MAKE incognito YOUR DEFAULT SETTING

1.    We all know how to browse hidden ie Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Commonly it is known as "incognito" or "privacy browsing".......an avid user of chrome ....I always had to open the browser and then select "New Incognito Window" to work...but not till today....a simple amendment in the target setting of properties of chrome shortcut will always make you open the incognito window......simply append "--incognito" at the end of the link address as shown below : 

C:\Users\???????\AppData\Local\Google\Chrome\Application\chrome.exe --incognito

2.    More clearly ...right click on the chrome shortcut on the task bar or on the desk top and click properties.In the target text box append "--incognito" to what is already there defining the location of the chrome browser....

3.     Thats it......

FLIRT BOTS

1.   I am sure most of you at at some point of time in your cyber surfing would have come across chat/messenging softwares like MSN or yahoo to mention a few....now although pretty old for the regular security guys, but thought of mentioning it here in my blog of how many of us succumb to the meanly desires of hackers via FLIRT BOTS.....u heard it correctly they are known as FLIRT BOTS.... 

2.  Here's how Flirt Bots work:

- The Bot strikes up a conversation in a chat room

- The Bots use a series of easily configurable "dialogue scenarios" with pre-programmed questions and discussion topics to compile a report on every person it meets

E.g.: ilovyou@yahoo.com says: "hey, whats up?" and further to this conversation they are invited to visit a website which could be used for any variety of malicious activity.

E.g.: ilovyou@yahoo.com says: "Ok go to http://??????.??/?????? and accept the invite on the page baby"

3.   In this case the victim is sent to a website "?????????.com" and is asked to provide personal information including credit card details in order to view the "webcam."

4.   The site can be used for many things - to host malicious downloads, or to try to sell you Fake AntiVirus software. The URL can do and host whatever the "bot master" specifies it to be .Frequently cyber-criminals collect a database of personal information and sell it to the highest bidder or anyone who will pay

5.   These "Flirt Bots", were first reported as a proof of concept(Evidence that demonstrates that a business model or idea is feasible.) by PC Tools in 2007.Thanks http://www.pctools.com

SYMANTEC SPOTS ONE INTERESTING E-MAIL CAMPAIGN

1. A fresh spam outbreak has been detected online that's drawing attention widely and effects users with e-mails laced with malicious software. Reportedly, there's one web-link embedded in the spam messages supposedly providing details, while the same messages try to pull down a .zip file attachment.The interesting aspect regarding the new spam mail relates to the inclusion of a password that the recipient earlier used.Now if I see a passowrd which at one point of my cyber surfing I had used it is bound to stirr up doubts of it being actually genuine.Once i donwload this zip file ,the eventual aim is achieved ie downloading the inevitably malware.

2. Reportedly, the malware as mentioned above has been identified as Trojan.Zbot or Zeus a Trojan which tries to grab secret data after compromising an end-user's PC. Further, it may take down updates and configuration files online, according to Symantec.

3. Additionally the e-mail ids and their corresponding passwords within the above unsolicited electronic mails, arrive from one prominent social gaming website, known internationally and currently being most widespread inside Asia.

4. Hence, Symantec advises all those who think they've fallen prey to compromised accounts to scan their PCs with an AV program followed with resetting all vital passwords, particularly online banking passwords. Additionally, they must also keep a watch over their accounts should they suspect any fraudulent operation.

5. Thanks http://www.spamfighter.com

BULLET PROOF HOSTING

1. Bulletproof hosting refers to a technique wherein web hosting firms permit their customers appreciable leniency in the kinds of material they may upload and distribute. 

2. Many service providers have "Terms of Service" that do not allow certain materials to be uploaded/distributed, or the service to be used in a particular way, and may suspend a hosting account, after a few complaints, to minimize the risk of their IP subnet being blocked by anti-spam filters using Internet Protocol (IP) based filtering. Additionally, some service providers may have ethical concerns that underpin their service terms and conditions.

3. Bullet Proof Hosting allows people who want to promote their product, service on their web site by sending Commercial and Bulk Emails. As well known, Email Marketing has emerged as one of the most effective and economical marketing tool. It gives you the power to broadcast your message to millions of prospects across the world and it works!

4. This leniency has been taken advantage of by spammers and providers of online gambling or pornography.Case in point is the case of "McColo ISP takedown in November 2008".McColo was one of the leading players in the so-called "bulletproof hosting" market — ISPs that will allow servers to remain online regardless of complaints.

5. Thanks http://bulletproof-server.net/

INSPIRED FROM INDIA : CHINAs ATTEMPT ON TAKING ON CORRUPTION

1.    In recent last few months,a lot has been happening in India in form of anshans,demonstrations,dharna's to bring back the black money freezing in swizz banks and to reduce corruption...so far so good...the spark happened and is now gradually bowing to the Government which ensure and loves STATUS QUO.....atleast thier wasy of working confirms this....instead of supporting the movement...they took the key persons involved head on and now in another about a week or so we will be back to STATUS QUO...

2.    But China's esurient Internet users are taking a leaf from India's anti-corruption drama by opening websites so citizens can confess, sometimes in pitiless detail, to buying off officials.Several Chinese confess-a-bribe websites, including "I Made a Bribe" (www.ibribery.com), have been inspired by an Indian website "I paid a bribe" (ipaidabribe.com)......china ranks 78th in the corruption list whereas we list at the 87th rank...m sure it is much worse.....apna nahee to kisi aur ka to bhala hoga........jai ho INDIAAAAAAAAAA

3.     Thanks http://www.reuters.com

McMurdo station & more DATA CENTRE Locations

1.    We all keep reading on issues like heating when we discuss data centres......now with the problems that datacenters have with cooling, the Antarctic is perhaps the ideal site for such a facility....i thought that was a joke before i first read about this and saw the pics on site at here

2.     The station's datacentre is dedicated to supporting scientific work and running the station - with 64 servers and more than 2PB of storage connected to hundreds of desktops by a gigabit Ethernet network.McMurdo Station is the telecoms hub for science projects, field camps and operations in western Antarctica funded by the National Science Foundation (NSF).To provide these services, it has a central telephone exchange and a wide spectrum of network, radio-frequency and satellite-communication systems.At the South Pole, every day up to 100GB of science data is transferred from the station to the US via satellite-communication links in support of multiple NSF-funded science projects.

3.    Thanks DIGIT.

HOW DO U FIND IF YOUR PC IS HACKED?- PART 6

FIND COMMAND

1.   Most of the commands I have discussed so far spew a lot of output on the screen, which could be hard for a human to look through to find a specific item of interest. But, Windows comes to the rescue. Users can search through the output of a command using the built-in find and findstr commands in Windows. The find command looks for simple strings, while findstr supports regular expressions, a more complex way to specify search patterns. Because the regular expressions supported by findstr go beyond the scope of this tip article, let's focus on the find command. By default, find is case sensitive - use the /i option to make it case insensitive.

2.    The find command also has the ability to count. Invoked with the /c command,it'll count the number of lines of its output that include a given string.Users often want to count the number of lines in the output of a command to determine how many processes are running, how many startup items are present  or a variety of other interesting tidbits on a machine. To count the lines of output, users could simply pipe their output through find /c /v "". This command will count (/c) the number of lines that do not have (/v) a blank line ("") in them. By counting the number of non-blank lines, the command is,in effect, counting the number of lines.

3.  Now, with the find command, users can look through the output of each of the commands I've discussed so far to find interesting tidbits. For example , to look at information every second about cmd.exe processes running on a machine, type:

C:\> wmic process list brief /every:1 | find "cmd.exe"

Or, to see which autostart programs are associated with the registry hive H KLM, run:

C:\> wmic startup list brief | find /i "hklm"

To count the number of files open on a machine on which openfiles accounting is activated, type:

C:\> openfiles /query /v | find /c /v ""

Whenever counting items in this way, remember to subtract the number of lines associated with column headers. And, as a final example, to see with one-second accuracy when TCP port 2222 starts being used on a machine, along with the process ID using the port, run:

C:\> netstat -nao 1 | find "2222"

THANKS www.amazingit.blogspot.com

HOW DO U FIND IF YOUR PC IS HACKED?- PART 5

NETSTAT COMMAND

1.  The Windows netstat command shows network activity, focusing on TCP and UDP by default. Because malware often communicates across the network, users can look for unusual and unexpected connections in the output of netstat, run as follows:

C:\> netstat –nao

2.  The -n option tells netstat to display numbers in its output, not the names of machines and protocols, and instead shows IP addresses and TCP or UDP port numbers. The -a indicates to display all connections and listening ports. The -o option tells netstat to show the processID number of each program interacting with a TCP or UDP port. If, instead of TCP and UDP, you are in interested in ICMP, netstat can be run as follows:

C:\> netstat -s -p icmp

3.   This indicates that the command will return statistics (-s) of the ICMP protocol. Although not as detailed as the TCP and UDP output, users can see if a machine is sending frequent and unexpected ICMP traffic on the network. Some backdoors and other malware communicate using the payload of ICMP Echo messages, the familiar and innocuous-looking ping packets seen on most networks periodically.

4.  Like WMIC, the netstat command also lets us run it every N seconds. But, instead of using the WMIC syntax of "/every:[N]", users simply follow their netstat invocation with a space and an integer. Thus, to list the TCP and UDP ports in use on a machine every 2 seconds, users can run:

C:\> netstat -na 2

HOW DO U FIND IF YOUR PC IS HACKED?- PART 4

OPENFILES COMMAND

1.  Many Windows administrators are unfamiliar with the powerful openfiles command built into Windows. As its name implies, this command shows all files that are opened on the box, indicating the process name interacting with each file. It's built into modern versions of Windows, from XP Pro to Vista. Like the popular ls of command for Linux and Unix, it'll show administrators all open files on the machine, giving the process name and full path for each file. Unlike lsof, however, it doesn't provide many more details, such as process ID number, user number and other information.

2.  Considering the volume of information it gathers, it's no surprise that the openfiles command is a performance hog. Thus, the accounting associated with

openfiles is off by default, meaning users can't pull any data from this command until it is turned on. This function can be activated by running:

C:\> openfiles /local on

3.  Users will need to reboot, and when the system comes back, they will be able to run the openfiles command as follows:

C:\> openfiles /query /v

4.  This command will show verbose output, which includes the user account that each process with an open file is running under. To get an idea of what malware has been installed, or what an attacker may be doing on a machine,users should look for unusual or unexpected files, especially those associated with unexpected local users on the machine.

5.   When finished with the openfiles command, its accounting functionality can be shut off and the system returned to normal performance by running the following command and rebooting:

C:\> openfiles /local off

HOW DO U FIND IF YOUR PC IS HACKED?- PART 3

1.  While WMIC is a relatively new command, let's not lose site of some useful older commands. One of my favourites is the venerable "net" command. Administrators can use this to display all kinds of useful information. For example, the "net user" command shows all user accounts defined locally on the machine. The "net localgroup" command shows groups, "net localgroup administrators" shows membership of the administrators group and the "net start" command shows running services.

2.  Attackers frequently add users to a system or put their own accounts in the administrators groups, so it's always a good idea to check the output of these commands to see if an attacker has manipulated the accounts on a machine. Also, some attackers create their own evil services on a machine, so users should be on the lookout for them.

More here.....