Social Icons

Saturday, October 16, 2010

Is ur Account Hacked ?- Common ways u get compromised.

1.    There is no doubt on the fact that Google users are growing phenomenally.....and with this growing rise also comes the phenomenal rise and ways to get compromised or become a botnet.Thus a Google Account is also valuable for spammers and other unknown citizenry looking to impair you with ur personal info and data on ur pc and account inbox. It’s not so much about your account, but rather the fact that your circle of relatives and friends see your Google Account and mails from it as reliable.

2.   Nothing new about this but the most common ways hackers can login to your Google password are:
  • Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.
  • Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.
  • Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.
  • Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“ujjwal3008”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “dosa” for “What is your favorite food?”
3.   Another common error that we all unknowingly is that we keep the password same for multiple accounts on yahoo,gmail,blumail and so on.......put on ur thinking caps......if one account linked to other user name is compromised ....then in a way all are....

Friday, October 15, 2010

CANURE : 100 on ACID3 Test

1.    Last year in March 09,I wrote on my acquaintance with ACID3 and then CHROME scored the highest among the then present browsers.....now here comes a little known CANURE and u believe it or not...whats the score?...100 on 100......perfect 100....m sure worth a try...when chrome is scoring about 80 in 100 ,this claims getting 100/100 in Acid 3 Web Tests and 145/160 in HTML 5 Test.

Another Wowwwwww!!!!-CYBERTECTURE

1.   First watch this video and then read few lines on what CYBERTECTURE is?



2.  A state of art technological concept that appropriates a emblematic relationship between the urban fabric and technology. It excogitates both hardware of built environment and software system and technologies from micro to macro scales of development.I am sure the video would have opened thinking horizons to what mroe can be done with this.....wish to read more....click here

Tuesday, October 12, 2010

Biggest release of Patch update by MICROSOFT

1.    Patches by MS to be released today are said to be the biggest and largest batch of updates by Microsoft since Oct 2003.According to Microsoft, this batch will be the LARGEST in its history with no less than 16 security updates designed to address a total of 49 vulnerabilities in Windows, Internet Explorer, MS-Office and the software giant's .NET Framework.

2.    All this effort and size of the patches by MS reflects how vulnerable each one of us remains to the hacking and leak of personal info in wrong hands....the batch of updates will include Windows 7 critical updates,updates for Internet Explorer, MS -Office 2010.And all those happy using the pirated copies of OS across remain as vulnerable as they are already....

Monday, October 11, 2010

Stuxnet : A Milestone in Malicious Code History

1. Stuxnet,the internet worm,intent of which was thought to effect Iran's nuclear programme has now taken a U Turn towards HINDUSTAN....

2. American cyber warfare expert Jeffrey Carr has assured the GoI,that China the originator of this worm which has terrorised the world since Mid 2010. Ascribing the break down of ISRO's INSAT 4B satellite a few months ago ,Carr said it is China which gained from the satellite failure. Although he re affirms that the conclusions are not definite.Invariably the effected systems are loaded with a Siemens software which have been specifically targetted to which Siemens has released a detection and removal tool.Siemens recommends installing the Microsoft patch for vulnerabilities and disallowing the use of third-party USB sticks.It is further contemplated that incorrect remotion of the worm could cause irrepairable damage.

3. Jeffrey Carr says "The satellite in question (INSAT 4B) suffered the power `glitch' in an unexplained fashion and it's failure served another state's advantage -- in this case China," he said.The connecting link between INSAT 4B and Stuxnet is that the Siemens software is used in ISRO's Liquid Propulsion Systems Centre ie S7-400 PLC and SIMATIC WinCC.Something about Stuxnet...these attack Windows systems using four zero-day attacks and targets systems using Siemens' WinCC/PCS 7 SCADA software. It is initially spread using infected USB flash drives. Once inside the system it uses the default passwords to command the software.Few intretsing things about this :

- Half a megabyte in size 
- Written in different programming languages (including C and C++) 
- Digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. - Capabable to upgrade via peer to peer.
- Eric Byres, an expert in maintaining & troubleshooting Siemens systems, expects that writing the code would have taken many man-months.

4. Stuxnet is a threat aiming a specific industrial control system such as a gas pipeline,satellite systems & power plants. The ultimate goal of Stuxnet is to sabotage the facility by reprogramming programmable logic controllers (PLCs) to operate as the attackers intend them to, most likely out of their working and identified boundaries.This worm represents the first of many milestones in malicious code history ,it is the first to exploit four 0-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator. Whether Stuxnet will usher in a new generation of malicious code attacks towards real-world infrastructure,overshadowing the vast majority of current attacks affecting more virtual or individual assets—or if it is a once- in-a-decade occurrence remains to be seen.Stuxnet is of such great complexity requiring significant resources to develop—that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear. However, Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.The real-world implications of Stuxnet are beyond any threat we have seen in the past. 

5. When is India actually going to work for itself rather then performing across the globe...y is the world telling us that we are effected here...even in the case of SHADOWS IN THE CLOUD...we were told by the Shadow server foundation that our institutes have been compromised inspite of the fact that we have all it takes to take the IT world by storm...but we are all working for ourselves...and not for own country...cream is flowing out and getting outsorced..IT IS ACTUALLY SAD THAT THE WORLD KNOWS INDIA'S POTENTIAL BUT THE INDIANS DONT KNOW THIER OWN.....

Friday, October 08, 2010

Here comes Trojan-PWS-Nslogm to steal Passwords and credentials from Mozilla

1. I am sure we all endeavor to keep the antivirus updated,keep the OS patch updated,keep cleaning registries,keep cleaning browser history at regular intervals,keep ensuring regular complete scan of the precious PC Machine that we own....we all do this to ensure that we r safe while we browse...now read further to find out how it all goes in vain even with the best and leading browser company......

2. Antivirus company Webroot have identified an information extracting trojan, which alters a Firefox file, so that the browser stores passwords automatically.The trojan is named as Trojan-PWS-Nslogm and is capable of stealing usernames and passwords stored by both Internet Explorer and Firefox browsers.By default, whenever Firefox detects that login credentials are submitted through a Web form, it offers to remember them for future use.When this happens, the user is presented with several options which include "Remember", "Never for This Site" or "Not Now". If they choose remember, the browser stores the username and password in a local database.Since it's easier to steal credentials from this database instead of injecting the browser process and grabbing them as they are submitted, the author of this trojan thought it would make more sense to have Firefox remember all passwords without asking users for confirmation.To achieve this, he created a routine to patch the nsLoginManagerPrompter.js file in the Firefox installation by adding new code and commenting out some already existent lines."The Trojan then scrapes information from the registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox’s own password storage, and tries to pass the stolen information onward, once per minute," Andrew Brandt, a malware researcher at Webroot, explains.

3. The password stealer installs itself in the c:\windows\system32 folder as a file called Kernel.exe. The captured data is send to a command and control server via a deprecated ActiveX control called msinet.ocx.

4. So kya solution hai?...whats the solution to this?...simply stop using internet....just joking...solution being worked out still at FIREFOX labs.Thanks http://news.softpedia.com

RISK MANAGEMENT : Beware while u update with Patches

1. A zero-day exploit as discussed at an earlier post in this blog .....Some thing more to it...

2. A good extract straight lift from Infosecurity-magazine.com

"For a vendor, developing the update is not the part that takes time – testing is. We have more than 600 million downloads when we publish an update. If we “just” break 10% of the systems the update is installed, it would be a huge denial of service. So testing is the name of the game. How well is an unofficial patch tested?Often the vendor publishes workarounds (at least we do). This should be part of your risk mitigation strategy. Would the workaround be acceptable to buy you time?

How far do you trust the author of the unofficial update? How big is the risk that the update comes with pre-installed malware? The question immediately comes up: Why should we trust a vendor? Well, you bought or downloaded the software at the first hand – so, you decided to trust the vendor at the beginning.

What do you do once the vendor releases an update? Can you de-install the unofficial update?

Basically, it is a risk management decision, which should include at least the questions I raised above. Do not just run for the unofficial update – to me it should be really the last resort, if even!"

3. A good site to follow : Check out http://www.infosecurity-magazine.com

ALL izz WELL!!!!!inside this- Check out FREE STUDIO

My routine surfing on net invariably includes few video downloads,uploading videos to you tube and other sites sometimes,convert various available audi video formats to compatible formats with the help of so many convertors available accross,fiddling with audio formats,burning CDs & DVDs with videos and data files....in a typical scenario all this would be done on arange of softwares of different companies.....came across this absoutely free software ie FREE STUDIO...one single window solution to evri task as mentioned above and much more....and yes it is absolutely free...try it must...

Security Enabled Hardware :INTEL - McAfee Merger

1.      “Security is more effective when enabled in hardware” provisions for something in the pipe known as Security Enabled Hardware.Howzzz that???? There has been a lot of speculation about the rationale behind Intel's recent acquisition of McAfee....well if u r not aware of this Intel’s proposed $7.7billion purchase of McAfee that comes as the most magnanimous takeover deal in the chip giant’s 40-odd-year history....u better be now....although there is no product roadmap to speak of yet.




2.       McAfee technology deeply desegregated into Intel products would mean adding security functionality into Intel’s chip. But would this pushing security into silicon be able to negate the increasingly sophisticated and dynamic threats from cyber crime? Though components of security could be significantly enhanced if chips were designed integrating this way. What about updates,patches etc


3.       Security in the 21st century is about being dynamic, responding to the ever-changing threat landscape in real-time, which you can do with a cloud-based system powered by a network of threat intelligence sensors and reputation-based technologies that stop threats before they even hit the device. Pushing security down to the hardware level makes it very difficult to be reactive, agile or fundamentally secure.

Thursday, October 07, 2010

CLEANERS & FOOTPRINTS

1. Off late I have been experimenting with few software's which claim to do a 100% cleansing action of removing every browsing marks and history of any kind on your computer that u use for work and surfing.These incl the following :

2. Among these I have no doubts of who is leading?....CyberScrub Privacy Suite v 5.1 & PC Tools Privacy Guardian v4.5.Though CyberScrub Privacy Suite v 5.1 does leave Chrome traces and does't have Chrome included in its list of browsers......It does a pretty neat job by giving options of wiping that include Navy Staff Office Publication (NAVSO PUB) 5239,Russian Gost,Brouce Schneier algorith and many others with options of selecting passes......on the other side ie PC Tools Privacy Guardian v4.5...includes chrome as a option to be selected with similar wiping algorith options.....

3. Try you must.......all of them to know the real difference or simply follow the recommendations......
Powered By Blogger