RISK MANAGEMENT : Beware while u update with Patches

1. A zero-day exploit as discussed at an earlier post in this blog .....Some thing more to it...

2. A good extract straight lift from Infosecurity-magazine.com

"For a vendor, developing the update is not the part that takes time – testing is. We have more than 600 million downloads when we publish an update. If we “just” break 10% of the systems the update is installed, it would be a huge denial of service. So testing is the name of the game. How well is an unofficial patch tested?Often the vendor publishes workarounds (at least we do). This should be part of your risk mitigation strategy. Would the workaround be acceptable to buy you time?

How far do you trust the author of the unofficial update? How big is the risk that the update comes with pre-installed malware? The question immediately comes up: Why should we trust a vendor? Well, you bought or downloaded the software at the first hand – so, you decided to trust the vendor at the beginning.

What do you do once the vendor releases an update? Can you de-install the unofficial update?

Basically, it is a risk management decision, which should include at least the questions I raised above. Do not just run for the unofficial update – to me it should be really the last resort, if even!"

3. A good site to follow : Check out http://www.infosecurity-magazine.com

ALL izz WELL!!!!!inside this- Check out FREE STUDIO

My routine surfing on net invariably includes few video downloads,uploading videos to you tube and other sites sometimes,convert various available audi video formats to compatible formats with the help of so many convertors available accross,fiddling with audio formats,burning CDs & DVDs with videos and data files....in a typical scenario all this would be done on arange of softwares of different companies.....came across this absoutely free software ie FREE STUDIO...one single window solution to evri task as mentioned above and much more....and yes it is absolutely free...try it must...

Security Enabled Hardware :INTEL - McAfee Merger

1.      “Security is more effective when enabled in hardware” provisions for something in the pipe known as Security Enabled Hardware.Howzzz that???? There has been a lot of speculation about the rationale behind Intel's recent acquisition of McAfee....well if u r not aware of this Intel’s proposed $7.7billion purchase of McAfee that comes as the most magnanimous takeover deal in the chip giant’s 40-odd-year history....u better be now....although there is no product roadmap to speak of yet.

2.       McAfee technology deeply desegregated into Intel products would mean adding security functionality into Intel’s chip. But would this pushing security into silicon be able to negate the increasingly sophisticated and dynamic threats from cyber crime? Though components of security could be significantly enhanced if chips were designed integrating this way. What about updates,patches etc

3.       Security in the 21st century is about being dynamic, responding to the ever-changing threat landscape in real-time, which you can do with a cloud-based system powered by a network of threat intelligence sensors and reputation-based technologies that stop threats before they even hit the device. Pushing security down to the hardware level makes it very difficult to be reactive, agile or fundamentally secure.

4.       Thanks http://www.infosecurity-magazine.com

CLEANERS & FOOTPRINTS

1. Off late I have been experimenting with few software's which claim to do a 100% cleansing action of removing every browsing marks and history of any kind on your computer that u use for work and surfing.These incl the following :

- CyberScrub Privacy Suite v 5.1

- PC Tools Privacy Guardian v4.5

- Webroot Window Washer 6.5.5.155

- MilEraserSetup_XP2k

- Privacy-eraser

- Notrace-setup

- Eraser 6.0.7.1893

2. Among these I have no doubts of who is leading?....CyberScrub Privacy Suite v 5.1 & PC Tools Privacy Guardian v4.5.Though CyberScrub Privacy Suite v 5.1 does leave Chrome traces and does't have Chrome included in its list of browsers......It does a pretty neat job by giving options of wiping that include Navy Staff Office Publication (NAVSO PUB) 5239,Russian Gost,Brouce Schneier algorith and many others with options of selecting passes......on the other side ie PC Tools Privacy Guardian v4.5...includes chrome as a option to be selected with similar wiping algorith options.....

3. Try you must.......all of them to know the real difference or simply follow the recommendations......

Shadows in the Cloud : Cyber Espionage

Uploaded a Presentation on this recently been my fav article to read on Scribd.....

Shadows in the Cloud

Browser Forensics - Not Simple

1.      Just read one book by Peter C.Hewitt on Browser Forensics.An eye opener for anyone....the amount of info that stands compromised whilst using any browser is astonishing.....

2.      Now in a normal routine maintenance when I used to clear my browser History,cookies and cache....when I used to remove unnecessary files using utilities like Glary Utilities,Cc Cleaner and Tuneup utilities....i used to think that there r no traces left...before I was introduced to Mandiant's Webhistory, Pasco, Galleta and IE Passview.

3.      I checked up first with Mandiant's Webhistory....an 8 MB file...simple to install,,,free.Web Historian is a program that allows an investigator to collect, display and analyze web history data using Mandiant Intelligent Response (MIR) technology. It seeks to provide a customizable yet simplistic interface to view and navigate voluminous amounts of web history data. Perhaps the most powerful feature is the ability to correlate and provide multiple views of the data (including graphical and timeline) through the Analyzer and Web Profiler tool, in the hopes that investigators can come to well-informed conclusions about the data quickly.

4.       So after I cleaned up my PC using every utility....and scanned the PC with this software....the result was like nothing has been removed...all what I had accessed in last few days stands out in a compiled tabulated form ready to be saved as a Excel file for record.So what exactly allows this info extraction in spite of assurances from utilities available.The most recent versions of Windows store information about the pages viewed by the browser in a file called index.dat. One of the index.dats, in turn, contains information pointing to other files used in the browsing session. Windows has 3 types of index.dat files, for the cache, history and cookie files, respectively.Obviously, viewing all 3 types will give us the best understanding of what browsing took place. So....its not simply erasing ur history that could save you at some time......there is much much more ........

Root Kits : Hidden Undetected Threats

1. Malwares,trojans,adwares,spywares,virus,wormwares etc etc....protection vide Internet security editions by so many OEMs...and now rootkits(its not actually a recent development....)...has been in the threat making for about 10-12 years..but now the term is getting serious....so what actually are rootkits?

2. Rootkit is the term given to a group of utilities that hackers can misrepresent to keep access into a computer system once they have hacked into it. It gives them admission rights to find out usernames and passwords, allow strike against remote systems, remain hidden by erasing history from the system logs, and overabundance of various surreptitious tools.Rootkit is a combination of two words, “root” and “kit”. Root means supreme & Kit means a group of programs or utilities providing access to a user to retain a constant root-level contact to a terminal. The presence of rootkit ideally remains untraceable.

3. So more simply,they are a set of programs that can hide not only themselves but also other viruses, spyware, keyloggers and network traffic from normal antivirus and spyware removal software! Yes, a rootkit can infect your computer and take full control of it! You look inside a folder which contains rootkit files but you will see nothing. Why? Because the rootkit has told it to tell the user there are no files here. That is why, they are so dangerous and hard to detect......

4. BlackLight,RKDetector 2.0,RootkitBuster 1.6,RootkitRevealer 1.71 & Rootkit Unhooker 3.0A are few of the rootkit removal tools available...google for further details

5. Thanks http://www.rootkitonline.com/

ZERO DAY EXPLOIT : ???

1. While reading an article on Browser Forensics,came across this term "0-day" exploit....whats it all about?

2. A zero day exploit is a malevolent computer attack that takes capitalizes on a security hole before the vulnerability is known. This means the security issue is made known the same day as the computer attack is made. In other words, the software developer has zero days to prepare for the security breach and must work as quickly as possible to develop a patch or update that fixes the problem.This occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software.

3. Zero day exploits may involve viruses, trojan horses, worms or other malicious code that can be run within a software program. While most programs do not allow unauthorized code to be executed, hackers can sometimes create files that will cause a program to perform functions unintended by the developer. Programs like Web browsers and media players are often targeted by hackers because they can receive files from the Internet and have access to system functions.While most zero day exploits may not cause serious damage to your system, some may be able to corrupt or delete files. Because the security hole is made known the same day the attack is released, zero day exploits are difficult to prevent, even if you have antivirus software installed on your computer. Therefore, it is always good to keep a backup of your data in a safe place so that no hacker attack can cause you to lose your data.

4. Thanks http://www.techterms.com/

Cyber Warfare : It has started

1. I have been recently digging deep into reading "Tracking Ghostnet" & "Shadows in the cloud".Crisp,to the point,full of information,a must read for all IT Security savvy personnels.This is where I got to read about "The May 2007 DoS Attacks on ESTONIA".Brief about this Estonia Case below :

2. Subject attacks on Estonia capitallyy known as Estonian Cyberwar or Web War 1, refers to a series of cyber aggresses that began April 27, 2007 and deluged websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia on some relocation issue of the Bronze Soldier of Tallinn.Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various low-tech methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred.

3. Subsequent to the incident, a criminal investigation was conducted and On 24 January 2008, Dmitri Galushkevich, a student living in Tallinn, was found guilty of participating in the attacks. He was fined 17,500 kroons (approximately US$1,640) for attacking the website of the Estonian Reform Party.So surprisingly,after so much of damge had been done,so much of ministeries websites were defaced,the followup resulted in a single conviction of a Russian Living in ESTONIA.Imagine....one single person from Russia was found responsible for the cyber havoc that Estonia had to face.

4. The net and the cyber world is still in the stage of nascency and there is lots coming ahead for sure in future...like the events surfaced in the movie "Live Free or Die Hard".Every one across the globe today has realized the potential of Cyber warfare.....and the power is immense....anyone who is clear....stands as ONE MAN ARMY.....as cited through one eg above.

ORDER OF VOLATILITY OF DIGITAL EVIDENCE

1. Not all information-based evidence is the same! Evidence can be organized into an “order of volatility” meaning how long it will stick around for you to collect until it automatically is lost.

2. Dan Farmer & Wietse Venema created the below table of evidence volatility, which is commonly referenced by forensic professionals. For example, information stored on a CD-R or some optical storage media can last for about 10-100 years depending on the brand used. Information stored in a computer’s main memory, by contrast, will last for only tens of nanoseconds before it is wiped out by the computer’s normal processing.

TYPE OF DATA	LIFESPAN
Registers, peripheral memory, caches, etc.	Nanoseconds or less
Main memory	Ten nanoseconds
Network state	Milliseconds
Running processes	Seconds
Disk	Minutes
Floppies, backup media, etc.	Years
CD-ROMs, printouts, etc.	Tens of years

3. Very critical from forensics point of view.....most people would want to turn a computer off (or at the very least unplug it from the network) when they realize an incident has occurred. However, as noted in the chart above, one will lose evidence in main memory and “network state” information (which other systems the computer is connected with and what information they are exchanging) with such an approach. Even shutting down a computer the “normal” way (Start / Turn Off Computer / Turn Off in Windows XP) can delete evidence, as Windows performs a number of housekeeping tasks in the shutdown process, such as closing opened files and clearing out the temporary disk cache.

4. Thanks Peter C. Hewitt (Read from Browser Forensics).

New Gen BIOMETRICS : PALMSECURE from FUJITSU

1. Quiet often we seen biometrics fingers,palm,eyes,retina being chopped off in Hollywood movies for gaining illegal access to control rooms and secure areas by the bad man...so we used to think like there is no end and no permanent solution to this....now comes a solution to this problem wherein not the fingerprint or the palm print is taken as authentication model....it is the veins inside that exist inside the palm that matter and should match...now these veins should also be flowing blood to authenticate the logger.

2. Fujitsu provides a highly reliable biometric authentication system based on palm vein pattern recognition technology. PalmSecure™ features industry-leading authentication accuracy with extremely low false rates, and the non-intrusive and contactless reader device provides ease of use with virtually no physiological restriction for all users.Applications include :

• Physical access control / Time and Attendance
• User authentication to PCs or server systems
• Government / Commercial identity management systems
• OEM terminal devices (POS, ATMs or information kiosks)
• Other industry-specific applications
• 
  

3. More about this here.

E-Waste & Indian Policy

1. In my earlier blog posts at here,here & here ,issues of e-waste and its repurcussions were mentioned.....now seems like Indian govt has attempted to wake herself up and find a solution.In a recent development,Directorate of Revenue Intelligence (DRI) seized some containers in Chennai containing large quantity of such waste. The imports were made despite a prohibitory order in this regard. The containers were full of outdated computers and electrical waste. On further investigation, it was found that containers carried hundreds of tonnes of e-waste sourced from Australia, Canada, Korea and Brunei in violation of norms.

2. E-waste is being dumped in the country by developing nations using loopholes in domestic rules which allow NGOs and educational institutions to import such gadgets freely on the pretext of donations. onscious of the fact that huge shipments of e-waste generated in developing countries are finding convenient burial ground in India, the government had through a public notice on May 13, 2010 prohibited educational and other institutions from importing second hand computers, laptops and computer peripherals, including printers, plotters, scanners, monitors, keyboards and storage units. The step was short of a complete ban on such imports.

3. The government is now looking at banning the import of used computers and other electronic waste - coming primarily from developed nations such as US, Australia, Canada and parts of Europe - after several cases of e-waste smuggling came to light recently. A decision is likely to be taken at the Economic Intelligence Council meeting scheduled for this month to be chaired by finance minister Pranab Mukherjee.

4. Thanks http://timesofindia.indiatimes.com

TABNAPPING : A new generation Cyber Crime

1. Another new term in the cyber crime is "Tabnapping" a combination of "tab" and "kidnapping" that could be used by phishers to dupe users into giving up passwords by secretly changing already-open browser tabs. All browsers on Windows and Mac OS X are vulnerable.It is thus a computer exploit,a kind of phishing attack, which persuades users to submit their login details and passwords to popular Web sites by impersonating those sites and convincing the user that the site is genuine. Eg . An open tab of Facebook for instance may be a false window. But very few of us may notice. As a result, we readily log in our username and password when prompted, only to fall to phishers.

2. Aza Raskin is the person behind coining this term,this 1984 born genius is an active phishing researcher.It is unlikely that Browser makers will patch this up soon the risk does not emanate from security vulnerabilities per se.

3. However, every major browser has a filter of some kind designed to weed out malicious sites and sites suspected of being infected with attack code. Those filters, assuming the blacklists underlying them are current and accurate, would block tabnapping attacks.

4. Thanks http://www.standardmedia.co.ke & http://www.couponsherpa.com

ScareWare : One more WAREior in the family

1. Adware,spyware,malware....and now one SCAREWARE.Imagine this...u r surfing innocently(???) on the web via your home/office PC,an advertisement appears on the web-page, trying to convince you that your computer is at risk and you must download the anti-virus to clean it. Once you click on the advertisement, a software trigger gets activated and you get caught in an unnerving loop impossible to abort. A scanner window will appear with red-letter warnings listing viruses purportedly infesting your hard drive. A series of dialogue boxes will follow giving you choices that all lead to the same screen: a sales pitch. Make the purchase, and you get a bogus inoculation. Try to cancel it, and you'll get repeated offers. It's like stepping into quicksand. The more you try to get out of it, the deeper you sink.....this is Scareware..the latest new generation way to get ur PC infected...although its first origin dates to sometime in 2004...its now that this is getting firm roots via increased strength of web surfers who are naive about security.

2. In brief, the scareware trickery ensnares internet users in the following steps:

• Criminals buy blocks of advertisement space on websites, intermittently slipping in a tainted advertisement.
• Just visiting a webpage with a tainted ad causes a fake warning box to appear.
• Clicking "OK" or "Cancel" launches the same thing: a "free scan."

After you've been lured into a fake "free" scan of your PC:

• The bogus scan will purport to find a virus infestation.
• Ensuing boxes steer the user to activate "Personal Antivirus," on left.
• The activation prompts take the user to a shopping cart.
• Declining to place an order triggers endless fake scans.

3. Thanks http://fanaticmedia.com

Man in the Browser Attack : New dimension of cyber attack

1. The name is interesting though and so is the working behind....MITB (Man in the Browser) attacks are designed by fraudsters to infect a web browser with malware which can result in mmodified web pages and transactions that are largely transparent to both the user and the host application.Trojans incl Silent Banker,Sinowal etc are pre programmed by fraudsters to activate when the user browser accesses a specific website such as their online banking portal.The activated trojan can then track the online session and perform real time interception etc that can lead to illegal money transfers,identity theft and further compromise on the users personal info.

2. The Man-in-the-Browser attack is the same approach as Man-in-the-middle attack, but in this case a Trojan Horse is used to intercept and manipulate calls between the browser and its security mechanisms or libraries in real time.A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or Two or Three Factor Authentication solutions are in place.

3. Thanks http://fanaticmedia.com/infosecurity/

BILL GATES & Khan Academy

1. I m a follower of Bill Gates on twitter and have come to know of this khan academy thru this......

2. When every one looks forward to learning from Bill Gates on so many aspects of IT education.....where do u guess his 11 year old son looks up-to for his education.....he follows Salman Khan...no no...not the Bollywood Dabanggg...he is another Salman Khan....click here to know more.....

3. Khan turns out thousands of videos from a converted walk-in closetin his Silicon Valley home (shown in this pic below) ...................gr888888888 work...and imagine the amount of effort that he has put in single handedly here......

4. This site at http://www.khanacademy.org/ has 1600 plus videos for school level maths,chemistry and science and many more subjects.....more news ....click here

Windows Systernals

1. I had not heard and read about this very low key but very powerful utility site which helps one manage, troubleshoot and diagnose Windows systems and applications incl so many unheard functions and utilities that one can go on and on exploring all.....the complete Windows systernals Suite can be downloaded by clicking here.

2. Another related site named Sysinternals Live is a service that enables to execute Sysinternals tools directly from the Web without hunting for and manually downloading them.

3. Must see and must try site.....click here to hit direct.

SALAAMI ATTACK

1. Ever seen your account with minute details of each and every penny/cent/paise in your account...I m sure many of you wouldn't have....how does it matter if its Rs 22323.45 or Rs 22322.12.....a difference of some paise ...we generally account for it against rounding off....but now on be ware...u may just be a salaami target....better known as Saalami Attack

2. An example of this also known as penny shaving, is the mal practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding off to the nearest money unit viz cent or paisa in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected.

3. IT comes with a whole lot of things...u get some,u loose some.....be ware.For more info click here, here and here.

4. Thanks http://www.cyberpolicebangalore.nic.in and http://en.wikipedia.org

TROJANs & BANK: Another story

1. Hard working hackers have recieved more then 700,000 pounds from thousands of bank accounts in Britain using a malicious software which claimants say is the deadliest,brutaliest(whats this???)trojan attack ever seen....

2. More then 4,000 online banking customers have found themselves as unwanted customers of this deal by hackers which empties their accounts while showing them fake statements so the crime goes undetected.This trojan is being termed and guessed as a variant of the Zeus trojan banking virus called Zeus v3. This is capable of collecting data such as passwords and even transfers money out of accounts automatically.

3. Beware ...nothing of this scale has happened till date in INDIA...why....because poor dont have much money and the rich keep and talk cash

IPAD WORLD & VARIETIES

1. Ever wondered about how many variants of IPAD exists from various companies apart from apple....many....and i mean really many....few of which i recently read in DIGIT

NOTION INK ADAM

This Adam Tablet is under development by Bangalore-based firm Notion Ink. It is rumored to be likely released by quarter ending Dec 2010 and is one of several tablet form-factor devices launching in 2010 to include a dual-core NVIDIA Tegra 2 processor that can support 1080p video output.

ARCHOS 9

Archos is a French consumer electronics company that manufactures portable media players and portable storage devices with Android 2.1 OS,3.2” display resolution 400 x 240,ARM Cortex A8 processor clocked at 800 MHz,a camera and microphone

Accelerometer with a WiFiand a composite video out.The device can be upgraded with a digital TV receiver that enables live TV and DVR features

EEE PAD

ASUS Eee is a family of products by AsusteK and is scheduled for launch by quarter Sept 2010 Computex in Taipei.

AIGO N700

The Android-powered Aigo tablet boasts a 1GHz ARM Cortex A9 processor and features Nvidia's Tegra 2 graphics chipset.

FUSION GARAGE JOOJOO

The JooJoo is a Linux-based tablet computer produced by Singapore development studio Fusion Garage.

DELL STREAK

The Streak is a Tablet/Smartphone hybrid from Dell that uses the Android operating system and comes with a 5" capacitive touchscreen and two cameras, a 5MP one with dual-LED flash on the back and a VGA-resolution one on the front for video calling; both are capable of video.

LENOVO IDEAPAD U1

IdeaPad is a line of consumer-oriented laptop computers designed by Lenovo.

EXOPC SLATE

The ExoPC Slate is a powerful Windows 7 computer with a multi-touch interface that allows you to browse the web, play games, watch TV and movies, listen to music, read the news, read books and magazines, organize your photos, download apps, view RSS feeds, access real-time weather, create and edit spreadsheets, author documents....WANT MORE?

ICD ULTRA

ICD Ultra

MSI WINDPAD

The tablet is powered by a 1.66GHz Intel Atom Z530 processor, 2GB of RAM, and packs a 32GB SSD that boots Windows 7 Home Premium, though MSI has created a Wind Touch UI layer.