Social Icons

Wednesday, February 09, 2011

INTERNET KILL SWITCH????


1.   Recent events in Egypt and the debate over the “Cyber Security and American Competitiveness Act of 2011”, has introduced the cyber world with a yet another jargon term “INTERNET KILL SWITCH”.Whats this all about and what does this mean.....crux in brief as i understood after going through few good informative sites....read onnnnn!!!!!

2.   The term would give US the best tools available to swiftly respond to a significant CYBER threat.Thus if the U.S. detected a serious cyberthreat at some point of time, this switch would enable the US President to instantly shut down any infrastructure connected to subject infrastructure.It is not a mandate to be able to shut down the entire Internet but rather authorizes the president to order turning off access to “critical infrastructure” .

3.   Our interest here is to look at just one dimension of the issue – the technical feasibility; the political and policy aspects, we’ll leave to others.

Tuesday, February 08, 2011

DATA STORAGE IN BACTERIA : 9,00,000 GB stored in 1 gm of Bacteria

1.  Earlier discussed here & here in my 2009 posts when the study,the concept and experiments were on test bench have now touched reality....

2.  A team of undergraduates and instructors from the Chinese University of Hong Kong (CUHK) has found a way to store a whole lot of data onto living bacteria cells through a process they call “massively parallel bacterial data storage.” And in addition to storing huge amounts of data, they have also figured out how to store and en/decrypt data onto living bacteria cells.

3.  The team has managed to squeeze more than 931,322GB of data onto 1 gram of bacteria (specifically a DH5-alpha strain of E.coli, chosen for its extracted plasmid DNA size) by creating a massively parallel bacterial data storage system. Compared to 1 to 4GB per gram data density of conventional media, the 900,000GB per gram figure the team has returned is genuinely stupefying ie like  to fit the equivalent of 450 2TB hard disks (900TB) on a single gram of E.coli bacteria.

4.   A small ppt straight from the team can be seen here.


5.   Thanks devilsduke.com for the pic

Sunday, February 06, 2011

DRIVE BY ATTACK

1.   A small and easy to infer article on DRIVE BY ATTACK here

2.   Thanks http://www.bitesofapple.com

Win32.Hlux : January 2011 " King of worms"


1.   Email-Worm.Win32.Hlux was talk of the E-town in January across the webosphere. This mail worm spreads via emails containing malicious links that prompt users to install a bogus Flash Player, supposedly to view an e-card. The link leads to a dialog window that asks if the user agrees to download a file. Irrespective of the response, the worm sets about to penetrate the system. In addition to propagating via email, Hlux also has bot functionality and adds infected computers to a botnet before connecting to its command center and executing its commands, which are primarily directed at sending pharmaceutical spam.

2.   Kaspersky Lab also detected a Trojan dropper masquerading as a key generator for the company's products. The old adage "There's no such thing as a free lunch" is particularly fitting here as the dropper goes on to install and launch two malicious programs. One of them steals program registration data and passwords for online games. The second is a backdoor that also has keylogger functionality.

3.   Kaspersky Lab also found the mass distribution of malicious short links on Twitter. After a number of redirects, the attention-grabbing links led users to a page promoting a rogue AV program.

4.   Apart from these two hardworkers(?????..i mean mal hardworkers) in january,the other shining star in the E-crime world is AdWare.Win32.WhiteSmoke.a which if clicked, will download a program that demands payment to rectify errors it supposedly detects on the system.

5.   More detailed report on http://www.kaspersky.com

Tuesday, February 01, 2011

AMD comes up with FUSION

1.   A small mention made earlier at this blog about ISTANBUL,an AMD launch...now comes up with the next gen processor known as FUSION.

2.  The 'Fusion' family will utilize a single-die design that combines multi-core CPU (x86) technology with a powerful DirectX 11-capable graphics and parallel processing engine. The APUs will also include a dedicated high-definition video acceleration block and a high-speed bus that transmits data across differing types of processor cores within the same design and will include power-saving features enabling all-day battery life. 


3.     More about FUSION here

IE users stand vulnerable again : Warning from MICROSOFT

1. This one is a real eye (....or more simply account) opener of so many IE Web browser users across the globe and this one comes straight from the horses mouth....ie MICROSOFT which has warned that the approx 900 million users of its Internet Explorer Web browser are at risk of having their computers commandeered and their personal information stolen by hackers.Microsoft has issued a 'critical' security alert over a newly-disclosed flaw that impacts all versions of the company's Windows operating system, including Windows XP (SP3), Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 (R2).

2. The trouble is meant primarily for users of IE only since no other major web browser available supports MHTML files.Microsoft also adds that the bug is inside Windows, (else who is going to use IE??????).Till date/hr as of now no hackers have been reported to exploit the vulnerability. 

3. An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicks that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.Such a script might collect user information (e.g. email), spoof content displayed in the browser, or otherwise interfere with the user's experience.

4. For the otherwise already loosing users at a quick pace,this release would pacen up the loosing percentage of IE users across.

5.   Thanks http://www.smh.com.au

Saturday, January 29, 2011

BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

Trojan.Spy.YEK : The Corporate Spying Tool


1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 

FBI : A Parent's Guide to Internet Safety

A must read guide from  The Federal Bureau of Investigation (FBI), an agency of the United States Department of Justice for all the parents in the world, advising & trying to make them understand the complexities of online child exploitation.....please click HERE

Case of Albert Gonzalez : The Largest Online Fraud in U.S. History


1. This case that I recently read in brief pertains to an interesting online fraud case against Albert Gonzalez.I have made it in a sequential point to compress the complete story for easy reading and grasping :

(a) Albert started using computers at an early age, and while in high school, managed to hack into the Government of India's website[ :( ]. Sadly, he was not charged at this stage and only warned to stay away from computers for six months.

(b) At the age of 19, he started his own group of hackers, named ShadowCrew, which trafficked over a million credit card numbers for use in online fraud. When the FBI finally managed to shut the group down, Albert was charged. However, he worked with the investigators and gave away vital information on his cohorts and did not need to serve a sentence. 

(c) Still on,Albert after two years worth of hardwork(????) compromised on sensitive data including 45.6 million credit and debit cards.

(d) TJX Companies notified the authorities of their data leakage. Albert had the abilities to crack and hack his way through, but the low security measures didn't help TJX. Albert was able to install his malware and sniffing software onto the networks of TJX and all the stores operating under them, even outside of the United States. TJX discovered the breach in December of 2006 and was under the belief that they had only been losing data for the past six to seven months, dating back to May 2006. After further investigation, they found that they were losing sensitive data since 2005. Albert had already moved on to bigger and better operations by the time TJX had even started discovering the extent of their security breach.

(e) Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

(f) During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke.(ha ha ha.....wow!!!!anyway)

(g) Gonzalez had three federal indictments:
- May 2008 in New York for the Dave & Busters case (trial schedule September 2009)
- May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)
- August 2009 in New Jersey in connection with the Heartland Payment case.

(h). On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

2. For details of the case with many links please visit HERE
Powered By Blogger