombie. 

BOTNET 

6.  A portmanteau formed from the words robot and network, a 'botnet' is a network of infected computers that can be remotely controlled by an attacker, usually via a command-and-control (C&C) server. Each infected computer may be known as a bot , a zombie computer , or a zombie . 

BROWSER HELPER OBJECT (BHO) 

7.   A type of web browser plug-in specifically designed for use with the Microsoft Internet Explorer browser. A Browser Helper Object (BHO) executes automatically every time the browser is launched and provides functionality that is not built-in to the browser. 

CROSS SITE SCRIPTING 

8.   A type of attack in which malicious scripts are injected into a legitimate website in oder to be served to subsequent site visitors. Cross site scripting (XSS) attacks can result in a variety of effects, including hijacked web browsing sessions, stolen session cookies, information theft and more. As more people become increasingly dependent on web-based services, XSS attacks are becoming increasingly common. 

DENIAL OF SERVICE

9.   A type of Internet-based attack that aims to deny legitimate users access to a service (for example, a website or a network) by overloading a relevant computer resource or network device. The most common type of Denial of Service (DoS) attack takes the form of a massive amount of requests being sent from a host machine to the target, for example, a government website server. 

ICMP Flood

10.   The attackers sends out a flood of ICMP_ECHO packets to the target, swamping CPU usage and effectively rendering the target unusable until the flood is ended or the target is reset or restarted. 

Peer to Peer attack

11.   Attacker exploit bugs in peer-to-peer servers and redirect clients from the peer-to-peer server to the target server instead, flooding the target with thousands of connections and overwhelming its resources. 
Application level floods: A DoS attack carried out via particular applications, most commonly Internet chat systems. The most common kind of flood is an IRC flood, which is carried out on the popular IRC chat system. 

DISTRIBUTED DENIAL OF SERVICE (DDOS)

12.   A type of attack conducted over the Internet, using the combined resources of many computers to bombard, and frequently crash, a targeted computer system or resource (e.g., a program, website or network). 

GENERIC DETECTION

13.   A new type of sophisticated detection that is being increasingly used by antivirus programs to identify programs with malicious characteristics. Unlike more traditional detections (also known as signature-based or single-file detections) a Generic Detection does not identify a unique or individual malicious program. Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware. 

POLYMORPHIC VIRUS

14.   A virus that mutates, or modifies, its own code at various intervals. The changes in code typically occur each time the virus replicates, or infects a new machine. Detection and disinfection of a polymorphic virus can be very challenging, as mutating code makes traditional signature-based detection methods ineffective. Nowadays, many antivirus programs instead use heuristic analysis to identify polymorphic viruses.

POLYMORPHISM

15.   The act of a virus 'mutating' parts of its code at various intervals in order to evade detections. By constantly changing its code, a virus ensures that each iteration of its code looks different from the preceding one, making it impossible for traditional signature-based antivirus programs to identify the two iterations as one and the same virus. These so-called 'mutating viruses' can be divided into polymorphic and metamorphic viruses. 

Polymorphic Versus Metamorphic 

16.   A metamorphic virus works performs its mutation routine differently. Rather than using encryption to obfuscate its virus body, a metamorphic virus 'rearranges' entire chunks of actual code between iterations in order to create a seemingly different virus. The changes in code are directed by a metamorphic engine and despite the alterations, do not affect function - that is, the virus is still able to perform the same malicious actions through each iteration. Fortunately, the major code changes performed by a metamorphic virus require a high degree of technical skill from the virus author, and there are very few such viruses in the wild so far.

ZERO DAY

17.   A type of attack that exploits a recently publicized vulnerability or security loophole, before program vendors or the security community are able to develop a patch for the vulnerability. The period between the public announcement of a vulnerability and the first release of a patch fixing the vulnerability is also sometimes referred to as "zero hour" – even if the actual timespan is longer than an hour. Dealing With Zero-Day attacks A zero-day attack can be very destructive, as vulnerable systems generally have few defenses against it. 

Tuesday, November 15, 2011

DISCONNECT.ME in Incognito mode


I asked the site owner at disconnect.me of how to use this plugin while surfing in privacy/incognito mode since I use incognito all the time...its default....i got this reply


Hey Anupam, you have to explicitly enable extension to run in 
incognito mode in Chrome. Right- or Ctrl-click the "d" button, pick 
"Manage extensions...", click the arrow next to Disconnect, and check
the "Allow in incognito" box.

Thanks disconnect.me

DISCONNECT URSELF

1.  The issue of privacy browsing is a growing worry for  internet users including me.Various attempts in form of third party utilities,browsers offering incognito/privacy mode have been made and are being made in the current webosphere.In the search for handling these issues I recently came across this plugin...DISCONNECT.ME at http://disconnect.me/

2.   Next is straight lift extract from the site :

If you’re a typical web user, you’re unintentionally sending your browsing and search history with your name and other personal information to third parties and search engines whenever you’re online.


Take control of the data you share with Disconnect!.


From the developer of the top-10-rated Facebook Disconnect extension, Disconnect lets you:


• Disable tracking by third parties like Digg, Facebook, Google, Twitter, and Yahoo, without requiring any setup or significantly degrading the usability of the web.


• Truly depersonalize searches on search engines like Google and Yahoo (by blocking identifying cookies not just changing the appearance of results pages), while staying logged into other services — e.g., so you can search anonymously on Google and access iGoogle at once.


• See how many resource and cookie requests are blocked, in real time.


• Easily unblock services, by clicking the toolbar button then services (and reloading current pages) — e.g., so you can play games on Facebook.


To learn more about online privacy and protecting yourself and find out when additional browsers are supported, subscribe to the Disconnect Newsletter at http://disconnectere.com/.


Disconnect is open-source software — you can get the code at http://j.mp/dsource.


Known Issues:


• The scary installation warning is explained at http://j.mp/dinstall (the text refers to Facebook Disconnect but also applies to Disconnect).


• Click the “d” button then the “Depersonalize searches” checkbox to turn search depersonalization on (or back off in case you have trouble getting to Google or Yahoo services).


• Search depersonalization isn’t yet implemented for international Google domains — google.fr, google.co.jp, et cetera.


• Yahoo has to be unblocked while you’re logging into Flickr or Delicious but can be blocked again afterwards.


• Unblocking Facebook isn’t possible while Facebook Disconnect is running — that extension will be autoupdated to be compatible with Disconnect in the next few days.


• You should unblock Google and Yahoo before disabling or uninstalling Disconnect — doing so will restore your cookies to their original state.


3. I have started using it without issues till now....download this at http://disconnect.me/

4.  Thanks disconnect.me

Wednesday, November 02, 2011

Our Browsing History Is Leaking into the Cloud!!!!

1. You do it on INCOGNITO mode or the PRIVACY mode or keep removing cookies to ensure that you are not being tracked or u think like your browsing history does not exist....this is going to shock you.....watch this video "DEFCON 19: Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud"....click down to see....


2.  The summary goes like this....

 - 350 services get at least 1 % of your browsing activity
 - 33 services get at least 5% of your browsing activity
 - 16 services get at least 10% of your browsing activity

3.  Any solutions for avoiding......yes...the video itself gives you the solution ....and as on date millions have already adopted it...now that includes me tooo.....download the plugin for your respective browser from http://www.disconnect.me/

DUQU's MICROSOFT LINK!!!

1.   While as on date the security and anti virus teams and experts across the globe are racing to find and unlock the details on DUQU,some useful information on the subject bug has been released by Microsoft,which says that hackers exploited a previously unknown bug in its Windows operating system to infect computers with the Duqu virus."We are working diligently to address this issue and will release a security update for customers," Microsoft said.But on the other hand the odds are that Microsoft won't patch the Windows kernel bug next week that the Duqu remote-access Trojan exploits to plant itself on targeted PCs.

2.   Meanwhile,Symantec researchers said they consider hackers sent the virus to targeted victims via emails with infected Microsoft Word documents attached. If a recipient opened the Word document and infected the PC, the attacker could take control of the machine and reach into an organization's network to propagate itself and hunt for data, Symantec researcher Kevin Haley told Reuters. 



Monday, October 31, 2011

RED PHONE : ENCRYPTED VOICE FOR ANDROID!!!

Here is something every android user would lov to use....AIM IS TO LISTEN AND SPEAK ON YOUR ANDROID HANDSET WITH INBUILT ENCRYPTION OF RED PHONE APPLICATION.......isn't it gr888888!!!

" RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. It's easy to use, and functions just like the normal dialer you're accustomed to. RedPhone uses your normal mobile number for addressing, so there's no need to have yet another identifier or account name; if you know someone's mobile number you know how to call them using RedPhone. And when you receive a RedPhone call your phone will ring just like normal, even if it is asleep. "

SOME MORE ON DUQU

Some more good info and FAQs on DUQU.....AT
http://www.secureworks.com/research/threats/duqu/

Sunday, October 30, 2011

BACKTRACK 5 : How to use ?

Recently uploaded a step by step with screen shot on how to use and benefit from BACKTRACK 5 on a virtual lab platform.....

Backtrack 5

DUQU : FROM THE GEN STUXNET????


1.  Do u remember the gr8 STUXNET...who hit the cyber theatres about a year back?....i call it gr8 since that was the first piece of trojan which the experts called with words like marvelous,the world's first 'open source weapon'.....the code which shocked the experts...though it was meant to target Siemens industrial software and equipment running Microsoft Windows....but the percentage affected was enough to do the early damage and show the trailor of what  can come ahead....now comes another in the offering which Researchers from Symantec say is likely written by the same authors and based on the same code.This is known as DUQU.....also coming to be known as “Son of Stuxnet” and a “precursor to a future Stuxnet-like attack.”

2. But another analyses by security researchers from Dell suggest Duqu and Stuxnet may not be closely related after all. That’s not to say Duqu isn’t serious, as attacks have been reported in Sudan and Iran. But Duqu may be an entirely new breed, with an ultimate objective that is still unknown.“Both Duqu and Stuxnet are highly complex programs with multiple components,” Dell says. “All of the similarities from a software point of view are in the ‘injection’ component implemented by the kernel driver. The ultimate payloads of Duqu and Stuxnet are significantly different and unrelated. 

3. The security vendor Bitdefender has also cast doubt on the supposed Duqu/Stuxnet link in its Malwarecity blog. “We believe that the team behind the Duqu incident are not related to the ones that released Stuxnet in 2010, for a number of reasons,” BitDefender’s Bogdan Botezatu writes. While a rootkit driver used in Duqu is similar to one identified in Stuxnet, that doesn’t mean it’s based on the Stuxnet source code.

4. Now till date,DUQU was reportedly seen infecting machines in and around IRAN......but now the Symantec version reported is that a server machine in aamchi Mumbai is effected by this new VIRUS!!!!!!!Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat. Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu. 

5. So DUQU is here in INDIA.......and I m sure with the high percentage of pirated software users in India....we r the most vulnerable to such kinds of threat.....be updated...buy genuine....keep taking updates to avoid being EXPLOITED by EXPLOITS..................

Saturday, October 22, 2011

WIRESHARK Troubleshoot

1. The most common trouble that comes up first time users of Wireshark is that CAPTURE INTERFACE drop down shows the NPF not running and thus the interface list shows NIL.....

2. The small work to be done is that you need to install and then run WinPcap.So after you have installed Wireshark  and u have a shortcut of the application on the desktop...just right click the Wireshark  and run as the administrator.....should solve....

Tuesday, October 11, 2011

HIBERNATION MODE : HOW SAFE FOR YOU?

1. How often while using your PC u use the hibernation mode?I am sure that after reading the text below u r hardly going to use it owing to the serious compromise of your info of what you do and when you do ?

2. Ok…what do we mean by hibernation mode?......it simply means that via using this mode we are basically creating a snapshot of the contents of the computers RAM which is then saved to the root of the hard drive as “hiberfil.sys”!!!!This would now mean that the then current running applications and other data in RAM will be written to the hard disk.

3. For example, if we went into the hibernation mode with our browser still open…..then textual strings such as the last Google search performed or text from an open web page will be written to hard drive as the computer “hibernates”.

4. The Windows hiberfil.sys also become an issue while using encryption software such as TrueCrypt. If a Windows system is placed into hibernation mode without unmounting encrypted containers or volumes then the encryption keys used to access these containers will likely be left in RAM in plain-text. RAM will then be saved to the hard drive in the hiberfil.sys. This means that we will be leaving the keys (passwords) to all of your private containers and volumes free for the finding.

5. Ok…..if at all we get hold of the hiberfil.sys…is it going to be that easy to read all that hex dec info?...no certainly not…here come sandmen project for assistance….now whats SANDMEN PROJECT….pls google….in short it is a library which assists in parsing data from the hiberfil.sys.

Disable Hibernation mode on Windows XP:
• Right-click empty area on desktop
• Choose “Properties”
• Select the “Screen Saver” tab
• Click “Power…”
• Select the “Hibernate” tab
• Uncheck “Enable hibernation”

Disable Hibernation mode on Windows 7:

• Open “Control Panel”
• Click “Power Options”
• Click “Change plan settings” for you current power plan
• Click “Change advanced power settings”
• Expand “Sleep”
• Expand “Hibernate after”
• Enter “0″ for “Setting:” to set hibernate to “Never”

Monday, October 10, 2011

nVidia GeForce GPU cracks six character password in four seconds

1.  An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours.So guys ...have mentioned it so many times earlier...even a password upto 14 character in length has been shown easy to crack when i discussed at a post here about one year back....so better take care of ur passwords...small case with few caps and special characters with numbers upto a length of 10-15 should do it for the time being....things r getting nasty in the hacking world.....take care....

2.  more about this at...here...here...here....here...

Sunday, September 25, 2011

Common Malware Symptoms


If you are malware hit....u r likely to see one or few or all of these symptoms:

 Your programs and files are suddenly missing.
 Homepage of your web browser has changed.
 Search results are being redirected.
 You start ending up at websites you didn't intend to go to.
 New icons & programs appear on the desktop that you did not put there.
 Your desktop background has changed without your knowledge.
 Your programs won’t start.
 Your security protection have been disabled for no apparent reason.
 You cannot connect to the internet or it runs very slowly.
 Strange or unexpected toolbars appear in your web browser.
 Takes longer to start and runs more slowly than usual.
 Computer shows strange error messages or popups.
 Freezes or crashes randomly.
 Computer is performing actions on its own.
 You cannot access security related websites.

Tuesday, September 20, 2011

DEEP FREEZE : II

In continuation with the earlier post here....would like readers to read this for info and value addition

http://forums.techguy.org/all-other-software/708554-other-progams-like-deep-freeze.html

DEEP FREEZE : A way to protect ur system!!!


1. Deep Freeze, by Faronics, is an application available for the Microsoft Windows, Mac OS X, and SUSE Linux operating systems which allows system administrators to protect the core operating system and configuration files on a workstation or server by restoring a computer back to its original configuration each time the computer restarts.The other interesting salient features are mentioned below :

-  Deep Freeze is a kernel-level driver that protects hard drive integrity by redirecting information being written to the hard drive or partition.

-  Leaves the original data intact. 

-  The directed information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level. 

-  Allows users to make 'virtual' changes to the system, giving them the appearance that they can modify core files or even delete them, and even make the system unusable to themselves, but upon reboot the originally configured 'frozen' state of the operating system is restored.

-  To make changes, a system administrator must 'thaw' the protected partition by disabling Deep Freeze, make any needed changes, and then 'freeze' it again by re-enabling Deep Freeze. These changes become part of the protected partition and will be maintained after restarts. 

2. Deep Freeze can also protect a computer from harmful malware, since it automatically deletes (or rather, no longer "sees") downloaded files when the computer is restarted. The advantage of using an application such as Deep Freeze antivirus / antimalware is that it uses almost no system resources, and does not slow your computer significantly. The disadvantage is that it does not provide real-time protection, therefore an infected computer would have to be restarted in order to remove malware. 

3. More at http://www.faronics.com/.Thanks WIKI......

XSS and CSS : Whats the difference ?


I often used to read XSS and CSS being read in the same context when i knew that CSS stands for Cascading Style Sheets.There has been a lot of mixing up of Cascading Style Sheets (CSS) and cross site scripting. But actually when people are speaking of CSS in context of Cross site scripting what they actually mean is XSS only....its the same.....

CYBER SECURITY : ACTIVE ATTACKS


An active attack involves probing the netwrok to discover individual hosts to confirm the information gathered in the passive attack phase.A lsit of tools i recently read are listed below for info.These are small but great tools for experimenting....m doing it on a VMware machine......

arphound
arping
bing
bugtraq
dig
dnstracer
dsniff
filesnarf
findsmb
fping
fragroute
fragtest
hackbot
hmap
hping
httping
hunt
libwhisker
mailsnarf
msgsnarf
nbtscan
nessus
netcat
nikto
nmap
pathchar
ping
scanssh
smbclient
smtpscan
tcpdump
tcpreplay
thcamap
traceroute
urlsnarf
xprobe2

Saturday, September 03, 2011

HDFC CLEAN BOWLED by Hidden SQL Injection Vulnerability



1.  Howoften do we find ourselves getting irritated with the constant reminders from banks to change passwords every 15 days...to include few small cases,few caps,few numbers and few special characters and more often then not 40% of the account holders forget keeping a tab on what was the last password.....Inspite of heavy claims by most of the banks that they have the highly secured banking netwrok here comes a boomrang for HDFC...inspite of ample number of warnings by zSecure , a firm committed in providing comprehensive and cost-effective Penetration Testing services Networks, Servers and Web application,HDFC had no inkling of what they were warned about and what was supposed to be done....simply banking on some third party solution and getting into a SURRENDER SITUATION.....the story goes like this

HDFC was warned about Hidden SQL Injection Vulnerability by the firm ZSECURE.The subject vulnerability was discovered on 15-July-2011 and was reported on 17-July-2011 (reminder sent on 24-July-2011). The HDFC Bank’s team took around 22 days to respond to our e-mail and their first response came on 08-August-2011 with a message:

“Thank you for sending us this information on the critical vulnerability. We have remediated the same.“

After their e-mail, we again checked the status of said vulnerability and found that the vulnerability was still active on their web portal. We immediately replied to their email with additional proof of vulnerability and asked them to fix the same asap. Later on, after 2 days we again received an e-mail from their team with a message:

“We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability.“

Their above response left us with an unexpected surprise. We were not able to believe that such a big organization doesn’t have proper vulnerability assessment in place because we already reported the vulnerability to them and even after conducting vulnerability assessment from a third party (as claimed) they were not able to find the active vulnerability in their web-portal.Thereafter, we sent complete inputs about the vulnerability to their security team and finally the vulnerable file was removed from HDFC’s web-server.

2.  The story goes on to confirm how much vulnerable we all are to such holes.Not blaming the bank singly,but the policies and the measures supposed to be taken and adopted have no firm policies on date.It is entirely left to the third party dependency solution....its high time for all banks to constantly take measures and keep itself updated to all new vulnerabilities hanging around......

CHINA CAUGHT ON WRONG FOOT in its own MARCH


1. Across the globe ,across all the cyber attacks investigated one thing that comes out common is the source of attack ie CHINA.As always China has been always denying all claims and has been doing reverse propoganda of actually deep rooted spoofing and involvement of other countries.But recently it was caught on the wrong foot in front of the international nietizens....

2.   Below is the extract straight from FEDERAL COMPUTING WEEK penned as China provides smoking gun against itself in cyberattacks by John Breeden II

" But now, thanks to China itself, I have proof that the People’s Liberation Army does attack the United States, and likely does so on a regular basis.

China’s claims of innocence have come crashing down because of an apparent mistake in editing in a documentary on the country’s own state TV that should never have gone live. The PLA presentation demonstrated its military capabilities. Amid all the tanks and planes, the propaganda piece showed a mere four seconds inside the group's cyber warfare center.Without narration, one has to think that the cybersecurity part of the piece was only put into the video by accident, a technical background shot placed between segments for a bit of extra color. However, those four seconds are both telling and damning to the Chinese lie that they don’t attack the United States.

Here is the incredible part: During those four seconds, we clearly see a Chinese soldier use a drop-down list to choose from preset target websites around the world. Then he actually attacks a website in Alabama.

In this case, the website was setup to support Falun Gong, a spiritual movement outlawed in China that practices meditation and a philosophy that emphasizes moral responsibility.

Even though all the targets shown in the four-second video were Falun Gong sites around the world, the fact that they were in a drop-down menu is telling and appalling. You don’t set up drop-down menus with attack buttons unless you plan to use them. And the Chinese military did push the attack button in the video, so apparently it has no problem pulling the trigger.

So to all you people who wanted to know where my smoking gun was, watch the video. It’s clear to me that we are under attack from China right now.

It’s time for China to own up to what it is doing. Or it’s time for the United States to do something about it."

3. The video link is shown below for info of all.Watch it carefully!!!!


4. Thanks http://fcw.com

Sunday, August 21, 2011

Now Aerial cyber attack!!!!r u safe anyway?


"Imagine sitting in a cofee house with your laptop and chatting with your dear friend.....and then calling a friend on your phone and then paying your bill and moving out for ur regular work"

1.    Now imagine some thing u never imagined.....all what you chatted and all what you spoke on phone in the cafe house is compromised....all saved at a location unknown to you....

2.    Two security professionals proved as much at the Black Hat cybersecurity convention in Las Vegas.This has been made possible after investing a few thousand bucks, a tool box and some technical skill like these two security professionals,Richard Perkins and Mike Tassey have done.These two guys have assembled a small, unmanned airplane that is capable of some truly remarkable and potentially disastrous hacks.


3.    Perkins is a security engineer supporting the U.S. government and Tassey is a security consultant for Wall Street firms. But after work, the long-time buddies would take off their cyber attack prevention hats, put on their evil hacker thinking caps, and build their airplane in Perkins' garage.

4.    The plane can wreak lots of havoc.

- For instance, it can fly over a Starbucks (SBUX, Fortune 500) and steal the personal information of everyone connected to the coffee shop's free Wi-Fi network. It can intercept your cell phone conversations and even reroute your calls to another number. It can trace the location of specific people and follow them home.

- Perkins and Tassey spent a total of just $6,190 to build the plane. They made a point to keep it relatively cheap and to buy components that were readily available to prove that literally anyone could make one."You don't need a Ph.D. from MIT to do this," said Perkins. "There are no custom parts, it was fabricated using hand tools, and very little coding is required. All you need is dedicated people."

5.    Thanks CNN

IBM developing PCs that may run 30 times faster


1.   A one-atom-thick layer of carbon has currently become the focus of interest of IBM and the U.S. military to build computers that function at near the speed of light.


2.  The focus is actually based on GRAPHENE, the thinnest and toughest material ever produced, that conducts electricity, a breakthrough that opens the door to its use in digital electronics

3.   Some key finding on GRAPHINE :

- Graphene is the basic structural element of some carbon allotropes including graphite, charcoal, carbon nanotubes and fullerenes.

- Graphene conducts electricity 30 times faster than silicon -- approaching the speed of light

- Until recently, use of graphene was limited to development of more-efficient batteries and foldable touch screens.

- Nokia, the world’s largest maker of mobile phones by volume, is investigating the material’s potential use in cell phones, touch screens, and printed electronics. 

- Graphene’s flexibility and strength is astonishingly 300 times tougher than steel - may lead to the Nokia Morph, the first foldable phone.

- “With a graphene battery the same amount of weight and volume as a current one, you could drive 300 miles instead of 100,” said Yuegang Zhang, a principal investigator at the lab. 

- Graphene has the ideal properties to be an excellent component of integrated circuits. Graphene has a high carrier mobility, as well as low noise, allowing it to be used as the channel in a FET.

4.     Thanks Wiki and electroiq

Friday, August 19, 2011

JAVA SE DEVELOPMENT KIT NOT FOUND!!!!

1.   On way to experiment with android application with the stand SDK toolkit....i got messed up with the installation procedure so much that i thought of just leaving it..... in spite of all java installed  i got this screen.....


2.   I read all trouble shoots of on JAVA site.....some diverted me to registry editors and what not.......till i got the correct answer...simply click BACK and then NEXT again......khatam...thats the end of it.....

Monday, June 27, 2011

ANDROID APPLICATIONS CLONED : Developers make it spam


1.    The latest to add on to the growing web of spams is repackaged android applications.....though till now most of the descried repackaged applications are not reported to have any malicious code in them and also like the genuine ones they are also made available for free. These effected applications have the same module as the original, but include an advertisement module ,thus developers of these apps try making money off the clicks on the advertisements.

2.   The thing is easy on part of the developers since it is easier on thier part to just fiddle with original Android apps which are written in Java and are, therefore, easily cloned.....

3.   Thanks www.f-secure.com

Monday, June 13, 2011

Your VOICE to charge your MOBILE

1.     Amazing as it may sound reading.....but here is the way thats gonna please us all to get resolved on issues of mobile charging...so many times it has happened that on our way out either we think the mobile is fully charged or when we talk too much on phone.....or just when one small query will resolve us of a standing problem...the mobile goes offffff......problem : MOBILE BATTERY IS DRAINED ....no more.....please read ahead for brief details on the subject....

2.   The new technique developed by Korean engineers for turning sound into electricity - technology that could allow cell phones to be charged while users chat(...bak bakk).Thus Phones equipt with the technology could generate power from any kind of background noise — meaning the phone could be charging even when you’re not speaking directly into the phone. The need to carry around an outlet charger could be supplanted by time spent listening to music, or perhaps even the sound of the wind roaring past your car window.The technology is made possible by tiny strands of zinc oxide that are sandwiched between two electrodes. As a sound-absorbing pad atop the device vibrates to ambient noise, causing the zinc oxide wires to compress and release. This movement is what generates the electrical current.A prototype has already converted sound of about 100 decibels into about 50 millivolts of electricity. That’s not enough to charge a phone, but it’s an encouraging test, and researchers are optimistic that the technology could soon be developed into something more powerful.

MAKE incognito YOUR DEFAULT SETTING

1.    We all know how to browse hidden ie Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Commonly it is known as "incognito" or "privacy browsing".......an avid user of chrome ....I always had to open the browser and then select "New Incognito Window" to work...but not till today....a simple amendment in the target setting of properties of chrome shortcut will always make you open the incognito window......simply append "--incognito" at the end of the link address as shown below : 

C:\Users\???????\AppData\Local\Google\Chrome\Application\chrome.exe --incognito

2.    More clearly ...right click on the chrome shortcut on the task bar or on the desk top and click properties.In the target text box append "--incognito" to what is already there defining the location of the chrome browser....

3.     Thats it......

FLIRT BOTS


1.   I am sure most of you at at some point of time in your cyber surfing would have come across chat/messenging softwares like MSN or yahoo to mention a few....now although pretty old for the regular security guys, but thought of mentioning it here in my blog of how many of us succumb to the meanly desires of hackers via FLIRT BOTS.....u heard it correctly they are known as FLIRT BOTS.... 

2.  Here's how Flirt Bots work:

- The Bot strikes up a conversation in a chat room

- The Bots use a series of easily configurable "dialogue scenarios" with pre-programmed questions and discussion topics to compile a report on every person it meets

E.g.: ilovyou@yahoo.com says: "hey, whats up?" and further to this conversation they are invited to visit a website which could be used for any variety of malicious activity.

E.g.: ilovyou@yahoo.com says: "Ok go to http://??????.??/?????? and accept the invite on the page baby"

3.   In this case the victim is sent to a website "?????????.com" and is asked to provide personal information including credit card details in order to view the "webcam."

4.   The site can be used for many things - to host malicious downloads, or to try to sell you Fake AntiVirus software. The URL can do and host whatever the "bot master" specifies it to be .Frequently cyber-criminals collect a database of personal information and sell it to the highest bidder or anyone who will pay

5.   These "Flirt Bots", were first reported as a proof of concept(Evidence that demonstrates that a business model or idea is feasible.) by PC Tools in 2007.Thanks http://www.pctools.com

SYMANTEC SPOTS ONE INTERESTING E-MAIL CAMPAIGN


1. A fresh spam outbreak has been detected online that's drawing attention widely and effects users with e-mails laced with malicious software. Reportedly, there's one web-link embedded in the spam messages supposedly providing details, while the same messages try to pull down a .zip file attachment.The interesting aspect regarding the new spam mail relates to the inclusion of a password that the recipient earlier used.Now if I see a passowrd which at one point of my cyber surfing I had used it is bound to stirr up doubts of it being actually genuine.Once i donwload this zip file ,the eventual aim is achieved ie downloading the inevitably malware.

2. Reportedly, the malware as mentioned above has been identified as Trojan.Zbot or Zeus a Trojan which tries to grab secret data after compromising an end-user's PC. Further, it may take down updates and configuration files online, according to Symantec.

3. Additionally the e-mail ids and their corresponding passwords within the above unsolicited electronic mails, arrive from one prominent social gaming website, known internationally and currently being most widespread inside Asia.

4. Hence, Symantec advises all those who think they've fallen prey to compromised accounts to scan their PCs with an AV program followed with resetting all vital passwords, particularly online banking passwords. Additionally, they must also keep a watch over their accounts should they suspect any fraudulent operation.

BULLET PROOF HOSTING


1. Bulletproof hosting refers to a technique wherein web hosting firms permit their customers appreciable leniency in the kinds of material they may upload and distribute. 

2. Many service providers have "Terms of Service" that do not allow certain materials to be uploaded/distributed, or the service to be used in a particular way, and may suspend a hosting account, after a few complaints, to minimize the risk of their IP subnet being blocked by anti-spam filters using Internet Protocol (IP) based filtering. Additionally, some service providers may have ethical concerns that underpin their service terms and conditions.

3. Bullet Proof Hosting allows people who want to promote their product, service on their web site by sending Commercial and Bulk Emails. As well known, Email Marketing has emerged as one of the most effective and economical marketing tool. It gives you the power to broadcast your message to millions of prospects across the world and it works!

4. This leniency has been taken advantage of by spammers and providers of online gambling or pornography.Case in point is the case of "McColo ISP takedown in November 2008".McColo was one of the leading players in the so-called "bulletproof hosting" market — ISPs that will allow servers to remain online regardless of complaints.

INSPIRED FROM INDIA : CHINAs ATTEMPT ON TAKING ON CORRUPTION

1.    In recent last few months,a lot has been happening in India in form of anshans,demonstrations,dharna's to bring back the black money freezing in swizz banks and to reduce corruption...so far so good...the spark happened and is now gradually bowing to the Government which ensure and loves STATUS QUO.....atleast thier wasy of working confirms this....instead of supporting the movement...they took the key persons involved head on and now in another about a week or so we will be back to STATUS QUO...

2.    But China's esurient Internet users are taking a leaf from India's anti-corruption drama by opening websites so citizens can confess, sometimes in pitiless detail, to buying off officials.Several Chinese confess-a-bribe websites, including "I Made a Bribe" (www.ibribery.com), have been inspired by an Indian website "I paid a bribe" (ipaidabribe.com)......china ranks 78th in the corruption list whereas we list at the 87th rank...m sure it is much worse.....apna nahee to kisi aur ka to bhala hoga........jai ho INDIAAAAAAAAAA

3.     Thanks http://www.reuters.com

Monday, May 16, 2011

McMurdo station & more DATA CENTRE Locations

1.    We all keep reading on issues like heating when we discuss data centres......now with the problems that datacenters have with cooling, the Antarctic is perhaps the ideal site for such a facility....i thought that was a joke before i first read about this and saw the pics on site at here

2.     The station's datacentre is dedicated to supporting scientific work and running the station - with 64 servers and more than 2PB of storage connected to hundreds of desktops by a gigabit Ethernet network.McMurdo Station is the telecoms hub for science projects, field camps and operations in western Antarctica funded by the National Science Foundation (NSF).To provide these services, it has a central telephone exchange and a wide spectrum of network, radio-frequency and satellite-communication systems.At the South Pole, every day up to 100GB of science data is transferred from the station to the US via satellite-communication links in support of multiple NSF-funded science projects.

3.    Thanks DIGIT.
Powered By Blogger