Social Icons

Wednesday, June 06, 2012

FLAME : The new'EST Threat bigger then STUXNET


1.         Off late there has been the much talked FLAME Virus in the IT Sec community.Few clean shots about FLAME in a point wise crisp format :

 -          Flame was first detected back in 2010 by Kaspersky Labs completely by accident.

-           Flame is terribly complex for a piece of malware. 20 times bigger than Stuxnet.

-           Its about 20MB package and is still being analyzed.

-           The Stuxnet  attack that damaged Iranian nuclear facilities last year is barebones by 
comparison.

-           Kaspersky assumes it was built by government scientists, but no one knows which government.

-           Flame gathers a huge amount of data from infected systems, but it has been hard to sort out where it is all going.

-           Dozens of control servers have been located, but the domains associated with them are registered with fake identities.

-           Flame steals hard drive contents, screenshots, and keystrokes.

-           Can also use the system microphone and Bluetooth radio to suck in more data.

-           To save on bandwidth, Flame may delete itself from systems that have been fully exploited. This is part of what made the infection hard to detect.
-          
-           Has incredible abilities to monitor in-boxes, take screen grabs, even record audio of conversations happening near the computer.

-           The entire virus had been pieced together like a LEGO creation, one part building on another. Things could actually be added onto the spyware after it was already on an infected computer, giving the developer enormous freedom to tinker at will.

-           One specific example is with a Bluetooth module, which allowed the spyware to be spread to other devices.

-           The two most popular ways are to send you an e-mail with an attachment, and a Web-based or drive by download that gets you to a malware website.

-           Another favourite way to get you is through social media websites. Attackers are so savvy that they now troll your "friends" list and generate an e-mail that looks like it's coming from you, so what friend wouldn't click on it, right?

-           Microsoft has revealed that the virus gained a foothold by spoofing one of its own security certificates.

-           The computer virus is on the loose in Iran and other parts of the Middle East, infecting PCs and stealing sensitive data.

-           Flame is basically a backdoor and a Trojan with worm-like features.

-           Consider this: It took several months to analyze the 500K code of Stuxnet. It will probably take year to fully understand the 20MB of code of Flame.



Monday, April 16, 2012

Windows 7 Hacked @ BACKTRACK


(DOUBLE CLICK TO VIEW BETTER)

Nothing new for the active Cyber Sec community...but since I had recently recorded a screen cord I thought like uploading the same for everi one.....This is my second "hands on" a windows machine after I attempted on XP last year at  http://anupriti.blogspot.in/2011/10/backtrack-5-how-to-use.html

Wednesday, April 04, 2012

MATRIUX KRYPTON :INSTALLATION STEP by STEP

This screen cord gives a step by step installation in virtual box starting right from choosing the .ISO and configuring the machine.The default password for root is "toor" without quotes.

VIRTUAL BOX : SOLVED - FAILED TO OPEN HARD DISK ISSUE

1. I had been an avid follower of VMWARE until recently wherein I have shifted my loyalties to VIRTUAL BOX....simple,easy....and the best part is that it is OPENSOURCE.One problem that I often used to face was that when I copied a VDI file from one place to another...it used to give me a message as shown in the screen shot below that said something like " Failed to open the hardddisk F:\....\.....vdi.So I used to keep trying ways and means but that remained unsolved.But there is a single command line solution to this that goes like this...(also shown in the screen shot).Goto the command prompt first as administrator.













Goto the folder C:\Program Files\Oracle\VirtualBox by typing

c:\>cd C:\Program Files\Oracle\VirtualBox

and then type

C:\Program Files\Oracle\VirtualBox>VBoxManage.exe internalcommands sethduuid "h:\path to the vdi folder\yourvdifilename.vdi"

and this should give a message similar to this 

UUID changed to: 3cfa288c-9e91-42e2-acdc-9821ab9d4aab


(CLICK ON IMAGE TO ENLARGE)

thats it...now open...u should not get the message!!!

Tuesday, April 03, 2012

The Brain Virus : Some thing I missed.....


This is about BRAIN virus...a name heard in the late 80S and early 90S and recognized as the first computer virus for MS-DOS that infects the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system....This was written by two brothers, Basit Farooq Alvi and Amjad Farooq Alvi who were from Lahore, Pakistan......so what makes a mention here is that I was recently watching a TED Video wherein the speaker Mikko Hypponen shares his interesting piece of interaction with these two brothers...do watch it...worth it for inviting a smile...


Saturday, March 31, 2012

BIGGEST SPYING CENTRE:NSA@USA

1.  At a time when we all realize the cyber traffic movement monitoring around us via hackers,spies and the government....this will come as a news...a big news....

2.  National Security Agency,where else but United States of America ,is engaged building and ramping up the largest Spy center in the history of the world.Special points that I read about this upcoming centre are enumerated below for ur info :

-  To be completed by September 2013.

-  This will make NSA the largest, most covert, and potentially most intrusive intelligence agency ever.

- Will be able to intercept your private emails, cell phone calls, internet connections and Google/Bing searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital litter 

-  To be located at Bluffdale.

-  Also known named Utah Data Center.

- Main purpose to tap, decipher, decrypt, analyze, and store Brobdingnagian Yotta bytes of the world’s communications as they take place across international,foreign and domestic networks.

-  Approx investment@$2 billion.

-  Realization of the “total information awareness” program initiated by Bush administration.

-  Also critical for breaking and decrypting codes to decipher encrypted financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal document etc.

-  This will consist of 100,000-square-foot halls filled with servers, complete with raised floor space for cables and storage excluding more than 900,000 square feet for technical support and administration.

Friday, March 30, 2012

NIMDA VIRUS : COMMENT BY CISCO VP(Security)



The question was asked by me at a NCW(Network Centric Warfare) seminar held last year on 21 Apr 2011 at Manikshaw Centre,New Delhi.It is relates to what did CISCO do to cover up the damage of NIMDA Virus!!!

Wednesday, March 28, 2012

TAILS - Privacy for anyone anywhere


The video above(my first screen cord :-) ) shows the screen cord for installing TAILS on a virtual Box.For those of you who do not what TAILS is all about....Tails is a live CD or live USB that aims at preserving your privacy and anonymity.It helps you to :

Firstly,use the Internet anonymously almost anywhere you go and on any computer.

Secondly,all connections to the Internet are forced to go through the Tor network.

Thirdly,leaves no trace on the computer you're using unless you ask it explicitly.

Fourthly,uses state-of-the-art cryptographic tools to encrypt your files, email and instant messaging...Please visit https://tails.boum.org/ for more details

Monday, March 26, 2012

TOR : ITSELF VULNERABLE!!!

At my earlier post here about TOR...the one who makes you anonymous online is now vulnerable it self....:-)..all the features that I mentioned just few days back...are all vulnerable....latest from Gentoo Linux Security Advisory gives the following details :

- Prone to multiple vulnerabilities as on date.

- Most severe of which allows execution of a arbitrary code by a remote attacker.

- Can cause a Denial of Service.

- A remote relay that the user is directly connected to, may be able to disclose anonymous information about that user or enumerate bridges in the user's connection.

- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections

SOLUTION : ALL TOR LOVERS TO UPGRADE TO THE LATEST TOR ASAP.

Saturday, March 24, 2012

Blocking with a Hosts File : Another hardening step....

1.    How many of you know about the hosts file function in windows?It's a text file without a file extension that is intended to map IP addresses before accessing a domain name server to speed up the access. Now with the growing cyber concerns in the recent years,this mapping function is being additionally used to take a more preventative role in ad blocking and stopping spyware.This is located inside the >system32>drivers>etc folder.

2.   To explain it more simply When a address like http://www.bbc.co.uk/ is placed into your browser, the Hosts file is consulted to see if you have the IP address for this site. If you do, then you get directed to the site IP,but since most of the times it is not there,computer asks for the IP address from your ISP to find sites.

3.   It is here,that this function has recently been started to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. In many cases using a well designed HOSTS file can speed the loading of web pages by not having to wait for these ads, annoying banners, hit counters, etc. to load. This also helps to protect your Privacy and Security by blocking sites that may track your viewing habits, also known as  "click-thru tracking" or Data Miners. Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective "Layer of Protection".

4.   http://winhelp2002.mvps.org/ is one site that I found worth as the purpose of this site is to provide the user with a high quality HOSTS file.This includes a ready to download hosts file that can replace your existing hosts file likely to be empty.The hosts file is kept updated on a regular basis.As on date the last update was available for 28th Feb 2012.So this site has a list of known ad and malware site IP addresses that are redirected at 127.0.0.1.The site advertises saying " THERE IS NO PLACE LIKE 127.0.0.1.

5.   Do visit http://winhelp2002.mvps.org/ and http://winhelp2002.mvps.org/hosts.txt to download the subject file.

Sunday, March 11, 2012

HACKERS & TERRORISTs ARE NOT IDIOTS


1.    You have to go through all the classes from 1st to 12th standard to be eligible to be admitted into a college.But does the Govt think so? sorry for a bad connotation...I will come to the point...

2.     Recently,in the name of cyber security preparedness,the Government,in a first of its kind, conducted a live competition between two spy systems developed by reputed tech arms of India's national security apparatus. Expectantly...(though not from the Govt point of view)...both failed to capture 100% internet data traffic, one system even crashing a number of times during the test.

3.   Point wise summary comes as follows :

- Competition held near the Air Force Station, Arjangarh.

- Conducted between a system developed by Centre for Artificial Intelligence and Robotics (CAIR)@'Netra' and NTRO's @'Vishwarupal'@developed in collaboration with a Paladion Networks.

-  A high-level committee(???) declared Defence Ministry's 'Netra' system a winner.

-  During conduct of the test , "Vishwarupal", crashed a number of times and had to be restarted. 

-  Both the systems did not capture entire internet traffic passing via its probes installed at Sify Technologies premises in Delhi. 

-  Both could return results only after repeated attempts and that too with a high latency@15 minutes.

-  Netra will now be made a robust system, to scan all tweets, status updates, messages, emails, internet calls, blogs and forums for keywords such as 'attack', 'bomb' and 'drill'

-  The committee also directed NTRO, to wrest the design and source code of its system, exclusively from Paladion, due to a risk on national security.

4.   Now if the criteria of search is still to look after key words like Bomb,drill,attack etc,I think its time to rethink again.No real world terrorist would actually use similar words since they think much ahead and are sadly making use of the technology more efficiently then the other side.Are we not aware of latest unbreakable cryptography,stegnaography and other such related field standards?.....the SRS for building such a system should be exhaustive,based on dynamic@changing and improving technology standards.

5.   We are a country who is unable to exploit the inhouse talent and strength.We still keep searching and associating ourselves with outside country companies....We are already late...and we will be more late!!!!

6.  Source of Info @ www.techgig.com

Wednesday, March 07, 2012

YUM INSTALLATION STEP BY STEP : RHEL 5

1.   Recently inserted one video screen recording of how the yum installation is conducted in RHEL 5.The step wise command summary goes like this :


  130  cd /media/RHEL_5.1\ i386\ DVD/
  131  cp -av /media/RHEL_5.1\ i386\ DVD/images/ /var/ftp/pub/
  132  cp -av /media/RHEL_5.1\ i386\ DVD/RPM-GPG-KEY* /var/ftp/pub/
  133  cd /var/ftp/pub/Server/
  134  rpm -ivh createrepo-0.4.4-2.fc6.noarch.rpm 
  135  createrepo -v /var/ftp/pub/
  136  createrepo -g /var/ftp/pub/Server/repodata/comps-rhel5-server-core.xml /var/ftp/pub/

2.  The start to end video is down here.Click to watch :

Tuesday, March 06, 2012

Installing Guest Additions in Virtual Box : RHEL 5

1.  In variably I have been using various window OS trials for experimenting in Virtual Box....and yes it is easy to use....but try it out with an RHEL 5.....it became a small fight for me at least.....how i solved it goes like this...

(a) First tried with this :

./VBoxLinuxAdditions-x86.run 

and i was given this error message :

bash: ./VBoxLinuxAdditions-x86.run: /bin/sh: bad interpreter: Permission denied

(b)....the answer is actually this :

sh VBoxLinuxAdditions-x86.run 
or 
bash VBoxLinuxAdditions-x86.run

and the output looks something like this

[root@localhost VBoxGuestAdditions_4.1.8_75467]# ./VBoxLinuxAdditions.run
Verifying archive integrity... All good.
Uncompressing VirtualBox 4.1.8 Guest Additions for Linux.........
VirtualBox Guest Additions installer
Removing installed version 4.1.6 of VirtualBox Guest Additions...
Removing existing VirtualBox DKMS kernel modules           [  OK  ]
Removing existing VirtualBox non-DKMS kernel modules       [  OK  ]
Building the VirtualBox Guest Additions kernel modules
Building the main Guest Additions module                   [  OK  ]
Building the shared folder support module                  [  OK  ]
Building the OpenGL support module                         [  OK  ]
Doing non-kernel setup of the Guest Additions              [  OK  ]
You may need to restart the hal service and the Window system
Installing the Window System drivers
Installing X.Org Server 1.11 modules                       [  OK  ]
Setting up the Window System to use the Guest Additions    [  OK  ]
You may need to restart the hal service and the Window System (or just restart
the guest system) to enable the Guest Additions.
Installing graphics libraries and desktop services componen[  OK  ]

...thats it!!!!!!!!!!!!!



Sunday, March 04, 2012

Blue Tooth handshakes Wifi: Here Comes BLUE FI


1.    Here some thing when technology meets technology....so till date I used to identify Blue Tooth with  proprietary open wireless technology standard for exchanging data over short distances and WiFi with 802.11 IEEE standard...now when these two get mixed we get a BLUE FI.

2.  As per a paper "Blue-Fi: Enhancing Wi-Fi Performance using Bluetooth Signals by Ganesh Ananthanarayanan" Blue Fi is a system that predicts the availability of the Wi-Fi connectivity by using a combination of bluetooth contact-patterns and cell-tower information. This allows the device to intelligently switch the Wi-Fi interface on only when there is Wi-Fi connectivity available, thus avoiding the long periods in idle state and significantly reducing the the number of scans for discovery.Now the best part about this is that when I searched something on BLUE-FI,two prominent google searches included a Paper as mentioned above by an Indiuan and also the first implememntation in India at Bangalore City Railway Station that became the first in the railway network to offer BluFi.

3.   The passengers at Banglore railway station would be able to get Internet access, by sending their mobile numbers through the Wi-Fi registration portal. The passwords would be sent through SMS. A passenger could use Internet for 45 minutes; if he wished to continue, he had to start a fresh session....sounds a gr8 start....and promising


Wednesday, February 29, 2012

BOY in the BROWSER attack

1.  Funny names keep propping up...and keep getting accepted too...first it was Man in the Middle attack....then Man in the Browser...and now comes Boy in the Browser attack....actually, is a trojan that reroutes its victim's web traffic information through an attacker’s proxy site.  ....a cool video here explains it in a simple language....

Sunday, February 26, 2012

HUMANE COMPUTING

1.  The cyber space keeps coming up with such new terms and will continue doing so for years to come.So this is one term I heard of when I recently got an opportunity to attend a Two day symposium conducted by CSI ie COMPUTER SOCIETY OF INDIA,Indore Chapter.The Computer Society of India is the first and the largest body of computer professionals in India.

2.  So whats exactly HUMANE COMPUTING to which even google has limited answers....what i could gather from the forum which was presided by distinguised and expert speakers is produced below in as brief to understand possible words.

3.  The concept would be easier to understand with the help of few examples cited by the speaker :

-  Firstly imagine one typical branded washing machine getting faulty after few months of completion of warranty.Is it typical? or could it have been programmed to do so intentionally?

-  Secondly ,remember the movies I-Robot@Will Smith or Robot@my favorite Rajini Sir......both the movies revolve around the protagonist struggle to control his creation, the  robot whose software was upgraded to give it the ability to comprehend and generate human emotions.....so in both the cases laws of robotics failed and the plan back fired!So both the movies were based on imagination that may be possible in future...both were runaway hits...

-   Thirdly, the matrix series(triology)...that depicts a future in which reality as perceived by most humans is actually a simulated reality created by sentient machines to pacify and subdue the human population, while their bodies' heat and electrical activity are used as an energy source. So the lead computer programmer is drawn into a rebellion against the machines, involving other people who have been freed from the "dream world" and into reality.

-   Fourthly....any time a computer programme is made ...the code is written...so many aspects are considered at design level but any where is human thought process or kind of human psych is involved?.....no!!!m sure on that...windows or linux OS has got nothing to do with human emotions....person who is drunk and is in inebriated state would be able to conduct some kind of damage via the system that he might not have attempted if he was not drunk!!!!!

4.   So by giving these examples here I am trying to make you think the reverse way....@we all are getting IT/Computer savvy in our life but when we see it from the top...do we need to become COMPUTER SAVVY?...or it should have been the reverse way...the gadget/IT around us should have become HUMAN SAVVY....u might need to read this sentence twice since I might have just pinged ur thought process and not actaully conveyed the actual meaning.The field is actually just setting in and will take much time to evolve.....its neither black nor white...its just grey...and its upto the present genre of scientists and developers to actually start sorting out black and white!!

5.   "The term Humane Computing comes to encourage study of ethics, empowerment,empathy, equality, environmental sustainability with reference to the use of technology. Since it involves coming together and study of humans as well as computers, it involves technical as well as soft subjects and diverse disciplines
ranging from computing technology to soft disciplines like sociology, psychology, education, medicine, behavioral science and communication theory. The study of Humane Computing will be able to provide insights, which may make it possible to bridge the digital divide and which may help tilt the usage of computing in a direction, which makes it work for promoting ethical practices."

6.   So thats HUMANE COMPUTING in the most grey manner...the field as on date is not even an understood thing but yes...the field is enough to create a mind start thinking of ahead ie FUTURE....

Monday, February 20, 2012

THE TOR PROJECT

1.  Privacy is really becoming a big and serious issue and no one knows what all is all set to come ahead.For now I came across and even started using TOR.For the bigger details you need to visit the site at https://www.torproject.org/.I got aware of this at the ANKIT FADIA WORKSHOP@INDORE

2.  For the in brief , point wise detail that just scroll down to get a brief overview :

KEY FEATURES

- Tor is free software made under www.torproject.org/

- Helps defend against network surveillance that threaten personal freedom and privacy.

- Protects by bouncing your communications around a distributed network of relays run by volunteers all around the world.

- Prevents somebody watching your Internet connection from learning what sites you visit

- Prevents sites you visit from learning your physical location.

- Works with web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

- Individuals can use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers.

- A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently.

HOW/WHAT IT DOES?

- Actually a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

- Based on "Onion routing" that simply refers to original data being encrypted and re-encrypted multiple times.

- It is then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination.

- This reduces the possibility of the original data being unscrambled or understood in transit

- Enables to create new communication tools with built-in privacy features.

- Provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.


3.  Thanks https://www.torproject.org and Ankit Fadia

Sunday, February 19, 2012

ANKIT FADIA @ INDORE 19 FEB 2012

1.   The Sunday that was@ Ethical Hacking Workshop by Ankit Fadia Indore....is all I have to say now after a great great lively interactive (with demonstration) workshop with Ankit Fadia at Indore here...right from 10 in the morning to 1810h in the evening.This was my second workshop with him and this guy is only improving from his own earlier version for much better.The best thing about him is that he keeps it very very simple to understand for those who wish to.....and tops it with simple demos which actually make the thing go in the mind.Last I attended him at Adobe.

2.  I would always recommend all the young techo enthusiasts across not to miss attending any of his workshops if he is in your town.He never wastes a moment....never takes any unnecessary breaks in between...no calls....all for you...the best part....he is so down to earth...no frillls......grt....for now I will start reading so many new things and terms that I got introduced owing to him......

3.  Thanks Ankit....and all the best!!!

Saturday, February 18, 2012

HOW TO ACCESS THOSE SITES(BLOCKED BY UR OFFICE)?

1.    It is so common to see and hear that offices and corp-orates block ur most desired websites....so the smart ones try using proxy.....but what to do when even those proxies are so configured that u cannot access.....here goes step by step

- Suppose ur office has blocked yahoo.com.

- Goto Command prompt and type ping yahoo.com

- You get the yahoo ip ie 209.191.122.70(it may be different for you)

- Now convert these 4 octets into binaries with the help of a calculator in programmers mode.

- So u get 
209 @ 11010001
191@  10111111
122@  1111010
70 @   1000110

- Now place zeros in front of octet converted binaries who are not complete 8 in number count 

- So it becomes 11010001101111110111101001000110

- Now convert this to decimal again  and u get 3518986822

- Go to the browser and write http://3518986822

Thats it..kaam khatam....all the best....

UNDO A SENT EMAIL :YES,IT IS POSSIBLE!!

1.   Ever thought like u shouldn't have sent that mail....or u sent it too early....like all things u can do UNDO in your PC and various applications...can u do it in EMAIL?......the answer is YES.....

2.   The feature is currently available in Gmail and Blumail only.How?...it goes like this

- Log into your GMail account
- Go To mail settings tab.
- Click on Labs
- Scroll down u will find UNDO SEND
- Enable it.

3.  That's it.Actually the feature sends the mail about 5 seconds late so just in case u immediately realize that u send it too early or should have sent it later.....u still have control over it.So when u click send a small link appears that says "UNDO"...click on it and that action will not conclude...ur email remains safe with you.... 

POWERFUL THAN ADMINISTRATOR ACCOUNT : SYSTEM LOGIN

1.  So here is something unheard to those who thought that ADMINISTRATOR was the king of the respective PC account.So for those who think so...ever thought why r u unable to fiddle with system files when u r the owner... that's because there is a SYSTEM account over and above the administrator who can delete the administrator account!!!!yes u read it right....so how do u get to the system account.I am giving it a step by step attempt here with screen shots!!

2.  Firstly...get to your desktop and see ur user name...mine is windowsxp ie a user account with admin priveleges as shown below :

3.    Secondly,get to the command prompt and create a schedule to run cmd.exe as follows :

at 14:51 /interactive “cmd.exe”

*** The time mentioned here can be a minute or two ahead of whats the time u doing this action.

 4.   You can check schedule by typing “at“ and hitting enter after the above step.

5.    Now Wait for the time you set for the schedule and u see that cmd.exe would be launched at the specified time and a subsequent command prompt windows will open automatically.

6.    Now go to ur desktop without closing any window and reach the task manager and kill the explorer.exe file under the process tab.

7.    Close the first cmd window and not the second one.

8.    Reach the root directory by pressing cd\

9.    Type start explorer...thats it...now u logged in as the System.....as shown:

 10.   Point to note :

- This is only for educational and info pupose.
- Never attempt it on a live system.
- Always do it on a virtualbox or Virtual machine or virtual PC.

11.   Thanks http://alieneyes.wordpress.com

Sunday, February 12, 2012

Single malicious document can expose your whole LAN via ur trusted MFD

1.   "Imagination is the key to Success" in the world of IT....specially applicable to the world of cyber crime....this one i read at one of my fav news feed destinations at http://thehackernews.com...now when we keep covering up the PCs with ideas like antivirus/anti-malware and all sorts of anti's and virus'cides....this thing has come up fresh.....attack the LAN after altering the firmware of the masoom MFD ie multifunction device.Sequence of the main article at http://thehackernews.com is produced below :

- At Chaos Communications Congress (28C3) 

- Ang Cui presents Print Me If You Dare

- He explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers

- He showed how he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. 
- Performed two demonstrations 

- In the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet.

- In the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access through the firewall.

- Actually found a method to exploit the firmware update capability of certain Xerox MFPs to upload his crafted PostScript code. 

- Was able to run code to dump memory from the printer. This could allow an attacker to grab passwords for the administration interface or access or print PIN-protected documents.

2.  So now start taking care of your firmware updates of your MFDs......

Friday, February 10, 2012

CHROME INSTALLATION ISSUES IN UBUNTU : SOLVED

1. Recently tried installing Chrome browser in Ubuntu 11.10....so I downloaded the .deb file and tried installing it from the terminal via this command

sudo dpkg -i './Downloads/google-chrome-stable_current_i386.deb'

...which showed some error in between installation and came out on the terminal prompt....

2. So googled and found this solution that involves prior installing of few library files as follows :

sudo apt-get install libnspr4-0d libnss3-1d libxss1 libcurl3

this command will install the missing lib files and then on it is the repeat of the earlier command ie

sudo dpkg -i './Downloads/google-chrome-stable_current_i386.deb'

3.   Should solve...let me know if u have any thing unsolved!!!


Wednesday, February 01, 2012

AVOID OPENING MULTITABS IN BROWSERs

1.  Has it ever happened that you get a mail in one your various Email IDs from Facebook or some other site that you never linked up with....?I am sure if you are a regular browser on social networking sites,this must have happened once...and it must have kept you thinking...HOW ??

2.   This happens when you have that email id open in some other tab and your Facebook account open in other...typically in a multitab session wherein you have opened many sites under one browser in various tabs..... that's when info gathering sites get your email id and things related to their interest.....TAKE CARE

Tuesday, January 31, 2012

BACTERIA in COMPUTERS

1.  I had heard for so long about Virus'es,worms,trojans................but never heard and read about BACTERIA till recently.....even googled...could not find much except at http://docstore.mik.ua/orelly/networking/

2. Few points about BACTERIA :


- Makes copies of themselves to overwhelm a computer system's resources.

- Also known as rabbits, are programs that do not explicitly damage any files.

- Sole purpose is to replicate themselves.

- May do nothing more than execute two copies of itself simultaneously both of which may copy themselves twice, and so on.

- Reproduce exponentially, eventually taking up all the processor capacity, memory, or disk space, denying the user access to those resources.

- One of the oldest forms of programmed threats.

Sunday, January 29, 2012

Download/Upload torrents - Legality Issues in India


1.  Read the following daily life talks in the air now a days :

"Hey did u download Agneepath & TIN TIN....the torrent is available now?"...

"No...its the cam print"..."waiting for the better print...yeah but I have downloaded MI4....the new torrent is crystal clear"

"MS Office 2010 has come and I m already using it on my netbook...& its for free from torrentz..."

...etc...etc...

.......these are few exchange of talks that invariably happens more among the young metro crowd and also getting popular in the Viltro's (Village+Metro)........but did they ever realise the legal aspect of all these talks and downloads? Its time to check all this......RETHINK!!!

2.   Now any one of you reading this and finding himself at some point of time shooting these dialogues at home/office/college should be in  for a shock...because as per the IT act he is a criminal involved in piracy of softwares and movies.

EXTRACT FROM INFORMATION TECHNOLOGY ACT 2000

"Cyber crime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music/movies/softwares files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet"

3.  So now that you have read this....the meat is here as follows given in point form for ease of understanding :

- When you download a movie/music/software from a torrent site,you are not only a leecher but at the same time you seed also.A Seed is used to refer to a peer who has 100% of the data.

-  When a leech obtains 100% of the data, that peer automatically becomes a Seed.Seeding refers to leaving a peer's connection available for other peers, i.e. leeches to download from.
- Normally, a peer should seed more data than leech. But, whether to seed or not, or how much to seed, is dependent on the availability of leeches and the choice of the peer at the seeding end.

- Did u understand this much...if not simply put it means that when u download....you upload also at the same time...so u are a illegal downloader and also a uploader of the pirated illegel content.So suppose you have downloaded MI4 or some porn...you are a pretty much proven criminal.If someone gets after you,you are in for real damage.

4. In context of India,though the relevant cyber laws and framework  are ready and already implemented but it will take time to be actually possible for the law to follow each one of them them up individually....thats the only positive side of all illegela downloaders...but there is catch to this...

5. What happens if some other country watches you?....you must be thinking y would some other country watch you downloading agneepath/TIN TIN!!!this is because your uploading may be happening in their country...so all they need is your IP.Thats the end of it.Few major casualties include the famous Lt Col Jagmohan Balbir Singh, who was arrested on May 6 on the charges of circulating child pornography on the internet.The Mumbai Cyber Crime Cell arrested this Lieutenant Colonel from his south Mumbai house for allegedly uploading obscene photographs and video clips involving children on the internet.The German police came across the obscene contents being uploaded on a child pornography site from Mumbai in 2009.So this is where the string of the torrent catches you till end.The german police gave the IP to interpol and he was caught...unawares of what did he actually do?...now it is just unawareness on such issues that such things happen..

6. This time it was a Lt col...next can be any one....u and me....it depends won who is the (un)lucky one...so guys if u r an ardent torrent downloader...think before you do some thing next.....the days are not far when all this will land you up in jail....it is just a matter of time in INDIA..!!

Saturday, January 28, 2012

Security Design @ WebHosting

1.  At a time today when new websites are being hosted at quite a pace,proportional is the pace of hacking and defacing of these websites.Today you have a website maker in the market who may simply demand some Rs 500/ per page design and few more hundreds for hosting it...and we all are ready to do pay him....but at what price....is it simply the final handing over taking over of the password that closes the deal between you and the designer/hoster?....NO....I rate it equivalent to the toss....thereon the match begins.....just a matter of time depending on what all security parameters/variables/factors you took into consideration while designing it?

2.  Specially concerned with web sites who have E-Commerce and transactions or who deal with handling database of huge sizes which can be critical later on, if compromised any time.The following factors should be noted down and infact dealt with seriously to be kept on high priority while designing and final hosting :

- Password /Data Protection : You must have a sound password and methods to protect all the DATA in place.

- OS/Server hardening : You use a windows or a linux....rest assured you must always used a hardened OS/Server.

- OS Selection : Create and design on any OS...today you can launch it on web.A more vulnerable OS which has had a history of hacks and known exploits should be avoided.

- DDoS Protection : Shared hosting servers are vulnerable to attacks by hackers who carry out their work by uploading malware or otherwise malicious sites or code onto a server. These malware programs be introduced to a server through security vulnerabilities in a legitimate client’s site, and the malware is used for anything from stealing credit card data to launching a DDoS, or Distributed Denial of Service attack.So think before you fire up your site.

- Spam filters : No explanations

- Firewalls : Must...so many types in market : Decide like what you r going to select a HARDWARE FIREWALL or a SOFTWARE FIREWALL.The selection is of crucial significance in deciding the overall security rating!!!

- BACKUP : You must have a way to keep backing up all your data.Some ploicy should be designed of what happens if owing to some kind of reason you loose all ur data....mirror or offline backup!!!!anything...but keep in mind.

- SSL enabled server : MUST

- SFTP: Though FTP is not that bad....but when SFTP is there....y bank on a relatively lower secured protocol......


Monday, January 23, 2012

SURF SAFE : SURF http'S'

1. In our endeavor to safely surf the web,rest assured ....we will never be safe in recent times to come.But we can always keep improving our surfing habits so that we are not easy victims.

2. Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.

3.  As on date almost all the browsers offer plugins from their respective web stores that include what I am talking about here ie HTTPS ENFORCER.The HTTPS Enforcer extension makes it easy to ensure you’re connecting to secure sites by rewriting all requests to an HTTPS URL whenever you visit one of the sites HTTPS Enforcer supports.

4.  So install HTTPS plugin for ur respective browser...and SURF SAFE.

EVERCOOKIE : COOKIE NEVER DIES

1.  At my earlier post here,I had given a one line info on Zombie cookie-The cookie that recreates itself once deleted.Now just read about EVERCOOKIE at a veri good compiled site at http://samy.pl/evercookie/

2.  Evercookie is a JavaScript-based application which produces zombie cookies in a web browser that are intentionally difficult to delete.

3. More at http://samy.pl/evercookie/ with good FAQs

Sunday, January 22, 2012

PICTURE PASSWORDS

1. Had read about picture passwords in theory....but was unclear of whats actually in store.Windows 8 has finally given the answer.....this video would be able to give you very clearly of whats the buzz about PICTURE PASSWORD....



DISCONNECT & CONNECT TO RAJNIKANTH POWER : WEBSITE RUNS WITHOUT INTERNET

1. The only thing that has ever found a mention in my blog ever apart from any technical stuff is about RAJNIKANTH here since I am one of his huge fans.Now this time he makes a entry in my blog not because of his charisma....he is here owing to the fact he has beaten the basic internet requirement....A WEBSITE THAT RUNS WITHOUT INTERNET.

2.  Yes! you have read it right. A man as extraordinary as Rajnikanth ought to have a website that's as extraordinary as him. "All About Rajni" the site dedicated to the legendary superstar runs without the Internet; albeit on RAJNI POWER!


3.    How does it run then technically speaking? It is attributed to some complex algorithm running in the back-end that keeps an eye on the propagation of data packets between two terminals.What does that mean anyway?....may be it downloads a small flash file the moment you hit the site in the background....anyways its just a guess.....if i come across the details...will let u know...till then enjoy RAJNI POWER on the net.

4.   Access this site here : http://www.desimartini.com/allaboutrajni.htm

4. Thanks http://www.thehindu.com and my sister who told me first.

Saturday, January 21, 2012

OS CLASSIFICATION


1.  We keep using so many OS's around in office,at home...some times windows...or a flavour of linux..UBUNTU..or the latest i touched upon was the upgraded BOSS..but was not aware that even OS have a classification.The classification is defined by Trusted Computer System Evaluation Criteria (TCSEC), a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. 

2.  TCSEC classifies any OS under 4 categories :

- D
- C
- B
- A 

3.  Few more things about the classication in point wise form :

- A has the highest security. 
- C, B and A are further classified as : C1, C2, B1, B2, B3 and A1.
- D defines Minimal protection
- C1 — Discretionary Security Protection
- C2 — Controlled Access Protection
- B1 — Labeled Security Protection
- B2 — Structured Protection
- B3 — Security Domains
- A1 — Verified Design

Wednesday, January 18, 2012

KOOBFACE guys CAUGHT : FACEBOOK

1. Koobface is not something new for the cybercrime followers.....some thing in brief for those reading about this first timehere :

- is a computer worm that targets users of the Facebook.

- koob is book spelled backwards, making the name koobface an anagram for the word Facebook.

- Koobface targets Facebook users via fake friend messages that encourages people to click on links that installs a malicious worm

- Messages like, "you look funny in this video" or "you look so stupid in this pic" are used to persuade somone to click on the link attached. Once the user clicks on them it takes you to a video which doesn't play and they ask you to download certain codecs which can be a fake 'flash_player.exe' file.

- If this file is downloaded, your computer becomes open to Koobface malware.

- It downloads a file 'tinyproxy.exe' which hijacks your PC.

- It even alters search results from Google, Yahoo etc and redirects to websites selling malicious softwares.

- Kaspersky Labs has estimated the network includes 400,000 to 800,000 PCs worldwide at its height in 2010.

- Victims are often unaware their machines have been compromised.

2. Facebook two days back unmasked the team behind the notorious Koobface virus that hit the social network for two years beginning in 2008.

ABOUT THE GANG

- Five men believed to be responsible for spreading this notorious computer worm on Facebook.

- Have pocketed several million dollars from online schemes.

- Are likely hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook.

- One member of the group has regularly broadcast the coordinates of its offices by checking in on Foursquare, a location-based social network, and posting the news to Twitter.

- Photographs on Foursquare also show other suspected members of the group working on Macs in a loftlike room that looks like offices used by tech start-ups in cities around the world.

- Ultimately, the Koobface gang was identified by the researchers as Anton Korotchenko, Alexander Koltyshev, Roman Koturbach, Syvatoslav Polinchuk, and Stanislav Avdeik.

Thursday, January 12, 2012

OIL & GAS : CYBER HACKED


1.    McAfee has recently revealed and confirmed about computer hacking on un-named global oil, gas and petrochemical companies, and individuals and executives in Taiwan, Greece, and the United States, to acquire proprietary and confidential information. This has also been confirmed by five oil and gas companies that had  that the attacks took place, and the attackers were looking for documents about oil and gas exploration and bidding contracts.The source of the attack as usual has been found to be from 'several locations in China'.(Is there any thing new about this ?????)

2.    Oil companies expect such attacks getting more frequent and more meticulously planned. The determination and stamina shown by some modern hackers has increased and there are more multi-pronged, co-ordinated attacks. 

3.    Hackers have started bombarding the world's computer controlled energy sector, conducting industrial espionage and threatening potential global havoc through oil supply disruption.Since Computers control a relatively high percentage distribution in systems,thus are increasingly becoming vulnerable to cyber attacks that could put fuel production technology in the docks!!!

4.    The issue is indeed alarming and needs urgent attention at global level.It is not that my country is not effected or why should I be bothered ?We all are going be effected in the long run because we all r users and part of the last mile chain.Stuxnet,Duqu etc are some of the culprit virus which have been caught doing the action.What about the other thousands and may be millions who are already into action in the background.Japan has recently come up with the good virus ie CYBER WEAPON.Now this one acts like a immunization pill.It resists the virus.About 3 yrs and few billlion dollars have gone into the making.This is just the beginning and I am sure in the rat-cat race aka the good/bad guys of the cyber space there will be moments when the cyber crime over shadows the strengths of cyber power...but its upto the overall cohesive planning that all countries have to work together at the earliest.If late,there will be no other chance.Hackers are already doing it together as one team.....but we all act as teams of different nations.....we should be one GLOBAL TEAM!!!!

5.   Thanks  http://www.mcafee.com 

Tuesday, January 10, 2012

NATIONAL CYBER SECURITY POLICY : DRAFT


1.    Finally we are working on a national cyber policy....infact late but ...IT'S NEVER TOO LATE....the thing that we have started on this is a good sign.The draft of the subject policy is available at www.mit.gov.in/sites/upload_files/dit/files/ncsp_060411.pdf and is in fact inviting comments in case u have any!!!

2.   The draft is a 21 page report.After going through the same I have given the following points at the desired email address available in the draft report.

PARA 3.3 (I) C
GOVERNMENT SECURED INTRANET :
Addition point :

“ In addition to the emphasis on creation of such kind of intranet, efforts at the design stage should be made to exclude all possible options of internet connectivity with this intranet to avoid any kind of imminent threats. This intranet may need internet for various updates etc ,but this should be a privilege access point and no node should be allowed a free access. Any attempts to connect the same may invite action as a threat to nation. The limited internet connectivity to this is required for the following purpose :

- It is the most common action by any user to browse the net. Once given a opportunity he/she is always eager to access emails and download malware or infected software or any third party application. This is the point where command and control centre of a Botnet can be established by a cyber criminal. To avoid such practices it would always be the endeavor of the designer and the super administrator to ensure physical separation of Intranet and Internet. This Intranet should also be subject to regular cyber /IT audits by govt recognized penetration testers and forensic experts to maintain a cyber secure working environment.

PARA 3.3(D) @ Page 12
OPEN STANDARDS

The strength and power of open standards and applications remains unexploited in our country. Other developed nations who have realized the potential of this standard are already contributing significantly to their positive growth in cyber space. This has largely been possible owing to the lack of exposure of such standards by the new generation who is only exposed to the windows environment. Policy should be in place to ensure growth of open standards at school level curriculum.

PARA 3.5.2
COMBATING HIGH TECH CRIME/CYBER CRIME

Though the cat and mouse race between the good and the bad cyber guy would remain on always,it is worth noting that cyber crime if not controlled at such a nascent stage of induction and growth, has the full potential to become a cyber threat.No single policy would be able to achieve a CYBER CRIME FREE CYBER SPACE.It remains the onus of the common man how he tackles the cime himself.It is here that the National Cyber Policy can contribute in the following manner :

- Cyber Huntsville is a collaborative cyber community with the aim of attracting and developing the brightest minds, attacking the most complex problems, and providing the best solutions of national and international significance. Cyber Huntsville is an integral part of the National Cyber Initiative. Similar establishments should be encouraged at India level. More info at http://www.hsvcity.com/cyber/

4.2.3
Thrust areas of R&D  : 

-  Thrust areas of R&D should majorly focus on inducing maximum SRS and QRs at the DESIGN STAGE. Because, if not done at this stage, whatever work follows is patch work that remains a cover up action.
- Analysis of data flow in a network
- Pentration testing
- Storage solutions with backup, archiving, recovery provisioning of entire data.

5.1.1
ENABLING PEOPLE

Promoting a comprehensive national awareness program to include organizing seminars, events, webinars, guest lecture’s in tie up with established societies like IETE,Institution of  Engineers, Computer Society of India etc

Besides,these points I would suggest to include ensuring information security by managing the flow of information to the citizens as well as on securing its physical information infrastructure.The policy should call for the following :

- Popularize e- government
- Optimize the cyber industry structure.
- Provide a rugged 24x7 nationwide cyber infrastructure.
- Promote innovation of cyber technologies.
- Build a cyber oriented national economy.
- Design way to advanced internet culture.

THE GOOD VIRUS : "CYBER WEAPON" BY FUJITSU,JAPAN


1.   Have u seen the epic movie SHOLAY.....where bad guys are hired to kill bad guys by the good people...its a must watch for those who have not seen this...on the same lines recently Japanese government has done some homework to counter cyber crime.....Outsourcing and working with Fujitsu to fight cyber crime with the help of developing a CYBER wEAPON VIRUS that automatically seeks out and destroys enemy viruses.Cyber Weapon almost acts like a human immune system tracking down and weeding out invading viruses. Systems like these are needed when facing the latest advanced threats.Few additional It is the culmination of a $2.3 million, three-year project to develop a virus and equipment to monitor and analyze attacks.  It is reported U.S and china have already put so-called cyber weapons into practical use.

2.   Tracing the source of cyber-attacks is notoriously difficult, mainly because attackers routinely hide behind botnets and anonymous proxies to launch attacks, such as denial of service assaults.Getting this right is a far from trivial process and the potential for collateral damage, even before hackers develop countermeasures, appears to be considerable. Few more points here about this good VIRUS :

- Currently, the virus is being tested in a “closed environment” to examine its applicable patterns. 

- The project is actually outsourced to Fujitsu Ltd. 

- It is capable to disable the incoming attack and record forensics data.

3.   It would actaully be interesting to know how would this be able to trace the source of cyber-attacks as claimed at times like today when the botnets and anonymous proxies are getting better and stronger by the day.

Monday, January 02, 2012

Malware in the name of Kim Jong-il death : BEWARE!!!


1.   A "malicious spam mail" in the name of the dead North Korean leader Kim Jong is doing the rounds of the webosphsere and biting anyone whoever clicks it.The malicious spam carries a fake name as "brief_introduction_of_kim_jong_Ill_pdf.pdf". The subject file exploits vulnerabilities in Adobe reader and leads to remote code execution in the victim PC.

2.   The emails contain a simple line of text announcing the death, likely copied and pasted from the CNN website, and carries an attachment named brief_introduction_of_kim-jong-il.pdf.pdf.Once downloaded and executed, the malicious file opens a non-malicious PDF file containing a picture and information about the deceased man in order to hide its true activity on the victims' computer.In other variants of the same theme, the attached file is named Kim_Jong_il_s_death_affects_N._Korea_s_nuclear_programs.doc and, once opened, it drops backdoor-opening malware into the system, which then connects to a remote Command & Control server for further instructions.After this much code execution...its JAI HIND.....


3.  So don't open this one from ur PC if u have read this much.....

Sunday, January 01, 2012

Saturday, December 31, 2011

HAPPY NEW YEAR WISHES 2012

WISHING EVERY ONE READING ACROSS "MELIORATE" A VERY VERY HAPPY NEW YEAR 2012......
Powered By Blogger