TOR : ITSELF VULNERABLE!!!

At my earlier post here about TOR...the one who makes you anonymous online is now vulnerable it self....:-)..all the features that I mentioned just few days back...are all vulnerable....latest from Gentoo Linux Security Advisory gives the following details :

- Prone to multiple vulnerabilities as on date.

- Most severe of which allows execution of a arbitrary code by a remote attacker.

- Can cause a Denial of Service.

- A remote relay that the user is directly connected to, may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections

SOLUTION : ALL TOR LOVERS TO UPGRADE TO THE LATEST TOR ASAP.

Blocking with a Hosts File : Another hardening step....

1.    How many of you know about the hosts file function in windows?It's a text file without a file extension that is intended to map IP addresses before accessing a domain name server to speed up the access. Now with the growing cyber concerns in the recent years,this mapping function is being additionally used to take a more preventative role in ad blocking and stopping spyware.This is located inside the >system32>drivers>etc folder.

2.   To explain it more simply When a address like http://www.bbc.co.uk/ is placed into your browser, the Hosts file is consulted to see if you have the IP address for this site. If you do, then you get directed to the site IP,but since most of the times it is not there,computer asks for the IP address from your ISP to find sites.

3.   It is here,that this function has recently been started to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, annoying banners, hit counters, etc. to load. This also helps to protect your Privacy and Security by blocking sites that may track your viewing habits, also known as  "click-thru tracking" or Data Miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective "Layer of Protection".

4.   http://winhelp2002.mvps.org/ is one site that I found worth as the purpose of this site is to provide the user with a high quality HOSTS file.This includes a ready to download hosts file that can replace your existing hosts file likely to be empty.The hosts file is kept updated on a regular basis.As on date the last update was available for 28th Feb 2012.So this site has a list of known ad and malware site IP addresses that are redirected at 127.0.0.1.The site advertises saying " THERE IS NO PLACE LIKE 127.0.0.1.

5.   Do visit http://winhelp2002.mvps.org/ and http://winhelp2002.mvps.org/hosts.txt to download the subject file.

HACKERS & TERRORISTs ARE NOT IDIOTS

1.    You have to go through all the classes from 1st to 12th standard to be eligible to be admitted into a college.But does the Govt think so? sorry for a bad connotation...I will come to the point...

2.     Recently,in the name of cyber security preparedness,the Government,in a first of its kind, conducted a live competition between two spy systems developed by reputed tech arms of India's national security apparatus. Expectantly...(though not from the Govt point of view)...both failed to capture 100% internet data traffic, one system even crashing a number of times during the test.

3.   Point wise summary comes as follows :

- Competition held near the Air Force Station, Arjangarh.

- Conducted between a system developed by Centre for Artificial Intelligence and Robotics (CAIR)@'Netra' and NTRO's @'Vishwarupal'@developed in collaboration with a Paladion Networks.

-  A high-level committee(???) declared Defence Ministry's 'Netra' system a winner.

-  During conduct of the test , "Vishwarupal", crashed a number of times and had to be restarted. 

-  Both the systems did not capture entire internet traffic passing via its probes installed at Sify Technologies premises in Delhi. 

-  Both could return results only after repeated attempts and that too with a high latency@15 minutes.

-  Netra will now be made a robust system, to scan all tweets, status updates, messages, emails, internet calls, blogs and forums for keywords such as 'attack', 'bomb' and 'drill'

-  The committee also directed NTRO, to wrest the design and source code of its system, exclusively from Paladion, due to a risk on national security.

4.   Now if the criteria of search is still to look after key words like Bomb,drill,attack etc,I think its time to rethink again.No real world terrorist would actually use similar words since they think much ahead and are sadly making use of the technology more efficiently then the other side.Are we not aware of latest unbreakable cryptography,stegnaography and other such related field standards?.....the SRS for building such a system should be exhaustive,based on dynamic@changing and improving technology standards.

5.   We are a country who is unable to exploit the inhouse talent and strength.We still keep searching and associating ourselves with outside country companies....We are already late...and we will be more late!!!!

6.  Source of Info @ www.techgig.com

YUM INSTALLATION STEP BY STEP : RHEL 5

1.   Recently inserted one video screen recording of how the yum installation is conducted in RHEL 5.The step wise command summary goes like this :


  130  cd /media/RHEL_5.1\ i386\ DVD/
  131  cp -av /media/RHEL_5.1\ i386\ DVD/images/ /var/ftp/pub/
  132  cp -av /media/RHEL_5.1\ i386\ DVD/RPM-GPG-KEY* /var/ftp/pub/
  133  cd /var/ftp/pub/Server/
  134  rpm -ivh createrepo-0.4.4-2.fc6.noarch.rpm 
  135  createrepo -v /var/ftp/pub/
  136  createrepo -g /var/ftp/pub/Server/repodata/comps-rhel5-server-core.xml /var/ftp/pub/

2.  The start to end video is down here.Click to watch :

Installing Guest Additions in Virtual Box : RHEL 5

1.  In variably I have been using various window OS trials for experimenting in Virtual Box....and yes it is easy to use....but try it out with an RHEL 5.....it became a small fight for me at least.....how i solved it goes like this...

(a) First tried with this :

./VBoxLinuxAdditions-x86.run 

and i was given this error message :

bash: ./VBoxLinuxAdditions-x86.run: /bin/sh: bad interpreter: Permission denied

(b)....the answer is actually this :

sh VBoxLinuxAdditions-x86.run 
or 
bash VBoxLinuxAdditions-x86.run

and the output looks something like this

[root@localhost VBoxGuestAdditions_4.1.8_75467]# ./VBoxLinuxAdditions.run
Verifying archive integrity... All good.
Uncompressing VirtualBox 4.1.8 Guest Additions for Linux.........
VirtualBox Guest Additions installer
Removing installed version 4.1.6 of VirtualBox Guest Additions...
Removing existing VirtualBox DKMS kernel modules           [  OK  ]
Removing existing VirtualBox non-DKMS kernel modules       [  OK  ]
Building the VirtualBox Guest Additions kernel modules
Building the main Guest Additions module                   [  OK  ]
Building the shared folder support module                  [  OK  ]
Building the OpenGL support module                         [  OK  ]
Doing non-kernel setup of the Guest Additions              [  OK  ]
You may need to restart the hal service and the Window system
Installing the Window System drivers
Installing X.Org Server 1.11 modules                       [  OK  ]
Setting up the Window System to use the Guest Additions    [  OK  ]
You may need to restart the hal service and the Window System (or just restart
the guest system) to enable the Guest Additions.
Installing graphics libraries and desktop services componen[  OK  ]

...thats it!!!!!!!!!!!!!

Blue Tooth handshakes Wifi: Here Comes BLUE FI

1.    Here some thing when technology meets technology....so till date I used to identify Blue Tooth with  proprietary open wireless technology standard for exchanging data over short distances and WiFi with 802.11 IEEE standard...now when these two get mixed we get a BLUE FI.

2.  As per a paper "Blue-Fi: Enhancing Wi-Fi Performance using Bluetooth Signals by Ganesh Ananthanarayanan" Blue Fi is a system that predicts the availability of the Wi-Fi connectivity by using a combination of bluetooth contact-patterns and cell-tower information. This allows the device to intelligently switch the Wi-Fi interface on only when there is Wi-Fi connectivity available, thus avoiding the long periods in idle state and significantly reducing the the number of scans for discovery.Now the best part about this is that when I searched something on BLUE-FI,two prominent google searches included a Paper as mentioned above by an Indiuan and also the first implememntation in India at Bangalore City Railway Station that became the first in the railway network to offer BluFi.

3.   The passengers at Banglore railway station would be able to get Internet access, by sending their mobile numbers through the Wi-Fi registration portal. The passwords would be sent through SMS. A passenger could use Internet for 45 minutes; if he wished to continue, he had to start a fresh session....sounds a gr8 start....and promising

4.   Thanks http://www.thehindu.com/ and http://citeseerx.ist.psu.edu

BOY in the BROWSER attack

1.  Funny names keep propping up...and keep getting accepted too...first it was Man in the Middle attack....then Man in the Browser...and now comes Boy in the Browser attack....actually, is a trojan that reroutes its victim's web traffic information through an attacker’s proxy site.  ....a cool video here explains it in a simple language....

Resurgence of Boy-in-the-Browser Attacks

View more videos from Imperva

HUMANE COMPUTING

1.  The cyber space keeps coming up with such new terms and will continue doing so for years to come.So this is one term I heard of when I recently got an opportunity to attend a Two day symposium conducted by CSI ie COMPUTER SOCIETY OF INDIA,Indore Chapter.The Computer Society of India is the first and the largest body of computer professionals in India.

2.  So whats exactly HUMANE COMPUTING to which even google has limited answers....what i could gather from the forum which was presided by distinguised and expert speakers is produced below in as brief to understand possible words.

3.  The concept would be easier to understand with the help of few examples cited by the speaker :

-  Firstly imagine one typical branded washing machine getting faulty after few months of completion of warranty.Is it typical? or could it have been programmed to do so intentionally?

-  Secondly ,remember the movies I-Robot@Will Smith or Robot@my favorite Rajini Sir......both the movies revolve around the protagonist struggle to control his creation, the  robot whose software was upgraded to give it the ability to comprehend and generate human emotions.....so in both the cases laws of robotics failed and the plan back fired!So both the movies were based on imagination that may be possible in future...both were runaway hits...

-   Thirdly, the matrix series(triology)...that depicts a future in which reality as perceived by most humans is actually a simulated reality created by sentient machines to pacify and subdue the human population, while their bodies' heat and electrical activity are used as an energy source. So the lead computer programmer is drawn into a rebellion against the machines, involving other people who have been freed from the "dream world" and into reality.

-   Fourthly....any time a computer programme is made ...the code is written...so many aspects are considered at design level but any where is human thought process or kind of human psych is involved?.....no!!!m sure on that...windows or linux OS has got nothing to do with human emotions....person who is drunk and is in inebriated state would be able to conduct some kind of damage via the system that he might not have attempted if he was not drunk!!!!!

4.   So by giving these examples here I am trying to make you think the reverse way....@we all are getting IT/Computer savvy in our life but when we see it from the top...do we need to become COMPUTER SAVVY?...or it should have been the reverse way...the gadget/IT around us should have become HUMAN SAVVY....u might need to read this sentence twice since I might have just pinged ur thought process and not actaully conveyed the actual meaning.The field is actually just setting in and will take much time to evolve.....its neither black nor white...its just grey...and its upto the present genre of scientists and developers to actually start sorting out black and white!!

5.   "The term Humane Computing comes to encourage study of ethics, empowerment,empathy, equality, environmental sustainability with reference to the use of technology. Since it involves coming together and study of humans as well as computers, it involves technical as well as soft subjects and diverse disciplines

ranging from computing technology to soft disciplines like sociology, psychology, education, medicine, behavioral science and communication theory. The study of Humane Computing will be able to provide insights, which may make it possible to bridge the digital divide and which may help tilt the usage of computing in a direction, which makes it work for promoting ethical practices."

6.   So thats HUMANE COMPUTING in the most grey manner...the field as on date is not even an understood thing but yes...the field is enough to create a mind start thinking of ahead ie FUTURE....

THE TOR PROJECT

1.  Privacy is really becoming a big and serious issue and no one knows what all is all set to come ahead.For now I came across and even started using TOR.For the bigger details you need to visit the site at https://www.torproject.org/.I got aware of this at the ANKIT FADIA WORKSHOP@INDORE

2.  For the in brief , point wise detail that just scroll down to get a brief overview :

KEY FEATURES

- Tor is free software made under www.torproject.org/

- Helps defend against network surveillance that threaten personal freedom and privacy.

- Protects by bouncing your communications around a distributed network of relays run by volunteers all around the world.

- Prevents somebody watching your Internet connection from learning what sites you visit

- Prevents sites you visit from learning your physical location.

- Works with web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

- Individuals can use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers.

- A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently.

HOW/WHAT IT DOES?

- Actually a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

- Based on "Onion routing" that simply refers to original data being encrypted and re-encrypted multiple times.

- It is then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination.

- This reduces the possibility of the original data being unscrambled or understood in transit

- Enables to create new communication tools with built-in privacy features.

- Provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

3.  Thanks https://www.torproject.org and Ankit Fadia

ANKIT FADIA @ INDORE 19 FEB 2012

1.   The Sunday that was@ Ethical Hacking Workshop by Ankit Fadia Indore....is all I have to say now after a great great lively interactive (with demonstration) workshop with Ankit Fadia at Indore here...right from 10 in the morning to 1810h in the evening.This was my second workshop with him and this guy is only improving from his own earlier version for much better.The best thing about him is that he keeps it very very simple to understand for those who wish to.....and tops it with simple demos which actually make the thing go in the mind.Last I attended him at Adobe.

2.  I would always recommend all the young techo enthusiasts across not to miss attending any of his workshops if he is in your town.He never wastes a moment....never takes any unnecessary breaks in between...no calls....all for you...the best part....he is so down to earth...no frillls......grt....for now I will start reading so many new things and terms that I got introduced owing to him......

3.  Thanks Ankit....and all the best!!!