Social Icons

Wednesday, November 28, 2012

ESSPEE : eth0 issue in Installation

1.   First thing first ...what's ESSPEE.So friends who are aware of whats Backtrack R3....ESSPEE is a derivative of BackTrack 5, based on Ubuntu 12.04. Designed for users who wish to use only free software. It is packed with featured security tools with stable configurations....and now for those of you who wish to know the expanded form of ESSPEE ...its EXTREME SECURITY SCANNING PENETRATION TESTING & EXPLOITATION ENVIRONMENT.....:-)

2.   So after downloading this from  here...and after installing I came across a small issue of eth0 NIC not being detected unlike regularly where it gets detected automatically vide a DHCP config.So the answer is a small tweak that is required while selecting the Mac address of the eth0 as shown in the screen shot below :

(Click on the image to ENLARGE)

3.    That's it....and now ur internet will be on with network adapter configured to NAT....


Saturday, November 24, 2012

Detecting a MALICIOUS PDF:PDFid @ BACKTRACK 5 R3


1.    Adobe, who gave us the the ever comfortable PDF..thats the "Portable Document Format" in the early 1990's never thought like how this can become a security threat by the simple action of opening it only....yess!!!this post will give a small insight of how things really work behind the scene in execution of a malicious PDF....

2.  So first of all...how a PDF becomes a malicious document?The answer to this question is simple embedding of a JAVA SCRIPT, that is not seen but only executed once a PDF is opened....no antivirus will be able to identify of what malicious thing lies behind a normal PDF that u and me use daily...so if u scan a malicious PDF with your Antivirus,it is veri unlikely to be caught....how do we know then whether a PDF is malicious or not?...thats what this post shows here....I came across a tool known as PDFid in the BACKTRACK R3 that I was running in Virtual Box.

3.   Few lines about the tool....this was developed by Didier Stevens who blogs at http://blog.didierstevens.com/.So this helps us to differentiate between PDF Documents that could be malicious and those that are unlikely to be....The tool is based on the fact that that a  typical PDF File comprises of header, objects, cross-reference table (to locate objects), and trailer.So , if there is a tool that can find out if any one of them is available in this PDF...things can become easier...so like for example...if a PDF that has no purpose of embedding or holding a JS inside it,then a eye brow raise is certain as to why should it be there....so PDFid tool comes to rescue us out of this question...First the typical structure of a PDF with its one line explanation is given below :

“/OpenAction” and “/AA” (Additional Action) specifies the script or action to run automatically.

 “/Names”, “/AcroForm”, “/Action” can also specify and launch scripts or actions.

“/JavaScript” specifies JavaScript to run.

 “/GoTo*” changes the view to a specified destination within the PDF or in another PDF file.

 “/Launch” launches a program or opens a document.

“/URI” accesses a resource by its URL.

“/SubmitForm” and “/GoToR” can send data to URL.

“/RichMedia” can be used to embed Flash in PDF.

“/ObjStm” can hide objects inside an Object Stream.

4. So now I have set up a VB machine running BTR3 that would run this tool and find out if the PDF that I have analyzed is malicious or not? These are the screen shots showing a step by step scene of how u do it....


(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

(Click on the Image to ENLARGE)

5.   So the last screen shows the final result...for those of you who find this little complicated I will upload a video cast of this soon....

Monday, November 19, 2012

Thursday, November 15, 2012

McAfee : Runs on Windows/Linux and from Police

1.    Strange is the heading and so is the story....according to the news doing the rounds in cyber space.Anti-virus software pioneer John McAfee says he is moving every four hours to avoid Belizean police who wants to question him about the murder of his neighbor, a fellow American....how true or untrue is this ...m no one to comment....but being an ardent McAfee user for long on my various VMs....I would like to wish him the best.....more on the story that I read from is available here.....

Wednesday, November 14, 2012

Otome 3D : World’s first 3D-Printing Photo Booth

1.    At one of my earlier posts about 3D Printers about 4 months back,I had discussed about the phenomenal world of 3D Printers....the vast applications envisaged and what not...it is left to imagination of how do we use this technology....but then I could not find any commercially available products available to comman men.....but here we are....a company Harajaku in Japan will house the world’s first 3D-printing photo Booth by Otome 3D. This can ensure that you have your very own Madam Tussad-esque replica, up to 20cm, of yourself. The process involves scanning of entire bodies of subjects for about 15 minutes, after which, you are reproduced in material, to much awe and astonishment. More details about this at here

Sunday, November 11, 2012

FEDORA 17 & VIRTUAL BOX : Virtualbox Installs but won't load

1.   This particular problem kept me busy the whole day....and in fact I reached a point of frustration that I should switch back to Ubuntu that I was earlier using.......so the problem goes like when I install virtual box via the rps and yum commands ...I used to invariably get some odd message that mostly included the following :


Kernel driver not installed (rc=-1908)

The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv. Please reinstall the kernel module by executing

'/etc/init.d/vboxdrv setup'

2.    I would not actually lie about it...but i checked about so many forums that gave relatively the same solutions that you would have mostly found out by now...but to no avail...so the two command simple solution that would make you VB run like a horse without any issues goes like this :


yum install dkms binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-PAE-devel

/etc/init.d/vboxdrv setup

offcourse you have to run this as a su -

3.   Do let me know if u r stuck on this again...the sets of commands that I run since morning as root are produced below for info only.BUt I am sure the commands above would solve your problem.

   21  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo
   22  yum update
   23  rpm -qa kernel |sort |tail -n 1
   24  uname -r
   25  reboot
   26  rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
   27  pwd
   28  cd /etc/init.d/
   29  ls
   30  cd vboxdrv
   31  /etc/init.d/vboxdrv setup
   32  cd /var/log/
   33  more vbox-install.log 
   34  cd /etc/yum.repos.d/
   35  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo
   36  yum update
   37  yum install binutils qt gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-devel      
   dkms   
   38  yum install VirtualBox-4.2                                                                                  
   39  virtualbox                                                                                                  
   40  KERN_DIR=/usr/src/kernels/2.6.18-194.11.1.el5-x86_64                                                        
   41  export KERN_DIR                                                                                             
   42  yum update virtualbox-4.2                                                                                   
   43  aptitude update                                                                                             
   44  yum install dkms gcc                                                                                        
   45  yum install kernel-headers kernel-devel                                                                     
   46  /etc/init.d/vboxdrv setup                                                                                   
   47  more /var/log/vbox-install.log                                                                                                                                                                    
   49  wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo                                   
   50  uname -r                                                                                                                                                                             
   53  rpm -qa kernel |sort |tail -n 1                                                                             
   54  uname -r
   55  service vboxdrv setup
   56  uname -r
   57  KERN_DIR=/usr/src/kernels/3.6.6-1.fc17.i686.PAE
   58  export KERN_DIR
   59  virtualbox
   60  usermod -a -G vboxusers duqu
   61  virtualbox
   62  apt-get install dkms
   63  wget install dkms
   64  uname -r
   65  rpm -q kernel-devel
   66  uname -r
   67  virtualbox
   68  /etc/init.d/vboxdrv setup
   69  more /var/log/vbox-install.log
   70  KERN_DIR=/usr/src/kernels/3.6.6-1.fc17.i686.PAE
   71  export KERN_DIR
   72  virtualbox
   73  /etc/init.d/vboxdrv setup
   74  uname -r
   75  yum install kernel-headers-3.6.6-1.fc17.i686.PAE
   76  exit
   77  yum install kernel-headers gcc
   78  /etc/init.d/vboxdrv setup
   79  exit
   81  yum install dkms binutils gcc make patch libgomp glibc-headers glibc-devel kernel-headers kernel-   
   PAE-devel
   82  /etc/init.d/vboxdrv setup


Saturday, October 27, 2012

Do all ANTIVIRUS companies research independently ?


1.   Ever wondered how a Antivirus signature is made? Not so difficult actually....the answer goes like you detect a virus and then make a anti dote for that and subsequently release it as a signature.But as you think at a slightly larger level...i mean signatures being released by various antivirus companies for the same virus.Does each antivirus company re invent the wheel for each virus every time a new virus is detected..... Do they actually work differently to first find and then create a signature separately....Are all the viruses/malware's created by various hackers and agencies detected independently by all these antivirus companies?I doubt...!!!!But if my doubt is incorrect, then it is a SAD issue.....Because with the speed of population explosion of these various malware's and viruses....there can not be so many separate fighters and if there is one way to fight this gigantic threat...these all antivirus companies have to fight together...We should indeed realize that the threat is not individually existing to you and me but it exists to US...ie not United States...but you and me together ie ALL OF US....:-)

2.  But fighting together will not be so easy as the Economics of this War will defy competition ...so is there a need of funding at national level or at cross country level?Will it one day become a UN issue....ha ha ha!...like poverty..food scarcity and other issues being undertaken by UN,will there be a day when UN funds these antivirus companies because global dependency on IT is increasing and so are all vulnerable to so many threats.....:-)

3.   The earlier this is made a common issue...the more safer will the world become in future...because this threat is common to world...so should be the solution...

Friday, October 19, 2012

New Ubuntu AD takes on WINDOWS 8 :-)

Nothing to EXPLAIN here...one popular ad doing the rounds ti promote opensource UBUNTU..although not at the original Ubuntu Home page!!!!This comes just a week before Windows 8 Release..........

New Generation Biometrics : YOUR EYE MOVEMENTS ARE UNIQUE


1.   New generation Biometric Techniques have always raised appreciating eyebrows across.Like when I discussed about EARS SPEAKING at http://anupriti.blogspot.in/2010/01/ when-ears-speak.html.Although there are so many unheard unique and being used biometric in the offering this is certainly that I read on simply on curiosity.The complete post is at http://www.techgig.com/tech-news/editors-pick/Soon-eye-movements-can-be-your-new-password-15633.


2.   Now in brief goes like this :

-   This biometric system identifies people by the way they flicker their eyes while looking at a computer screen. 

-   Discovered and innovated by Oleg Komogortsev, a computer scientist at Texas State University-San Marco, is making use of the fact that no two people look at the world in the same way . When looking at a picture, different people will move their eyes among points of interest in different sequences.

-   Even if two people trace the same paths, the exact way they move their eyes differs, the 'LiveScience' reported. 

-   Eye movements could become part of the next generation of a more established biometric iris scans.

Is your ANTIVIRUS spying you ?


1.    Now as the Cyber Crime grows exponentially,so has the world of antivirus companies....the list is pretty endless....now how do all these antivirus companies work.Do they all research separately and develop separate signatures for each virus/malware found or do they have such common platform or standard wherein they share each others views and technologies.As I see on Wiki about the list of antivirus companies,they originate in different countries.Details of the page showing a compare of all such antivirus companies can be seen here.Well....what I am going to discuss here is importance of the country origin.

2.  Lets say I have antivirus company by the name of ABC that has its origin and complete team of researchers and developers from India.Now there is a user in some XYZ Country that uses this antivirus.Now while installing the antivirus,while he accepts the terms and conditions(who reads it anyway?),who stops the ABC antivirus from issuing some malware/spyware for that user PC.In the scan it can not be detected since it is being scanned by the installed antivirus.Now with some vested interest, the ABC Company can actually play havoc with confidential info of the user without giving a cue to the user.Who knows what all signatures released by the company contain? Even while submitting a sample virus,it is done mostly in a encrypted or a bundled form!!!!

3. Although institutes like EICAR (European Institute for Computer Antivirus Research) are there,but they also do not have any control over such issues!!!!If any one  has some idea on the subject ...please let me know vide email or comment here.....

Thursday, October 18, 2012

Hacking a HEART : Lover's Dream vs Hacker's BEAT IT!!!


1.    I think this is yet to come even on screen...but has unfortunately happened in real life.So we have all heard of Pacemakers that keep connected to internet to provision live feed of diagnostic parameters to their doctors mobile phone!!!smart....veri smart.....so those of you who read this for the first time....the cardiac pacemaker's based on internet call essential parameters to assist in diagnosis and fine-tuning.The patient's data is sent automatically on a daily basis to their cardiologist. This greatly simplifies patient care and can improve quality of life significantly..but now read on whats the worry about.One top google search led me to this vendor St. Jude Medical.Details of such selling pacemakers at this site.


2.     So hacking a heart has been a lover's dream for ages....but in this age it can be hacked and controlled in all means.I read this article by Nick Barron at http://www.scmagazineuk.com and another one by GREGORY FERENSTEIN at http://techcrunch.com.

At a recent developer conference, a pacemaker was wirelessly hacked to send deadly 830 volt shocks. Even worse, it would be “100 percent possible” that virus could spread to other devices in a wave of “mass murder”.The demonstration showed how to rewrite the devices onboard software (firmware). 

3.   So now what?.....this means that all those light hearted guys who are surviving on such internet based pace makers for actually facilitating live feed to their respective doctors now also need to worry about eating Antivirus Tablets and wearing Firewall Clothes!!!!uuh!!!!Although the recipe bought out here 
makes a perfect movie story but is actually a pretty worrisome worry!!!

4.    The image shown above is for reference only for the readers to see how actually a internet based pacemaker looks like.Case in point hacking of the device has got no link to the company and any of its product.

Internet Freedom : ULTRASURF

1.     While I have earlier talked about TOR,Anonymous OS etc and maintaining privacy on Internet...likewise there is no dearth of such options on the net.Another hugely respected :-) and proven software is ULTRASURF.This software is available at http://ultrasurf.us/ offcourse as a free download. :-).
 
2.   This was originally created to help internet users in China find security and freedom online and has subsequently grown to become one of the world's most popular anti-censorship, pro-privacy software, with millions of people using it to bypass internet censorship and protect their online privacy.

3.    Among other features,few as I felt important are jotted below :

- Protect your privacy online with anonymous surfing and browsing.
 
-  Hides your IP address,clears browsing history, cookies,and more.

-  Using industry standard, strong end-to-end encryption to protect  data transfer from being seen by third parties.

-  Bypasses internet censorship to browse the internet freely.

- Only supports Windows OS.

- Works with IE like TOR with Mozilla.

-  One interesting thing is that the company keeps logs bare minimum information for anti blocking purposes. They  keep your logs for maximum of 30 days to comply by the exisiting law protocols of the hosting country.

4.  More at   http://ultrasurf.us/

Tuesday, October 16, 2012

Operation b70 : Microsoft Disrupts the Emerging Nitol Botnet Being Spread through an Unsecure Supply Chain

In continuation with the last post, here is more from Microsoft.Please go through this brave but honest confession from Microsoft.......ummmm!!!!I would not say confession but actually Microsoft's attempt to save millions of innocent users...must read for info at

http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx

Operation b70 : New OS from Mall comes preloaded with Malware


1.   For last few years since Cyber Crime has been making news,it has been always discussed that all free stuff on internet comes preloaded with some kind of malware or spyware or some kindda ware!!!Here's about a one month old news worth a share that defies this logic....it actually says that Malware comes inbuilt to the OS from the mall showroom from u where u made the purchase!!!!!!!!

"Microsoft’s Digital Crime Unit (DCU) has recently made this astonishing announcement.DCU conducted a study to get a sense of how much of the counterfeit software available is preloaded with malware.  Microsoft researchers purchased 20 new computers from PC malls.  These systems had counterfeit software preinstalled on them by the distributor. DCU examined the files on these PCs and found malware on four of the 20 computers that were purchased, a 20 percent infection rate.Several types of malware were pre-installed on the computers purchased from the PC mall.  This malware enabled the attackers to perform a range of actions including DDoS attacks, creating hidden access points onto the systems, keylogging and data theft.

The researchers also identified one type of malware found on these systems attempting to connect to the command and control servers of a known botnet.  The ensuing study uncovered that attackers were building this botnet by infecting digital products, like computers or software, that were then distributed through an unsecure supply channel.  The malware was also designed to spread via flash drive memory sticks. The subdomains that hosted the botnet’s command and control servers link to more than 500 different types of malware.  Some of this malware is capable of turning on cameras and microphones connected to infected systems."

4.   More on the story here. uuuuhh!!!!isn't it scary...a fresh piece of digital device that you buy comes with an inbuilt spy to spy on you and your data...... In fact it is a bold step and brave announcement by the Microsoft DCU...it could have been hidden but they found it ok to declare it open so that the user gets braver on its use...!!!

5.   DCU took legal action to disrupt the malware hosted in the subdomains, in Operation b70.  You can read more about Operation b70 and the DCU’s efforts here: http://blogs.technet.com/b/microsoft_blog/archive/2012/09/13/microsoft-disrupts-the-emerging-nitol-botnet-being-spread-through-an-unsecure-supply-chain.aspx

6.   Thanks Microsoft and http://blogs.technet.com

HATS OFF : Felix Baumgartner

1.   Its a real HATS OFF...SALUTE to Felix Baumgartner the guy who travelled at MACH Speed.... phenomenal achievement by all standards...

2.   My blog is generally full of IT Stuff.....but such things actually makes me feel really nice....a great feat...a link video here for info




Sunday, September 16, 2012

Print to PDF in Ubuntu 12.04 LTS

1.     This is a simple single line of command that u write at the terminal to install a third party app that will install a pdf printer in ur Ubuntu System.
sudo apt-get install cups-pdf

2.     This will be generally handy when u need to print your documents that are ready to print but u don't have a printer installed....actually create a virtual PDF printer on your ubuntu PC that lets you convert all your documents/images/anything into PDFs that you can subsequently send to print as and when u have the facility to print.

3.    Thanks http://ubuntuportal.com

Friday, September 14, 2012

Testing ur Broad Band Speed : The ISP Promise

1.    As a customer you are promised so much from your ISP....and the most important thing an ISP promises a customer is fultu speed...they have various packages and plans to offer that revolve around offering various speeds.But how do u find out if the plan is actually provisioning the speed that u were promised.So there are ...in fact thousands of online tools to give and test your Internet broadband speed.One that I have been a regular follower is the speedtest.net available at http://www.speedtest.net/.

2.   A simple interface that takes less than a minute to get started and conclude with the result.I got the following result for my ISP...and that was as per the promise by ISP....so u can check urs too at the site : http://www.speedtest.net/



Wednesday, September 12, 2012

Being CCCSP: CDAC Certified Cyber Security Professional

1.     There is no doubt that I have keen interest in cyber security issues and subjects.I stop anywhere I find some thing to read or see articles / videos related to cyber security...always grab opportunities like workshops and seminars that hold related events. But just reading and going through these was not going to be enough to make a small mark in the field.Thus I decided to go for a certification exam.Came across CISSP,CCIE,Comp-TIA etc....which were slightly heavier on pocket :-)...so looked for a Indian version and equivalent that is not only recognized but also accepted in government organisations.So I enrolled for the exam in the month of Dec 2011 last year.....and got the results last week....and I passed....became a CDAC Certified Cyber Security Professional.The list of certified professionals is given at the link http://esikshak.in/eSikshak/professional_certified.html


2.   So in this post I am going to tell you few key features of this informative and excellent course :

- Name : CCCSP ie CDAC Certified Cyber Security Professional

- Duration : 6 months

- Certification Fees : Rs 7500/-

- Conducted By : CDAC,Hyderabad


-  Written test conducted at identified CDAC centres across India.

-   Duration of the test is 2 hours.

-  Two sections, 80% of objective type and 20% of subjective in the examination paper .

- 60% score in each section must required

-  The minimum score to get professional certification on average is 70%.

3.    More details available about this course at http://esikshak.in/eSikshak/help/English/eSikshak/CCCSP.html

4.    The certificate issued by C-DAC on CCCSP (C-DAC Certified Cyber Security Professional) is valid for 3 years from the date of issue. This is introduced, considering the importance of updating on-self on the latest security issues. 

5.   Thanks CDAC,Hyderabad.

Sunday, September 09, 2012

Wireless Data Transmission from every Light bulb : HAROLD HAAS


1.   As we always hear,the future is always bright and the present is always keeps waiting to see the future.So here is another bright news for all those intersted in knowing the speeds and media for data transmission in near future(...how near...lets see...m sire most of us willbe able to see this...tech demo is seen in the video).Before I start telling you about what news I am sharing with you here,a quote from Harold Haas,the inventor of this technology :

"Everywhere in a day there is light. Look around. Everywhere. Look at your smart phone. It has a flashlight, an LED flashlight. These are potential sources for high-speed data transmission.”

2.    Imagine using your car headlights to transmit data ... or surfing the web safely on a plane, tethered only by a line of sight.Promoting the invent as the D-Light, that uses a mathematical trick called OFDM (orthogonal frequency division multiplexing) allowing it to vary the intensity of the LED's output at a very fast rate, invisible to the human eye.The signal can be picked up by simple receivers. As of now, Haas is reporting data rates of up to 10 MBit/s per second that is faster than a typical broadband connection), and 100 MBit/s by the end of this year and possibly up to 1 GB in the future.He says: "It should be so cheap that it’s everywhere. Using the visible light spectrum, which comes for free, you can piggy-back existing wireless services on the back of lighting equipment.".Please watch this video from the TED talks by Harold Haas himself wherein he explains the technology behind in brief and shows the demo to the live audience.Simply jaw dropping for me...:-)


3.    In addition to this researchers in Germany have created the first white-light data links, which they claim can transfer information at rates up to 800 Mb s–1. The team has demonstrated a simplified version of the technology in an office building, where it managed to broadcast four high-definition video streams from overhead lights.


Tuesday, August 28, 2012

Cloud Threat : Malicious Insiders


1.   A lesser known fact but a serious threat comes in form of a malicious insider ie the people who work for the organisation delivering the cloud services.In a typical organisation,one malicious insider can put the company in serious trouble and embarassment unless all are monitored by placing strict access controls and policies.Thus the threat multifolds in capacity of doing damage in case of companies who offer cloud models as service since all services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance.To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary — ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. 

2.   Recommendations by CSA are put up below :

-  Enforce strict supply chain management and conduct a comprehensive supplier assessment.

-  Specify human resource requirements as part of legal contracts.

-  Require transparency into overall information security and management practices, as well as compliance reporting.

-   Determine security breach notification processes.

3.   Thanks CSA

Cloud Threat : Unknown risk profile


1.    The best thing all of us like and promote about cloud is that we have very little and reduced investment in software and hardware and also that the cloud user is able to focus on his core business.Like for a bank he should not be worried about what server should he buy or what storage should he provision...the bank should be able to focus on how to improve the banking procedures and profits.So this way the distraction is less for the prime user.But at the same time these benefits must be weighed carefully against the contradictory security concerns which are complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security requirements and musts.Would ever the Bank,in an case example,bother to know the Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design ?I am sure no bank would do that once they have outsourced their worries to the Cloud.Details and Information with whom the same infrastructure is being shared becomes critical.One loose hole and u get compromised.Although this is not so easy....but we should know that the cyber criminals and hackers work more then us to keep all of us on toes and if successful then on Knees:-)

2. An old, 2009, real case example exploiting this specific threat is available at http://www.pcworld.com/article/158038/heartland_has_no_heart_for_violated_customers.html

3.  Recommendations by CSA :

-  Disclosure of applicable logs and data.

-  Partial/full disclosure of infrastructure details (e.g., patch levels, firewalls, etc.).

-  Monitoring and alerting on necessary information.

Monday, August 27, 2012

Cloud Threat : Insecure Interfaces and APIs


1.    How does a typical cloud user interacts,manages and configures his cloud ? This interaction is achieved with Cloud Computing providers exposing the user to a set of software interfaces or APIs.Thus the overall demand,settings,managing and all configuration is achieved using this interface and APIs only.Thus comes the aspect of security of handling and designing these interfaces and APIs.The security and availability of ANY cloud service is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy.Not only this,but all the third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API.The recommended remediation's vide CSA are mentioned below :

- Analyze the security model of cloud provider interfaces.

- Ensure strong authentication and access controls are implemented in concert with encrypted transmission.

- Understand the dependency chain associated with the API

Cloud Threat : Shared Technology Issues


1.   When a computer processor is designed/manufactured...viz core 2 Duo or quad-core processor or for this purpose any processor,the processor doesn't know what will it be finally used for....I mean it may be used as a standalone machine or a server machine!!!Here's the issue..ie this processor was not meant to be used for cloud....but how does this matter?This matter because from the security point of view this processor was meant to support strong ISOLATION properties which is not the case in routine manufacturing.Only dependent on the hypervisors for the regular interface as discussed at an earlier post here.In cases of cloud we have to handle two platforms ..one is the OS running like windows or any other OS which comes along with inbuilt and already exploited vulnerabilities that keep getting patched(what about Zero day???) and the other is hypervisor vulnerabilities(just google on hypersvisor vulnerabilities and u see what's in store to get surprised).Both of these combined together would be deadly if not taken care of...because in the cloud world, reacting to a damage would be like taking some one to hospital after an accident or a bomb blast whereas it should be the other way round....remove all possibilities of the accident and ensure 100% secure Areas....latter being too tough to imagine in current environment.

2.   I read about this few years back when I was not very much clear on Cloud Computing concepts(though still naive but better then past!!! :-),there was an incident involving a hypervisor breach that was not widely publicized.Now if u know about XBox 360(is a video game console developed by Microsoft that competes with Sony's PlayStation 3 and Nintendo's Wii),it has an embedded hypervisor (surprisingly not Hyper-V),so it was some time in 2007, that there was a documented buffer overflow vulnerability in this hypervisor which could be exploited to gain access to the hypervisor mode and thus, to the entire system. Microsoft immediately released a patch for this.Now unlike regular Windows OS Option, patches are not optional for Xbox users. Thus,the patch was applied the next time a user connected to Xbox Live or installed a new game. Proof of concepts quickly appeared that exploited the hypervisor vulnerability as well as online documentation on how people have used the Xbox “hypervisor exploit” to crack their systems.(...got this info from http://blogs.gartner.com/neil_macdonald/2009/02/20/hypervisor-attacks-in-the-real-world/)

3.   Thus arises a need for strong secured compartments to ensure that the individual cloud users are not compromised in a manner that would ensure unmanageable losses in monitory terms as well as brand devaluation.The CSA gives the following point wise remidiation format for designing the policy boundaries to counter Shared Technology Issues : 

-  Promote strong authentication and access control for administrative access and operations.

-  Monitor environment for unauthorized changes/activity.

-  Enforce service level agreements for patching and vulnerability remediation.

-  Implement security best practices for installation/configuration.

-  Conduct vulnerability scanning and configuration audits.

Cloud Computing : The Darker Side


1.            Cloud computing…the word has generated enough buzz already across the corporate…the techies…the possibilities in future but all this comes at a backend question on security. If there is one thing that stops 80% of possible users using this powerful technology,it is only one aspect of it and that’s SECURITY….The question that comes in an auto mode to any possible cloud service enthusiast like how safe will be my data stored with them…even if its private who controls the key generation algorithms code…who is the single point of contact and so many…but perhaps evry question on this comes under one umbrella by the name of SECURITY…..

2.            So …are they right in thinking so?…when a technology that’s coming up so strong and so globally accepted  is it possible that the giant rise comes without an inbuilt security module? Actually it goes like right they are…the users…their fears stand right when they think about their data ownership.Released by https://cloudsecurityalliance.org,  in Dec 2010,they have identified few imminent threats in the sphere of cloud computing which they have meticulously covered under few major heads as identified below.These are not in the sequence of severity of threat as no seniority levels in this have been identified by the CSA.The original version of this paper by the Cloud Security Aalliance is at https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

Threat  1: Shared Technology Issues
Threat  2: Insecure Interfaces and APIs
Threat  3: Unknown Risk Profile
Threat  4: Malicious Insiders
Threat  5: Data Loss or Leakage
Threat  6: Abuse and Nefarious Use of Cloud Computing
Threat  7: Account or Service Hijacking

3.            Each of these security threats, I plan to discuss further in other posts within the week or as I am able to spare time….read some from CSA and put it in the manner I understand that.Thanks https://cloudsecurityalliance.org

Thursday, August 23, 2012

Bulk SMS Ban : Carry on India

1.    The government has recently banned bulk SMS and MMS messages for 15 days in view of the exodus of people from the northeast from cities like Bangalore, Pune and Hyderabad, following rumours that they would be attacked.

2.    Now how do u feel about this ban?...do u think it is going to be effective?.....certainly not if it were actually the bulk sms that did the damage.Does'nt the govt know about various sites offering these services of bulk sms for free on a simple registration? or do they not know about various smart phones applications that can still send bulk sms via a different mode.Is it not known to them that this ban is going to be effective for pre paid owners only?....and not for post paid owners.

3.    These orders come like axing the problem instead of putting in efforts to manage it. Read the following paragraph@http://www.hindustantimes.com

"The five-SMS-per-day cap is adversely affecting a group of unsuspecting victims, the hearing impaired.A deaf individual sends up to 250 messages per day on an average as it is their only mode of conversation. "The five SMS cap is a real pain for us. It is the only way I can stay in touch with my family or friends when I go to college. If I want to have a proper conversation with someone, I have to send at least 50 messages. It is easy for people who can call and stay in touch. For us, this is the only mode that boosts our mobility. It is insensitive of the government to discount the deaf community when they take these decisions," said Mahesh P, a hearing impaired Delhi University student."

4.   Everi one knows that it is wrong...it is not effective...but hey come on ...carry on INDIA....it is just another passe...


Anti Keylogger : KeyScrambler

1.   How would u ever know that all your key logs on the PC are not being logged by a key logger working incognito in the background?...if u r not the SMARTEST....m sure u will never know....so what can u do to avoid that when u know u r equally prone like anyone across the web space?...stop typing...or use OSK(on screen keyboard) or use KEY SCRAMBLER....which would encrypt every key stroke that u type on your pc immediately as you type....available in three versions....at this site at http://www.qfxsoftware.com/index.html.The good news is that one version is free that will take care of most of you.....

2.   Something about KeyScrambler.....is an anti-keylogging program that encrypts user keystrokes at the keyboard driver level, deep in the operating system. The scrambled keys are indecipherable while they travel to the destination app so that no keylogger can steal your passwords or other crucial information. Thus it defeats known and unknown keyloggers.The unobtrusive overlay window lets realtime encryption in process so you know how and when KeyScrambler is working. 

Image Courtesy : http://www.qfxsoftware.com/index.html (Click to enlarge)

HOW IT WORKS ?

-   As u type, this simultaneously encrypting your keystrokes at the keyboard driver level. Because KeyScrambler is located in the kernel, deep in the operating system, it is difficult for key loggers to bypass the encryption.

-   While the encrypted keystrokes travel along the crucial path, it doesn't matter if they get logged, or whether the keylogging malware is known or brand new, because your keystrokes remain completely indecipherable the whole time.

-   When the encrypted keystrokes finally arrive at the destination app, the decryption component of KeyScrambler goes to work, and you see exactly the keys you've typed.

Tuesday, August 21, 2012

Excellent posts on 3D Printing

Would like to share link to this wonderful site at              http://www.3dprinter.net/author/mark for the best info on 3D Printers.....

Unbelievable world of 3D Printers!!!

1.   I read about 3D Printers few years back and then just forgot to follow the developments...and now when I googled about these printers it was completely a happy shocking event for me.....what I saw was printing actual toys....printing real life machine components...just watch these videos below to see it with your own eyes of what could be in offering in the very near future now on but first see these videos :


(This one is original from BBC)
2.   Might as well have shocked you..but these are just few from the thousands stored on the internet already......now read further....shocking is yet to come....that allows eatable food to be printed

3.   Will not be a big thing if some one tells or u come to know from somewhere that Google  offers free meals to their employees in their onsite cafeteria...so whats the big deal about this...a billionaire company can afford that!!!!!now if I tell you that Google’s cafeteria has a 3D printer in the kitchen that prints out pasta.... With customized-everything all the rage, why not pasta? And of all places, of course it would be at Google. Chef Bernard Faucher says that since everyone has their own favorite style of pasta, he can program their 3D printer to create any conceivable, printable shape..........(I read this from http://www.3dprinter.net/mama-mia-google-cooks-up-some-3d-printed-pasta)

4.   3D printers in food applications have recently been in news,but this is a first of any kind...i know reading till this much would have let you believe all this to be a bogus....but its a fact...and it is just tip of the iceberg of whats in store for future....

5.  For more on 3D Printing...please google and shock your self!!!!!!!!!

Saturday, August 18, 2012

BARE METAL ENVIRONMENT & HYPERVISORS

1.   I had till now been playing around with Virtual Machines for quiet some time . I started with loading xp on Vista around 2006-7 and then tried networking,played around with basic linux OS....but what I did everi time was that I loaded the host OS first and then allocated the desired resources in form of some RAM and HDD and then booting the new OS....but then I was wasting the host OS Resource that actually is running the various virtual machines on it.....so how to use that, is where Bare Metal Environment comes in to rescue.

2.    Simply told,a bare metal environment is a system in which a virtual machine is installed directly on hardware rather than within the host operating system (OS). The term "bare metal" refers to a hard disk, the usual medium on which a computer's OS is installed.But then how come it is called virtual when the machine is directly running on the hardware? So actually a kind of  a pseudonym since a virtual machine running directly on bare metal would technically not be a virtual machine. In such cases VMs run within a hypervisor which creates the abstraction layer between physical and virtual hardware. So whats Hypervisor?? :-)

3.    A hypervisor is actually the virtual machine manager (VMM), or a virtualization technique allowing multiple operating systems to run concurrently on a host computer. Multiple instances of a variety of operating systems may share the virtualized hardware resources.The hypervisors are classified into basically two types as follows :

Type 1 refers to bare metal hypervisors that run directly on the host's hardware to control the hardware and to manage guest operating systems. 

Type 2 refers to hypervisors that run within a conventional operating system environment. With the hypervisor layer as a distinct second software level, guest operating systems run at the third level above the hardware.This classification can be made more clear with the help of figures below :

TYPE 1 : THE NATIVE BARE METAL TYPE
(click to enlarge)

TYPE 2 : HOSTED TYPE


(click to enlarge)
4.    Thanks Wiki and http://forums.hornfans.com

Wednesday, August 15, 2012

Cloud Computing & Virtualisation

 1.    Recently got an opportunity to give a presentation to a school/college audience about whats all the fuzz of Cloud Computing and Virtualization about?I tried building up the presentation from scratch to handling some secuity issues in the cloud.The copy is for you to see for reference : 

Cloud computing and Virtualisation

Power Searching with GOOGLE :Get Certified


1.   Few weeks back I came across a link in some blog that said the following :

"Google is offering a new free, 13 days, certification program on 'Google Power Searching' .The course is totally free and registration ends on July 16th. The course will sharpen your internet searching skill and help you learn advanced tricks to make internet searches. There are several short activities as a part of the course. Once the course is completed, a printable Google certificate will be emailed to you."

So the next thing I looked for was registering for the same....and yes it happened exactly the same way as was expected....the course started on time....i attended on line classes with wonderful simple videos to understand by google itself...became more crued up with the serch engine tools and tricks...appeared for the exams and i got the certificate as shown below.



2.  Would like to recommend this to everi one who googles....it really makes you a stronger searcher....for more details what else...u GOOGLE....

Saturday, August 11, 2012

FinFisher : THE LAWFUL INTERCEPTOR


1.  Some thing to read here about one security software named FINFISHER thats making some news...a sequence wise time line of events related to this is produced below : 

-  FinFisher is security software. 

-  Marketed by Gamma International to various government security officials assuring that it could be covertly installed on suspect's computers through exploiting security lapses.

-  In the name of Lawful Interception (LI), FinFisher was found in the Egyptian Secret Police Spy headquarters used to track people down during the revolution when Egyptian dissidents ransacked the office's of Egypt's secret police during the overthrow of President Hosni Mubarak 

-  Egyptian dissidents who ransacked the office discovered a contract with Gamma International for £287,000 for a license to run the FinFisher software.

-  A security flaw in so called "designed secure" applications like Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs.Gamma International offered presentations to government security officials at security software trade shows where they described to security officials how to covertly install the FinFisher spy software on suspect's computers using iTunes' update procedures.

FEATURES OF FINFISHER

-  FinFisher is able to record Skype and other voice over IP communications.

-  Logs keystrokes and turn on a computer's webcam and microphone. 

-  Can also steal files from a hard disk

-  Built to bypass dozens of antivirus systems.

-  Presently found across 12 C&C servers in 10 countries: the US, Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, Mongolia, Latvia and Dubai.

-  Not confirmed by any govt agencies as being used officially but then who else would at such a large scale???

-  Expected to be particularly difficult to detect. 

-  Used to access target Systems to give full access to stored information with the ability to take control of target systems' functions to the point of capturing encrypted data and communications. 

"When used in combination with enhanced remote deployment methods, the Government Agencies will have the capability to remotely deploy software on target systems".............................extract from official finfisher site at http://www.finfisher.com/FinFisher/en/portfolio.php

Wednesday, August 08, 2012

Bitter Truth : If NOT on FB,u r INSANE!!!

1.   Read this article today vide a TOI post that says that if you are not on FB ur insane.Facebook revolution has become so important aspect in people's lives, that increasing number of employers, and psychologists, believe people who aren't on social networking sites, could be insane....does that bring a exclamation mark on ur face...it did to me.....the post is available here

2.   It is strange that such things come as a analysis/study reports from psychologists......it lets us know how psycho are these psychologists who r deeply gripped by the FB revol...
Powered By Blogger