Social Icons

Saturday, April 27, 2013

Cloud Forensics:The State as on Date

1.   Cloud Forensics per se has got two powerful terms of today's buzzing IT World..... that's Cloud and Forensics...when traditional computing methods of forensics are still to mature...Cloud itself has a long way to go before the final matured model comes up...this combination actually refers to the world of CLOUD FORENSICS. NIST defines it as follows :

"Cloud forensics is the application of digital forensics science in cloud computing environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence. Organizationally, it involves interactions among cloud actors (i.e.,cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi-tenant situations."

2.   Today at NULLs meet,I got an opportunity to give this presentation on Cloud Forensics....the copy is shown below :


3. About NULL...please read about the community at their website at http://null.co.in/. The team is doing a great job for buzzing IT professionals,students,geeks,script kiddies(like me!!! :-). NULL boasts of an active security community where monthly meets and regular security awareness camps in various Institutions and Organizations are held. Basically a bunch of security phreaks who like to share their technical expertise and hacking skills with each other and spread awareness among the common people about the good, the bad and the ugly side of computers and technology. They believe that sharing the right technical knowledge leads to expertise and innovation.I joined them about 4 months back and have learned a lot in few meets that I attended!!!!!

Sunday, April 21, 2013

Virtual Machines : Escape vs Introspection

1.   For last few years playing inside a VM ,I always used to wonder if it actually that safe surfing anything inside a VM...and that hardly anything gets in touch with the Host machine while we work with applications inside.Then I heard of two relative terms that are : Virtual Machine Escape vs Virtual Machine Introspection

2.  New to me but pretty old from point of view of existence....these are briefly explained below :

Virtual Machine Escape

Normally virtual machines are encapsulated, isolated environments. The operating systems running inside the virtual machine shouldn't know that they are virtualized, and there should be no way to break out of the virtual machine and interact with the parent hyper visor  The process of breaking out and interacting with the hyper visor is called a “VM escape.” Since the hyper visor controls the execution of all of the virtual machines an attacker that can gain access to the hyper visor can then gain control over every other virtual machine running on the host. Because the hyper visor is between the physical hardware and the guest operating system an attacker will then be able to circumvent security controls in place on the virtual machine.(Source : http://lonesysadmin.net)





Virtual Machine Introspection

Although virtualization isn’t new, the recent development of x86 virtualization products has revived interest in the virtualization market. This has led to the evolution of Virtual Machine Introspection (VMI) techniques and tools to monitor VM behavior. VMI tools inspect a VM from the outside to assess what’s happening on the inside.This makes it possible for security tools—such as virus scanners and intrusion detection system to observe and respond to VM events from a “safe” location outside the monitored machine. Depth of information is the fundamental benefit behind a concept called Virtual Machine Introspection (VMI). Its use within virtualized environments is absolutely crucial to effective risk mitigation at scale.(Source : |http://www.securityweek.com/vm-introspection-know-your-virtual-environment-inside-and-out)

So the basic difference is I think the route,in case of the former the need is to contact the hypervisor from inside and the latter shows the way out to get to know whats happening inside from outside perspective.....

Saturday, April 20, 2013

Self Destructing E Mails : Receiver reads them only Once

1.   It has always remained a question for typical email users like u and me of how to send a self destructing E-Mail...an email that is read once and destroyed that moment like how about your office messages with vendors or love mails with your present Girl Friend/Boy Friend or u can imagine situations for such requirements....

2. Earlier it had been the disposable email solution and now there are many solutions that offer this particular requirement of Self Destructing E Mails.Below are few such sites and solutions :

http://www.self-destructing-email.com/

Offers free trials last for two weeks or 25 emails (whichever comes first) and u need to register with it.It lets you decide what happens to your email after sending.

https://privnote.com/


Privnote is a free web based service that allows you to send top secret notes over the internet. It's fast, easy, and requires no password or user registration at all.

Just write your note, and you'll get a link. Then you copy and paste that link into an email (or instant message) that you send to the person who you want to read the note. When that person clicks the link for the first time, they will see the note in their browser and the note will automatically self-destruct; which means no one (even that very same person) can read the note again. The link won't work anymore.(Courtesy : https://privnote.com/ )


http://www.destructingmessage.com/

DestructingMessage.com is a free service which enables you to send a self-destructing message to someone. This means, once they read the message they will no longer be able to read it again after the timer has reached zero. This ensures your message is read by no one but the reader and all evidence of the message is erased. Messages are also anonymous unless you add any identifiable information to your message.(Courtesy : http://www.destructingmessage.com/)

https://oneshar.es/

-  Uses HTTPS (SSL; Port 443) to encrypt the data from your web browser to our servers.

-  All data is stored encrypted.
-  When someone views the unique URL that you send them; your encrypted message is deleted from our system.
-  The datacenter maintains the latest security updates and patches on our server.
-  Google Analytics is used on our site for web analytics.

4G drives to Indore in Cars and Motors via BSNL


1.   Indore is keeping its surfing grounds ready to welcome the 4G speed @ courtesy BSNL.Likely to be launched in some time May 2013......this will also be the first time some thing known as WiFi based "Internet on wheels" will be launched...but that is scheduled slightly later.

2.   Key features about the same :

 - 8 Mbps speed

-  Wi-Fi-based internet facility to motorists on move

-  Rough payment plans :
   
-   "BSNL's internet-activated car kit would be available in three ranges of one time payment plans that include : 
      - Rs 6500, 
      - Rs 27,500 
      - Rs 29,500

-  This will come along with a standard dial-up plan of Rs 250 per month.

3.  Here you go Indore'ites....all the best....but at the same time what props up is how will the gadgets handle this 4G speed....will the already held 3G mobiles and Tabs be able to take on the new G or are we awaiting new advertisements to lure us buying 4G devices!!!!

Thursday, April 18, 2013

Browser Updates

1.   Without emphasizing on the need of why we should always keep our browsers updated,I am briefly bringing out here how to check and update your browsers.These browsers are invariably the most commonly used one's ...so I just updated few of them although the browsers exists in plenty!!!!


Firstly

To check the version of your Web Browser, Open the  Browser 
and do the following actions :


For Opera Browser

Click on “Main Menu > Help > About Opera”.


For Firefox

Click “Main Menu >Help> About Firefox.

For Internet Explorer

Press Alt+H and Click on “About Internet Explorer”.

For Apple Safari

Press Alt+H and Click on “About Safari”.

Secondly

To check whats the latest version doing the surfing....i advise two options...either you can simply ask google or check form the respective websites of the web browser...or another easy(but third party) way out is to check the latest versions available for download at http://www.filehippo.com/software/internet/browsers/



Monday, April 15, 2013

HIT WICKET & OUT- Microsoft Genuine Patch crashes WINDOWS 7


1.     This is some news from the corridors of Microsoft.A genuine MS patch released for Windows 7.The patch in the dispute is "Microsoft Security Bulletin MS13-036"

2.  Redmond from Microsoft's Security Response blog blamed the glitch on conflicts with third-party software:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download centre.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

3.   That means Windows 7 users should uninstall the security patch Microsoft issued on Tuesday because some PCs failed to restart after applying the update.....:-).Microsoft has advised users of Win 7 and Windows Server 2008 R2* to roll-back the patch.




4.   More about the patch here.Thanks http://www.theregister.co.uk/security/

Friday, April 12, 2013

GPS SPOOF!!!!

1.   Unlike the regular IT hacks wherein we keep seeing MAC spoofing,IP spoofing etc....what can one imagine if a GPS is spoofed.....:-)...can it make a plane land at a wrong coordinate?...YES!!!if it goes by the claims of a Iranian.

2. A US stealth drone was captured by spoofing its GPS coordinates, a hack that tricked the bird into landing in Iranian territory instead of where it was programmed to touch down...Phew..i bet u will read that again(Source :http://www.theregister.co.uk/2011/12/15/us_spy_drone_gps_spoofing/ )

3.   The 1700-word article cited an unnamed Iranian engineer who said he's studying the inner workings of the American bat-wing RQ-170 Sentinel that recently went missing over Iranian airspace. He said the spoofing technique made the craft “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center.(Source :http://www.theregister.co.uk/2011/12/15/us_spy_drone_gps_spoofing/ )

4. Thats hell of a HACK...if it actually is!!!!!!salutes to the guy who could do it in real....now i wonder what all could land at forbidden places if it is really possible.....:-)

Wednesday, April 10, 2013

FUDUNTU : Ubuntu + Fedora

1.     How about the best from Ubuntu and Fedora into one single OS?... that's rightly heard....the name is FUDUNTU....few things about this mentioned below :

- Website at http://www.fuduntu.org/

- Fuduntu aims to fit somewhere between Fedora and Ubuntu

- Fuduntu is a lighthearted and fun Linux distribution

 - Option to download directly as well as through torrent

- Fuduntu is optimized for on the go computing(good for Laptop and Netbook users )

- Improved battery life of 30% or more over other Linux distributions.

- The latest Fuduntu 2013.2 has LibreOffice, GIMP, Thunderbird, and other software that takes up a lot of space, approximately 10GB of disk space when installed. However, if you don’t need all that, try out the Lite version, where ISO weighs 800 MB and eats up 6 GB when installed.

2.   The download has started and if I feel it worth will show up with something about it...btw the looks are promising!!!!!



Tuesday, March 26, 2013

Whonix : Not just another ANONYMOUS OS!!!

1.     When u simply Google on "How to surf Anonymously on the web ? ".....u get a whooping 5,510,000 results in 0.19 seconds!!!!!but when u have such a plethora of options..how do u actually decide on which is actually worth? So there is TOR, then there is Anonymous OS.....did some one think Incognito?....:-)..so we have millions in the line!...so now what I am going to mention here is about Whonix OS.....few points about this as follows :

- An anonymous general purpose Operating System based on Virtual Box, Debian GNU/Linux and Tor.

- By Whonix design, IP and DNS leaks are impossible.

- Not even malware with root rights can find out the user's real IP/location.

- Whonix consists of two (virtual) machines.

-  One VM solely runs Tor and acts as a gateway, which we call Whonix-Gateway.

-  The other VM, which we call Whonix-Workstation, is on a completely isolated network.

-  Only connections through Tor are possible.

2.  When you download the image from the source forge site at http://sourceforge.net/projects/whonix/files/whonix-0.5.6/ you get basically three files.Two in the appliance format and one as a vmdk.So here is the basic diagram explaining the working architecture in WHONIX.

(Click on the image to enlarge)

3.   There is a small difference when we install this OS.Unlike the regular OSs wherein you get the .iso image of the OS and you install it in the typical manner,here the files you need to install are actually virtual appliances in form of .ovf and .ova format.How the installation is done is shown in the video cast below :



Sunday, March 24, 2013

Twitter Session Cookie Vulnerability

1.    This one is pretty easy to show and understand..but the only thing not understandable is the fact that it actually exists even today.....so this one is about Twitter Session Cookie Vulnerability.I got to know of this at Null's delhi meet where Rishi Narang (http://www.wtfuzz.com/ )gave this demonstration of which I made a video cast subsequently and uploaded it here at your tube.


2.    In brief it goes like this...u login into your twitter account,an auth_token cookie is generated in the crowd  of various other cookies.Now this cookie only will be able to log you in your twitter account from anywhere across the web....simply watch how to exploit!!!!

3.   Thanks Rishi Narang @ http://www.wtfuzz.com/

Raspberry Pi : Whats this?

1.    Over last few months I have been seeing this term being mentioned in newly raised OS and applications...in the form like such and such OS/Application is Raspberry Pi compatible...so initially it did not  make me enthu enough to do some google/wiki on this..but when I read about Kali Linux being compatible with this Raspberry Pi...i thought I must see this when knowing it is just a click away...so goes like this for the first time readers about Raspberry Pi......

-  Raspberry Pi is a Credit-Card-Sized Single-Board Computer developed in the UK by the Raspberry Pi Foundation 

- Developed and introduced with the intention of promoting the teaching of basic computer science in schools....(sounds grt...we never had this...bugged with 8086 boards in our times...)

-  It has a Broadcom BCM2835 system on a chip (SoC)

-  Includes an ARM1176JZF-S 700 MHz processor 

-  Offers OEM Fiited 256 megabytes of RAM, later upgradable upto 512MB.

-  Does not include a built-in hard disk or solid-state drive, but uses an SD card for booting and long-term storage.

-  Extremely useful for Engineering Students for Projects Related to Robotics

2.    How does it look like ?

Click to Enlarge
Image Courtesy : http://www.derkbraakman.com


Click to Enlarge
Image Courtesy : http://www.raspberrypi.org



Thursday, March 21, 2013

MODULAR DATA CENTERs

1.   Modular data center system's are a portable method of deploying data center capacity ie an alternative to the typical building set up like traditional data center.


2.   In general Modular data centers come in two types of form factors. 

-    Containerized Data Centers  fits data center repository (servers, storage and networking equipment) into a standard shipping container.A perfect example of this is the NEBULA@NASA.Few details of this are mentioned below :

How Nebula Looks Like ?





Features :

    -  40-foot long container
    -  Designed in consultation with CISCO
    -  built inside a FOREST container from Verari Systems
    -  Self-service platform built from open source software
    -  Each shipping container data center can hold up to 15,000 CPU cores
    -  Can accommodate files as large as eight terabytes 
    -  Can accommodate an individual file system of 100 terabytes
    -  Makes easier for NASA scientists to share large/complex data sets

2.   Another form of modular data center fits data center equipment into a facility composed of Prefabricated components.Example is HP’s version of this type of modular data center, which it calls Flexible Data Center.How this looks like is shown below :


Tuesday, March 19, 2013

Keystroke Dynamics Software : We all type UNIQUELY

1.     As on date Passwords are the most common form of identification but at the same time they are also the weakest. Though they are gradually being offered with replacements from the field of bio metrics,picture passwords and OTPs etc...still it will take its time before passwords are a forgotten past..now comes another cool option to identify uniquely....the concept is likely to surprise you if you have not heard of it before!!!!this is known as Keystroke Dynamics.The key points about this are bought out below in brief :

- Know as  Deepnet Security’s TypeSense keystroke dynamics software.


- TypeSense is an authentication solution based on the science of typeprint recognition that uses keystroke dynamics to accurately identify a user by the way they type characters across a keyboard. 

- Keystroke Dynamics technology extracts the distinctive characteristics found in typed sequences of characters, and creates a statistically unique signature from the typing patterns of a person. 

- These distinctive features include the duration for which keys are held and the elapsed time between successive keystrokes. This type of software runs in the background and constantly monitors your key stokes, learns your style, and can detect if your computer’s been hijacked.

- It’s relatively user-friendly and low-cost. 

- It’s mobile and can be used to access your online accounts from anywhere and can be easily integrated in your existing authentication infrastructure.

2.    But as on date the limitation is that typing style can vary greatly depending on whether you are tired, distracted, angry, medicated, or any number of other circumstances. These variations can cause the software to make false positive or negative errors.



3.    At DEFCON : 17, Andrea Barisani and Daniele Bianco demonstrated how to sniff keystrokes using unconventional side channel attacks. Wires in PS/2 keyboards leak information from the data wire into the ground wire which acts like an antenna. The leaked information about the keyboard strokes can be detected on the power outlet, as well as other wires on the same electrical system. By slicing open one of these lines, cutting the ground wire and attaching a probe, the line can be monitored and the signal isolated by filtering out the noise using software such as Scilab. The waves from the oscilloscope and the data can be streamed to the hacker’s computer where additional software is used to extract the victim’s keystroke information.Well..well ..well......there is no end!!!!

4.     Thanks https://www.mafiasecurity.com/access-control/keystroke-dynamics/ and http://www.deepnetsecurity.com/tokens/bio/typesense/

Saturday, March 16, 2013

HP LaserJet Pro printers : Telnet Vulnerable


1.    A critical vulnerability discovered in few LaserJet Pro printers that could give remote attackers access to sensitive data. The latest breach expose by Germany security expert, Christoph von Wittich.In brief points below :

-   HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data.

-   Christoph von Wittich,the guy detected the vulnerability during a routine network scan of his company's corporate network.

-   Vulnerability could also be used for a denial-of-service attack.

-   As long as the printer is not connected to the Internet, this vulnerability should not cause much trouble for the end user,".

-  Effected printers include

      HP LaserJet Pro P1102w
      HP LaserJet Pro P1102
      HP LaserJet Pro P1606dn
      HP LaserJet Pro M1212nf MFP
      HP LaserJet Pro M1213nf MFP
      HP LaserJet Pro M1214nfh MFP
      HP LaserJet ProM1216nfh Multifunction Printer,
      HP LaserJet Pro M1217nfw Multifunction Printer,
      HP LaserJet Pro M1218nfs MFP
      HP LaserJet Pro M1219nf MFP
      HP LaserJet Pro CP1025nw
      HP LaserJet Pro CP1025nw

2.    Now for HP something like this is not new....even in past about 2 years back in dec 2011,a vulnerabilty was discovered wherein "Print of one malicious document can expose your whole LAN".

3.    In-fact I discussed a past case at Feb 2012 last year here....3 months after that happened.HP seems to be busy with printing only....high time they start focusing serious work on security aspects too!!!!

4.    Thanks THN....The Hacker News

Attacks@Image WaterMarking

1.    We keep exploring new grounds but also without realizing the pits it offers,we start playing games on it.Such is the world of IT,we keep discovering so many new technologies to strengthen and exploit for our use and we keep ourselves vulnerable!!!!

2.   Without wasting more words,this post would briefly mention about Image water marking and the type of attacks it remains vulnerable to.So first whats Image Water Marking??...an easy way to describe digital watermark is simply comparing it to a traditional paper watermark or a power point water mark which most of us might have even used at some point of time.Like Traditional watermarks offer proof of authenticity by being imperceptible, digital watermarks offer a way that allows a computer to read the mark but not by the human 6/6 eye....there are actually four essential parameters which are commonly used to determine the quality of water marking these are :

- Robustness
- Imperceptibility
- Payload 
- Security

3.   Now each of these parameters has a unique characteristic that makes the purpose of image water marking strong and adaptable.So when we speak about attacks on image water marking...the attacks again are classified as :

- Image Compression Attack : Primarily used to reduce the size of image in transmission.The original image remains most of it that it was but requires lesser bandwidth to move.

- Image Contrast Attack : To a human eye a slight change in contrast of colors makes a huge difference in overall perception

- Cropping Attack : A part of image gets cropped from original

Re sizing Attack : The image gets re sized from the original coords

- Rotation Attack : A simple clockwise or a anticlockwise attack would rotate the image from its original coords


Another categorization of the image water marking attacks contains four classes :(Source here : Abhishek Goswami)

Removal Attacks : Aim at the complete removal of the watermark information from the watermarked data without cracking the security of the watermarking algorithm

Geometric Attacks : Do not actually remove the embedded watermark itself, but intend to distort the watermark detector synchronization with the embedded information.

Cryptographic Attacks : Cryptographic attacks aim at cracking the security methods in watermarking schemes and thus finding a way to remove the embedded watermark information or to embed misleading
watermarks.

Protocol Attacks : Aim at attacking the entire concept of the watermarking application. This type of attack is based on the concept of invertible watermarks. The idea behind inversion is that the attacker subtracts his own watermark from the watermarked data and claims to be the owner of the watermarked data. This can create ambiguity with respect to the true ownership of the data. 




Thursday, March 14, 2013

Power of PING

In our respective interactions with various networks accessible to us.....as administrators we keep pinging so many IPs for testing the connectivity at various times like ping 192.121.23.1 etc....and we get a response...but ping it self has so many switches that most of us hardly use......i came across a chart today that in a summarized form tells the switches of ping command with examples and a brief explanation.....sharing here with you...thanks http://www.activexperts.com

ping -c countping -c 10Specify the number of echo requests to send.
Ping -dping -dSet the SO_DEBUG option.
Ping -fping -fFlood ping. Sends another echo request immediately
after receiving a reply to the last one.
Only the super-user can use this option.
Ping hostping 121.4.3.2Specify the host name (or IP address) of computer
to ping
ping -i waitping -i 2Wait time. The number of seconds to wait between
each ping
ping -l preloadping -l 4Sends "preload" packets one after another.
Ping -nping -nNumeric output, without host to symbolic name lookup.
Ping -p patternping -p ff00Ping Pattern. The example sends two bytes, one
filled with ones, and one with zeros.
Ping -qping -qQuiet output. Only summary lines at startup and
completion
ping -rping -rDirect Ping. Send to a host directly, without using
routing tables. Returns an error if the host is not on
a directly attached network.
Ping -RPing -RRecord Route. Turns on route recording for the
Echo Request
packets, and display the route
buffer on returned packets (ignored by many
routers).
ping -s PacketSizeping -s 10Sets the packet size in number of bytes, which will
result in a total  packet size of PacketSize plus 8
extra bytes for the ICMP header
ping -vping -vVerbose Output. Lists individual ICMP packets, as well    
as Echo Responses

Wednesday, March 13, 2013

BACKTRACK 6.0 aka KALI LINUX

1.      This will  be a surprise news for those who have were updated till Backtrack 5R3....the same team has come up with some thing more powerful thats named...KALI LINUX....:-)....and not BACKTRACK 6.0......few key points about KALI....

-    Based upon Debian Linux, instead of Ubuntu 

-    New streamlined repositories synchronize with the Debian repositories 4 times a day.

-   Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repository...now start distributing your own ISO....


-   More than 300 penetration testing tools, completely free, Open source, Vast wireless device support, GPG signed packages and repos, Multi-language, Completely customizable make this distribution one of the best available masterpiece of  hacking community.

-    Once again, default root password is same “toor“, you can download Kali Linux here.

2.    My download will start tomorrow morning....will keep me busy for few days and hours...:-)

3.     Thanks http://thehackernews.com

DRDO HACKED : NO....YESS...NO...YESS!!!!goes on...


1.    Now nothing new about this news....its just another hacking news among-st the millions of hacking news and scrolls daily....but it has become an eye popper because it has the word DRDO in it..... that's the Defence Research and Development Organisation.

2.   Though DRDO straight away denies it that it can never happen(whats the basis behind is a well guarded secret...)...but Pawan Duggal,a known Cyber Expert says that never in the history of "India Hacked" past has such voluminous data transferred and resided in servers outside the country borders.....video down here






3.    The hacking is suspected to have been carried out by Chinese hackers and there are fears that some sensitive information could have been compromised.When asked about it, Defence Minister A K Antony said, "Intelligence agencies are investigating the matter at this stage and I do not want to say anything else."

Commenting on the issue, DRDO spokesperson Ravi Gupta said, "As per our information, no computer or network of the DRDO has been compromised."(Offcourse they have records to prove that all sentries and guards were on duty at the moment hackers claim they hacked DRDO....pun intended SIR!!!!!)

4.     Today things in context of Cyber Security at national level stand at a very critical juncture...infact I feel that juncture is past now....we are already late...but still we read and hear that Cyber Security Policy of India will arrive soon.....(i know cut paste also takes time....pun intended!!!!!)..READ HERE

5. India I am sure will keep busy with hiding elephants......jantar mantar.......elections...2014....italy guards.....bhagwan etc etc...but if the priorities don't change the order soon...India will be backed up and downloaded in some other country sooon....it will be veri sad...we are one of the leaders in IT industry....specially software but we have not been able to exploit this potential for in house strengthening...we are all concerned for individual growth...vo subah kabhi to aaayegi....vo subah kabhi to aaayegi!!!!!

Tuesday, March 12, 2013

Graduating from Fedora 18 to Ubuntu 12.10

Had waited for months to see Fedora 18 release and then finally getting a hold of it last month.....was indeed a sad experience....the common bugs that I found in routine working with the Beefy Miracle included TOO SLOW and issues with installations of common third party applications ...everi one coming up with some dependency issue.....so finally downloaded 12.10 Ubuntu yesterday and now working on that...for me its bye bye Fedora 18....but now I am fighting skype cam installation issue with Ubuntu......no luck till now

Friday, March 01, 2013

Browser fight continues : CHROME continues topping too!!!


1.    Not long back we all have seen or might have experienced when violent and pornographic images were fed across facebook profiles of FB friends without the knowledge of the online FB user when he used to simply click on a tempting link!!!!All that happened owing to so many malwares but the exact launching vulnerability was indeed in the BROWSER!!!!!

2.    The openweb is full of options for seemingly good browsers viz Mozilla Firefox, Google Chrome, and Microsoft’s Internet Explorer. But who is the best?.....though when u google u find so may individual claims but third party tests are always welcome on such issues...specially when they have huge evidence to support....like few years back I posted on ACID3 test for the browsers...this one comes from Accuvant...and its actually huge in terms of a conclusive report that's 139 pages in toto......:-)

3.   The full report can be accessed by clicking here...so the Accuvant study revealed that Chrome ranks as the most secure web browser when compared to Internet Explorer and Firefox. Interestingly, German government named Chrome the most secure browser, perhaps lending weight to the study. 

4.   The criteria to test these browsers included factors like ASLR,GS,Sandboxing,JIT Security etc as shown below :

(CLICK ON THE IMAGE TO ENLARGE)

5.   Please google if you wish to know the criteria factors mentioned above in the image.Thanks http://www.accuvant.com/

Tuesday, February 26, 2013

UPDATING FEDORA 18

From terminal,updating Fedora 18 goes like this :


thats


                 su -
Password: ******
                 yum update

Thursday, January 31, 2013

DAEDALUS : Monitor Cyber-Attacks Realtime 3D way


1.    Whether it is the Die Hard ver 4.0 movie scene or Mission impossible recent one or any hi tech cyber movie....we have have all seen the mega sized dark halls equipped with gigantic screen displaying all sorts of real time ridiculous hacker related information and monitoring tracks of the enemy or the protagonist....so how good or effective or even real are these in the real sense....can some thing like these seen and shown over years on the silver screen be REAL....yesss...first watch this video and then read few points as bought out below :


2.   A company in Japan named NICT just unveiled a system dubbed Daedalus that will revolutionize the way companies and even countries can monitor cyber-attacks in full real time 3D representation.The key features about this is bought out as below :

- Daedalus is not only a way to monitor cyber-attacks from outside, but also what’s going on inside it. 

- So if someone receives an email with a virus for example, the system can quickly identify the IP address that is currently spreading it and shut it down immediately.

- The NICT recently gave a demonstration and tracked 190,000 IP addresses in real-time  

- Daedalus can monitor multiple entities at once and get notified, once again, via 3D graphical representation when a cyber-attack occurs. 

- This is not only when it happens, but instantly where it happens and who the attacker is.

3.      So when the objective is envisaged on a higher scale....ie the complete global internet monitoring.....will this be the start to control spam(90% of mails exchanged on the web is spam)....or will this be able to control cyber attacks across.....well not a bad start to a start whose objective is MISSION IMPOSSIBLE type...another thing that may have come to your mind is about the name...of all what does Daedalus mean?...well in Greek mythology, Daedalus means "Clever Worker"

4.  Debriefed from http://www.bitrebels.com/technology/daedalus-3d-cyber-attack-alert-system/ and http://www.nict.go.jp/

Saturday, January 19, 2013

SOLVED: VLC installation Issues : FEDORA 18

1.      After installation of the spherical cow Fedora 18 64 bit on my machine,there was this popping message while i tried installing the VLC media player :


GPG key retrieval failed: [Errno 14] Could not open/read file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-18-x86_64


(CLICK TO ENLARGE)

2.    But this could be solved as shown below :

su -c 'yum localinstall --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-18.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-18.noarch.rpm'

and now do 

yum install vlc


Thursday, January 17, 2013

Like in PATCO case,DO OUR BANKS GUARANTEE CYBER SECURE ACCOUNTS ?

1.   Suppose you have a SBI or HDFC or ICICI Bank or any bank account and you keep doing your regular transactions via their internet banking services like you pay your electricity bills or your mobile or phone bills etc.So ALL is WELL till every thing is going as expected.But then one day you realize that there were transactions that happened without your knowledge or worse some money gets siphoned off without your permission.....Now a journey starts......wherein the account holder will keep expediting with bank of what happened,why it happened,when will he get his money back???? and on the other hand bank will keep trying to prove that it is you or the account holder who acted irresponsible in his transactions and thus became the victim....the typical tu tu....mein mein.....

2.    Keeping this typical story in the background,now just think that did u ever make a attempt to know of what bank standards are maintained in respect of IT Security infrastructure....does bank conduct third party audits seriously?..... in fact the list to know answers to all these questionnaire pertaining to IT security issues of the bank will end up getting complex which would go beyond the understanding level of a typical user...so the simple question is WHO GUARANTEES A SECURE IT INFRASTRUCTURE for a BANK?...is it the bank itself that says " I am secure " or some one else has some authority or some standard that guarantees security....ie Can your savings bank account ever be guaranteed for being HACK FREE?Although the immediate answer in the current setup is sadly "NO"...but there is good news here....for this u need to read this article on " PATCO FRAUD CASE DISPUTE "

3. Brief of this good news goes like this in a Short ppt



How to install Flash Player on Fedora 18@64 bit?

I am singling out the commands only to be run as root ie su -

rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux

yum check-update
yum install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl

Thank you http://www.if-not-true-then-false.com/2010/install-adobe-flash-player-10-on-fedora-centos-red-hat-rhel/

How to install VLC in FEDORA 18 ?

On the same lines as I installed Chrome :

su - 

cd /etc/yum.repos.d/

wget http://pkgrepo.linuxtech.net/el6/release/linuxtech.repo

yum install vlc

How to find if latest kernel version is running on my Linux system?

Simply type in these commands and the result in both the cases should match.....


rpm -qa kernel |sort |tail -n 1

uname -r

Note: If you got kernel update or run older kernel than newest installed then reboot:

reboot

Output of each commands version numbers above should match....for example in my case the out put is shown as below :

[duqu@localhost ~]$ rpm -qa kernel |sort |tail -n 1
kernel-3.6.10-4.fc18.x86_64
[duqu@localhost ~]$ uname -r
3.6.10-4.fc18.x86_64

SCREEN SHOT BELOW :



How to install Chrome browser in Fedora 18 ?

1.   It actually became confusing after few forums that I went to made me to "vi" etc of the repo file but then I came across a good one at http://www.if-not-true-then-false.com/2010/install-chromium-on-fedora-using-yum/ that made my fed 18 machine experience Chrome
 
Login to root and command the prompt as follows :

[root@localhost ~]# cd /etc/yum.repos.d/

[root@localhost yum.repos.d]# wget http://repos.fedorapeople.org/repos/spot/chromium/fedora-chromium-stable.repo

[root@localhost yum.repos.d]# yum install chromium

thats it....the Chrome is ready to run....

Tuesday, January 15, 2013

Upgrading Fedora 17 to Fedora 18

1.   Like me so many of you would have been waiting for the final release of Fedora 18 spherical cow...but at the same time when u see it released u have so many links to move around on how to upgrade from 17 to 18 but u keep ending up with previous one....i went through the same for past hour...:-)

2.  The only set of commands Fedora 17(only) users need to put in are these :
Reach the Root first with the password ie 


su -
*******(ur password)
su -c 'rpm --import https://fedoraproject.org/static/DE7F38BD.txt'


su -c 'setenforce Permissive'

su -c 'yum update yum'

su -c 'yum clean all'

su -c 'yum --releasever=18 --disableplugin=presto distro-sync'

su -c 'rpm --rebuilddb', or rpm -qa will not work due to a upgrade of rpm

3.   For me the upgrade is around 1.6 G as seen in the screen shot below :


4.   Mine is upgrading on way....another few hours should be ok....:-) all the best for your upgrade

Saturday, January 12, 2013

Apple Needs a Doctor : Bitten by JAVA - 2

1.    The Flashback fiasco,as discussed in brief here, was the catalyst for one of the most meaningful decisions Apple made in order to beef up OS X security ie Removing JAVA. "Flashback both led to Apple removing Java from their default installs, and prompted them to release a dedicated cleanup tool," security researcher (and former security engineer for Obama for America) Ben Hagen told Ars. "When an OS vendor releases a dedicated cleanup tool, you know things are bad.The removal of Java was a very Interesting decision and de facto statement by Apple. Java on user systems has become a notorious vector for exploitation; with new, remotely executable vulnerabilities coming out several times last year," Hagen said. "Removing Java both simplifies Apple’s position and provides a safer default state for its users."[Source : http://arstechnica.com/].

2.    Another key decision taken by apple apart from disowning JAVA was endevor to signed security model for apps ie restrict the origin of third-party apps installed on the system, therefore protecting the user from inadvertently installing apps from malicious or unknown sources.Called Gatekeeper, this feature required Apple's developer ecosystem to either sign their apps with a registered certificate—holding them at a higher level of responsibility for when things go haywire—or selling their wares through the Mac App Store and giving Apple its 30 percent cut. [Source : http://arstechnica.com/].

3.   Java is a veri popular program and is used by millions of users worldwide in Windows, Mac and Linux operating systems and in mobile and television devices. It is this popularity that has made it a favorite target of the hackers.So today when we cannot surf without enabling JAVA.....apples decision is indeed a tough step....for those of you who do not realise the importance of JAVA...just try surfing the web disabling JAVA scripts in your browser...u will be surprised you will be prompted at every step to ensure a successful loading of most of the web pages....In fact the U.S. Department of Homeland Security advised computer users to temporarily disable or uninstall Oracle Corp's Java software, stating that a serious flaw in the software could make the system vulnerable to hacking.The warning came in an advisory posted on the department’s website amid the escalating fears and warnings from the net security experts about a flaw in Java Runtime Environment (JRE) 7 and earlier versions that allows the hackers to install malicious software and malware on computers.The vulnerability is so dangerous that the Department of Homeland Security's Computer Emergency Readiness Team urged the people to stop using the software immediately to mitigate damage.Source : [http://www.ibtimes.com/]

4.   So...did u just start thinking of disabling JAVA?????

Apple Needs a Doctor : Bitten by JAVA - 1


1.   The year last ie 2012 was full of various security OS issue like it has always been over years...but one landmark news that made waves was the flashback malware that hit APPLE's Mac that has been long promoted as a safer OS amongst other peer competitors.But as always SIZE DOES MATTER..so as APPLE and market share grew, it became more proner. Dr  Web said that an estimated 600,000 Macs were as of April 2012 infected as a result of users unknowingly installing the FlashBack malware.So before I move ahead...here's a simple FAQ compiled to understand more about FLASHBACK :

What exactly is Flashback?

-  Flashback is a form of malware designed to grab passwords and other information from users 
-  Spread through Web browser and other applications such as Skype. 
-  The user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. 
-  At this point, the software installs code designed to gather personal information and send it back to remote servers. 

Apple needs a DOCTOR


When did it first appear?

-  End of September 2011
-  Pretending to be an installer for Adobe's Flash the malware evolved to target the Java runtime on OS X, where users visiting malicious sites would then be prompted to install it on their machine in order to view Web content. 

What has Apple done about it?

-  Apple has its own malware scanner built into OS X called XProtect. 
-  Since Flashback's launch, the security tool has been updated twice.
-  A more recent version of the malware, however, got around XProtect by executing its files through Java. 
-  Apple closed off the malware's main entry point with a Java update on April 3, and has since released a removal tool as part of a subsequent Java update.

How do I tell if I have it?

-  Right now the easiest way to tell if your computer has been infected is to head to security firm F-Secure and download its Flashback detection and removal software. 


Malicious Shortened URLs : Rising Threat

1.     Internet today is all but a minefield of boogies,traps and malware.....every day so many threats are born....though most of them die but still a huge percent of them survive the security walls and become stronger by time as they are able to remain live and acvtive.In recent times shortened URLs have become popular amongst users (including me...:-) to conserve the typing space like in microblogging sites viz twitter etc.So typically a naive(???),prone user who submits his long URL to a site to get a shortened URL receives a second,specially coded shortened URL that redirects to the original URL.So here lies the weak hole that is most of the times exploitable by the attacker...because the actual destination URL is hidden in it....so going by the looks...there is nothing to worry...but it is the redirection that is a cause of worry...it may be right or may be redirecting to a malicious link....!!!!so when some one uses a free URL shortener ,he does not have control over that shortened link. And, should something happen to the provider of that URL shortener, then he risks redirecting ALL of shortened links elsewhere!!!

2.  We all know that clicking links is pretty tempting....so it is just a matter of one redirected malicious link click that makes the difference....so whats the solution????...actually companies like Facebook,Gmail, SBI, Paypal ,twitter etc are offering users the option of persistent SSL encryption and authentication across all the pages of their services including the login and all accessible pages.....but this does not stand good for all...for these sites also..it is optional to vide the settings for accessing....

Friday, January 04, 2013

FEDORA 18 RELEASE DATE : 08 Jan 2013

Hi guys....a very HAPPY NEW YEAR 2013 to you.....and for those of you like me who are waiting to upgrade ur Beefy Miracle to Fedora 18 Spherical Cow..u need to wait a few more days till 8 January 2013... that's the release date scheduled now..hope that stands by the time!!!


Wednesday, December 26, 2012

DREAM JOB : Cyber Special Agent@FBI

1.    Came across this dream job kind job for a guy like me :-)......i got this from twitter handle @CcureIT

2.   Now this job is meant for US Citizens only...and any Cyber Security guy enthu about being savvy about making a career in cyber security should at least go through what they demand and what they offer....it's worth value addition to self in at least knowing what the best organisations demand in terms of QR for getting a job like this.All the details available at https://www.usajobs.gov/GetJob/ViewDetails/332166500?utm_source=dlvr.it&utm_medium=twitter#TopofPage


Powered By Blogger