Social Icons

Wednesday, January 18, 2012

KOOBFACE guys CAUGHT : FACEBOOK

1. Koobface is not something new for the cybercrime followers.....some thing in brief for those reading about this first timehere :

- is a computer worm that targets users of the Facebook.

- koob is book spelled backwards, making the name koobface an anagram for the word Facebook.

- Koobface targets Facebook users via fake friend messages that encourages people to click on links that installs a malicious worm

- Messages like, "you look funny in this video" or "you look so stupid in this pic" are used to persuade somone to click on the link attached. Once the user clicks on them it takes you to a video which doesn't play and they ask you to download certain codecs which can be a fake 'flash_player.exe' file.

- If this file is downloaded, your computer becomes open to Koobface malware.

- It downloads a file 'tinyproxy.exe' which hijacks your PC.

- It even alters search results from Google, Yahoo etc and redirects to websites selling malicious softwares.

- Kaspersky Labs has estimated the network includes 400,000 to 800,000 PCs worldwide at its height in 2010.

- Victims are often unaware their machines have been compromised.

2. Facebook two days back unmasked the team behind the notorious Koobface virus that hit the social network for two years beginning in 2008.

ABOUT THE GANG

- Five men believed to be responsible for spreading this notorious computer worm on Facebook.

- Have pocketed several million dollars from online schemes.

- Are likely hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook.

- One member of the group has regularly broadcast the coordinates of its offices by checking in on Foursquare, a location-based social network, and posting the news to Twitter.

- Photographs on Foursquare also show other suspected members of the group working on Macs in a loftlike room that looks like offices used by tech start-ups in cities around the world.

- Ultimately, the Koobface gang was identified by the researchers as Anton Korotchenko, Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk, and Stanislav Avdeik.

Thursday, January 12, 2012

OIL & GAS : CYBER HACKED


1.    McAfee has recently revealed and confirmed about computer hacking on un-named global oil, gas and petrochemical companies, and individuals and executives in Taiwan, Greece, and the United States, to acquire proprietary and confidential information. This has also been confirmed by five oil and gas companies that had  that the attacks took place, and the attackers were looking for documents about oil and gas exploration and bidding contracts.The source of the attack as usual has been found to be from 'several locations in China'.(Is there any thing new about this ?????)

2.    Oil companies expect such attacks getting more frequent and more meticulously planned. The determination and stamina shown by some modern hackers has increased and there are more multi-pronged, co-ordinated attacks. 

3.    Hackers have started bombarding the world's computer controlled energy sector, conducting industrial espionage and threatening potential global havoc through oil supply disruption.Since Computers control a relatively high percentage distribution in systems,thus are increasingly becoming vulnerable to cyber attacks that could put fuel production technology in the docks!!!

4.    The issue is indeed alarming and needs urgent attention at global level.It is not that my country is not effected or why should I be bothered ?We all are going be effected in the long run because we all r users and part of the last mile chain.Stuxnet,Duqu etc are some of the culprit virus which have been caught doing the action.What about the other thousands and may be millions who are already into action in the background.Japan has recently come up with the good virus ie CYBER WEAPON.Now this one acts like a immunization pill.It resists the virus.About 3 yrs and few billlion dollars have gone into the making.This is just the beginning and I am sure in the rat-cat race aka the good/bad guys of the cyber space there will be moments when the cyber crime over shadows the strengths of cyber power...but its upto the overall cohesive planning that all countries have to work together at the earliest.If late,there will be no other chance.Hackers are already doing it together as one team.....but we all act as teams of different nations.....we should be one GLOBAL TEAM!!!!

5.   Thanks  http://www.mcafee.com 

Tuesday, January 10, 2012

NATIONAL CYBER SECURITY POLICY : DRAFT


1.    Finally we are working on a national cyber policy....infact late but ...IT'S NEVER TOO LATE....the thing that we have started on this is a good sign.The draft of the subject policy is available at www.mit.gov.in/sites/upload_files/dit/files/ncsp_060411.pdf and is in fact inviting comments in case u have any!!!

2.   The draft is a 21 page report.After going through the same I have given the following points at the desired email address available in the draft report.

PARA 3.3 (I) C
GOVERNMENT SECURED INTRANET :
Addition point :

“ In addition to the emphasis on creation of such kind of intranet, efforts at the design stage should be made to exclude all possible options of internet connectivity with this intranet to avoid any kind of imminent threats. This intranet may need internet for various updates etc ,but this should be a privilege access point and no node should be allowed a free access. Any attempts to connect the same may invite action as a threat to nation. The limited internet connectivity to this is required for the following purpose :

- It is the most common action by any user to browse the net. Once given a opportunity he/she is always eager to access emails and download malware or infected software or any third party application. This is the point where command and control centre of a Botnet can be established by a cyber criminal. To avoid such practices it would always be the endeavor of the designer and the super administrator to ensure physical separation of Intranet and Internet. This Intranet should also be subject to regular cyber /IT audits by govt recognized penetration testers and forensic experts to maintain a cyber secure working environment.

PARA 3.3(D) @ Page 12
OPEN STANDARDS

The strength and power of open standards and applications remains unexploited in our country. Other developed nations who have realized the potential of this standard are already contributing significantly to their positive growth in cyber space. This has largely been possible owing to the lack of exposure of such standards by the new generation who is only exposed to the windows environment. Policy should be in place to ensure growth of open standards at school level curriculum.

PARA 3.5.2
COMBATING HIGH TECH CRIME/CYBER CRIME

Though the cat and mouse race between the good and the bad cyber guy would remain on always,it is worth noting that cyber crime if not controlled at such a nascent stage of induction and growth, has the full potential to become a cyber threat.No single policy would be able to achieve a CYBER CRIME FREE CYBER SPACE.It remains the onus of the common man how he tackles the cime himself.It is here that the National Cyber Policy can contribute in the following manner :

- Cyber Huntsville is a collaborative cyber community with the aim of attracting and developing the brightest minds, attacking the most complex problems, and providing the best solutions of national and international significance. Cyber Huntsville is an integral part of the National Cyber Initiative. Similar establishments should be encouraged at India level. More info at http://www.hsvcity.com/cyber/

4.2.3
Thrust areas of R&D  : 

-  Thrust areas of R&D should majorly focus on inducing maximum SRS and QRs at the DESIGN STAGE. Because, if not done at this stage, whatever work follows is patch work that remains a cover up action.
- Analysis of data flow in a network
- Pentration testing
- Storage solutions with backup, archiving, recovery provisioning of entire data.

5.1.1
ENABLING PEOPLE

Promoting a comprehensive national awareness program to include organizing seminars, events, webinars, guest lecture’s in tie up with established societies like IETE,Institution of  Engineers, Computer Society of India etc

Besides,these points I would suggest to include ensuring information security by managing the flow of information to the citizens as well as on securing its physical information infrastructure.The policy should call for the following :

- Popularize e- government
- Optimize the cyber industry structure.
- Provide a rugged 24x7 nationwide cyber infrastructure.
- Promote innovation of cyber technologies.
- Build a cyber oriented national economy.
- Design way to advanced internet culture.

THE GOOD VIRUS : "CYBER WEAPON" BY FUJITSU,JAPAN


1.   Have u seen the epic movie SHOLAY.....where bad guys are hired to kill bad guys by the good people...its a must watch for those who have not seen this...on the same lines recently Japanese government has done some homework to counter cyber crime.....Outsourcing and working with Fujitsu to fight cyber crime with the help of developing a CYBER wEAPON VIRUS that automatically seeks out and destroys enemy viruses.Cyber Weapon almost acts like a human immune system tracking down and weeding out invading viruses. Systems like these are needed when facing the latest advanced threats.Few additional It is the culmination of a $2.3 million, three-year project to develop a virus and equipment to monitor and analyze attacks.  It is reported U.S and china have already put so-called cyber weapons into practical use.

2.   Tracing the source of cyber-attacks is notoriously difficult, mainly because attackers routinely hide behind botnets and anonymous proxies to launch attacks, such as denial of service assaults.Getting this right is a far from trivial process and the potential for collateral damage, even before hackers develop countermeasures, appears to be considerable. Few more points here about this good VIRUS :

- Currently, the virus is being tested in a “closed environment” to examine its applicable patterns. 

- The project is actually outsourced to Fujitsu Ltd. 

- It is capable to disable the incoming attack and record forensics data.

3.   It would actaully be interesting to know how would this be able to trace the source of cyber-attacks as claimed at times like today when the botnets and anonymous proxies are getting better and stronger by the day.

Monday, January 02, 2012

Malware in the name of Kim Jong-il death : BEWARE!!!


1.   A "malicious spam mail" in the name of the dead North Korean leader Kim Jong is doing the rounds of the webosphsere and biting anyone whoever clicks it.The malicious spam carries a fake name as "brief_introduction_of_kim_jong_Ill_pdf.pdf". The subject file exploits vulnerabilities in Adobe reader and leads to remote code execution in the victim PC.

2.   The emails contain a simple line of text announcing the death, likely copied and pasted from the CNN website, and carries an attachment named brief_introduction_of_kim-jong-il.pdf.pdf.Once downloaded and executed, the malicious file opens a non-malicious PDF file containing a picture and information about the deceased man in order to hide its true activity on the victims' computer.In other variants of the same theme, the attached file is named Kim_Jong_il_s_death_affects_N._Korea_s_nuclear_programs.doc and, once opened, it drops backdoor-opening malware into the system, which then connects to a remote Command & Control server for further instructions.After this much code execution...its JAI HIND.....


3.  So don't open this one from ur PC if u have read this much.....

Sunday, January 01, 2012

Saturday, December 31, 2011

HAPPY NEW YEAR WISHES 2012

WISHING EVERY ONE READING ACROSS "MELIORATE" A VERY VERY HAPPY NEW YEAR 2012......

HIDEMYASS saves its own!!!

1.  The month of September 2011 went so full of embarassment for HMA(Hidemyass) that it would probably like October  to  follow  August  ( September  may just  vanish in the smoke....) All  its  claims  of  telling  being anonymous  and safe, maintaining privacy,being completely hidden etc etc hit a serious setback....the story goes like this...



 2.   The case pertains to Lulz Security aka LulzSec,a computer hacker group that claims responsibility for several high profile attacks including SONY,CIA etc.So in the month of September this year an alleged Lulzsec member who had carried out attacks on various organizations including Sony and the UK’s Serious Organised Crime Agency, had used this ‘anonymous’ VPN service supplied by HideMyAss.But his plan failed in the biggest way imaginable. HideMyAss (HMA) keeps all yourlogs and as a UK company when given a court order to cough up information, they did so. After matching timestamps to IP addresses, in the blink of an eye Luzlsec member ‘Recursion’ became 23-year-old Cody Kretsinger from Phoenix. The FBI got their man.....so whats the use.....!!!!

3.   But I feel that anything to do with some serious crime should always be contained....like this way...but what about you and me....our surfing habits will always be known....our info will always be under cloud....:-(

4.   This is what HMA had to say :

“Our VPN service and VPN services in general are not designed to be used to commit illegal activity,” said Hide My Ass. “It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences.”

5.  Thanks vpn-reviews.net and  Torrentfreak

Friday, December 30, 2011

PROXY SERVER : ARE THEY LEGAL TO BE USED IN INDIA?

1.   Few days back I was surfing  few sites via proxy server at HIDEMYASS. Just like a that,a thought came to mind that if the Indian Government on one hand is trying all ways out to monitor nefarious activities on net...and in the name of this monitoring they are monitoring u and me as well....what would they be able to do for those actual ones who use proxy servers?.....

2.   Though it is understood that not all proxy server sites are as safe as they claim...most of them have actually a life of not more then 4-5 days...they actually are born to steal and vanish...we call that 9 2 11....But sites like those have been existing for more than 4-5 years like hidemyass,proxy.org etc are actually doing the work they are supposed to do ie PRIVACY!!!

3.   If any of the readers have some idea or can guide to some link w.r.t legality issues of using proxy servers in India...i would be grateful....and lastly if anyone has some disagreements on the comment earlier that INDIAN GOVERMENT IS MONITORING YOU...just check the ANONYMITY CHECKER at https://xerobank.com/.

Tuesday, December 27, 2011

CAN WE EVER BE SAFE ONLINE?

1.    It is indeed difficult to surf anonymously if u r a normal user....u put on a monkey cap "DISCONNECT" or wear a long coat or do anything u cant remain hidden....the spy ,if he is after you, will come to know who u r?where r u from?....what r u doing ?etc etc....

2.   Recently came across this https://xerobank.com/......and just clicked to know more of what it had to offer....it gave me a sneak preview of what others may know...my IP ADDRESS...MY LOCATION(ok that normal)...but then also told me that "DATA INTERCEPTION DETECTED"....BY THE INDIAN GOVERNMENT...now this was only a sneak peak....to know more visit the site at https://xerobank.com/

Sunday, December 25, 2011

STORE UPTO 50 GB FOR FREE : @ ADrive

1.   Last week at Tech Conclave Delhi meet,one guest speaker was speaking about cloud storage ...how it will slowly become a definite requirement in coming days soon...which we may not think it will as on date...he gave one fine example....BANK...100 years back could any one have thought of lending money for storage to some company....it was securely felt to be safe in self custody...see the state today....times have changed and so has the scenario....today companies like Microsoft,ADrive ETC are offering amazing storage space in cloud for free...that too for free...off course it may just act as a initial bait....some good links of these free storage offers are as follows :







2.   Off all these ADrive offers the largest free storage for free...thats a huge 50 GB....good to start with....so start burning your modem's midnite oil....i have already started........ADrive offers the following features which are as on date unbeatable :

  •  FREE 50GB Online Storage
  •  Cloud Storage
  •  Upload & Store Files
  •  Access Files Anywhere
  •  Share Files
  •  Edit Documents Online
  •  File Transfer Protocol (FTP)
  •  ADrive Desktop

Friday, December 16, 2011

TOOLS & SITES OFFERING EFFECTIVE PASSWORD CRACKING


Below is a list of sites that offer tools and ways to crack passwords.The idea behind posting all these sites at one place is not to attract and promote users to try password cracking.The idea is to always remember ways and means to create and promote stronger passwords which can not be cracked.All these sites do have limitations to crack the stronger passwords and related info...



Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.










Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It is available for Windows 9x, NT and 2000, there is no UN*X version available although it is a possibility at some point in the future. Brutus was first made publicly available in October 1998 and since that time there have been at least 70,000 downloads and over 175,000 visitors to this page. Development continues so new releases will be available in the near future. Brutus was written originally to help me check routers etc. for default and common passwords


The source of independent information about cryptosystem weakness and password recovery.

Wednesday, December 14, 2011

Debunking Myths about Computers



Friends here is one guest post by Sean, a Senior Op Ed Columnist for the readers

Computers are amazing machines. I think even those of us who are embittered against our PCs for freezing up a few days ago can agree on that. Something that is equally striking is the human capacity for gullibility. There are a lot of supposed "facts" that people accept about PCs and computers in general that are actually nothing more than hearsay or complete poppycock. If you don't believe us, check for yourself. You can get a deal with an HP Coupon, pick up a fresh new computer, and run some tests for your own satisfaction. Honest! We're not making this stuff up.  

Remember way back when you owned your first computer — maybe it was an IBM — and you were afraid to have it anywhere near anything magnetic? You went so far as to put it on the opposite side of the house from the refrigerator because you were afraid that the I <3 New York magnet would suck the life out of your PC? Yeah. You didn't need to do that. While it is true that old floppy discs were quite susceptible to magnetic damage, computers and modern storage devices like USB drives or SD cards are safe around magnets. 

There is also the ever-present debate about the health risks of high computer usage. Sure sitting in front of a screen all day munching Doritos is probably not a great way to train for the Olympics, but any health risks from that have little to do with computers and a lot to do with your personal diet. There is no evidence that computer screens emit enough harmful radiation to even be detected in a test, much less adversely affect human beings. Next time you read an online report about some inconclusive study, you can laugh to yourself and reach for another chip comfortably. 


Monday, December 12, 2011

CHROME OS

Recently downloaded CHROME OS and ran it on a Virtual Box.....few screen shots....for those who wish to see how it looks!!!!Double click on the image to view it bigger and clear










Saturday, December 10, 2011

Copy To the Clipboard From the Command Prompt


1.    Ever  tried copying text and commands you type at command prompt ie c:\

2.    I tried it once via the right click and then doing cut/paste thing.It did not happen.

3.    The way to do it is very simple though….u have to do this once…explained screen shot wise

GO TO THE COMMAND PROMPT
 RIGHT CLICK AT THE LEFT TOP MENU & CLICK ON PROPERTIES


ENABLE THE QUICK EDIT MODE


4.       You have to enable the Quick edit Mode and then on its simply left-clicking anywhere in the window and drag a box around the text that you would like to select.Once the text is selected, you can either right-click anywhere in the window or use the Enter key to copy the selected text to the clipboard.To paste into the command prompt, simply use the right mouse button anywhere inside the window while not in “Select” mode.


How to Enable Built-in Administrator Account?

1.   Ever wondered where is the Administrator account that used to be seen in Xp days has gone now...unseen in VISTA and WIN7  ?

2.  There is a way out through editing GPEDIT.MSC also...but found this veri simple...a single line command at c:\ prompt....it goes like this :

Firstly, open a command prompt in administrator mode by right-clicking and choosing “Run as administrator”.

Secondly,type the following command:

net user administrator /active:yes

thats it...ur screen should say " The command completed Successfully"

3.  You should see a message that the command completed successfully. Log out, and you’ll now see the Administrator account as a choice.this works both for VISTA and Win 7.

Sunday, December 04, 2011

CONVERT UR BLOOK IN A PDF E-BOOK

1. I recently came across a wonderful wonderful free for use site at http://blogbooker.com/.This site would convert your entire blog into an E-Book....that 2 entirely free....amazing.

2. I was able to convert my present blog here into a complete PDF with amazing features that include :

- comments included
- year wise sorting
- page numbers and indexing included.
- easy to create
- easy to share.
- no irritating water marks.

3.  Sample this :.....gr888888888888

Blogger to E-Book

Thanks  http://blogbooker.com

Saturday, December 03, 2011

"LIKE" Button in Facebook : Tracks u!!!


1.   Internet users tap Facebook Inc.'s "Like" and Twitter Inc.'s "Tweet" buttons to share content with friends. But these tools also let their makers collect data about the websites people are visiting.

2.   These so-called social widgets, which appear atop stories on news sites or alongside products on retail sites, notify Facebook and Twitter that a person visited those sites even when users don't click on the buttons, according to a study done for The Wall Street Journal.Few things about these widgets :

- Prolific widgets

- Already added to millions of web pages in the past year. 

- The widgets, which were created to make it easy to share content with friends and to help websites attract visitors, are a potentially powerful way to track Internet users. 

- They could link users browsing habits to their social-networking profile.

- For example, Facebook or Twitter know when one of their members reads an article about filing for bankruptcy on MSNBC.com or goes to a blog about depression called Fighting the Darkness, even if the user doesn't click the "Like" or "Tweet" buttons on those sites.

- A person only needs to log into Facebook or Twitter once in the past month. The sites will continue to collect browsing data, even if the person closes their browser or turns off their computers, until that person explicitly logs out of their Facebook or Twitter accounts.

- Facebook places a cookie on the computer of anyone who visits the Facebook.com home page, even if the user isn't a member. 

Windows 8 Developer Pre BETA : How to get full screen on a VM?

In continuation with my earlier post here about windows 8 Pre Beta edition,one thing that bugged me for a while was not getting the display across full screen in spite of choosing "view full screen" from drop down.The answer to this goes like this

..SIMPLY CHOOSE A HIGHER RESOLUTION AND U WILL GET IT....

Simple to get till u know!!!!!!!!!!!

Friday, December 02, 2011

Snake oil Cryptography

1.     While reading a post about unhackable codes here , I came across a interesting term know as SNAKE OIL CRYPTOGRAPHY......as Alex Gostev, chief security expert at Kaspersky Labs, dismissed ENIGMA-DS "snake-oil cryptography,"....so found out in brief from wiki...where else!!!

In cryptography, snake oil is a term used to describe commercial cryptographic methods and products which are considered bogus or fraudulent. The name derives from snake oil, one type of quack medicine widely available in 19th century United States.Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user. 

2.  Thanks WIKI

LogMeIn HAMACHI


1.   The law of market keep seeing fights to be at par with each other ie DEMAND & SUPPLY.Today when security in IT is a burning issue,we have so many utilities floating that there is no way one can be trusted blind foldly.Here come another security utility that actually stands out to work in a direction not taken up by so many prominent software security utillities in market.This is HAMACHI

2.   Hamachi is a nice ,free 2 try,tool that connects two computers via the internet by creating a virtual private network (VPN) and protecting it with proven industry-standard encryption algorithms.This will ensure that all communications between the two PCs at a time are safe from the spying eyes.It easily sets up in 10 minutes, and enables secure remote access to network, anywhere there's an Internet connection.The basic advantage that immidiately stand out are :

-   LAN over the Internet - Arrange multiple computers into their own secure network, just as if they were connected by a physical cable.
-   Files and Network Drives - Access critical files and network drives.
-   Zero-configuration - Works without having to adjust a firewall or router.
-   Security - Industry leading encryption and authentication.
-   Cost Effective - Free for non-commercial use.

3.   It features a simple interface that enables to create personal safe networks in just a couple of steps. Also the connection is conveniently protected by an AES-256 algorithm.The problem lies that it supports only chat....and not yet what we desire most ie "FILE SHARING".A new,nice attempt to take on security but still a long way to go....

Thursday, December 01, 2011

Windows 8 Developer Preview : Pre Beta Version for Developers


I recently downloaded the Windows 8 Preview Developer edition from http://msdn.microsoft.com/en-us/windows/apps/br229516 and then tried running it as a virtual machine.Found the following issues :

- does not run on VMWARE 7
- runs on VMWARE 8
- Donno y...but runs at a pathetic speed on VMWARE 8 inspite of a good resourceful machine with upto 1.5 GB of RAM.
- Even on installation on VMWARE 8...doesnt show the NIC card so it has no access to Internet.So no updates.
- Runs at a horse's pace in VIRTUAL BOX.
- No NIC issues in virtual box.

Sunday, November 27, 2011

Cookienator : Option to control cookie menace


1.   Cookienator is a tool that will helps us remain anonymous from search engines such as Google and other web-usage trackers such as Doubleclick or Omniture.This a simple program that will leave most of cookies alone but will remove the ones that put your privacy at risk. The best part about this is the size and ease of installation.....It is lightweight; it's a single executable, when run, it will tell you how many cookies it would like to remove. It is available for free to download and is available in two forms : msi windows executable and a zip file



CONTROL COOKIES TAKING CONTROL FROM UR BROWSERS


1.  In my earlier post here about cookies and types,I had mentioned about types and some relevant details.Now this one mentions about the steers and control available in prominent browsers to disable cookies digging into ur privacy !!!

Google Chrome

Go to 'Tools Menu'
Click on 'Options'
Click on 'Under the Hood'
'Cookie Setting' should be selected. Once done select 'Block all Cookies'
Now all cookies should be blocked on your Google Chrome
To clear existing cookies:

Go to 'Tools Menu'
Click on 'Options'
Click on 'Under the Hood'
Under 'Privacy' section select "Show Cookies'
A new window should open called 'Cookies' In here you can see all the cookies within your Google Chrome Browser.
Click on "Remove All" to remove all traces of cookies
If you wish to only remove a certain cookie, simply highlight and click "Remove"

Firefox

Go to 'Tools' in the menu bar
Click on 'Options'
Click on 'Privacy Tab'
Disable the box that says 'Accept Cookies From sites'
To clear existing cookies:

Go to 'Tools' in the menu bar
Click on 'Options'
Click on 'Privacy Tab'
Click on "Clear Now"
Select "Cookies"
Click on "Clear Private Data Now"

Internet Explorer (IE) 9.0+

Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options'
Click on 'Privacy' Tab on top
Move the slider up to the 'Block all Cookies' button
Important Notice: Blocking all cookies may prevent you from entering alot of sites.
The next two Internet Explorer privacy levels, High and Medium High, may be more suitable.

To delete existing cookies:

Go to 'Tools' in the menu bar which should drop down then click on 'Internet Options'
Click on 'General' tab which should be under 'Browsing History' and click 'Delete'


COOKIES & TYPES ?

1. How often we blame it on cookies for tracking,invading our privacy.......but whats these cookies all about?How many types exist?Are all of them dangerous?What can I do to avoid them? All answers ahead in my posts ahead....

2. A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site.The state information can be used for authentication, identification of a user session, user's preferences, shopping cart contents,or anything else that can be accomplished through storing text data.Cookies are not software.They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer .

SESSION COOKIE

A session cookie only lasts for the duration of users using the website. A web browser normally deletes session cookies when it quits. A session cookie is created when no Expires directive is provided when the cookie is created.

PERSISTENT COOKIE

A persistent cookie will outlast user sessions. If a persistent cookie has its Max-Age set to 1 year, then, within the year, the initial value set in that cookie would be sent back to the server every time the user visited the server. This could be used to record a vital piece of information such as how the user initially came to this website. For this reason, persistent cookies are also called tracking cookies or in-memory cookies.

SECURE COOKIE

A secure cookie is only used when a browser is visiting a server via HTTPS, ensuring that the cookie is always encrypted when transmitting from client to server. This makes the cookie less likely to be exposed to cookie theft via
eavesdropping.

HTTP ONLY COOKIE

The Http Only session cookie is supported by most modern browsers.On a supported browser, an Http Only session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). 

FIRST PARTY COOKIES 

A first-party cookie either originates on or is sent to the Web site you are currently viewing. These cookies are commonly used to store information, such as your preferences when visiting that site.

THIRD PARTY COOKIES

Third-party cookies are cookies being set with different domains than the one shown on the address bar.For example: Suppose a user visits www.example1.com, which sets a cookie with the domain ad.foxytracking.com. When the user later visits www.example2.com, another cookie is set with the domain ad.foxytracking.com. Eventually, both of these cookies will be sent to the advertiser when loading their ads or visiting their website. The advertiser can then use these cookies to build up a browsing history of the user across all the websites this advertiser has footprints on.

ZOMBIE COOKIE

A zombie cookie is any cookie that is automatically recreated after a user has deleted it. 

TEMPORARY / SESSION COOKIES

A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close your browser.

UNSATISFACTORY COOKIES

Unsatisfactory cookies are cookies that might allow access to personally identifiable information that could be used for a secondary purpose without your consent.

Thursday, November 24, 2011

THREATS TERMINOLOGY & GLOSSARY : PART 1

1. The term VIRUS is still used in talks amongst the victims of so many threats which are relatively unknown to the normal user.Here I am putting down the commonly known present day threat terminology.I am missing out on the regular ones that include Malware,adware,spyware,spam etc....

BACKDOOR 

2. A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network. These utilities may be legitimate, and may be used for legitimate reasons by authorized administrators, but they may also be misused by attackers. A backdoor is usually able to gain control of a system because it exploits vulnerabilities, bugs or undocumented processes in the system's code. 

A Variation: The IRC Backdoor 

3. There also exist IRC backdoors, which are controlled via bots hidden in specific invite-only IRC channels accessible only to the attacker; these bots serve as the client component of the traditional client-server backdoor arrangement. 

BLUE TOOTH WORM 

4.  A platform-specific type of worm that propagates primarily over a Bluetooth network. This type of worm is almost always designed to function on mobile devices, which make more use of Bluetooth connectivity than computers. 

BOT 

5. A malicious program that, on being installed onto a computer system, allows the attacker to enslave the system into a network of similarly affected systems known as a botnet. The individual computers in a botnet may also be referred to as a bot or a zombie. 

BOTNET 

6.  A portmanteau formed from the words robot and network, a 'botnet' is a network of infected computers that can be remotely controlled by an attacker, usually via a command-and-control (C&C) server. Each infected computer may be known as a bot , a zombie computer , or a zombie . 

BROWSER HELPER OBJECT (BHO) 

7.   A type of web browser plug-in specifically designed for use with the Microsoft Internet Explorer browser. A Browser Helper Object (BHO) executes automatically every time the browser is launched and provides functionality that is not built-in to the browser. 

CROSS SITE SCRIPTING 

8.   A type of attack in which malicious scripts are injected into a legitimate website in oder to be served to subsequent site visitors. Cross site scripting (XSS) attacks can result in a variety of effects, including hijacked web browsing sessions, stolen session cookies, information theft and more. As more people become increasingly dependent on web-based services, XSS attacks are becoming increasingly common. 

DENIAL OF SERVICE

9.   A type of Internet-based attack that aims to deny legitimate users access to a service (for example, a website or a network) by overloading a relevant computer resource or network device. The most common type of Denial of Service (DoS) attack takes the form of a massive amount of requests being sent from a host machine to the target, for example, a government website server. 

ICMP Flood

10.   The attackers sends out a flood of ICMP_ECHO packets to the target, swamping CPU usage and effectively rendering the target unusable until the flood is ended or the target is reset or restarted. 

Peer to Peer attack

11.   Attacker exploit bugs in peer-to-peer servers and redirect clients from the peer-to-peer server to the target server instead, flooding the target with thousands of connections and overwhelming its resources. 
Application level floods: A DoS attack carried out via particular applications, most commonly Internet chat systems. The most common kind of flood is an IRC flood, which is carried out on the popular IRC chat system. 

DISTRIBUTED DENIAL OF SERVICE (DDOS)

12.   A type of attack conducted over the Internet, using the combined resources of many computers to bombard, and frequently crash, a targeted computer system or resource (e.g., a program, website or network). 

GENERIC DETECTION

13.   A new type of sophisticated detection that is being increasingly used by antivirus programs to identify programs with malicious characteristics. Unlike more traditional detections (also known as signature-based or single-file detections) a Generic Detection does not identify a unique or individual malicious program. Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware. 

POLYMORPHIC VIRUS

14.   A virus that mutates, or modifies, its own code at various intervals. The changes in code typically occur each time the virus replicates, or infects a new machine. Detection and disinfection of a polymorphic virus can be very challenging, as mutating code makes traditional signature-based detection methods ineffective. Nowadays, many antivirus programs instead use heuristic analysis to identify polymorphic viruses.

POLYMORPHISM

15.   The act of a virus 'mutating' parts of its code at various intervals in order to evade detections. By constantly changing its code, a virus ensures that each iteration of its code looks different from the preceding one, making it impossible for traditional signature-based antivirus programs to identify the two iterations as one and the same virus. These so-called 'mutating viruses' can be divided into polymorphic and metamorphic viruses. 

Polymorphic Versus Metamorphic 

16.   A metamorphic virus works performs its mutation routine differently. Rather than using encryption to obfuscate its virus body, a metamorphic virus 'rearranges' entire chunks of actual code between iterations in order to create a seemingly different virus. The changes in code are directed by a metamorphic engine and despite the alterations, do not affect function - that is, the virus is still able to perform the same malicious actions through each iteration. Fortunately, the major code changes performed by a metamorphic virus require a high degree of technical skill from the virus author, and there are very few such viruses in the wild so far.

ZERO DAY

17.   A type of attack that exploits a recently publicized vulnerability or security loophole, before program vendors or the security community are able to develop a patch for the vulnerability. The period between the public announcement of a vulnerability and the first release of a patch fixing the vulnerability is also sometimes referred to as "zero hour" – even if the actual timespan is longer than an hour. Dealing With Zero-Day attacks A zero-day attack can be very destructive, as vulnerable systems generally have few defenses against it. 

Tuesday, November 15, 2011

DISCONNECT.ME in Incognito mode


I asked the site owner at disconnect.me of how to use this plugin while surfing in privacy/incognito mode since I use incognito all the time...its default....i got this reply


Hey Anupam, you have to explicitly enable extension to run in 
incognito mode in Chrome. Right- or Ctrl-click the "d" button, pick 
"Manage extensions...", click the arrow next to Disconnect, and check
the "Allow in incognito" box.

Thanks disconnect.me

DISCONNECT URSELF

1.  The issue of privacy browsing is a growing worry for  internet users including me.Various attempts in form of third party utilities,browsers offering incognito/privacy mode have been made and are being made in the current webosphere.In the search for handling these issues I recently came across this plugin...DISCONNECT.ME at http://disconnect.me/

2.   Next is straight lift extract from the site :

If you’re a typical web user, you’re unintentionally sending your browsing and search history with your name and other personal information to third parties and search engines whenever you’re online.


Take control of the data you share with Disconnect!.


From the developer of the top-10-rated Facebook Disconnect extension, Disconnect lets you:


• Disable tracking by third parties like Digg, Facebook, Google, Twitter, and Yahoo, without requiring any setup or significantly degrading the usability of the web.


• Truly depersonalize searches on search engines like Google and Yahoo (by blocking identifying cookies not just changing the appearance of results pages), while staying logged into other services — e.g., so you can search anonymously on Google and access iGoogle at once.


• See how many resource and cookie requests are blocked, in real time.


• Easily unblock services, by clicking the toolbar button then services (and reloading current pages) — e.g., so you can play games on Facebook.


To learn more about online privacy and protecting yourself and find out when additional browsers are supported, subscribe to the Disconnect Newsletter at http://disconnectere.com/.


Disconnect is open-source software — you can get the code at http://j.mp/dsource.


Known Issues:


• The scary installation warning is explained at http://j.mp/dinstall (the text refers to Facebook Disconnect but also applies to Disconnect).


• Click the “d” button then the “Depersonalize searches” checkbox to turn search depersonalization on (or back off in case you have trouble getting to Google or Yahoo services).


• Search depersonalization isn’t yet implemented for international Google domains — google.fr, google.co.jp, et cetera.


• Yahoo has to be unblocked while you’re logging into Flickr or Delicious but can be blocked again afterwards.


• Unblocking Facebook isn’t possible while Facebook Disconnect is running — that extension will be autoupdated to be compatible with Disconnect in the next few days.


• You should unblock Google and Yahoo before disabling or uninstalling Disconnect — doing so will restore your cookies to their original state.


3. I have started using it without issues till now....download this at http://disconnect.me/

4.  Thanks disconnect.me

Wednesday, November 02, 2011

Our Browsing History Is Leaking into the Cloud!!!!

1. You do it on INCOGNITO mode or the PRIVACY mode or keep removing cookies to ensure that you are not being tracked or u think like your browsing history does not exist....this is going to shock you.....watch this video "DEFCON 19: Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud"....click down to see....


2.  The summary goes like this....

 - 350 services get at least 1 % of your browsing activity
 - 33 services get at least 5% of your browsing activity
 - 16 services get at least 10% of your browsing activity

3.  Any solutions for avoiding......yes...the video itself gives you the solution ....and as on date millions have already adopted it...now that includes me tooo.....download the plugin for your respective browser from http://www.disconnect.me/

DUQU's MICROSOFT LINK!!!

1.   While as on date the security and anti virus teams and experts across the globe are racing to find and unlock the details on DUQU,some useful information on the subject bug has been released by Microsoft,which says that hackers exploited a previously unknown bug in its Windows operating system to infect computers with the Duqu virus."We are working diligently to address this issue and will release a security update for customers," Microsoft said.But on the other hand the odds are that Microsoft won't patch the Windows kernel bug next week that the Duqu remote-access Trojan exploits to plant itself on targeted PCs.

2.   Meanwhile,Symantec researchers said they consider hackers sent the virus to targeted victims via emails with infected Microsoft Word documents attached. If a recipient opened the Word document and infected the PC, the attacker could take control of the machine and reach into an organization's network to propagate itself and hunt for data, Symantec researcher Kevin Haley told Reuters. 



Monday, October 31, 2011

RED PHONE : ENCRYPTED VOICE FOR ANDROID!!!

Here is something every android user would lov to use....AIM IS TO LISTEN AND SPEAK ON YOUR ANDROID HANDSET WITH INBUILT ENCRYPTION OF RED PHONE APPLICATION.......isn't it gr888888!!!

" RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. It's easy to use, and functions just like the normal dialer you're accustomed to. RedPhone uses your normal mobile number for addressing, so there's no need to have yet another identifier or account name; if you know someone's mobile number you know how to call them using RedPhone. And when you receive a RedPhone call your phone will ring just like normal, even if it is asleep. "

SOME MORE ON DUQU

Some more good info and FAQs on DUQU.....AT
http://www.secureworks.com/research/threats/duqu/

Sunday, October 30, 2011

BACKTRACK 5 : How to use ?

Recently uploaded a step by step with screen shot on how to use and benefit from BACKTRACK 5 on a virtual lab platform.....

Backtrack 5

DUQU : FROM THE GEN STUXNET????


1.  Do u remember the gr8 STUXNET...who hit the cyber theatres about a year back?....i call it gr8 since that was the first piece of trojan which the experts called with words like marvelous,the world's first 'open source weapon'.....the code which shocked the experts...though it was meant to target Siemens industrial software and equipment running Microsoft Windows....but the percentage affected was enough to do the early damage and show the trailor of what  can come ahead....now comes another in the offering which Researchers from Symantec say is likely written by the same authors and based on the same code.This is known as DUQU.....also coming to be known as “Son of Stuxnet” and a “precursor to a future Stuxnet-like attack.”

2. But another analyses by security researchers from Dell suggest Duqu and Stuxnet may not be closely related after all. That’s not to say Duqu isn’t serious, as attacks have been reported in Sudan and Iran. But Duqu may be an entirely new breed, with an ultimate objective that is still unknown.“Both Duqu and Stuxnet are highly complex programs with multiple components,” Dell says. “All of the similarities from a software point of view are in the ‘injection’ component implemented by the kernel driver. The ultimate payloads of Duqu and Stuxnet are significantly different and unrelated. 

3. The security vendor Bitdefender has also cast doubt on the supposed Duqu/Stuxnet link in its Malwarecity blog. “We believe that the team behind the Duqu incident are not related to the ones that released Stuxnet in 2010, for a number of reasons,” BitDefender’s Bogdan Botezatu writes. While a rootkit driver used in Duqu is similar to one identified in Stuxnet, that doesn’t mean it’s based on the Stuxnet source code.

4. Now till date,DUQU was reportedly seen infecting machines in and around IRAN......but now the Symantec version reported is that a server machine in aamchi Mumbai is effected by this new VIRUS!!!!!!!Indian authorities seized computer equipment from a data center in Mumbai as part of an investigation into the Duqu malicious software that some security experts warned could be the next big cyber threat. Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu. 

5. So DUQU is here in INDIA.......and I m sure with the high percentage of pirated software users in India....we r the most vulnerable to such kinds of threat.....be updated...buy genuine....keep taking updates to avoid being EXPLOITED by EXPLOITS..................

Saturday, October 22, 2011

WIRESHARK Troubleshoot

1. The most common trouble that comes up first time users of Wireshark is that CAPTURE INTERFACE drop down shows the NPF not running and thus the interface list shows NIL.....

2. The small work to be done is that you need to install and then run WinPcap.So after you have installed Wireshark  and u have a shortcut of the application on the desktop...just right click the Wireshark  and run as the administrator.....should solve....

Tuesday, October 11, 2011

HIBERNATION MODE : HOW SAFE FOR YOU?

1. How often while using your PC u use the hibernation mode?I am sure that after reading the text below u r hardly going to use it owing to the serious compromise of your info of what you do and when you do ?

2. Ok…what do we mean by hibernation mode?......it simply means that via using this mode we are basically creating a snapshot of the contents of the computers RAM which is then saved to the root of the hard drive as “hiberfil.sys”!!!!This would now mean that the then current running applications and other data in RAM will be written to the hard disk.

3. For example, if we went into the hibernation mode with our browser still open…..then textual strings such as the last Google search performed or text from an open web page will be written to hard drive as the computer “hibernates”.

4. The Windows hiberfil.sys also become an issue while using encryption software such as TrueCrypt. If a Windows system is placed into hibernation mode without unmounting encrypted containers or volumes then the encryption keys used to access these containers will likely be left in RAM in plain-text. RAM will then be saved to the hard drive in the hiberfil.sys. This means that we will be leaving the keys (passwords) to all of your private containers and volumes free for the finding.

5. Ok…..if at all we get hold of the hiberfil.sys…is it going to be that easy to read all that hex dec info?...no certainly not…here come sandmen project for assistance….now whats SANDMEN PROJECT….pls google….in short it is a library which assists in parsing data from the hiberfil.sys.

Disable Hibernation mode on Windows XP:
• Right-click empty area on desktop
• Choose “Properties”
• Select the “Screen Saver” tab
• Click “Power…”
• Select the “Hibernate” tab
• Uncheck “Enable hibernation”

Disable Hibernation mode on Windows 7:

• Open “Control Panel”
• Click “Power Options”
• Click “Change plan settings” for you current power plan
• Click “Change advanced power settings”
• Expand “Sleep”
• Expand “Hibernate after”
• Enter “0″ for “Setting:” to set hibernate to “Never”

Monday, October 10, 2011

nVidia GeForce GPU cracks six character password in four seconds

1.  An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours.So guys ...have mentioned it so many times earlier...even a password upto 14 character in length has been shown easy to crack when i discussed at a post here about one year back....so better take care of ur passwords...small case with few caps and special characters with numbers upto a length of 10-15 should do it for the time being....things r getting nasty in the hacking world.....take care....

2.  more about this at...here...here...here....here...
Powered By Blogger