Malicious Shortened URLs : Rising Threat

1.     Internet today is all but a minefield of boogies,traps and malware.....every day so many threats are born....though most of them die but still a huge percent of them survive the security walls and become stronger by time as they are able to remain live and acvtive.In recent times shortened URLs have become popular amongst users (including me...:-) to conserve the typing space like in microblogging sites viz twitter etc.So typically a naive(???),prone user who submits his long URL to a site to get a shortened URL receives a second,specially coded shortened URL that redirects to the original URL.So here lies the weak hole that is most of the times exploitable by the attacker...because the actual destination URL is hidden in it....so going by the looks...there is nothing to worry...but it is the redirection that is a cause of worry...it may be right or may be redirecting to a malicious link....!!!!so when some one uses a free URL shortener ,he does not have control over that shortened link. And, should something happen to the provider of that URL shortener, then he risks redirecting ALL of shortened links elsewhere!!!

2.  We all know that clicking links is pretty tempting....so it is just a matter of one redirected malicious link click that makes the difference....so whats the solution????...actually companies like Facebook,Gmail, SBI, Paypal ,twitter etc are offering users the option of persistent SSL encryption and authentication across all the pages of their services including the login and all accessible pages.....but this does not stand good for all...for these sites also..it is optional to vide the settings for accessing....

FEDORA 18 RELEASE DATE : 08 Jan 2013

Hi guys....a very HAPPY NEW YEAR 2013 to you.....and for those of you like me who are waiting to upgrade ur Beefy Miracle to Fedora 18 Spherical Cow..u need to wait a few more days till 8 January 2013... that's the release date scheduled now..hope that stands by the time!!!

DREAM JOB : Cyber Special Agent@FBI

1.    Came across this dream job kind job for a guy like me :-)......i got this from twitter handle @CcureIT

2.   Now this job is meant for US Citizens only...and any Cyber Security guy enthu about being savvy about making a career in cyber security should at least go through what they demand and what they offer....it's worth value addition to self in at least knowing what the best organisations demand in terms of QR for getting a job like this.All the details available at https://www.usajobs.gov/GetJob/ViewDetails/332166500?utm_source=dlvr.it&utm_medium=twitter#TopofPage

India developing own Secure OS to strengthen Cyber Security

1.   India is developing own secure OS to strengthen cyber security.Got this news piece from here.The key points from the news are :

- India's own secure operating system to strengthen cyber security.

- 150 Engineers across the country have already been working on creating an Indian OS for over one year and a half. 

- According to Times of India ,it will be ready in next three years.

- There is no foreign involvement in this project. It is purely build by Indians.

2.   It is indeed heartening to know all this...but whats the point? Does the team of 150 engineers and the vision behind think they are creating a secure and 100% fool proof OS?...The moment it is released...there will be many vulnerabilities that will be gradually known...and then the same cat mouse race will being like with any other OS..so whats the point of starting from scratch?....will it not be wise to securify existing opensource available and invest in something like improving upon existing resources?.....Case in point,the DESI OS....will lag behind in terms of experiences gained by Windows and other OS Communities who have been in the game for years...........who have been improving daily for so many years!!!like Fedora...Ubuntu...they have been improving for last so many years to reach a level like as on date available to us....

3.  Although it is a veri good thought to have a desi OS....but I sincerely feel that we are slightly late in realizing the need of a desi OS...

MALWARE via SUDOKU via EXCEL SHEET

1.  Sudoku is good for you brain....but it may compromise your PC if you have downloaded one of the excel files with embedded malicious script inside that offers you to play the subject game. Peter Szabo from SophosLabs has identified a piece of malware that resides behind a Microsoft Excel-based Sudoku generator. The Malware developed in Visual Basic requires macros, a scripting language that allows users to create equations based on values in different columns and rows. Microsoft – Malware behind Microsoft Excel-based Sudoku generator.

CLICK TO ENLARGE

2.   Although by default the macros are disabled in any Microsoft Office application....but any one who downloads the excel file would eventually enable the macros that run the script to play the game...so he can keep playing the game while the script in the background sets up the malware and establishes contact with its master bot.....so like always the updated Antivirus on the system will keep sitting without catching up anything.....so comes the importance of packet analyzers like Wireshark....ethreal etc...but then it becomes slight technical which in most cases would be out of purview for a common user.

MSE : Loosing Shine

1.   Since last few years any one who asked me on recommending a Antivirus for his/her PC...I would always say if you have a original Windows...then leave your worries to MSE...thats Microsoft Security Essentials ie MS's own antivirus or may be I would recommend Kaspersky PURE in few other cases who were not happy with MSE.

2.  I had been using MSE for my own system as well...and I found it worked pretty fine...light on use and had no major compatibility and configuring issues since it worked mostly in the background.But there has been some decline in recent time and efforts by Microsoft in keeping with the pace of the hackers and cyber criminals!!!

3. The AV-TEST Institute,the leading international and independent service provider in the fields of IT security and anti-virus research.It uses state-of-the-art methods and research work to carry out AV-TESTs to  directly detect the latest malware, to analyse it  and to inform web site visitors top-quality results obtained.So the latest results showed MSE being given 1.5 out of 5 maximum ratings.The screen shot from the link http://www.av-test.org/en/tests/home-user/windows-7/sepoct-2012/ is shown below :

Click on image to Enlarge

4.   And to me, that's a huge concern considering how Windows 8 itself draws on a lot of MSE for its own in-built security....:-)

How to find windows product key : Product Key Decryptor

1.   Have you ever found yourself in a position when a genuine Windows OS key is required!!!!This tool will be useful if you have ever lost your product CD Key or you have to reinstall the product again.The nae of the product is Product Key Decryptor that's a  FREE software to instantly recover License Keys of popular Windows products.The supported list of software's of which the keys can be extracted is shown below :

Microsoft Windows NT

Microsoft Windows XP

Microsoft Windows Vista

Microsoft Windows Server 2003

Microsoft Windows Server 2008

Microsoft Windows 7

Microsoft Windows 8

Microsoft Office 2003

Microsoft Office 2007

Microsoft Office 2010

Visual Studio 2005

Visual Studio 2008

Visual Studio 2010

Visual Studio 2012

Internet Explorer 6

Internet Explorer 7

Internet Explorer 8

Internet Explorer 9

Internet Explorer 10

VMWare Workstation 6.x

VMWare Workstation 7.x

VMWare Workstation 8.x

VMWare Workstation 9.x

2.    It automatically detects and decrypts the license/CD key of all the supported products from your system. Currently it can recover License key of few popular products including Windows Operating System, Microsoft Office, Visual Studio, Internet Explorer, VMWare Worktation. The best thing about this is FREE...now though nothing is free in this world...it may be having its own repercussions in the background

 :-) Here are the main features & benefits: 

-  Instantly decrypt and recover license/CD keys of popular Products

-  Simple & elegant GUI interface makes it easy to use.

-  Right click context menu to quickly copy the Product License Key

-  Sort feature to arrange the displayed passwords

-  Backup the the recovered Product Keys to HTML/XML/TEXT file.

-  Integrated Installer for assisting you in local Installation & Uninstallation.

3.  The product can be downloaded at http://securityxploded.com/product-key-decryptor.php

How to Format a USB drive with FAT32 file system: FEDORA 17/LINUX

1.   The ease of formatting that the regular windows user is used involves a simple right click on the drive and clicking format.But for a linux user the scene is a little different involving a set of commands.Shown here with screen shots.The commands used are :

- df -h
- fdisk -l
- umount /run/media/duqu/?????***(ur mount name)
- mkdosfs -F 32 -I /dev/sdc1

(CLICK ON THE IMAGE TO ENLARGE)

(CLICK ON THE IMAGE TO ENLARGE)

(CLICK ON THE IMAGE TO ENLARGE)

Need of Encryption : Your files - Your Data

1.   In today's times when every spying eye,every hacker on the web is eyeing your info.... apart from hardening your OS and configuring your system securely what else can you do to secure your info after some one gate crashes into your system?.....I mean after someone gets your root privileges via remote access...what are the options to save your self from sharing your critical data with him?The answer is ENCRYPTION...

2.   Encryption is the process of encoding your information) in such a way that hackers cannot read it, but that authorized parties can.So without getting into the nitty gritties of what is Encryption and how it works..i am focusing here of what all opensource and free applications are available for encryption...

3.   First I would mention about TrueCrypt,this is the one I have been using for years...the reliability of this application can be gauged from the fact that in 2008, the FBI attempted to break encryption on hard drives using a program called TrueCrypt, but the equipment was finally returned after a year of failed tries.(Source : http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html)

4.   The other strong opensource software's available for encryption are :

    - E4M ie ENCRYPTION for MASSES)
    - Free OTFE
    - Scramdisk

5.   TrueCrypt remains the best bet for all present users.The popularity can be gauged from another fact that this is being used by cyber criminals to!!

TrueCaller : Is it Stealing your Info?

1.    TrueCaller is one famous application doing the rounds on Twitter Google+ Facebook Android Phones.The claim by the application goes like you login from either of the applications and you would be able to know the name of the mobile phone number owner by name.The claim actually stands right in over 90 % of the cases that I tried.This made me wonder how?...i thought like all those free forms that we keep regularly filling on the internet or some grocery shop for some free bundles or if TrueCaller has tied up with the mobile phone service providers?But then something happened that made me a little suspicious about this app.It so happened that I tried my mom's number on the application and so came the answer like "TIWARI MAM"....this made me think of how would the application know that my mom is a teacher...

2.   So I wondered if the application after installation on your mobile device actually makes all the contacts phone number available on the site with the name that I have typed against that number!!!So I tried mine which was not available, by the name "anupam CCCSP"

3.  Though it did not show promptly but after a day after I typed my phone number it came to be seen as "anupam CCCSP".So this actually means that the application is actually stealing and making my contacts info on my phone public!!!!...but then I also realized that it was me only who agreed to the terms and conditions while installing the app on my phone which most of us including me never read.

4.   So it comes actually to the naiveness of the common user who invariably without reading any of the terms and conditions agrees to install.....:-)