WIRESHARK Troubleshoot

1. The most common trouble that comes up first time users of Wireshark is that CAPTURE INTERFACE drop down shows the NPF not running and thus the interface list shows NIL.....

2. The small work to be done is that you need to install and then run WinPcap.So after you have installed Wireshark  and u have a shortcut of the application on the desktop...just right click the Wireshark  and run as the administrator.....should solve....

HIBERNATION MODE : HOW SAFE FOR YOU?

1. How often while using your PC u use the hibernation mode?I am sure that after reading the text below u r hardly going to use it owing to the serious compromise of your info of what you do and when you do ?

2. Ok…what do we mean by hibernation mode?......it simply means that via using this mode we are basically creating a snapshot of the contents of the computers RAM which is then saved to the root of the hard drive as “hiberfil.sys”!!!!This would now mean that the then current running applications and other data in RAM will be written to the hard disk.

3. For example, if we went into the hibernation mode with our browser still open…..then textual strings such as the last Google search performed or text from an open web page will be written to hard drive as the computer “hibernates”.

4. The Windows hiberfil.sys also become an issue while using encryption software such as TrueCrypt. If a Windows system is placed into hibernation mode without unmounting encrypted containers or volumes then the encryption keys used to access these containers will likely be left in RAM in plain-text. RAM will then be saved to the hard drive in the hiberfil.sys. This means that we will be leaving the keys (passwords) to all of your private containers and volumes free for the finding.

5. Ok…..if at all we get hold of the hiberfil.sys…is it going to be that easy to read all that hex dec info?...no certainly not…here come sandmen project for assistance….now whats SANDMEN PROJECT….pls google….in short it is a library which assists in parsing data from the hiberfil.sys.

Disable Hibernation mode on Windows XP:

• Right-click empty area on desktop

• Choose “Properties”

• Select the “Screen Saver” tab

• Click “Power…”

• Select the “Hibernate” tab

• Uncheck “Enable hibernation”

Disable Hibernation mode on Windows 7:

• Open “Control Panel”

• Click “Power Options”

• Click “Change plan settings” for you current power plan

• Click “Change advanced power settings”

• Expand “Sleep”

• Expand “Hibernate after”

• Enter “0″ for “Setting:” to set hibernate to “Never”

6.    Thanks http://www.anti-forensics.com

nVidia GeForce GPU cracks six character password in four seconds

1.  An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours.So guys ...have mentioned it so many times earlier...even a password upto 14 character in length has been shown easy to crack when i discussed at a post here about one year back....so better take care of ur passwords...small case with few caps and special characters with numbers upto a length of 10-15 should do it for the time being....things r getting nasty in the hacking world.....take care....

2.  more about this at...here...here...here....here...

Common Malware Symptoms

If you are malware hit....u r likely to see one or few or all of these symptoms:

 Your programs and files are suddenly missing.
 Homepage of your web browser has changed.
 Search results are being redirected.
 You start ending up at websites you didn't intend to go to.
 New icons & programs appear on the desktop that you did not put there.
 Your desktop background has changed without your knowledge.
 Your programs won’t start.
 Your security protection have been disabled for no apparent reason.
 You cannot connect to the internet or it runs very slowly.
 Strange or unexpected toolbars appear in your web browser.
 Takes longer to start and runs more slowly than usual.
 Computer shows strange error messages or popups.
 Freezes or crashes randomly.
 Computer is performing actions on its own.
 You cannot access security related websites.

DEEP FREEZE : II

In continuation with the earlier post here....would like readers to read this for info and value addition

http://forums.techguy.org/all-other-software/708554-other-progams-like-deep-freeze.html

DEEP FREEZE : A way to protect ur system!!!

1. Deep Freeze, by Faronics, is an application available for the Microsoft Windows, Mac OS X, and SUSE Linux operating systems which allows system administrators to protect the core operating system and configuration files on a workstation or server by restoring a computer back to its original configuration each time the computer restarts.The other interesting salient features are mentioned below :

-  Deep Freeze is a kernel-level driver that protects hard drive integrity by redirecting information being written to the hard drive or partition.

-  Leaves the original data intact. 

-  The directed information is no longer referenced once the computer is restarted, thus restoring the system to its original state at the disk sector level. 

-  Allows users to make 'virtual' changes to the system, giving them the appearance that they can modify core files or even delete them, and even make the system unusable to themselves, but upon reboot the originally configured 'frozen' state of the operating system is restored.

-  To make changes, a system administrator must 'thaw' the protected partition by disabling Deep Freeze, make any needed changes, and then 'freeze' it again by re-enabling Deep Freeze. These changes become part of the protected partition and will be maintained after restarts. 

2. Deep Freeze can also protect a computer from harmful malware, since it automatically deletes (or rather, no longer "sees") downloaded files when the computer is restarted. The advantage of using an application such as Deep Freeze antivirus / antimalware is that it uses almost no system resources, and does not slow your computer significantly. The disadvantage is that it does not provide real-time protection, therefore an infected computer would have to be restarted in order to remove malware. 

3. More at http://www.faronics.com/.Thanks WIKI......

XSS and CSS : Whats the difference ?

I often used to read XSS and CSS being read in the same context when i knew that CSS stands for Cascading Style Sheets.There has been a lot of mixing up of Cascading Style Sheets (CSS) and cross site scripting. But actually when people are speaking of CSS in context of Cross site scripting what they actually mean is XSS only....its the same.....

CYBER SECURITY : ACTIVE ATTACKS

An active attack involves probing the netwrok to discover individual hosts to confirm the information gathered in the passive attack phase.A lsit of tools i recently read are listed below for info.These are small but great tools for experimenting....m doing it on a VMware machine......

arphound

arping

bing

bugtraq

dig

dnstracer

dsniff

filesnarf

findsmb

fping

fragroute

fragtest

hackbot

hmap

hping

httping

hunt

libwhisker

mailsnarf

msgsnarf

nbtscan

nessus

netcat

nikto

nmap

pathchar

ping

scanssh

smbclient

smtpscan

tcpdump

tcpreplay

thcamap

traceroute

urlsnarf

xprobe2

HDFC CLEAN BOWLED by Hidden SQL Injection Vulnerability

1.  Howoften do we find ourselves getting irritated with the constant reminders from banks to change passwords every 15 days...to include few small cases,few caps,few numbers and few special characters and more often then not 40% of the account holders forget keeping a tab on what was the last password.....Inspite of heavy claims by most of the banks that they have the highly secured banking netwrok here comes a boomrang for HDFC...inspite of ample number of warnings by zSecure , a firm committed in providing comprehensive and cost-effective Penetration Testing services Networks, Servers and Web application,HDFC had no inkling of what they were warned about and what was supposed to be done....simply banking on some third party solution and getting into a SURRENDER SITUATION.....the story goes like this

HDFC was warned about Hidden SQL Injection Vulnerability by the firm ZSECURE.The subject vulnerability was discovered on 15-July-2011 and was reported on 17-July-2011 (reminder sent on 24-July-2011). The HDFC Bank’s team took around 22 days to respond to our e-mail and their first response came on 08-August-2011 with a message:

“Thank you for sending us this information on the critical vulnerability. We have remediated the same.“

After their e-mail, we again checked the status of said vulnerability and found that the vulnerability was still active on their web portal. We immediately replied to their email with additional proof of vulnerability and asked them to fix the same asap. Later on, after 2 days we again received an e-mail from their team with a message:

“We have remediated all the vulnerability reported on our website. Also we have got the application vulnerability assessment performed through one of our third party service provider and they confirmed that there are no more SQL Injection vulnerability.“

Their above response left us with an unexpected surprise. We were not able to believe that such a big organization doesn’t have proper vulnerability assessment in place because we already reported the vulnerability to them and even after conducting vulnerability assessment from a third party (as claimed) they were not able to find the active vulnerability in their web-portal.Thereafter, we sent complete inputs about the vulnerability to their security team and finally the vulnerable file was removed from HDFC’s web-server.

2.  The story goes on to confirm how much vulnerable we all are to such holes.Not blaming the bank singly,but the policies and the measures supposed to be taken and adopted have no firm policies on date.It is entirely left to the third party dependency solution....its high time for all banks to constantly take measures and keep itself updated to all new vulnerabilities hanging around......

3.  Thanks http://www.zsecure.net

CHINA CAUGHT ON WRONG FOOT in its own MARCH

1. Across the globe ,across all the cyber attacks investigated one thing that comes out common is the source of attack ie CHINA.As always China has been always denying all claims and has been doing reverse propoganda of actually deep rooted spoofing and involvement of other countries.But recently it was caught on the wrong foot in front of the international nietizens....

2.   Below is the extract straight from FEDERAL COMPUTING WEEK penned as China provides smoking gun against itself in cyberattacks by John Breeden II

" But now, thanks to China itself, I have proof that the People’s Liberation Army does attack the United States, and likely does so on a regular basis.

China’s claims of innocence have come crashing down because of an apparent mistake in editing in a documentary on the country’s own state TV that should never have gone live. The PLA presentation demonstrated its military capabilities. Amid all the tanks and planes, the propaganda piece showed a mere four seconds inside the group's cyber warfare center.Without narration, one has to think that the cybersecurity part of the piece was only put into the video by accident, a technical background shot placed between segments for a bit of extra color. However, those four seconds are both telling and damning to the Chinese lie that they don’t attack the United States.

Here is the incredible part: During those four seconds, we clearly see a Chinese soldier use a drop-down list to choose from preset target websites around the world. Then he actually attacks a website in Alabama.

In this case, the website was setup to support Falun Gong, a spiritual movement outlawed in China that practices meditation and a philosophy that emphasizes moral responsibility.

Even though all the targets shown in the four-second video were Falun Gong sites around the world, the fact that they were in a drop-down menu is telling and appalling. You don’t set up drop-down menus with attack buttons unless you plan to use them. And the Chinese military did push the attack button in the video, so apparently it has no problem pulling the trigger.

So to all you people who wanted to know where my smoking gun was, watch the video. It’s clear to me that we are under attack from China right now.

It’s time for China to own up to what it is doing. Or it’s time for the United States to do something about it."

3. The video link is shown below for info of all.Watch it carefully!!!!

4. Thanks http://fcw.com