BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

Trojan.Spy.YEK : The Corporate Spying Tool

1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 

FBI : A Parent's Guide to Internet Safety

A must read guide from  The Federal Bureau of Investigation (FBI), an agency of the United States Department of Justice for all the parents in the world, advising & trying to make them understand the complexities of online child exploitation.....please click HERE

Case of Albert Gonzalez : The Largest Online Fraud in U.S. History

1. This case that I recently read in brief pertains to an interesting online fraud case against Albert Gonzalez.I have made it in a sequential point to compress the complete story for easy reading and grasping :

(a) Albert started using computers at an early age, and while in high school, managed to hack into the Government of India's website[ :( ]. Sadly, he was not charged at this stage and only warned to stay away from computers for six months.

(b) At the age of 19, he started his own group of hackers, named ShadowCrew, which trafficked over a million credit card numbers for use in online fraud. When the FBI finally managed to shut the group down, Albert was charged. However, he worked with the investigators and gave away vital information on his cohorts and did not need to serve a sentence. 

(c) Still on,Albert after two years worth of hardwork(????) compromised on sensitive data including 45.6 million credit and debit cards.

(d) TJX Companies notified the authorities of their data leakage. Albert had the abilities to crack and hack his way through, but the low security measures didn't help TJX. Albert was able to install his malware and sniffing software onto the networks of TJX and all the stores operating under them, even outside of the United States. TJX discovered the breach in December of 2006 and was under the belief that they had only been losing data for the past six to seven months, dating back to May 2006. After further investigation, they found that they were losing sensitive data since 2005. Albert had already moved on to bigger and better operations by the time TJX had even started discovering the extent of their security breach.

(e) Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

(f) During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke.(ha ha ha.....wow!!!!anyway)

(g) Gonzalez had three federal indictments:

- May 2008 in New York for the Dave & Busters case (trial schedule September 2009)

- May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)

- August 2009 in New Jersey in connection with the Heartland Payment case.

(h). On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

2. For details of the case with many links please visit HERE

Operation Pay Back & LOIC

A good one to read about the link between Mega D Botnet,Operation Pay Back with the aid of LOIC @ here

Full stop from being tracked online :An attempt from FIREFOX

1.  Firefox is working on a system which will provision web surfers to stop from being tracked online.We all know how  behemoths viz Google,Facebook and a plethora of OWMs use such information to sell targeted adverts and make money without ever asking the consent of the user.Such a move would be welcomed by privacy campaigners who have long complained that Google & Facebook are taking indecorums with the information .Currently these information seeking companies make use of 'cookies' that automatically save themselves onto users computer when they surf the web, and then keep a track of the browsing history.This data is then sold on to advertisers who put highly lucrative targeted ads on the individual's screen, depending on what internet pages they have recently been looking at. 

2.  Vice president of engineering at Mozilla,Mike Shaver,summed up the plan by saying the aim was to "put the user in control but not overwhelm them".And this would not only be a welcome step being used against information thefts but also actually be a booon for users who have been taken on a ride for so long on which they never ever desired to also......

Removing METADATA from JPEG & IMAGE FILES

1.    Invariably we all find various images from the net for our routine use,download them,modify them and use them in our sites and posts....but are we authorised to do so?...coz each jpeg and image file by a digital camera holds info in form of metadata and in few cases...the images may be copy right which may inadvertently rule against the user....so what to do to ensure safe...simple ...remove metadata from the image....but how?...here comes jhead for your help.Read and follow the instructions below :

- Press Start & Run or Windows key + R to open Run menu, type cmd.exe and press OK

- Type cd\     [To reach root directory]

- Type C:\md removemetadata     [To create a new directory by the name removemetadata]

- Type C:\cd removemetadata      [To reach the directory and Copy all pictures whose metadata is to be removed to this directory ]

- Download the program file jhead.exe to C:\removemetadata

- Type cd removemetadata

- To remove all metadata of all JPEG files in "this dir, type: jhead -purejpg * and press enter

- Done

2.    So doing this small,boring but important function will avoid case study like the mumbai case mentioned at an earlier post.

3.    Another easy way is to simply take a screen shot of the image and paste it in paint brush.But this would be cumbersome to do when the images are in bulk quantity.To download JHEAD...click here

Get Paid to Hack GOOGLE

1.    Google has made it official now vide which Google willl pay $500 and $3,133 to people who discover security vulnerabilities in its websites and online applications.......Google calls the program "experimental," but says it gives security researchers new incentives to report Web flaws directly and in real time to Google's security team thereby improving upon zero day exploit matters.

2.    This provisions  Google a chance to fix the vulnerabilities before it is exploited the way it should be. So, in order to qualify, security researchers must privately disclose new flaws to Google first before they go public with their research. Thus depending on the extent and scale of vulnerability made known to google,so will be the prize money awarded....And Google says that participants shouldn't use automated tools to search for flaws

 

MICROSOFT & Failures!!!

1.     For a IT giant like MicroSoft,this would not sync well,but for Microsoft,the year 2010 has seen more of closures of major projects launched with lots of promises and fanfare but somehow unfortunately it did not go the way microsoft desired tooo...and so had to be shut down in the same year....the list goes like this with some details in few lines ....

• February 2010 saw Microsoft announcing discontinuation of "Xbox Live service for original Xbox consoles and games.

• April 2010, Microsoft confirmed stopped working on tablet project, codenamed Courier which was touted to be an Apple iPad rival. 

• September 2010, Microsoft announced that the Windows Live Spaces blogging service will be Terminate gradually in favour of WordPress.com.

• May 2010, Microsoft announced halt on the Response Point phone system. 

• June 2010 saw Microsoft announcing discontinuation its new generation of smartphones.

• September 2010, Microsoft announced closure of Vine, a service built to help keep friends and family in touch during emergencies. 

2.      Thanks TimesofIndia

Mozilla @ Prone again!!!!

1.    Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.

2.    Thanks http://www.us-cert.gov

Bredolab grabs Attention

1.    A 27-year-old Armenian man has been charged as being the mastermind behind the Bredolab botnet, a network of millions of compromised computers worldwide.Main features of this trojan botnet are enumerated below for info : 

• Users of computers with viruses from this network will receive a notice of at the time of next login with information on the degree of infection. 
• Bredolab, known for spreading spam and rogue antivirus, is thought by some experts to have infected at least 30 million computers.
• Spread via drive-by attack websites and spam email attachments.
• Infecting machines with a backdoor that downloads additional malware without the victim's knowledge. 
• Sends out spoofed password reset messages to Facebook users in an attempt to spread malware and infect users of the social network.
• Has the power to obtain information on the user's computer including the ability to copy, change or delete files and other information," 
• Pushdo botnet uses Facebook to spread malicious email attachment: A phony message warns users that their Facebook password has been reset.
• Majority of infections are in the U.S. and the U.K. and many Western European countries.
• Discovered by the Dutch High Tech Crime Team in the late summer.
• Capable of infecting 3 million computers a month. The botnet network used servers hired in the Netherlands from a reseller of LeaseWeb, which is the largest hosting provider in the Netherlands, and one of the largest hosts in Europe.
• Able to constantly change its appearance to avoid detection by traditional antivirus signatures. Like other botnets, the Trojan communicated with the command-and-control server using encrypted messages.

Adobe flash Player hit!!!!

1.    A critical vulnerability has been exposed in Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems & Adobe Flash Player 10.1.85.3 and prior versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component .

2.   This exploit (CVE-2010-3654) could cause a crash and provision attacker into the drivers seat to take control of the affected system. 

3.   Adobe has released recommendations of how to avoid becoming a target on the subject matter but is still working in labs to find a fix.....click here for more

Intel opens first chip plant in China??

1.    The article at this post here informs in detail about the location,capacity of the first Intel chip set plant in China.The new plant fulfills Intel's total investment commitment in China to $4.7 billion. Intel has also established an assembly and test site in Chengdu as well as R&D centers and labs in Beijing, Shanghai and elsewhere in China, it said.

2.    What made me took a second read on this article was that since about last 6 years,whatever Motherboards and Chipsets from intel I have bought and seen in various machines....all chip sets have a common imprint of MADE IN CHINA since then....so if this is the first plant being set up in china....where were the earlier ones being made or printed???????

6$ is all to shut down a Cloud Client site!!!!

1.    CaaS,as mention at an earlier blog post here,has come up with a new success(or is it failure?) story.Now this goes like this.....invest $6 and take down any client's server with the help of Amazon's EC2 cloud infrastructure!!!!!  

2.    The cloud-based denial-of-service attack was part of a presentation : Cloud Computing, a Weapon of Mass Destruction? An onsite demo during the presenatation by Bryan and Anderson involved entering a name and credit card number, the experts created a handful of virtual server instances on Amazon's EC2. They started with only three virtual servers, uploaded their prototype attack tool, called Thunder Clap, scaled up to 10 servers, and then took their client's company off the Internet.Security consultants David Bryan of Trustwave and Michael Anderson of NetSPI said that they encountered nothing to stop them, like no special bandwidth agreements and no detection mechanisms for servers taking malicious actions. Their Thunder Clap program uses cloud-based services to send a flood of packets toward the target company's network. They reported that they can control the software directly or through a command left on a social network.Bryan and Anderson launched the attack to test their client's network, a small business that wanted its connectivity tested. According to DarkReading, Bryan said, "A threat agent could potentially run extortion schemes against a company by attacking for a couple of hours -- and then telling the company that, if you don't pay me, then I will attack you again." Amazon reportedly failed to reply to complaints by the security consultants.

3.    This can provision customised Botnets availability on rent, giving "would-be attackers a criminal 'cloud' from which to buy services."......seems like it is still tooo early to rely 100% on CLOUDS!!!!!!

4.     More on this here.......

OPERATION CISCO RAIDER

1.   Counterfeiting is not new....since we were born we have been seeing dupli's and counterfiets of Reebok,nike,hmv etc...the list is actually endless....this endless list is now augmented with IT inventory....to cite you an example which has rocked the nations across is about OPERATION CISCO RAIDER.

2.    Relevant original EXTRACT FROM http://www.coastnetwork.com is produced below : 

" Cisco made a decision a decade ago to manufacture product in China as a way of cutting production costs. A great deal of Cisco manufacturing is now done overseas, specifically in China. What has happened is that many of the companies that do the outsourcing for Cisco now run an extra shift and sell the now counterfeit hardware out the back door. After all, they have the manufacturing capability, the expertise and the full blessing of Cisco. The result? More and more counterfeit Cisco hardware is now showing up on American shores. Part of the problem is that China does not have strong intellectual property protection laws. This is a situation that Cisco and many other companies are still struggling to solve and one that does not promise to be resolved soon.

Warning signs of a possible counterfeited item:

If you are getting discounts of 40-55% off the list price for brand new hardware, i.e. sealed boxes, then it is a red flag. The largest of Cisco’s customers – the Bank of Americas, Ford Motor Company, United Airlines, AT&T, etc. get these discounts. You don’t. If it is any consolation, even dealers do not get the top corporate discounts.       

While it is flattering and tempting to receive big discounts for new Cisco hardware, it is also unrealistic and should be treated with the utmost caution. 

Ask what the retail price is and compare it to the price you are being quoted. If you are getting a 15-25% discount from the list price for new/sealed hardware, then you are being quoted a fair and realistic price. Expect a reasonable discount, however; too big a discount often spells trouble.

Another sign to be aware of is the receipt of unsolicited email from unknown dealers offering you Cisco hardware at very good prices. This warning is doubly true if the email or company originates from mainland China.

3.     Thanks http://www.coastnetwork.com/counterfeitcisco

VIRUS in Boot Sector in Hard Disk fresh from OEM!!!!

Have recently heard of this in reputed makes and model of Top list hard disks OEMs.Would like to know if some has ever encountered this or has any form of info on this?

Image Ballistics : Incredible IT

1. In a typical crime or a murder case anywhere involving a pistol or a firing weapon,the forensic or the investigating personnel's involved can make out the make and model of the firing weapon with the help of the bullet found on site.The field dealing with this is known as ballistics.Now sync this with the field of IT....now imagine that u have shot a photograph or are analyzing some pic and you wish to know which camera was used to shoot that pic.......can u find out???????Yes....the answer is yesss!!!the field is known as Image Ballistics.

2. In a recent case,i read about a rave party being organized at outer skirts of a city with about a 200  plus people ,all collegites and similar age group....all of them had a blast and a few with some wrong ideas caught hold of a girl...drugged her and made some obscene mms and clicked some pics...next day it was uploaded on the you tube and the social networking sites.....now how to find the culprit?pretty difficult when about a 200 plus strength of personnel's have to be inquired.....the answer is Image Ballistics....the investigating agency got hold of the pics...came to know which model the pics were clicked from...yes the answer was a famous Nokia Model mobile.....so the owners were now limited to 8 out of the 200 plus strength...there mobiles checked and the simple recovery software's were enough to find out the culprit......imagine....isn't it astonishing.....

 3.   I checked up the state of pics clicked from my camera years back and all answers were correct.....few Nikon,few sony.......one easy and free tool for such investigation is JPEGSNOOP.Simple to download,very small size and great analysis report.....

4.  To know more click here......

Crack 14 Character passwords in Seconds : Objectif Sécurité

1.    There have been articles and forums on the powerful high speed GPU (video card) processors being able to easily provision cracking passwords very apace.A new technology steps here to rule the roast and allow password cracking upto 14 characters in seconds.....this is  called Objectif Sécurité ,by a Swiss security company,which uses rainbow tables on SSD drives.Seemingly it is the hard drive access time and not the processor speed that slows down cracking speed. So using SSD drives can make cracking faster, but just how fast? This technique has a phenominal capacity that could crack passwords at a rate of 300 billion passwords a second, and could decode complex password in under 5.3 seconds.

2.    A real time demo of cracking is available on line at Objectif’s free online XP hash cracker.Just visit the link and see urself by mentioning the hash in the text box.....astoundingly simple....

3. Thanks http://www.objectif-securite.ch/en/products.php

Collection of Forensic Softwares : TUCOFS

I found this good link with a identified set of softwares for various OSs and lot many links to other websites..worth a look if u have some interest in DIGITAL FORENSICS

Check out this link at TUCOFS - The Ultimate Collection of Forensic Software

Service Packs & Infection Rates

1.  First it was windows XP..then it was SP1(Service Pack 1)...followed by SP2,SP3 ...further by Vista SP1,SP2 and now Windows 7...how the upgrades in these packs have been reducing the infection rates is briefly reflected as per stats from Microsoft Security Intelligence Report.

- Infection rate for windows XP with SP3 is less then half of that for SP2 and less then a third of SP1.

- Windows Vista SP2 has a lower inefction rate then SP1 which is about 50% lower then Windows Vista Basic.

- In case of Server Operating SystemS,the infection rate for windows server 2008 with SP2 is about 20% less then the predecessor ie Windows Server 2008 RTM.

2. Thanks http://www.microsoft.com/security/sir/

CaaS : CRIME WARE AS A SERVICE at offer now

1. Bhaigiri...Supari..khokha...and similar terms have been till date used in reference with the crime world...now come to terms like Software as a Service(SaaS), Hardware as a service(HaaS) ,Platform as a service(PaaS) etc and the list is all set to become endless with cloud computing...whats the relation here?????..it goes 2 merge these two separate worldsie CRIME & IT....the earlier terms mentioned pertain to the world of crime and the later once refer to the vast possibilities and power knocking the users....thus refers to Crimeware as a Service(CaaS)

2. The controverting side is the world of hackers & cyber criminals who seem to exploit their technical tools to great effect. However, even for newbie hackers eager to join this world don’t need to possess the required levels of technological expertise. CaaS (Crimeware-as-a-Service) pulled out of some distant Cloud can provision the necessary tools, be they Virus/Worm Creation Kits, Denial of Service (DoS) applications or more simply estabilishing a botnet.A recent research proved they can be just a mouse click away! Kits were easily located to build a variant of ‘Indra’ Malware, as well as a manifestation of Badboy , providing the user with the power to create their own version to send on to their targets.

3. Granted these are not examples of cutting-edge malware, but they do however still pose a threat to the unprepared and unsuspecting organisation. As amazing as it may seem, even today there are large organisations who permit access to sites, and allow the download of Malware Construction Kits – and even more worrying, there are still pockets of companies who do not maintain their anti-virus or patches in an up-to-dtate condition.

4. Crime is going to be a inherent part in the cyber world and the cause of worry is that unlike army and mil est in the real world...no concrete effort and source is there to resist these evil forces.We are still acting to a situtaion when need of the hour is to be more then PROACTIVE.....

5. Thanks http://www.infosecurity-magazine.com/

Stuxnet : Some more good info

1.     Recently,after i mentioned Stuxnet on Meliorate...I found some more good info and FAQs at http://www.newscientist.com/........must read....

Is ur Account Hacked ?- Common ways u get compromised.

1.    There is no doubt on the fact that Google users are growing phenomenally.....and with this growing rise also comes the phenomenal rise and ways to get compromised or become a botnet.Thus a Google Account is also valuable for spammers and other unknown citizenry looking to impair you with ur personal info and data on ur pc and account inbox. It’s not so much about your account, but rather the fact that your circle of relatives and friends see your Google Account and mails from it as reliable.

2.   Nothing new about this but the most common ways hackers can login to your Google password are:

• Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.

• Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.

• Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.

• Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“ujjwal3008”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “dosa” for “What is your favorite food?”

3.   Another common error that we all unknowingly is that we keep the password same for multiple accounts on yahoo,gmail,blumail and so on.......put on ur thinking caps......if one account linked to other user name is compromised ....then in a way all are....

CANURE : 100 on ACID3 Test

1.    Last year in March 09,I wrote on my acquaintance with ACID3 and then CHROME scored the highest among the then present browsers.....now here comes a little known CANURE and u believe it or not...whats the score?...100 on 100......perfect 100....m sure worth a try...when chrome is scoring about 80 in 100 ,this claims getting 100/100 in Acid 3 Web Tests and 145/160 in HTML 5 Test.

2.   Download here.

Another Wowwwwww!!!!-CYBERTECTURE

1.   First watch this video and then read few lines on what CYBERTECTURE is?

2.  A state of art technological concept that appropriates a emblematic relationship between the urban fabric and technology. It excogitates both hardware of built environment and software system and technologies from micro to macro scales of development.I am sure the video would have opened thinking horizons to what mroe can be done with this.....wish to read more....click here

3. Click for more at http://www.jameslawcybertecture.com/

Biggest release of Patch update by MICROSOFT

1.    Patches by MS to be released today are said to be the biggest and largest batch of updates by Microsoft since Oct 2003.According to Microsoft, this batch will be the LARGEST in its history with no less than 16 security updates designed to address a total of 49 vulnerabilities in Windows, Internet Explorer, MS-Office and the software giant's .NET Framework.

2.    All this effort and size of the patches by MS reflects how vulnerable each one of us remains to the hacking and leak of personal info in wrong hands....the batch of updates will include Windows 7 critical updates,updates for Internet Explorer, MS -Office 2010.And all those happy using the pirated copies of OS across remain as vulnerable as they are already....

Stuxnet : A Milestone in Malicious Code History

1. Stuxnet,the internet worm,intent of which was thought to effect Iran's nuclear programme has now taken a U Turn towards HINDUSTAN....

2. American cyber warfare expert Jeffrey Carr has assured the GoI,that China the originator of this worm which has terrorised the world since Mid 2010. Ascribing the break down of ISRO's INSAT 4B satellite a few months ago ,Carr said it is China which gained from the satellite failure. Although he re affirms that the conclusions are not definite.Invariably the effected systems are loaded with a Siemens software which have been specifically targetted to which Siemens has released a detection and removal tool.Siemens recommends installing the Microsoft patch for vulnerabilities and disallowing the use of third-party USB sticks.It is further contemplated that incorrect remotion of the worm could cause irrepairable damage.

3. Jeffrey Carr says "The satellite in question (INSAT 4B) suffered the power `glitch' in an unexplained fashion and it's failure served another state's advantage -- in this case China," he said.The connecting link between INSAT 4B and Stuxnet is that the Siemens software is used in ISRO's Liquid Propulsion Systems Centre ie S7-400 PLC and SIMATIC WinCC.Something about Stuxnet...these attack Windows systems using four zero-day attacks and targets systems using Siemens' WinCC/PCS 7 SCADA software. It is initially spread using infected USB flash drives. Once inside the system it uses the default passwords to command the software.Few intretsing things about this :

- Half a megabyte in size 

- Written in different programming languages (including C and C++) 

- Digitally signed with two authentic certificates which were stolen from two certification authorities (JMicron and Realtek) which helped it remain undetected for a relatively long period of time. - Capabable to upgrade via peer to peer.

- Eric Byres, an expert in maintaining & troubleshooting Siemens systems, expects that writing the code would have taken many man-months.

4. Stuxnet is a threat aiming a specific industrial control system such as a gas pipeline,satellite systems & power plants. The ultimate goal of Stuxnet is to sabotage the facility by reprogramming programmable logic controllers (PLCs) to operate as the attackers intend them to, most likely out of their working and identified boundaries.This worm represents the first of many milestones in malicious code history ,it is the first to exploit four 0-day vulnerabilities, compromise two digital certificates, and inject code into industrial control systems and hide the code from the operator. Whether Stuxnet will usher in a new generation of malicious code attacks towards real-world infrastructure,overshadowing the vast majority of current attacks affecting more virtual or individual assets—or if it is a once- in-a-decade occurrence remains to be seen.Stuxnet is of such great complexity requiring significant resources to develop—that few attackers will be capable of producing a similar threat, to such an extent that we would not expect masses of threats of similar in sophistication to suddenly appear. However, Stuxnet has highlighted direct-attack attempts on critical infrastructure are possible and not just theory or movie plotlines.The real-world implications of Stuxnet are beyond any threat we have seen in the past. 

5. When is India actually going to work for itself rather then performing across the globe...y is the world telling us that we are effected here...even in the case of SHADOWS IN THE CLOUD...we were told by the Shadow server foundation that our institutes have been compromised inspite of the fact that we have all it takes to take the IT world by storm...but we are all working for ourselves...and not for own country...cream is flowing out and getting outsorced..IT IS ACTUALLY SAD THAT THE WORLD KNOWS INDIA'S POTENTIAL BUT THE INDIANS DONT KNOW THIER OWN.....

Here comes Trojan-PWS-Nslogm to steal Passwords and credentials from Mozilla

1. I am sure we all endeavor to keep the antivirus updated,keep the OS patch updated,keep cleaning registries,keep cleaning browser history at regular intervals,keep ensuring regular complete scan of the precious PC Machine that we own....we all do this to ensure that we r safe while we browse...now read further to find out how it all goes in vain even with the best and leading browser company......

2. Antivirus company Webroot have identified an information extracting trojan, which alters a Firefox file, so that the browser stores passwords automatically.The trojan is named as Trojan-PWS-Nslogm and is capable of stealing usernames and passwords stored by both Internet Explorer and Firefox browsers.By default, whenever Firefox detects that login credentials are submitted through a Web form, it offers to remember them for future use.When this happens, the user is presented with several options which include "Remember", "Never for This Site" or "Not Now". If they choose remember, the browser stores the username and password in a local database.Since it's easier to steal credentials from this database instead of injecting the browser process and grabbing them as they are submitted, the author of this trojan thought it would make more sense to have Firefox remember all passwords without asking users for confirmation.To achieve this, he created a routine to patch the nsLoginManagerPrompter.js file in the Firefox installation by adding new code and commenting out some already existent lines."The Trojan then scrapes information from the registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox’s own password storage, and tries to pass the stolen information onward, once per minute," Andrew Brandt, a malware researcher at Webroot, explains.

3. The password stealer installs itself in the c:\windows\system32 folder as a file called Kernel.exe. The captured data is send to a command and control server via a deprecated ActiveX control called msinet.ocx.

4. So kya solution hai?...whats the solution to this?...simply stop using internet....just joking...solution being worked out still at FIREFOX labs.Thanks http://news.softpedia.com

RISK MANAGEMENT : Beware while u update with Patches

1. A zero-day exploit as discussed at an earlier post in this blog .....Some thing more to it...

2. A good extract straight lift from Infosecurity-magazine.com

"For a vendor, developing the update is not the part that takes time – testing is. We have more than 600 million downloads when we publish an update. If we “just” break 10% of the systems the update is installed, it would be a huge denial of service. So testing is the name of the game. How well is an unofficial patch tested?Often the vendor publishes workarounds (at least we do). This should be part of your risk mitigation strategy. Would the workaround be acceptable to buy you time?

How far do you trust the author of the unofficial update? How big is the risk that the update comes with pre-installed malware? The question immediately comes up: Why should we trust a vendor? Well, you bought or downloaded the software at the first hand – so, you decided to trust the vendor at the beginning.

What do you do once the vendor releases an update? Can you de-install the unofficial update?

Basically, it is a risk management decision, which should include at least the questions I raised above. Do not just run for the unofficial update – to me it should be really the last resort, if even!"

3. A good site to follow : Check out http://www.infosecurity-magazine.com

ALL izz WELL!!!!!inside this- Check out FREE STUDIO

My routine surfing on net invariably includes few video downloads,uploading videos to you tube and other sites sometimes,convert various available audi video formats to compatible formats with the help of so many convertors available accross,fiddling with audio formats,burning CDs & DVDs with videos and data files....in a typical scenario all this would be done on arange of softwares of different companies.....came across this absoutely free software ie FREE STUDIO...one single window solution to evri task as mentioned above and much more....and yes it is absolutely free...try it must...

Security Enabled Hardware :INTEL - McAfee Merger

1.      “Security is more effective when enabled in hardware” provisions for something in the pipe known as Security Enabled Hardware.Howzzz that???? There has been a lot of speculation about the rationale behind Intel's recent acquisition of McAfee....well if u r not aware of this Intel’s proposed $7.7billion purchase of McAfee that comes as the most magnanimous takeover deal in the chip giant’s 40-odd-year history....u better be now....although there is no product roadmap to speak of yet.

2.       McAfee technology deeply desegregated into Intel products would mean adding security functionality into Intel’s chip. But would this pushing security into silicon be able to negate the increasingly sophisticated and dynamic threats from cyber crime? Though components of security could be significantly enhanced if chips were designed integrating this way. What about updates,patches etc

3.       Security in the 21st century is about being dynamic, responding to the ever-changing threat landscape in real-time, which you can do with a cloud-based system powered by a network of threat intelligence sensors and reputation-based technologies that stop threats before they even hit the device. Pushing security down to the hardware level makes it very difficult to be reactive, agile or fundamentally secure.

4.       Thanks http://www.infosecurity-magazine.com

CLEANERS & FOOTPRINTS

1. Off late I have been experimenting with few software's which claim to do a 100% cleansing action of removing every browsing marks and history of any kind on your computer that u use for work and surfing.These incl the following :

- CyberScrub Privacy Suite v 5.1

- PC Tools Privacy Guardian v4.5

- Webroot Window Washer 6.5.5.155

- MilEraserSetup_XP2k

- Privacy-eraser

- Notrace-setup

- Eraser 6.0.7.1893

2. Among these I have no doubts of who is leading?....CyberScrub Privacy Suite v 5.1 & PC Tools Privacy Guardian v4.5.Though CyberScrub Privacy Suite v 5.1 does leave Chrome traces and does't have Chrome included in its list of browsers......It does a pretty neat job by giving options of wiping that include Navy Staff Office Publication (NAVSO PUB) 5239,Russian Gost,Brouce Schneier algorith and many others with options of selecting passes......on the other side ie PC Tools Privacy Guardian v4.5...includes chrome as a option to be selected with similar wiping algorith options.....

3. Try you must.......all of them to know the real difference or simply follow the recommendations......

Shadows in the Cloud : Cyber Espionage

Uploaded a Presentation on this recently been my fav article to read on Scribd.....

Shadows in the Cloud

Browser Forensics - Not Simple

1.      Just read one book by Peter C.Hewitt on Browser Forensics.An eye opener for anyone....the amount of info that stands compromised whilst using any browser is astonishing.....

2.      Now in a normal routine maintenance when I used to clear my browser History,cookies and cache....when I used to remove unnecessary files using utilities like Glary Utilities,Cc Cleaner and Tuneup utilities....i used to think that there r no traces left...before I was introduced to Mandiant's Webhistory, Pasco, Galleta and IE Passview.

3.      I checked up first with Mandiant's Webhistory....an 8 MB file...simple to install,,,free.Web Historian is a program that allows an investigator to collect, display and analyze web history data using Mandiant Intelligent Response (MIR) technology. It seeks to provide a customizable yet simplistic interface to view and navigate voluminous amounts of web history data. Perhaps the most powerful feature is the ability to correlate and provide multiple views of the data (including graphical and timeline) through the Analyzer and Web Profiler tool, in the hopes that investigators can come to well-informed conclusions about the data quickly.

4.       So after I cleaned up my PC using every utility....and scanned the PC with this software....the result was like nothing has been removed...all what I had accessed in last few days stands out in a compiled tabulated form ready to be saved as a Excel file for record.So what exactly allows this info extraction in spite of assurances from utilities available.The most recent versions of Windows store information about the pages viewed by the browser in a file called index.dat. One of the index.dats, in turn, contains information pointing to other files used in the browsing session. Windows has 3 types of index.dat files, for the cache, history and cookie files, respectively.Obviously, viewing all 3 types will give us the best understanding of what browsing took place. So....its not simply erasing ur history that could save you at some time......there is much much more ........

Root Kits : Hidden Undetected Threats

1. Malwares,trojans,adwares,spywares,virus,wormwares etc etc....protection vide Internet security editions by so many OEMs...and now rootkits(its not actually a recent development....)...has been in the threat making for about 10-12 years..but now the term is getting serious....so what actually are rootkits?

2. Rootkit is the term given to a group of utilities that hackers can misrepresent to keep access into a computer system once they have hacked into it. It gives them admission rights to find out usernames and passwords, allow strike against remote systems, remain hidden by erasing history from the system logs, and overabundance of various surreptitious tools.Rootkit is a combination of two words, “root” and “kit”. Root means supreme & Kit means a group of programs or utilities providing access to a user to retain a constant root-level contact to a terminal. The presence of rootkit ideally remains untraceable.

3. So more simply,they are a set of programs that can hide not only themselves but also other viruses, spyware, keyloggers and network traffic from normal antivirus and spyware removal software! Yes, a rootkit can infect your computer and take full control of it! You look inside a folder which contains rootkit files but you will see nothing. Why? Because the rootkit has told it to tell the user there are no files here. That is why, they are so dangerous and hard to detect......

4. BlackLight,RKDetector 2.0,RootkitBuster 1.6,RootkitRevealer 1.71 & Rootkit Unhooker 3.0A are few of the rootkit removal tools available...google for further details

5. Thanks http://www.rootkitonline.com/

ZERO DAY EXPLOIT : ???

1. While reading an article on Browser Forensics,came across this term "0-day" exploit....whats it all about?

2. A zero day exploit is a malevolent computer attack that takes capitalizes on a security hole before the vulnerability is known. This means the security issue is made known the same day as the computer attack is made. In other words, the software developer has zero days to prepare for the security breach and must work as quickly as possible to develop a patch or update that fixes the problem.This occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.

3. Zero day exploits may involve viruses, trojan horses, worms or other malicious code that can be run within a software program. While most programs do not allow unauthorized code to be executed, hackers can sometimes create files that will cause a program to perform functions unintended by the developer. Programs like Web browsers and media players are often targeted by hackers because they can receive files from the Internet and have access to system functions.While most zero day exploits may not cause serious damage to your system, some may be able to corrupt or delete files. Because the security hole is made known the same day the attack is released, zero day exploits are difficult to prevent, even if you have antivirus software installed on your computer. Therefore, it is always good to keep a backup of your data in a safe place so that no hacker attack can cause you to lose your data.

4. Thanks http://www.techterms.com/

Cyber Warfare : It has started

1. I have been recently digging deep into reading "Tracking Ghostnet" & "Shadows in the cloud".Crisp,to the point,full of information,a must read for all IT Security savvy personnels.This is where I got to read about "The May 2007 DoS Attacks on ESTONIA".Brief about this Estonia Case below :

2. Subject attacks on Estonia capitallyy known as Estonian Cyberwar or Web War 1, refers to a series of cyber aggresses that began April 27, 2007 and deluged websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia on some relocation issue of the Bronze Soldier of Tallinn.Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various low-tech methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred.

3. Subsequent to the incident, a criminal investigation was conducted and On 24 January 2008, Dmitri Galushkevich, a student living in Tallinn, was found guilty of participating in the attacks. He was fined 17,500 kroons (approximately US$1,640) for attacking the website of the Estonian Reform Party.So surprisingly,after so much of damge had been done,so much of ministeries websites were defaced,the followup resulted in a single conviction of a Russian Living in ESTONIA.Imagine....one single person from Russia was found responsible for the cyber havoc that Estonia had to face.

4. The net and the cyber world is still in the stage of nascency and there is lots coming ahead for sure in future...like the events surfaced in the movie "Live Free or Die Hard".Every one across the globe today has realized the potential of Cyber warfare.....and the power is immense....anyone who is clear....stands as ONE MAN ARMY.....as cited through one eg above.

ORDER OF VOLATILITY OF DIGITAL EVIDENCE

1. Not all information-based evidence is the same! Evidence can be organized into an “order of volatility” meaning how long it will stick around for you to collect until it automatically is lost.

2. Dan Farmer & Wietse Venema created the below table of evidence volatility, which is commonly referenced by forensic professionals. For example, information stored on a CD-R or some optical storage media can last for about 10-100 years depending on the brand used. Information stored in a computer’s main memory, by contrast, will last for only tens of nanoseconds before it is wiped out by the computer’s normal processing.

TYPE OF DATA	LIFESPAN
Registers, peripheral memory, caches, etc.	Nanoseconds or less
Main memory	Ten nanoseconds
Network state	Milliseconds
Running processes	Seconds
Disk	Minutes
Floppies, backup media, etc.	Years
CD-ROMs, printouts, etc.	Tens of years

3. Very critical from forensics point of view.....most people would want to turn a computer off (or at the very least unplug it from the network) when they realize an incident has occurred. However, as noted in the chart above, one will lose evidence in main memory and “network state” information (which other systems the computer is connected with and what information they are exchanging) with such an approach. Even shutting down a computer the “normal” way (Start / Turn Off Computer / Turn Off in Windows XP) can delete evidence, as Windows performs a number of housekeeping tasks in the shutdown process, such as closing opened files and clearing out the temporary disk cache.

4. Thanks Peter C. Hewitt (Read from Browser Forensics).