Shadows in the Cloud : Cyber Espionage

Uploaded a Presentation on this recently been my fav article to read on Scribd.....

Shadows in the Cloud

Browser Forensics - Not Simple

1.      Just read one book by Peter C.Hewitt on Browser Forensics.An eye opener for anyone....the amount of info that stands compromised whilst using any browser is astonishing.....

2.      Now in a normal routine maintenance when I used to clear my browser History,cookies and cache....when I used to remove unnecessary files using utilities like Glary Utilities,Cc Cleaner and Tuneup utilities....i used to think that there r no traces left...before I was introduced to Mandiant's Webhistory, Pasco, Galleta and IE Passview.

3.      I checked up first with Mandiant's Webhistory....an 8 MB file...simple to install,,,free.Web Historian is a program that allows an investigator to collect, display and analyze web history data using Mandiant Intelligent Response (MIR) technology. It seeks to provide a customizable yet simplistic interface to view and navigate voluminous amounts of web history data. Perhaps the most powerful feature is the ability to correlate and provide multiple views of the data (including graphical and timeline) through the Analyzer and Web Profiler tool, in the hopes that investigators can come to well-informed conclusions about the data quickly.

4.       So after I cleaned up my PC using every utility....and scanned the PC with this software....the result was like nothing has been removed...all what I had accessed in last few days stands out in a compiled tabulated form ready to be saved as a Excel file for record.So what exactly allows this info extraction in spite of assurances from utilities available.The most recent versions of Windows store information about the pages viewed by the browser in a file called index.dat. One of the index.dats, in turn, contains information pointing to other files used in the browsing session. Windows has 3 types of index.dat files, for the cache, history and cookie files, respectively.Obviously, viewing all 3 types will give us the best understanding of what browsing took place. So....its not simply erasing ur history that could save you at some time......there is much much more ........

Root Kits : Hidden Undetected Threats

1. Malwares,trojans,adwares,spywares,virus,wormwares etc etc....protection vide Internet security editions by so many OEMs...and now rootkits(its not actually a recent development....)...has been in the threat making for about 10-12 years..but now the term is getting serious....so what actually are rootkits?

2. Rootkit is the term given to a group of utilities that hackers can misrepresent to keep access into a computer system once they have hacked into it. It gives them admission rights to find out usernames and passwords, allow strike against remote systems, remain hidden by erasing history from the system logs, and overabundance of various surreptitious tools.Rootkit is a combination of two words, “root” and “kit”. Root means supreme & Kit means a group of programs or utilities providing access to a user to retain a constant root-level contact to a terminal. The presence of rootkit ideally remains untraceable.

3. So more simply,they are a set of programs that can hide not only themselves but also other viruses, spyware, keyloggers and network traffic from normal antivirus and spyware removal software! Yes, a rootkit can infect your computer and take full control of it! You look inside a folder which contains rootkit files but you will see nothing. Why? Because the rootkit has told it to tell the user there are no files here. That is why, they are so dangerous and hard to detect......

4. BlackLight,RKDetector 2.0,RootkitBuster 1.6,RootkitRevealer 1.71 & Rootkit Unhooker 3.0A are few of the rootkit removal tools available...google for further details

5. Thanks http://www.rootkitonline.com/

ZERO DAY EXPLOIT : ???

1. While reading an article on Browser Forensics,came across this term "0-day" exploit....whats it all about?

2. A zero day exploit is a malevolent computer attack that takes capitalizes on a security hole before the vulnerability is known. This means the security issue is made known the same day as the computer attack is made. In other words, the software developer has zero days to prepare for the security breach and must work as quickly as possible to develop a patch or update that fixes the problem.This occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.

3. Zero day exploits may involve viruses, trojan horses, worms or other malicious code that can be run within a software program. While most programs do not allow unauthorized code to be executed, hackers can sometimes create files that will cause a program to perform functions unintended by the developer. Programs like Web browsers and media players are often targeted by hackers because they can receive files from the Internet and have access to system functions.While most zero day exploits may not cause serious damage to your system, some may be able to corrupt or delete files. Because the security hole is made known the same day the attack is released, zero day exploits are difficult to prevent, even if you have antivirus software installed on your computer. Therefore, it is always good to keep a backup of your data in a safe place so that no hacker attack can cause you to lose your data.

4. Thanks http://www.techterms.com/

Cyber Warfare : It has started

1. I have been recently digging deep into reading "Tracking Ghostnet" & "Shadows in the cloud".Crisp,to the point,full of information,a must read for all IT Security savvy personnels.This is where I got to read about "The May 2007 DoS Attacks on ESTONIA".Brief about this Estonia Case below :

2. Subject attacks on Estonia capitallyy known as Estonian Cyberwar or Web War 1, refers to a series of cyber aggresses that began April 27, 2007 and deluged websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia on some relocation issue of the Bronze Soldier of Tallinn.Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various low-tech methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred.

3. Subsequent to the incident, a criminal investigation was conducted and On 24 January 2008, Dmitri Galushkevich, a student living in Tallinn, was found guilty of participating in the attacks. He was fined 17,500 kroons (approximately US$1,640) for attacking the website of the Estonian Reform Party.So surprisingly,after so much of damge had been done,so much of ministeries websites were defaced,the followup resulted in a single conviction of a Russian Living in ESTONIA.Imagine....one single person from Russia was found responsible for the cyber havoc that Estonia had to face.

4. The net and the cyber world is still in the stage of nascency and there is lots coming ahead for sure in future...like the events surfaced in the movie "Live Free or Die Hard".Every one across the globe today has realized the potential of Cyber warfare.....and the power is immense....anyone who is clear....stands as ONE MAN ARMY.....as cited through one eg above.

ORDER OF VOLATILITY OF DIGITAL EVIDENCE

1. Not all information-based evidence is the same! Evidence can be organized into an “order of volatility” meaning how long it will stick around for you to collect until it automatically is lost.

2. Dan Farmer & Wietse Venema created the below table of evidence volatility, which is commonly referenced by forensic professionals. For example, information stored on a CD-R or some optical storage media can last for about 10-100 years depending on the brand used. Information stored in a computer’s main memory, by contrast, will last for only tens of nanoseconds before it is wiped out by the computer’s normal processing.

TYPE OF DATA	LIFESPAN
Registers, peripheral memory, caches, etc.	Nanoseconds or less
Main memory	Ten nanoseconds
Network state	Milliseconds
Running processes	Seconds
Disk	Minutes
Floppies, backup media, etc.	Years
CD-ROMs, printouts, etc.	Tens of years

3. Very critical from forensics point of view.....most people would want to turn a computer off (or at the very least unplug it from the network) when they realize an incident has occurred. However, as noted in the chart above, one will lose evidence in main memory and “network state” information (which other systems the computer is connected with and what information they are exchanging) with such an approach. Even shutting down a computer the “normal” way (Start / Turn Off Computer / Turn Off in Windows XP) can delete evidence, as Windows performs a number of housekeeping tasks in the shutdown process, such as closing opened files and clearing out the temporary disk cache.

4. Thanks Peter C. Hewitt (Read from Browser Forensics).

New Gen BIOMETRICS : PALMSECURE from FUJITSU

1. Quiet often we seen biometrics fingers,palm,eyes,retina being chopped off in Hollywood movies for gaining illegal access to control rooms and secure areas by the bad man...so we used to think like there is no end and no permanent solution to this....now comes a solution to this problem wherein not the fingerprint or the palm print is taken as authentication model....it is the veins inside that exist inside the palm that matter and should match...now these veins should also be flowing blood to authenticate the logger.

2. Fujitsu provides a highly reliable biometric authentication system based on palm vein pattern recognition technology. PalmSecure™ features industry-leading authentication accuracy with extremely low false rates, and the non-intrusive and contactless reader device provides ease of use with virtually no physiological restriction for all users.Applications include :

• Physical access control / Time and Attendance
• User authentication to PCs or server systems
• Government / Commercial identity management systems
• OEM terminal devices (POS, ATMs or information kiosks)
• Other industry-specific applications
• 
  

3. More about this here.

E-Waste & Indian Policy

1. In my earlier blog posts at here,here & here ,issues of e-waste and its repurcussions were mentioned.....now seems like Indian govt has attempted to wake herself up and find a solution.In a recent development,Directorate of Revenue Intelligence (DRI) seized some containers in Chennai containing large quantity of such waste. The imports were made despite a prohibitory order in this regard. The containers were full of outdated computers and electrical waste. On further investigation, it was found that containers carried hundreds of tonnes of e-waste sourced from Australia, Canada, Korea and Brunei in violation of norms.

2. E-waste is being dumped in the country by developing nations using loopholes in domestic rules which allow NGOs and educational institutions to import such gadgets freely on the pretext of donations. onscious of the fact that huge shipments of e-waste generated in developing countries are finding convenient burial ground in India, the government had through a public notice on May 13, 2010 prohibited educational and other institutions from importing second hand computers, laptops and computer peripherals, including printers, plotters, scanners, monitors, keyboards and storage units. The step was short of a complete ban on such imports.

3. The government is now looking at banning the import of used computers and other electronic waste - coming primarily from developed nations such as US, Australia, Canada and parts of Europe - after several cases of e-waste smuggling came to light recently. A decision is likely to be taken at the Economic Intelligence Council meeting scheduled for this month to be chaired by finance minister Pranab Mukherjee.

4. Thanks http://timesofindia.indiatimes.com

TABNAPPING : A new generation Cyber Crime

1. Another new term in the cyber crime is "Tabnapping" a combination of "tab" and "kidnapping" that could be used by phishers to dupe users into giving up passwords by secretly changing already-open browser tabs. All browsers on Windows and Mac OS X are vulnerable.It is thus a computer exploit,a kind of phishing attack, which persuades users to submit their login details and passwords to popular Web sites by impersonating those sites and convincing the user that the site is genuine. Eg . An open tab of Facebook for instance may be a false window. But very few of us may notice. As a result, we readily log in our username and password when prompted, only to fall to phishers.

2. Aza Raskin is the person behind coining this term,this 1984 born genius is an active phishing researcher.It is unlikely that Browser makers will patch this up soon the risk does not emanate from security vulnerabilities per se.

3. However, every major browser has a filter of some kind designed to weed out malicious sites and sites suspected of being infected with attack code. Those filters, assuming the blacklists underlying them are current and accurate, would block tabnapping attacks.

4. Thanks http://www.standardmedia.co.ke & http://www.couponsherpa.com

ScareWare : One more WAREior in the family

1. Adware,spyware,malware....and now one SCAREWARE.Imagine this...u r surfing innocently(???) on the web via your home/office PC,an advertisement appears on the web-page, trying to convince you that your computer is at risk and you must download the anti-virus to clean it. Once you click on the advertisement, a software trigger gets activated and you get caught in an unnerving loop impossible to abort. A scanner window will appear with red-letter warnings listing viruses purportedly infesting your hard drive. A series of dialogue boxes will follow giving you choices that all lead to the same screen: a sales pitch. Make the purchase, and you get a bogus inoculation. Try to cancel it, and you'll get repeated offers. It's like stepping into quicksand. The more you try to get out of it, the deeper you sink.....this is Scareware..the latest new generation way to get ur PC infected...although its first origin dates to sometime in 2004...its now that this is getting firm roots via increased strength of web surfers who are naive about security.

2. In brief, the scareware trickery ensnares internet users in the following steps:

• Criminals buy blocks of advertisement space on websites, intermittently slipping in a tainted advertisement.
• Just visiting a webpage with a tainted ad causes a fake warning box to appear.
• Clicking "OK" or "Cancel" launches the same thing: a "free scan."

After you've been lured into a fake "free" scan of your PC:

• The bogus scan will purport to find a virus infestation.
• Ensuing boxes steer the user to activate "Personal Antivirus," on left.
• The activation prompts take the user to a shopping cart.
• Declining to place an order triggers endless fake scans.

3. Thanks http://fanaticmedia.com

Man in the Browser Attack : New dimension of cyber attack

1. The name is interesting though and so is the working behind....MITB (Man in the Browser) attacks are designed by fraudsters to infect a web browser with malware which can result in mmodified web pages and transactions that are largely transparent to both the user and the host application.Trojans incl Silent Banker,Sinowal etc are pre programmed by fraudsters to activate when the user browser accesses a specific website such as their online banking portal.The activated trojan can then track the online session and perform real time interception etc that can lead to illegal money transfers,identity theft and further compromise on the users personal info.

2. The Man-in-the-Browser attack is the same approach as Man-in-the-middle attack, but in this case a Trojan Horse is used to intercept and manipulate calls between the browser and its security mechanisms or libraries in real time.A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or Two or Three Factor Authentication solutions are in place.

3. Thanks http://fanaticmedia.com/infosecurity/

BILL GATES & Khan Academy

1. I m a follower of Bill Gates on twitter and have come to know of this khan academy thru this......

2. When every one looks forward to learning from Bill Gates on so many aspects of IT education.....where do u guess his 11 year old son looks up-to for his education.....he follows Salman Khan...no no...not the Bollywood Dabanggg...he is another Salman Khan....click here to know more.....

3. Khan turns out thousands of videos from a converted walk-in closetin his Silicon Valley home (shown in this pic below) ...................gr888888888 work...and imagine the amount of effort that he has put in single handedly here......

4. This site at http://www.khanacademy.org/ has 1600 plus videos for school level maths,chemistry and science and many more subjects.....more news ....click here

Windows Systernals

1. I had not heard and read about this very low key but very powerful utility site which helps one manage, troubleshoot and diagnose Windows systems and applications incl so many unheard functions and utilities that one can go on and on exploring all.....the complete Windows systernals Suite can be downloaded by clicking here.

2. Another related site named Sysinternals Live is a service that enables to execute Sysinternals tools directly from the Web without hunting for and manually downloading them.

3. Must see and must try site.....click here to hit direct.

SALAAMI ATTACK

1. Ever seen your account with minute details of each and every penny/cent/paise in your account...I m sure many of you wouldn't have....how does it matter if its Rs 22323.45 or Rs 22322.12.....a difference of some paise ...we generally account for it against rounding off....but now on be ware...u may just be a salaami target....better known as Saalami Attack

2. An example of this also known as penny shaving, is the mal practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding off to the nearest money unit viz cent or paisa in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected.

3. IT comes with a whole lot of things...u get some,u loose some.....be ware.For more info click here, here and here.

4. Thanks http://www.cyberpolicebangalore.nic.in and http://en.wikipedia.org

TROJANs & BANK: Another story

1. Hard working hackers have recieved more then 700,000 pounds from thousands of bank accounts in Britain using a malicious software which claimants say is the deadliest,brutaliest(whats this???)trojan attack ever seen....

2. More then 4,000 online banking customers have found themselves as unwanted customers of this deal by hackers which empties their accounts while showing them fake statements so the crime goes undetected.This trojan is being termed and guessed as a variant of the Zeus trojan banking virus called Zeus v3. This is capable of collecting data such as passwords and even transfers money out of accounts automatically.

3. Beware ...nothing of this scale has happened till date in INDIA...why....because poor dont have much money and the rich keep and talk cash

IPAD WORLD & VARIETIES

1. Ever wondered about how many variants of IPAD exists from various companies apart from apple....many....and i mean really many....few of which i recently read in DIGIT

NOTION INK ADAM

This Adam Tablet is under development by Bangalore-based firm Notion Ink. It is rumored to be likely released by quarter ending Dec 2010 and is one of several tablet form-factor devices launching in 2010 to include a dual-core NVIDIA Tegra 2 processor that can support 1080p video output.

ARCHOS 9

Archos is a French consumer electronics company that manufactures portable media players and portable storage devices with Android 2.1 OS,3.2” display resolution 400 x 240,ARM Cortex A8 processor clocked at 800 MHz,a camera and microphone

Accelerometer with a WiFiand a composite video out.The device can be upgraded with a digital TV receiver that enables live TV and DVR features

EEE PAD

ASUS Eee is a family of products by AsusteK and is scheduled for launch by quarter Sept 2010 Computex in Taipei.

AIGO N700

The Android-powered Aigo tablet boasts a 1GHz ARM Cortex A9 processor and features Nvidia's Tegra 2 graphics chipset.

FUSION GARAGE JOOJOO

The JooJoo is a Linux-based tablet computer produced by Singapore development studio Fusion Garage.

DELL STREAK

The Streak is a Tablet/Smartphone hybrid from Dell that uses the Android operating system and comes with a 5" capacitive touchscreen and two cameras, a 5MP one with dual-LED flash on the back and a VGA-resolution one on the front for video calling; both are capable of video.

LENOVO IDEAPAD U1

IdeaPad is a line of consumer-oriented laptop computers designed by Lenovo.

EXOPC SLATE

The ExoPC Slate is a powerful Windows 7 computer with a multi-touch interface that allows you to browse the web, play games, watch TV and movies, listen to music, read the news, read books and magazines, organize your photos, download apps, view RSS feeds, access real-time weather, create and edit spreadsheets, author documents....WANT MORE?

ICD ULTRA

ICD Ultra

MSI WINDPAD

The tablet is powered by a 1.66GHz Intel Atom Z530 processor, 2GB of RAM, and packs a 32GB SSD that boots Windows 7 Home Premium, though MSI has created a Wind Touch UI layer.

User Mapped-Section open???

1. Regular users of Torrents might have seen something like the title disturbing them and stopping them of their downloads....i m one of them...so i tried and checked up few forums...tried doing force start etc...nothing worked....then tried disabling the antivirus for a while.....and it worked.....

2. So...simply just disable the antivirus for the time u wish to download....so lose some...gain some....

Increasing Laptop Bty Life : Few ways

1. Hibernate: Hibernating the laptop is always a tidier option than putting it on standby, or shutting it down. This is because the laptop’s hibernate mode saves it in the state it was hibernated in, and does not require the laptop to reboot all applications, thereby using much less power.

2. Get some extra RAM: Whenever a laptop runs short of RAM memory it end up shifting to the virtual memory which results in hard disk use, which is a much less efficient option in terms of power consumption. Putting in extra RAM does use more power, so don’t get too much extra, but when compared to the use of virtual memory it’s a more efficient option.

3. Apply energy saving options on the OS

4. Bring down the brightness of the screen

5. Shut Down External devices: Most USB devices and other external devices like external hard drives or USB lights or even USB mice should be switched off and removed if not in use.

6. Shutdown background apps

7. Amend battery cycle: For a healthy Lithium-ion based battery, it is always suggested to keep the electrons that are present inside in motion occasionally. That means it’s never a good idea to keep you laptop plugged in or on charge all the time as the electrons lose their ability to store energy. One should let it discharge fully and charge it completely at least once a month to keep the battery as good as new.

8. Switch-off unused wireless radios

9. Try to reduce multitasking: When using the laptop on battery power, one should try as much as possible to use one application at a time, and should ideally shut one application completely before opening another, to reduce consumption of both processing and battery power.

10. Defrag on regular intervals