OPERATION CISCO RAIDER

1.   Counterfeiting is not new....since we were born we have been seeing dupli's and counterfiets of Reebok,nike,hmv etc...the list is actually endless....this endless list is now augmented with IT inventory....to cite you an example which has rocked the nations across is about OPERATION CISCO RAIDER.

2.    Relevant original EXTRACT FROM http://www.coastnetwork.com is produced below : 

" Cisco made a decision a decade ago to manufacture product in China as a way of cutting production costs. A great deal of Cisco manufacturing is now done overseas, specifically in China. What has happened is that many of the companies that do the outsourcing for Cisco now run an extra shift and sell the now counterfeit hardware out the back door. After all, they have the manufacturing capability, the expertise and the full blessing of Cisco. The result? More and more counterfeit Cisco hardware is now showing up on American shores. Part of the problem is that China does not have strong intellectual property protection laws. This is a situation that Cisco and many other companies are still struggling to solve and one that does not promise to be resolved soon.

Warning signs of a possible counterfeited item:

If you are getting discounts of 40-55% off the list price for brand new hardware, i.e. sealed boxes, then it is a red flag. The largest of Cisco’s customers – the Bank of Americas, Ford Motor Company, United Airlines, AT&T, etc. get these discounts. You don’t. If it is any consolation, even dealers do not get the top corporate discounts.       

While it is flattering and tempting to receive big discounts for new Cisco hardware, it is also unrealistic and should be treated with the utmost caution. 

Ask what the retail price is and compare it to the price you are being quoted. If you are getting a 15-25% discount from the list price for new/sealed hardware, then you are being quoted a fair and realistic price. Expect a reasonable discount, however; too big a discount often spells trouble.

Another sign to be aware of is the receipt of unsolicited email from unknown dealers offering you Cisco hardware at very good prices. This warning is doubly true if the email or company originates from mainland China.

3.     Thanks http://www.coastnetwork.com/counterfeitcisco

VIRUS in Boot Sector in Hard Disk fresh from OEM!!!!

Have recently heard of this in reputed makes and model of Top list hard disks OEMs.Would like to know if some has ever encountered this or has any form of info on this?

Image Ballistics : Incredible IT

1. In a typical crime or a murder case anywhere involving a pistol or a firing weapon,the forensic or the investigating personnel's involved can make out the make and model of the firing weapon with the help of the bullet found on site.The field dealing with this is known as ballistics.Now sync this with the field of IT....now imagine that u have shot a photograph or are analyzing some pic and you wish to know which camera was used to shoot that pic.......can u find out???????Yes....the answer is yesss!!!the field is known as Image Ballistics.

2. In a recent case,i read about a rave party being organized at outer skirts of a city with about a 200  plus people ,all collegites and similar age group....all of them had a blast and a few with some wrong ideas caught hold of a girl...drugged her and made some obscene mms and clicked some pics...next day it was uploaded on the you tube and the social networking sites.....now how to find the culprit?pretty difficult when about a 200 plus strength of personnel's have to be inquired.....the answer is Image Ballistics....the investigating agency got hold of the pics...came to know which model the pics were clicked from...yes the answer was a famous Nokia Model mobile.....so the owners were now limited to 8 out of the 200 plus strength...there mobiles checked and the simple recovery software's were enough to find out the culprit......imagine....isn't it astonishing.....

 3.   I checked up the state of pics clicked from my camera years back and all answers were correct.....few Nikon,few sony.......one easy and free tool for such investigation is JPEGSNOOP.Simple to download,very small size and great analysis report.....

4.  To know more click here......

Crack 14 Character passwords in Seconds : Objectif Sécurité

1.    There have been articles and forums on the powerful high speed GPU (video card) processors being able to easily provision cracking passwords very apace.A new technology steps here to rule the roast and allow password cracking upto 14 characters in seconds.....this is  called Objectif Sécurité ,by a Swiss security company,which uses rainbow tables on SSD drives.Seemingly it is the hard drive access time and not the processor speed that slows down cracking speed. So using SSD drives can make cracking faster, but just how fast? This technique has a phenominal capacity that could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds.

2.    A real time demo of cracking is available on line at Objectif’s free online XP hash cracker.Just visit the link and see urself by mentioning the hash in the text box.....astoundingly simple....

3. Thanks http://www.objectif-securite.ch/en/products.php

Collection of Forensic Softwares : TUCOFS

I found this good link with a identified set of softwares for various OSs and lot many links to other websites..worth a look if u have some interest in DIGITAL FORENSICS

Check out this link at TUCOFS - The Ultimate Collection of Forensic Software

Service Packs & Infection Rates

1.  First it was windows XP..then it was SP1(Service Pack 1)...followed by SP2,SP3 ...further by Vista SP1,SP2 and now Windows 7...how the upgrades in these packs have been reducing the infection rates is briefly reflected as per stats from Microsoft Security Intelligence Report.

- Infection rate for windows XP with SP3 is less then half of that for SP2 and less then a third of SP1.

- Windows Vista SP2 has a lower inefction rate then SP1 which is about 50% lower then Windows Vista Basic.

- In case of Server Operating SystemS,the infection rate for windows server 2008 with SP2 is about 20% less then the predecessor ie Windows Server 2008 RTM.

2. Thanks http://www.microsoft.com/security/sir/

CaaS : CRIME WARE AS A SERVICE at offer now

1. Bhaigiri...Supari..khokha...and similar terms have been till date used in reference with the crime world...now come to terms like Software as a Service(SaaS), Hardware as a service(HaaS) ,Platform as a service(PaaS) etc and the list is all set to become endless with cloud computing...whats the relation here?????..it goes 2 merge these two separate worldsie CRIME & IT....the earlier terms mentioned pertain to the world of crime and the later once refer to the vast possibilities and power knocking the users....thus refers to Crimeware as a Service(CaaS)

2. The controverting side is the world of hackers & cyber criminals who seem to exploit their technical tools to great effect. However, even for newbie hackers eager to join this world don’t need to possess the required levels of technological expertise. CaaS (Crimeware-as-a-Service) pulled out of some distant Cloud can provision the necessary tools, be they Virus/Worm Creation Kits, Denial of Service (DoS) applications or more simply estabilishing a botnet.A recent research proved they can be just a mouse click away! Kits were easily located to build a variant of ‘Indra’ Malware, as well as a manifestation of Badboy , providing the user with the power to create their own version to send on to their targets.

3. Granted these are not examples of cutting-edge malware, but they do however still pose a threat to the unprepared and unsuspecting organisation. As amazing as it may seem, even today there are large organisations who permit access to sites, and allow the download of Malware Construction Kits – and even more worrying, there are still pockets of companies who do not maintain their anti-virus or patches in an up-to-dtate condition.

4. Crime is going to be a inherent part in the cyber world and the cause of worry is that unlike army and mil est in the real world...no concrete effort and source is there to resist these evil forces.We are still acting to a situtaion when need of the hour is to be more then PROACTIVE.....

5. Thanks http://www.infosecurity-magazine.com/

Stuxnet : Some more good info

1.     Recently,after i mentioned Stuxnet on Meliorate...I found some more good info and FAQs at http://www.newscientist.com/........must read....

Is ur Account Hacked ?- Common ways u get compromised.

1.    There is no doubt on the fact that Google users are growing phenomenally.....and with this growing rise also comes the phenomenal rise and ways to get compromised or become a botnet.Thus a Google Account is also valuable for spammers and other unknown citizenry looking to impair you with ur personal info and data on ur pc and account inbox. It’s not so much about your account, but rather the fact that your circle of relatives and friends see your Google Account and mails from it as reliable.

2.   Nothing new about this but the most common ways hackers can login to your Google password are:

• Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.

• Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.

• Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.

• Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“ujjwal3008”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “dosa” for “What is your favorite food?”

3.   Another common error that we all unknowingly is that we keep the password same for multiple accounts on yahoo,gmail,blumail and so on.......put on ur thinking caps......if one account linked to other user name is compromised ....then in a way all are....

CANURE : 100 on ACID3 Test

1.    Last year in March 09,I wrote on my acquaintance with ACID3 and then CHROME scored the highest among the then present browsers.....now here comes a little known CANURE and u believe it or not...whats the score?...100 on 100......perfect 100....m sure worth a try...when chrome is scoring about 80 in 100 ,this claims getting 100/100 in Acid 3 Web Tests and 145/160 in HTML 5 Test.

2.   Download here.