Attacks@Image WaterMarking

1.    We keep exploring new grounds but also without realizing the pits it offers,we start playing games on it.Such is the world of IT,we keep discovering so many new technologies to strengthen and exploit for our use and we keep ourselves vulnerable!!!!

2.   Without wasting more words,this post would briefly mention about Image water marking and the type of attacks it remains vulnerable to.So first whats Image Water Marking??...an easy way to describe digital watermark is simply comparing it to a traditional paper watermark or a power point water mark which most of us might have even used at some point of time.Like Traditional watermarks offer proof of authenticity by being imperceptible, digital watermarks offer a way that allows a computer to read the mark but not by the human 6/6 eye....there are actually four essential parameters which are commonly used to determine the quality of water marking these are :

- Robustness

- Imperceptibility

- Payload 

- Security

3.   Now each of these parameters has a unique characteristic that makes the purpose of image water marking strong and adaptable.So when we speak about attacks on image water marking...the attacks again are classified as :

- Image Compression Attack : Primarily used to reduce the size of image in transmission.The original image remains most of it that it was but requires lesser bandwidth to move.

- Image Contrast Attack : To a human eye a slight change in contrast of colors makes a huge difference in overall perception

- Cropping Attack : A part of image gets cropped from original

- Re sizing Attack : The image gets re sized from the original coords

- Rotation Attack : A simple clockwise or a anticlockwise attack would rotate the image from its original coords

Another categorization of the image water marking attacks contains four classes :(Source here : Abhishek Goswami)

Removal Attacks : Aim at the complete removal of the watermark information from the watermarked data without cracking the security of the watermarking algorithm

Geometric Attacks : Do not actually remove the embedded watermark itself, but intend to distort the watermark detector synchronization with the embedded information.

Cryptographic Attacks : Cryptographic attacks aim at cracking the security methods in watermarking schemes and thus finding a way to remove the embedded watermark information or to embed misleading

watermarks.

Protocol Attacks : Aim at attacking the entire concept of the watermarking application. This type of attack is based on the concept of invertible watermarks. The idea behind inversion is that the attacker subtracts his own watermark from the watermarked data and claims to be the owner of the watermarked data. This can create ambiguity with respect to the true ownership of the data. 

Power of PING

In our respective interactions with various networks accessible to us.....as administrators we keep pinging so many IPs for testing the connectivity at various times like ping 192.121.23.1 etc....and we get a response...but ping it self has so many switches that most of us hardly use......i came across a chart today that in a summarized form tells the switches of ping command with examples and a brief explanation.....sharing here with you...thanks http://www.activexperts.com

ping -c count	ping -c 10	Specify the number of echo requests to send.
Ping -d	ping -d	Set the SO_DEBUG option.
Ping -f	ping -f	Flood ping. Sends another echo request immediately after receiving a reply to the last one. Only the super-user can use this option.
Ping host	ping 121.4.3.2	Specify the host name (or IP address) of computer to ping
ping -i wait	ping -i 2	Wait time. The number of seconds to wait between each ping
ping -l preload	ping -l 4	Sends "preload" packets one after another.
Ping -n	ping -n	Numeric output, without host to symbolic name lookup.
Ping -p pattern	ping -p ff00	Ping Pattern. The example sends two bytes, one filled with ones, and one with zeros.
Ping -q	ping -q	Quiet output. Only summary lines at startup and completion
ping -r	ping -r	Direct Ping. Send to a host directly, without using routing tables. Returns an error if the host is not on a directly attached network.
Ping -R	Ping -R	Record Route. Turns on route recording for the Echo Request packets, and display the route buffer on returned packets (ignored by many routers).
ping -s PacketSize	ping -s 10	Sets the packet size in number of bytes, which will result in a total  packet size of PacketSize plus 8 extra bytes for the ICMP header
ping -v	ping -v	Verbose Output. Lists individual ICMP packets, as well     as Echo Responses

BACKTRACK 6.0 aka KALI LINUX

1.      This will  be a surprise news for those who have were updated till Backtrack 5R3....the same team has come up with some thing more powerful thats named...KALI LINUX....:-)....and not BACKTRACK 6.0......few key points about KALI....

-    Based upon Debian Linux, instead of Ubuntu 

-    New streamlined repositories synchronize with the Debian repositories 4 times a day.

-   Another great feature introduced is that, because of Debian compliant system, it is now able to Bootstrap a Kali Installation/ISO directly from Kali repositories. This allow any user to easily build their own customization of Kali, as well as perform enterprise network installs from a local or remote repository...now start distributing your own ISO....

-   More than 300 penetration testing tools, completely free, Open source, Vast wireless device support, GPG signed packages and repos, Multi-language, Completely customizable make this distribution one of the best available masterpiece of  hacking community.

-    Once again, default root password is same “toor“, you can download Kali Linux here.

2.    My download will start tomorrow morning....will keep me busy for few days and hours...:-)

3.     Thanks http://thehackernews.com

DRDO HACKED : NO....YESS...NO...YESS!!!!goes on...

1.    Now nothing new about this news....its just another hacking news among-st the millions of hacking news and scrolls daily....but it has become an eye popper because it has the word DRDO in it..... that's the Defence Research and Development Organisation.

2.   Though DRDO straight away denies it that it can never happen(whats the basis behind is a well guarded secret...)...but Pawan Duggal,a known Cyber Expert says that never in the history of "India Hacked" past has such voluminous data transferred and resided in servers outside the country borders.....video down here

and more details at http://zeenews.india.com/videos/china-hacks-drdo-systems_20156.html

and http://www.dnaindia.com/india/report_drdo-s-website-hacked-antony-orders-probe_1810730

and http://www.indianexpress.com/news/china-hacks-into-sensitive-drdo-computers/1087499/

and http://timesofindia.indiatimes.com/india/DRDO-computers-hacked/articleshow/18955837.cms

3.    The hacking is suspected to have been carried out by Chinese hackers and there are fears that some sensitive information could have been compromised.When asked about it, Defence Minister A K Antony said, "Intelligence agencies are investigating the matter at this stage and I do not want to say anything else."

Commenting on the issue, DRDO spokesperson Ravi Gupta said, "As per our information, no computer or network of the DRDO has been compromised."(Offcourse they have records to prove that all sentries and guards were on duty at the moment hackers claim they hacked DRDO....pun intended SIR!!!!!)

4.     Today things in context of Cyber Security at national level stand at a very critical juncture...infact I feel that juncture is past now....we are already late...but still we read and hear that Cyber Security Policy of India will arrive soon.....(i know cut paste also takes time....pun intended!!!!!)..READ HERE

5. India I am sure will keep busy with hiding elephants......jantar mantar.......elections...2014....italy guards.....bhagwan etc etc...but if the priorities don't change the order soon...India will be backed up and downloaded in some other country sooon....it will be veri sad...we are one of the leaders in IT industry....specially software but we have not been able to exploit this potential for in house strengthening...we are all concerned for individual growth...vo subah kabhi to aaayegi....vo subah kabhi to aaayegi!!!!!

Graduating from Fedora 18 to Ubuntu 12.10

Had waited for months to see Fedora 18 release and then finally getting a hold of it last month.....was indeed a sad experience....the common bugs that I found in routine working with the Beefy Miracle included TOO SLOW and issues with installations of common third party applications ...everi one coming up with some dependency issue.....so finally downloaded 12.10 Ubuntu yesterday and now working on that...for me its bye bye Fedora 18....but now I am fighting skype cam installation issue with Ubuntu......no luck till now

Browser fight continues : CHROME continues topping too!!!

1.    Not long back we all have seen or might have experienced when violent and pornographic images were fed across facebook profiles of FB friends without the knowledge of the online FB user when he used to simply click on a tempting link!!!!All that happened owing to so many malwares but the exact launching vulnerability was indeed in the BROWSER!!!!!

2.    The openweb is full of options for seemingly good browsers viz Mozilla Firefox, Google Chrome, and Microsoft’s Internet Explorer. But who is the best?.....though when u google u find so may individual claims but third party tests are always welcome on such issues...specially when they have huge evidence to support....like few years back I posted on ACID3 test for the browsers...this one comes from Accuvant...and its actually huge in terms of a conclusive report that's 139 pages in toto......:-)

3.   The full report can be accessed by clicking here...so the Accuvant study revealed that Chrome ranks as the most secure web browser when compared to Internet Explorer and Firefox. Interestingly, German government named Chrome the most secure browser, perhaps lending weight to the study. 

4.   The criteria to test these browsers included factors like ASLR,GS,Sandboxing,JIT Security etc as shown below :

(CLICK ON THE IMAGE TO ENLARGE)

5.   Please google if you wish to know the criteria factors mentioned above in the image.Thanks http://www.accuvant.com/

UPDATING FEDORA 18

From terminal,updating Fedora 18 goes like this :

thats


                 su -
Password: ******
                 yum update

DAEDALUS : Monitor Cyber-Attacks Realtime 3D way

1.    Whether it is the Die Hard ver 4.0 movie scene or Mission impossible recent one or any hi tech cyber movie....we have have all seen the mega sized dark halls equipped with gigantic screen displaying all sorts of real time ridiculous hacker related information and monitoring tracks of the enemy or the protagonist....so how good or effective or even real are these in the real sense....can some thing like these seen and shown over years on the silver screen be REAL....yesss...first watch this video and then read few points as bought out below :

2.   A company in Japan named NICT just unveiled a system dubbed Daedalus that will revolutionize the way companies and even countries can monitor cyber-attacks in full real time 3D representation.The key features about this is bought out as below :

- Daedalus is not only a way to monitor cyber-attacks from outside, but also what’s going on inside it. 

- So if someone receives an email with a virus for example, the system can quickly identify the IP address that is currently spreading it and shut it down immediately.

- The NICT recently gave a demonstration and tracked 190,000 IP addresses in real-time  

- Daedalus can monitor multiple entities at once and get notified, once again, via 3D graphical representation when a cyber-attack occurs. 

- This is not only when it happens, but instantly where it happens and who the attacker is.

3.      So when the objective is envisaged on a higher scale....ie the complete global internet monitoring.....will this be the start to control spam(90% of mails exchanged on the web is spam)....or will this be able to control cyber attacks across.....well not a bad start to a start whose objective is MISSION IMPOSSIBLE type...another thing that may have come to your mind is about the name...of all what does Daedalus mean?...well in Greek mythology, Daedalus means "Clever Worker"

4.  Debriefed from http://www.bitrebels.com/technology/daedalus-3d-cyber-attack-alert-system/ and http://www.nict.go.jp/

SOLVED: VLC installation Issues : FEDORA 18

1.      After installation of the spherical cow Fedora 18 64 bit on my machine,there was this popping message while i tried installing the VLC media player :


GPG key retrieval failed: [Errno 14] Could not open/read file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-18-x86_64

(CLICK TO ENLARGE)

2.    But this could be solved as shown below :

su -c 'yum localinstall --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-18.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-18.noarch.rpm'

and now do 

yum install vlc

Like in PATCO case,DO OUR BANKS GUARANTEE CYBER SECURE ACCOUNTS ?

1.   Suppose you have a SBI or HDFC or ICICI Bank or any bank account and you keep doing your regular transactions via their internet banking services like you pay your electricity bills or your mobile or phone bills etc.So ALL is WELL till every thing is going as expected.But then one day you realize that there were transactions that happened without your knowledge or worse some money gets siphoned off without your permission.....Now a journey starts......wherein the account holder will keep expediting with bank of what happened,why it happened,when will he get his money back???? and on the other hand bank will keep trying to prove that it is you or the account holder who acted irresponsible in his transactions and thus became the victim....the typical tu tu....mein mein.....

2.    Keeping this typical story in the background,now just think that did u ever make a attempt to know of what bank standards are maintained in respect of IT Security infrastructure....does bank conduct third party audits seriously?..... in fact the list to know answers to all these questionnaire pertaining to IT security issues of the bank will end up getting complex which would go beyond the understanding level of a typical user...so the simple question is WHO GUARANTEES A SECURE IT INFRASTRUCTURE for a BANK?...is it the bank itself that says " I am secure " or some one else has some authority or some standard that guarantees security....ie Can your savings bank account ever be guaranteed for being HACK FREE?Although the immediate answer in the current setup is sadly "NO"...but there is good news here....for this u need to read this article on " PATCO FRAUD CASE DISPUTE "

3. Brief of this good news goes like this in a Short ppt

  PATCO Construction Company Sues Bank After Cybertheft by   Anupam Tiwari

- 

How to install Flash Player on Fedora 18@64 bit?

I am singling out the commands only to be run as root ie su -

rpm -ivh http://linuxdownload.adobe.com/adobe-release/adobe-release-x86_64-1.0-1.noarch.rpm

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux

yum check-update

yum install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl

Thank you http://www.if-not-true-then-false.com/2010/install-adobe-flash-player-10-on-fedora-centos-red-hat-rhel/

How to install VLC in FEDORA 18 ?

On the same lines as I installed Chrome :

su - 

cd /etc/yum.repos.d/

wget http://pkgrepo.linuxtech.net/el6/release/linuxtech.repo

yum install vlc

How to find if latest kernel version is running on my Linux system?

Simply type in these commands and the result in both the cases should match.....


rpm -qa kernel |sort |tail -n 1

uname -r

Note: If you got kernel update or run older kernel than newest installed then reboot:

reboot

Output of each commands version numbers above should match....for example in my case the out put is shown as below :

[duqu@localhost ~]$ rpm -qa kernel |sort |tail -n 1

kernel-3.6.10-4.fc18.x86_64

[duqu@localhost ~]$ uname -r

3.6.10-4.fc18.x86_64

SCREEN SHOT BELOW :

How to install Chrome browser in Fedora 18 ?

1.   It actually became confusing after few forums that I went to made me to "vi" etc of the repo file but then I came across a good one at http://www.if-not-true-then-false.com/2010/install-chromium-on-fedora-using-yum/ that made my fed 18 machine experience Chrome

 
Login to root and command the prompt as follows :

[root@localhost ~]# cd /etc/yum.repos.d/

[root@localhost yum.repos.d]# wget http://repos.fedorapeople.org/repos/spot/chromium/fedora-chromium-stable.repo

[root@localhost yum.repos.d]# yum install chromium

thats it....the Chrome is ready to run....

Upgrading Fedora 17 to Fedora 18

1.   Like me so many of you would have been waiting for the final release of Fedora 18 spherical cow...but at the same time when u see it released u have so many links to move around on how to upgrade from 17 to 18 but u keep ending up with previous one....i went through the same for past hour...:-)

2.  The only set of commands Fedora 17(only) users need to put in are these :

Reach the Root first with the password ie 

su -
*******(ur password)
su -c 'rpm --import https://fedoraproject.org/static/DE7F38BD.txt'


su -c 'setenforce Permissive'

su -c 'yum update yum'

su -c 'yum clean all'

su -c 'yum --releasever=18 --disableplugin=presto distro-sync'

su -c 'rpm --rebuilddb', or rpm -qa will not work due to a upgrade of rpm

3.   For me the upgrade is around 1.6 G as seen in the screen shot below :

4.   Mine is upgrading on way....another few hours should be ok....:-) all the best for your upgrade

Apple Needs a Doctor : Bitten by JAVA - 2

1.    The Flashback fiasco,as discussed in brief here, was the catalyst for one of the most meaningful decisions Apple made in order to beef up OS X security ie Removing JAVA. "Flashback both led to Apple removing Java from their default installs, and prompted them to release a dedicated cleanup tool," security researcher (and former security engineer for Obama for America) Ben Hagen told Ars. "When an OS vendor releases a dedicated cleanup tool, you know things are bad.The removal of Java was a very Interesting decision and de facto statement by Apple. Java on user systems has become a notorious vector for exploitation; with new, remotely executable vulnerabilities coming out several times last year," Hagen said. "Removing Java both simplifies Apple’s position and provides a safer default state for its users."[Source : http://arstechnica.com/].

2.    Another key decision taken by apple apart from disowning JAVA was endevor to signed security model for apps ie restrict the origin of third-party apps installed on the system, therefore protecting the user from inadvertently installing apps from malicious or unknown sources.Called Gatekeeper, this feature required Apple's developer ecosystem to either sign their apps with a registered certificate—holding them at a higher level of responsibility for when things go haywire—or selling their wares through the Mac App Store and giving Apple its 30 percent cut. [Source : http://arstechnica.com/].

3.   Java is a veri popular program and is used by millions of users worldwide in Windows, Mac and Linux operating systems and in mobile and television devices. It is this popularity that has made it a favorite target of the hackers.So today when we cannot surf without enabling JAVA.....apples decision is indeed a tough step....for those of you who do not realise the importance of JAVA...just try surfing the web disabling JAVA scripts in your browser...u will be surprised you will be prompted at every step to ensure a successful loading of most of the web pages....In fact the U.S. Department of Homeland Security advised computer users to temporarily disable or uninstall Oracle Corp's Java software, stating that a serious flaw in the software could make the system vulnerable to hacking.The warning came in an advisory posted on the department’s website amid the escalating fears and warnings from the net security experts about a flaw in Java Runtime Environment (JRE) 7 and earlier versions that allows the hackers to install malicious software and malware on computers.The vulnerability is so dangerous that the Department of Homeland Security's Computer Emergency Readiness Team urged the people to stop using the software immediately to mitigate damage.Source : [http://www.ibtimes.com/]

4.   So...did u just start thinking of disabling JAVA?????

Apple Needs a Doctor : Bitten by JAVA - 1

1.   The year last ie 2012 was full of various security OS issue like it has always been over years...but one landmark news that made waves was the flashback malware that hit APPLE's Mac that has been long promoted as a safer OS amongst other peer competitors.But as always SIZE DOES MATTER..so as APPLE and market share grew, it became more proner. Dr  Web said that an estimated 600,000 Macs were as of April 2012 infected as a result of users unknowingly installing the FlashBack malware.So before I move ahead...here's a simple FAQ compiled to understand more about FLASHBACK :

What exactly is Flashback?

-  Flashback is a form of malware designed to grab passwords and other information from users 

-  Spread through Web browser and other applications such as Skype. 

-  The user typically mistakes it for a legitimate browser plug-in while visiting a malicious Web site. 

-  At this point, the software installs code designed to gather personal information and send it back to remote servers. 

Apple needs a DOCTOR

When did it first appear?

-  End of September 2011

-  Pretending to be an installer for Adobe's Flash the malware evolved to target the Java runtime on OS X, where users visiting malicious sites would then be prompted to install it on their machine in order to view Web content. 

What has Apple done about it?

-  Apple has its own malware scanner built into OS X called XProtect. 

-  Since Flashback's launch, the security tool has been updated twice.

-  A more recent version of the malware, however, got around XProtect by executing its files through Java. 

-  Apple closed off the malware's main entry point with a Java update on April 3, and has since released a removal tool as part of a subsequent Java update.

How do I tell if I have it?

-  Right now the easiest way to tell if your computer has been infected is to head to security firm F-Secure and download its Flashback detection and removal software. 

Malicious Shortened URLs : Rising Threat

1.     Internet today is all but a minefield of boogies,traps and malware.....every day so many threats are born....though most of them die but still a huge percent of them survive the security walls and become stronger by time as they are able to remain live and acvtive.In recent times shortened URLs have become popular amongst users (including me...:-) to conserve the typing space like in microblogging sites viz twitter etc.So typically a naive(???),prone user who submits his long URL to a site to get a shortened URL receives a second,specially coded shortened URL that redirects to the original URL.So here lies the weak hole that is most of the times exploitable by the attacker...because the actual destination URL is hidden in it....so going by the looks...there is nothing to worry...but it is the redirection that is a cause of worry...it may be right or may be redirecting to a malicious link....!!!!so when some one uses a free URL shortener ,he does not have control over that shortened link. And, should something happen to the provider of that URL shortener, then he risks redirecting ALL of shortened links elsewhere!!!

2.  We all know that clicking links is pretty tempting....so it is just a matter of one redirected malicious link click that makes the difference....so whats the solution????...actually companies like Facebook,Gmail, SBI, Paypal ,twitter etc are offering users the option of persistent SSL encryption and authentication across all the pages of their services including the login and all accessible pages.....but this does not stand good for all...for these sites also..it is optional to vide the settings for accessing....

FEDORA 18 RELEASE DATE : 08 Jan 2013

Hi guys....a very HAPPY NEW YEAR 2013 to you.....and for those of you like me who are waiting to upgrade ur Beefy Miracle to Fedora 18 Spherical Cow..u need to wait a few more days till 8 January 2013... that's the release date scheduled now..hope that stands by the time!!!

DREAM JOB : Cyber Special Agent@FBI

1.    Came across this dream job kind job for a guy like me :-)......i got this from twitter handle @CcureIT

2.   Now this job is meant for US Citizens only...and any Cyber Security guy enthu about being savvy about making a career in cyber security should at least go through what they demand and what they offer....it's worth value addition to self in at least knowing what the best organisations demand in terms of QR for getting a job like this.All the details available at https://www.usajobs.gov/GetJob/ViewDetails/332166500?utm_source=dlvr.it&utm_medium=twitter#TopofPage

India developing own Secure OS to strengthen Cyber Security

1.   India is developing own secure OS to strengthen cyber security.Got this news piece from here.The key points from the news are :

- India's own secure operating system to strengthen cyber security.

- 150 Engineers across the country have already been working on creating an Indian OS for over one year and a half. 

- According to Times of India ,it will be ready in next three years.

- There is no foreign involvement in this project. It is purely build by Indians.

2.   It is indeed heartening to know all this...but whats the point? Does the team of 150 engineers and the vision behind think they are creating a secure and 100% fool proof OS?...The moment it is released...there will be many vulnerabilities that will be gradually known...and then the same cat mouse race will being like with any other OS..so whats the point of starting from scratch?....will it not be wise to securify existing opensource available and invest in something like improving upon existing resources?.....Case in point,the DESI OS....will lag behind in terms of experiences gained by Windows and other OS Communities who have been in the game for years...........who have been improving daily for so many years!!!like Fedora...Ubuntu...they have been improving for last so many years to reach a level like as on date available to us....

3.  Although it is a veri good thought to have a desi OS....but I sincerely feel that we are slightly late in realizing the need of a desi OS...

MALWARE via SUDOKU via EXCEL SHEET

1.  Sudoku is good for you brain....but it may compromise your PC if you have downloaded one of the excel files with embedded malicious script inside that offers you to play the subject game. Peter Szabo from SophosLabs has identified a piece of malware that resides behind a Microsoft Excel-based Sudoku generator. The Malware developed in Visual Basic requires macros, a scripting language that allows users to create equations based on values in different columns and rows. Microsoft – Malware behind Microsoft Excel-based Sudoku generator.

CLICK TO ENLARGE

2.   Although by default the macros are disabled in any Microsoft Office application....but any one who downloads the excel file would eventually enable the macros that run the script to play the game...so he can keep playing the game while the script in the background sets up the malware and establishes contact with its master bot.....so like always the updated Antivirus on the system will keep sitting without catching up anything.....so comes the importance of packet analyzers like Wireshark....ethreal etc...but then it becomes slight technical which in most cases would be out of purview for a common user.

MSE : Loosing Shine

1.   Since last few years any one who asked me on recommending a Antivirus for his/her PC...I would always say if you have a original Windows...then leave your worries to MSE...thats Microsoft Security Essentials ie MS's own antivirus or may be I would recommend Kaspersky PURE in few other cases who were not happy with MSE.

2.  I had been using MSE for my own system as well...and I found it worked pretty fine...light on use and had no major compatibility and configuring issues since it worked mostly in the background.But there has been some decline in recent time and efforts by Microsoft in keeping with the pace of the hackers and cyber criminals!!!

3. The AV-TEST Institute,the leading international and independent service provider in the fields of IT security and anti-virus research.It uses state-of-the-art methods and research work to carry out AV-TESTs to  directly detect the latest malware, to analyse it  and to inform web site visitors top-quality results obtained.So the latest results showed MSE being given 1.5 out of 5 maximum ratings.The screen shot from the link http://www.av-test.org/en/tests/home-user/windows-7/sepoct-2012/ is shown below :

Click on image to Enlarge

4.   And to me, that's a huge concern considering how Windows 8 itself draws on a lot of MSE for its own in-built security....:-)

How to find windows product key : Product Key Decryptor

1.   Have you ever found yourself in a position when a genuine Windows OS key is required!!!!This tool will be useful if you have ever lost your product CD Key or you have to reinstall the product again.The nae of the product is Product Key Decryptor that's a  FREE software to instantly recover License Keys of popular Windows products.The supported list of software's of which the keys can be extracted is shown below :

Microsoft Windows NT

Microsoft Windows XP

Microsoft Windows Vista

Microsoft Windows Server 2003

Microsoft Windows Server 2008

Microsoft Windows 7

Microsoft Windows 8

Microsoft Office 2003

Microsoft Office 2007

Microsoft Office 2010

Visual Studio 2005

Visual Studio 2008

Visual Studio 2010

Visual Studio 2012

Internet Explorer 6

Internet Explorer 7

Internet Explorer 8

Internet Explorer 9

Internet Explorer 10

VMWare Workstation 6.x

VMWare Workstation 7.x

VMWare Workstation 8.x

VMWare Workstation 9.x

2.    It automatically detects and decrypts the license/CD key of all the supported products from your system. Currently it can recover License key of few popular products including Windows Operating System, Microsoft Office, Visual Studio, Internet Explorer, VMWare Worktation. The best thing about this is FREE...now though nothing is free in this world...it may be having its own repercussions in the background

 :-) Here are the main features & benefits: 

-  Instantly decrypt and recover license/CD keys of popular Products

-  Simple & elegant GUI interface makes it easy to use.

-  Right click context menu to quickly copy the Product License Key

-  Sort feature to arrange the displayed passwords

-  Backup the the recovered Product Keys to HTML/XML/TEXT file.

-  Integrated Installer for assisting you in local Installation & Uninstallation.

3.  The product can be downloaded at http://securityxploded.com/product-key-decryptor.php

How to Format a USB drive with FAT32 file system: FEDORA 17/LINUX

1.   The ease of formatting that the regular windows user is used involves a simple right click on the drive and clicking format.But for a linux user the scene is a little different involving a set of commands.Shown here with screen shots.The commands used are :

- df -h
- fdisk -l
- umount /run/media/duqu/?????***(ur mount name)
- mkdosfs -F 32 -I /dev/sdc1

(CLICK ON THE IMAGE TO ENLARGE)

(CLICK ON THE IMAGE TO ENLARGE)

(CLICK ON THE IMAGE TO ENLARGE)

Need of Encryption : Your files - Your Data

1.   In today's times when every spying eye,every hacker on the web is eyeing your info.... apart from hardening your OS and configuring your system securely what else can you do to secure your info after some one gate crashes into your system?.....I mean after someone gets your root privileges via remote access...what are the options to save your self from sharing your critical data with him?The answer is ENCRYPTION...

2.   Encryption is the process of encoding your information) in such a way that hackers cannot read it, but that authorized parties can.So without getting into the nitty gritties of what is Encryption and how it works..i am focusing here of what all opensource and free applications are available for encryption...

3.   First I would mention about TrueCrypt,this is the one I have been using for years...the reliability of this application can be gauged from the fact that in 2008, the FBI attempted to break encryption on hard drives using a program called TrueCrypt, but the equipment was finally returned after a year of failed tries.(Source : http://www.webcitation.org/query?url=g1.globo.com/English/noticia/2010/06/not-even-fbi-can-de-crypt-files-daniel-dantas.html)

4.   The other strong opensource software's available for encryption are :

    - E4M ie ENCRYPTION for MASSES)
    - Free OTFE
    - Scramdisk

5.   TrueCrypt remains the best bet for all present users.The popularity can be gauged from another fact that this is being used by cyber criminals to!!

TrueCaller : Is it Stealing your Info?

1.    TrueCaller is one famous application doing the rounds on Twitter Google+ Facebook Android Phones.The claim by the application goes like you login from either of the applications and you would be able to know the name of the mobile phone number owner by name.The claim actually stands right in over 90 % of the cases that I tried.This made me wonder how?...i thought like all those free forms that we keep regularly filling on the internet or some grocery shop for some free bundles or if TrueCaller has tied up with the mobile phone service providers?But then something happened that made me a little suspicious about this app.It so happened that I tried my mom's number on the application and so came the answer like "TIWARI MAM"....this made me think of how would the application know that my mom is a teacher...

2.   So I wondered if the application after installation on your mobile device actually makes all the contacts phone number available on the site with the name that I have typed against that number!!!So I tried mine which was not available, by the name "anupam CCCSP"

3.  Though it did not show promptly but after a day after I typed my phone number it came to be seen as "anupam CCCSP".So this actually means that the application is actually stealing and making my contacts info on my phone public!!!!...but then I also realized that it was me only who agreed to the terms and conditions while installing the app on my phone which most of us including me never read.

4.   So it comes actually to the naiveness of the common user who invariably without reading any of the terms and conditions agrees to install.....:-) 

FACEBOOK : The New Playground @ Dangerous

1.    It does not date back long in the past time corridors when I as a kid used to go to play grounds in the evening to play with my friends...meet them....fight with them...abuse them...get abused and then get back home for studies and prepare for next days school work and the cycle repeated every day...week and months.But what happens today with a typical metro kid....a school child in the bracket age of 10+ goes to Facebook to play with friends...he meets them.....abuses them at times...gets abused on the wall or vide posts.So more or less....things stand at the same place ,only the grounds have changed.First it was the actual play grounds and now it is all getting virtual.....blame it on lack of infrastructure with concrete eating much of space in metro's or lack of parental monitoring owing to their ultra busy lives.....for the new era generation...social networking sites like Facebook is the new PLAYGROUND.....the virtual one for a change!!!!

2.    So the rules remain the same....ie we have our social circle like we used to have in past...we meet vide post and comments...we like each other for something and dislike each other for some thing...here we cannot shake hands and hug each other but yess we can take grudges out of each other via so many means like hacking....cyber bullying...post hatred... cyber stalk...mobbing...sexting,internet trolling etc...the list is actually endless and the related terminology is on a phenomenal increase.So a typical new gen kid for whom Facebook kind social networking sites are the new playground to play....the proneness to the bad elements in the society remains actually higher then in past....for here it is just a matter of few compromised screenshots...hacked passwords and the kid is on way to become a victim...

3.   The recent case of Amanda Todd is indeed beginning of such sad but many in line expected incidents waiting to happen....today we may allow our kids to have a Facebook account or some social networking website account but without effectively monitoring the kid remains as prone as Amanda Todd.For this to happen the parent have to have basic IT IQ quotient to monitor to avoid any such incident.Like past when a child could be left at home assuming safe..it does not remain the same today....he has access to smartphones....he has access to tablets...internet via so many means.Even basic forensic knowledge possessed by the parents is bound to fail if the same is happening in Cloud rather then on the machine at home...

4.   Its time for the parents to equip themselves with the tools and knowledge required to monitor and watch the kids...also realizing that today's kids are more smarter in terms of grabbing the technology then ever....if you have reached reading till here...u must read the complete story here

TRUE CRYPT IN FEDORA 17: INSTALLATION

1.   The earlier version of Fedora had some token issues to deal with while installing True Crypt but not with this Fedora 17 Beefy Miracle.

2.   Few commands to be run from root after downloading the requisite version from the True Crypt site go as follows :

tar xvf truecrypt-7.1a-linux-x86.tar.gz 

yum install nss-pkcs11-devel fuse-devel wxGTK wxGTK-devel

yum load-transaction /tmp/yum_save_tx.2012-12-13.14-20.laXbNn.yumtx

yum install gnome-keyring-devel gcc-c++

export PKCS11_INC=/usr/include/gp11

./truecrypt-7.1a-setup-x86 

3.   Well if there are some token issues like shown below : 

../Common/SecurityToken.cpp:660: error: ‘CKR_NEW_PIN_MODE’ was not declared in this scope

../Common/SecurityToken.cpp:661: error: ‘CKR_NEXT_OTP’ was not declared in this scope

then you need to Open Common/SecurityToken.cpp in any editor and Scroll to line 660 and simply Comment out line 660 and 661. It should look like this after you edit:

//TC_TOKEN_ERR (CKR_NEW_PIN_MODE)

//TC_TOKEN_ERR (CKR_NEXT_OTP)

SMART TVs : OUTSMARTED & HACKED

1.   In the land of Hacking,no one can be spared.We all keep hearing about how websites have been hacked,how smartphones are getting out smarted by various exploits in recent times.Now comes something new ,that makes smart TV owners prone .Yess!!all the proud owners of Smart TVs(SAMSUNG LEDs specifically)...can start checking if they are the lucky ones to get bitten here..this one is all about SMART TVs getting HACKED...So now on all the data that is available in their respective HDDs connected vide the USB is vulnerable to be accessed by undesired third party.So now it is not just that you watch the TV....its time for the TV to watch you.Few valuable briefs given out here :

- The Vulnerability exposed in all Samsung's Smart LED TV Software.

- This Vulnerability allows remote attackers to swipe data.

- ReVuln,a Malta-based security firm claims to have discovered this vulnerability.

- Remains a zero-day vulnerability as on date.

- A demo video by ReVuln shows how a "vulnerability for such devices can be used to retrieve sensitive information, monitor and root the device.Click on the video below to have a glimpse of how the vulnerability is exploitable.

2.   I am sure whatever efforts are made by the typical user as on date,he remains vulnerable round the clock in all the fields.How can a normal user who is not so tech savvy be aware of securing his PC,his Laptop,his smartphone,his TV,his external HDD with his personal data without encryption,his pendrives and the list is actually endless.He simply remains one of the choices by any hacker..if he is chosen he is gone...or he can remain lucky ..but how long can anyone remain lucky? The hackers community is growing at a pace which is pretty fast owing to the lure of what else but DOLLARs and more DOLLARs.With "Crimeware as a Service" readily available as a service at the click, NO ONE IS SECURE.It will actually take years to stabilize the current security environment from perspective of a typical user as he understands that giving an equal importance to his IT assets security is more important then locking his house as he leaves for work.

Ubuntu 12.10 @ SPYING

1.   What happens when someone you trust eyes closed,some you promote amongst ur friends is labeled a SPYWARE...or a Spying agent... that's what was felt by millions of UBUNTU followers and fans.I read about this two days back at ZDNET. The news doing the rounds goes like this :

Richard M. Stallman,creator of the Gnu General Public License (GPL) and the Free Software Foundation has announced that as far as he's concerned, Ubuntu contains spyware and that Linux supporters should shun Ubuntu for spying.

Specifically, Richard M. Stallman hates that Ubuntu 12.10 incorporated Amazon search into its default search function. So, if you searched for say "CISSP." you'd get results from both your PC and Amazon. When it was introduced, Mark Shuttleworth, founder of Ubuntu, defended this change by saying Ubuntu wasn't going to incorporate ads into the operating system, which Microsoft has done with Windows 8, and that no personalized data would be sent to Amazon.

2.   You need to re-read this yellow highlighted text above to exactly understand what goes on behind the scenes when you actually search for some string in your PC operating on UBUNTU connected to Internet.After the millions of immediate disapproves by the user community,it was announced by UBUNTU that now on Users of the upcoming Ubuntu 12.10 will be able to turn off a controversial 'shopping lens' feature that displays Amazon-stocked products when the user performs a unified local and online search....so the spying becomes optional....:-)

3.   What can be the need of a responsible OS community like UBUNTU to get into all this....if its my view it is not intentional for the purpose of spying.....but it could have been designed in the name of giving the user better results and experience!!!!!Jono Bacon, Canonical's community manager flatly states, "This is FUD" ie "Fear, Uncertainty and Doubt (FUD)...now yess!!so it seems to be....

4.   All said and done..UBUNTU is doing a wonderful job and provisioning one of the best OS free editions for users like us who wish not to pay to WINDOWS and believe in FREE SOFTWAREs :-)

CYBER SECURITY COURSES IN INDIA

1. Most of the guys interested in cyber security keep looking and searching for Cyber Security Courses on the web and that included me too till some time back.So though I started like any body would do ie google and Bing around the web....so I found out so many courses being offered by so many unknown unheard institutions....but the best of what are accredited to some university and of some good valuable repute here in India are discussed in brief down along with the links.You can click on the course and u will be taken to the respective site for full details :


CDAC : Offers the following courses vide elearn :

C-DAC's Course On Cyber Security [CCCS] at http://elearn.cdac.in/eSikshak/help/English/eSikshak/cccs.htm

C-DAC Certified Cyber Security Professional ( CCCSP ) at http://elearn.cdac.in/eSikshak/help/English/eSikshak/CCCSP.html

Being from CDAC,these courses are valid in all govt organisations and public sectors.

GUJRAT FORENSIC SCIENCES UNIVERSITY AT http://www.gfsu.edu.in/institute_of_forensic_science.php offers following courses online :

GFSU CERTIFIED CYBER CRIME INVESTIGATOR
GFSU CERTIFIED CELLPHONE FORENSIC PROFESSIONAL
GFSU CERTIFIED COMPUTER FORENSIC EXPERT
GFSU CERTIFIED CYBER SECURITY EXPERT
PG CERTIFICATE DIPLOMA IN CYBER LAW
PG CERTIFICATE DIPLOMA IN IPR

Details about the courses offered at http://www.gfsu.edu.in/pdf/online_certificate_course.pdf

ASCL(ASIAN SCHOOL OF CYBER LAWS) : The Website is at http://www.asianlaws.org/ .The following courses are offered in cyber domain including security :

Advanced Executive Program in Cyber Security AT http://www.asianlaws.org/cyber_security.php#.UMC5Zn_SFI0

Advanced Executive Program in Cyber Security, Audit & Compliance AT http://www.asianlaws.org/csac.php#.UMC5mX_SFI0

DIPLOMA IN CYBER LAW AT http://www.asianlaws.org/glc.php#.UMC353_SFI0

DIPLOMA IN CYBER LAW(INTERNATIONAL) AT http://www.asianlaws.org/dcl.php#.UMC4Cn_SFI0

PG IN CYBER LAW AT http://www.asianlaws.org/pgpcl.php#.UMC4LX_SFI0

CYBER LAW FOR POLICE OFFICERS AT http://www.asianlaws.org/police.php#.UMC4TX_SFI0

PG Program in Cyber Crime Prosecution & Defence AT http://www.asianlaws.org/ccpd.php#.UMC4fH_SFI0

Advanced Program in International Cyber Laws AT http://www.asianlaws.org/icl.php#.UMC4p3_SFI0

ASCL Certified Cyber Crime Investigator AT http://www.asianlaws.org/cci.php#.UMC4xn_SFI0

ASCL Certified Digital Evidence Analyst AT http://www.asianlaws.org/dea.php#.UMC46n_SFI0

ASCL Certified Digital Forensic Investigator AT http://www.asianlaws.org/dfi.php#.UMC5JH_SFI2

Advanced Executive Program in IT Act Audit & Compliance AT http://www.asianlaws.org/audit.php#.UMC5RH_SFI0

DATA64 website at http://www.data64.in/index.php#.UMC54X_SFI0 offers a range of courses similar to ASCL as mentioned above.

IMT,GHAZIABAD.Details at http://www.imtcdl.ac.in/. The following courses are offered in cyber domain including security :

ONE YEAR PG DIPLOMA IN CYBER SECURITY at http://www.imtcdl.ac.in/opgdcs_about.htm

TWO YEAR MS IN CYBER LAW & SECURITY at http://www.imtcdl.ac.in/mscs_about.htm

IGNOU OFFERS Post Graduate Diploma in Information Security (PGDIS) at http://www.ignou.ac.in/ignou/aboutignou/school/sovet/programmes/detail/428/2

ANKIT FADIA Certified Ethical Hacker (AFCEH) AT http://www.ankitfadia.in/afceh.html

1 Gigabit Per Second : The dream comes to Kochi,INDIA

1.    Are you happy surfing Internet speeds at 2 Mbps and around....and have you read about speeds of 1Gbps in future.....if yesss....its time to realize that this future that we keep reading and dreaming about has reached us...ie our desktops!!!....

2.  Astonishing as any one may find that when I read about the 1 Gigabit per second connectivity made available to the people of Kansas City in the US of A, I never imagined that the same day around it will be some where offered in India too...and where else but KOCHI..........

3.  Startup Village at Kochi joined the 1 Gig speed club by becoming the second place in the world to experience lightning fast 1Gbps internet connection. Chief Minister Shri Oommen Chandy formally introduced the facility on November 17.Guys in the state of Kerala can now make the most of upload speeds that are 1000 times that of Broadband and download speeds 100 times as fast.This is a wow moment for the Kochi residents....upload and download tons in minutes and seconds :-)

4.    Congrats Kochi guys!!!!!

How to find if Python is installed in Linux ?

I was recently playing with Matriux Krypton tool chaosmap....but was unable to use this tool for some error that kept popping up...so I though if at all the PYTHON is installed or not?......the way to check this is to go to the terminal and write :

python -V

and u should see like  : Python 2.6.6

                                         (click on the image to enlarge)

The power of ALGORITHMS : Writing Articles/Reports/News!!!

1.  We all are pretty aware that whatever works on the net ,cyberspace web,applications is all backed by many codes and algos running in the background..,,it is these algorithms and codes that actually decide how things happen at the front end ie the user interface.Designed by coders and programmers these algorithms perform herculean tasks in all our routine IT activities...now for all those of us who work in offices and corporate ....we generally keep coming across compiling and analysing reports on various aspects ,be it the views...the summary...the monthly/quarterly feedback... the main article for some journal....or some regular feed etc.So now making these reports and feedbacks etc actually requires manual intervention...and the quality of these reports are proportional to the amount of quality work man hours that have gone into making it....but what if these manual intervention is replaced by intelligent algorithms...ie the reports being compiled are made out of algorithms???

2.   This is what has happened at Narrative Science,a company that trains computers to write news stories...yes you heard it write!!! "Trains computers to write News Stories".The first story that I read about this is available here.The brief points from this story goes like these :

     -  Every 30 seconds or so, the algorithmic bull pen of Narrative Science, a 30-person company occupying a large room on the fringes of the Chicago Loop, extrudes a story whose very byline is a question of philosophical inquiry.

  - Kristian Hammond is the CTO and co-founder of Narrative Science.According to Hammond, these stories are only the first step toward what will eventually become a news universe dominated by computer-generated stories....(amazing amazing future!!!!:-)

   - If one wishes to know the percentage of news that would be written by computers in 15 years.......according to Hammond is going to be more then 90%

3.   So guys the above example is for the news world...where else we can think? Can it compile Intelligence reports for the FBI and our CID based on inputs from so many sources....Off course this is being handled manually as on date....but imagining a intel report compiled by a algorithm is a serious contender for making a permanent place in such agencies.Well...this is one imagination...how about demographic repots...election reports...infact the list is endless.....

4.    Thanks http://www.wired.com