Social Icons

Saturday, April 27, 2013

Cloud Forensics:The State as on Date

1.   Cloud Forensics per se has got two powerful terms of today's buzzing IT World..... that's Cloud and Forensics...when traditional computing methods of forensics are still to mature...Cloud itself has a long way to go before the final matured model comes up...this combination actually refers to the world of CLOUD FORENSICS. NIST defines it as follows :

"Cloud forensics is the application of digital forensics science in cloud computing environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence. Organizationally, it involves interactions among cloud actors (i.e.,cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi-tenant situations."

2.   Today at NULLs meet,I got an opportunity to give this presentation on Cloud Forensics....the copy is shown below :


3. About NULL...please read about the community at their website at http://null.co.in/. The team is doing a great job for buzzing IT professionals,students,geeks,script kiddies(like me!!! :-). NULL boasts of an active security community where monthly meets and regular security awareness camps in various Institutions and Organizations are held. Basically a bunch of security phreaks who like to share their technical expertise and hacking skills with each other and spread awareness among the common people about the good, the bad and the ugly side of computers and technology. They believe that sharing the right technical knowledge leads to expertise and innovation.I joined them about 4 months back and have learned a lot in few meets that I attended!!!!!

Sunday, April 21, 2013

Virtual Machines : Escape vs Introspection

1.   For last few years playing inside a VM ,I always used to wonder if it actually that safe surfing anything inside a VM...and that hardly anything gets in touch with the Host machine while we work with applications inside.Then I heard of two relative terms that are : Virtual Machine Escape vs Virtual Machine Introspection

2.  New to me but pretty old from point of view of existence....these are briefly explained below :

Virtual Machine Escape

Normally virtual machines are encapsulated, isolated environments. The operating systems running inside the virtual machine shouldn't know that they are virtualized, and there should be no way to break out of the virtual machine and interact with the parent hyper visor  The process of breaking out and interacting with the hyper visor is called a “VM escape.” Since the hyper visor controls the execution of all of the virtual machines an attacker that can gain access to the hyper visor can then gain control over every other virtual machine running on the host. Because the hyper visor is between the physical hardware and the guest operating system an attacker will then be able to circumvent security controls in place on the virtual machine.(Source : http://lonesysadmin.net)





Virtual Machine Introspection

Although virtualization isn’t new, the recent development of x86 virtualization products has revived interest in the virtualization market. This has led to the evolution of Virtual Machine Introspection (VMI) techniques and tools to monitor VM behavior. VMI tools inspect a VM from the outside to assess what’s happening on the inside.This makes it possible for security tools—such as virus scanners and intrusion detection system to observe and respond to VM events from a “safe” location outside the monitored machine. Depth of information is the fundamental benefit behind a concept called Virtual Machine Introspection (VMI). Its use within virtualized environments is absolutely crucial to effective risk mitigation at scale.(Source : |http://www.securityweek.com/vm-introspection-know-your-virtual-environment-inside-and-out)

So the basic difference is I think the route,in case of the former the need is to contact the hypervisor from inside and the latter shows the way out to get to know whats happening inside from outside perspective.....

Saturday, April 20, 2013

Self Destructing E Mails : Receiver reads them only Once

1.   It has always remained a question for typical email users like u and me of how to send a self destructing E-Mail...an email that is read once and destroyed that moment like how about your office messages with vendors or love mails with your present Girl Friend/Boy Friend or u can imagine situations for such requirements....

2. Earlier it had been the disposable email solution and now there are many solutions that offer this particular requirement of Self Destructing E Mails.Below are few such sites and solutions :

http://www.self-destructing-email.com/

Offers free trials last for two weeks or 25 emails (whichever comes first) and u need to register with it.It lets you decide what happens to your email after sending.

https://privnote.com/


Privnote is a free web based service that allows you to send top secret notes over the internet. It's fast, easy, and requires no password or user registration at all.

Just write your note, and you'll get a link. Then you copy and paste that link into an email (or instant message) that you send to the person who you want to read the note. When that person clicks the link for the first time, they will see the note in their browser and the note will automatically self-destruct; which means no one (even that very same person) can read the note again. The link won't work anymore.(Courtesy : https://privnote.com/ )


http://www.destructingmessage.com/

DestructingMessage.com is a free service which enables you to send a self-destructing message to someone. This means, once they read the message they will no longer be able to read it again after the timer has reached zero. This ensures your message is read by no one but the reader and all evidence of the message is erased. Messages are also anonymous unless you add any identifiable information to your message.(Courtesy : http://www.destructingmessage.com/)

https://oneshar.es/

-  Uses HTTPS (SSL; Port 443) to encrypt the data from your web browser to our servers.

-  All data is stored encrypted.
-  When someone views the unique URL that you send them; your encrypted message is deleted from our system.
-  The datacenter maintains the latest security updates and patches on our server.
-  Google Analytics is used on our site for web analytics.

4G drives to Indore in Cars and Motors via BSNL


1.   Indore is keeping its surfing grounds ready to welcome the 4G speed @ courtesy BSNL.Likely to be launched in some time May 2013......this will also be the first time some thing known as WiFi based "Internet on wheels" will be launched...but that is scheduled slightly later.

2.   Key features about the same :

 - 8 Mbps speed

-  Wi-Fi-based internet facility to motorists on move

-  Rough payment plans :
   
-   "BSNL's internet-activated car kit would be available in three ranges of one time payment plans that include : 
      - Rs 6500, 
      - Rs 27,500 
      - Rs 29,500

-  This will come along with a standard dial-up plan of Rs 250 per month.

3.  Here you go Indore'ites....all the best....but at the same time what props up is how will the gadgets handle this 4G speed....will the already held 3G mobiles and Tabs be able to take on the new G or are we awaiting new advertisements to lure us buying 4G devices!!!!

Thursday, April 18, 2013

Browser Updates

1.   Without emphasizing on the need of why we should always keep our browsers updated,I am briefly bringing out here how to check and update your browsers.These browsers are invariably the most commonly used one's ...so I just updated few of them although the browsers exists in plenty!!!!


Firstly

To check the version of your Web Browser, Open the  Browser 
and do the following actions :


For Opera Browser

Click on “Main Menu > Help > About Opera”.


For Firefox

Click “Main Menu >Help> About Firefox.

For Internet Explorer

Press Alt+H and Click on “About Internet Explorer”.

For Apple Safari

Press Alt+H and Click on “About Safari”.

Secondly

To check whats the latest version doing the surfing....i advise two options...either you can simply ask google or check form the respective websites of the web browser...or another easy(but third party) way out is to check the latest versions available for download at http://www.filehippo.com/software/internet/browsers/



Monday, April 15, 2013

HIT WICKET & OUT- Microsoft Genuine Patch crashes WINDOWS 7


1.     This is some news from the corridors of Microsoft.A genuine MS patch released for Windows 7.The patch in the dispute is "Microsoft Security Bulletin MS13-036"

2.  Redmond from Microsoft's Security Response blog blamed the glitch on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download centre.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

3.   That means Windows 7 users should uninstall the security patch Microsoft issued on Tuesday because some PCs failed to restart after applying the update.....:-).Microsoft has advised users of Win 7 and Windows Server 2008 R2* to roll-back the patch.




4.   More about the patch here.Thanks http://www.theregister.co.uk/security/

Friday, April 12, 2013

GPS SPOOF!!!!

1.   Unlike the regular IT hacks wherein we keep seeing MAC spoofing,IP spoofing etc....what can one imagine if a GPS is spoofed.....:-)...can it make a plane land at a wrong coordinate?...YES!!!if it goes by the claims of a Iranian.

2. A US stealth drone was captured by spoofing its GPS coordinates, a hack that tricked the bird into landing in Iranian territory instead of where it was programmed to touch down...Phew..i bet u will read that again(Source :http://www.theregister.co.uk/2011/12/15/us_spy_drone_gps_spoofing/ )

3.   The 1700-word article cited an unnamed Iranian engineer who said he's studying the inner workings of the American bat-wing RQ-170 Sentinel that recently went missing over Iranian airspace. He said the spoofing technique made the craft “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center.(Source :http://www.theregister.co.uk/2011/12/15/us_spy_drone_gps_spoofing/ )

4. Thats hell of a HACK...if it actually is!!!!!!salutes to the guy who could do it in real....now i wonder what all could land at forbidden places if it is really possible.....:-)

Wednesday, April 10, 2013

FUDUNTU : Ubuntu + Fedora

1.     How about the best from Ubuntu and Fedora into one single OS?... that's rightly heard....the name is FUDUNTU....few things about this mentioned below :

- Website at http://www.fuduntu.org/

- Fuduntu aims to fit somewhere between Fedora and Ubuntu

- Fuduntu is a lighthearted and fun Linux distribution

 - Option to download directly as well as through torrent

- Fuduntu is optimized for on the go computing(good for Laptop and Netbook users )

- Improved battery life of 30% or more over other Linux distributions.

- The latest Fuduntu 2013.2 has LibreOffice, GIMP, Thunderbird, and other software that takes up a lot of space, approximately 10GB of disk space when installed. However, if you don’t need all that, try out the Lite version, where ISO weighs 800 MB and eats up 6 GB when installed.

2.   The download has started and if I feel it worth will show up with something about it...btw the looks are promising!!!!!



Tuesday, March 26, 2013

Whonix : Not just another ANONYMOUS OS!!!

1.     When u simply Google on "How to surf Anonymously on the web ? ".....u get a whooping 5,510,000 results in 0.19 seconds!!!!!but when u have such a plethora of options..how do u actually decide on which is actually worth? So there is TOR, then there is Anonymous OS.....did some one think Incognito?....:-)..so we have millions in the line!...so now what I am going to mention here is about Whonix OS.....few points about this as follows :

- An anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor.

- By Whonix design, IP and DNS leaks are impossible.

- Not even malware with root rights can find out the user's real IP/location.

- Whonix consists of two (virtual) machines.

-  One VM solely runs Tor and acts as a gateway, which we call Whonix-Gateway.

-  The other VM, which we call Whonix-Workstation, is on a completely isolated network.

-  Only connections through Tor are possible.

2.  When you download the image from the source forge site at http://sourceforge.net/projects/whonix/files/whonix-0.5.6/ you get basically three files.Two in the appliance format and one as a vmdk.So here is the basic diagram explaining the working architecture in WHONIX.

(Click on the image to enlarge)

3.   There is a small difference when we install this OS.Unlike the regular OSs wherein you get the .iso image of the OS and you install it in the typical manner,here the files you need to install are actually virtual appliances in form of .ovf and .ova format.How the installation is done is shown in the video cast below :



Sunday, March 24, 2013

Twitter Session Cookie Vulnerability

1.    This one is pretty easy to show and understand..but the only thing not understandable is the fact that it actually exists even today.....so this one is about Twitter Session Cookie Vulnerability.I got to know of this at Null's delhi meet where Rishi Narang (http://www.wtfuzz.com/ )gave this demonstration of which I made a video cast subsequently and uploaded it here at your tube.


2.    In brief it goes like this...u login into your twitter account,an auth_token cookie is generated in the crowd  of various other cookies.Now this cookie only will be able to log you in your twitter account from anywhere across the web....simply watch how to exploit!!!!

3.   Thanks Rishi Narang @ http://www.wtfuzz.com/
Powered By Blogger