Installing Enigmail Add-on on Thunderbird Email Client

This post only brings you the screen shots once you have installed Thunderbird and wish to use Enigmail with OpenPGP encryption..Enigmail is a security extension to Mozilla Thunderbird and Seamonkey. It enables you to write and receive email messages signed and/or encrypted with the OpenPGP standard.Sending and receiving encrypted and digitally signed email is simple using Enigmail.

Concluding XP getting Stronger by the Day @ Banks & ATMs still swear by it.

1.   Microsoft XP...the OS that was a milestone and turning point for the Microsoft company in many ways was given 8 Apr 2014 as the last date of survival ie after about 14 years of being in business, support for Windows XP will end on April 8, 2014. There will be no more security updates or technical support for the Windows XP operating system. After April 8, 2014, Microsoft will no longer provide security updates or technical support for Windows XP. So PCs running Windows XP after April 8, 2014, should not be considered to be protected...but is it that easy for a typical user to just see off XP and take on a newer OS?....leave aside the typical user ...would it be possible for the corporates to do it so easily???...alass!!! NAAA....

2.  Microsoft though had given early warnings as early as 2007 about the end of life support for XP OS, but in fact the surprising fact coming up vide various sources is that currently most bank machines (95% of ATMs in the world) use Microsoft XP (OS) in their cash machines and with the date nearing fast it seems like herculean to replace all as per the time line.So after repeated request from across the globe from leading bank vendors including big UK banks such as Barclays, HSBC, Lloyds Banking Group, Royal Bank of Scotland etc ,Microsoft has agreed to provide antimalware signatures for the operating system through July 15, 2015 and just for info that’s not the same as software patches, but does help consumer and business security programs identify malware on the system. The original end of support date of April 8, 2014 still stands. Even for this the banks might pay up to $100 million (KES. 8.5 billion) each to keep their Windows XP support, combined with the costs to upgrade their ATMs to a more recent version of the OS. Microsoft does offer what it calls “Custom Support” for large business that includes updates for legacy programs....

3.   Thus XP , though will be soon bidding bye for all home users but the fact is that it has proved it self yet again in terms of the swollen dependency that too pan global...that only proves yet again that XP still has a large large following.....

UBUNTU 12.04 LTS beats Windows 7,MAC @ GCHQ Report

1.    Now this is some good news for all Ubuntu lovers.Ubuntu 12.04 LTS has topped a UK security agency’s security assessment of mobile and desktop operating systems.CESG (originally Communications-Electronics Security Group) is the group within GCHQ(an intelligence and security organization, working to keep Britain safe and secure in the challenging environment of IT communications).CESG conducted a series of tests in the last few months to review a set of 11 operating systems which currently run on various devices such as desktops, laptops, servers, mobile phones and tablets. The security assessment included the following categories:

    - VPN
    - Disk Encryption
    - Authentication
    - Secure Boot
    - Platform Integrity and Application Sandboxing
    - Application Whitelisting
    - Malicious Code Detection and Prevention
    - Security Policy Enforcement
    - External Interface Protection
    - Device Update Policy
    - Event Collection for Enterprise Analysis
    - Incident Response

2.   Ubuntu 12.04 LTS is the only operating system to fully pass 9 of the 12 listed security recommendations above.Ubuntu was marked down on VPN and encryption because its implementation/software has yet to be independently assessed by an approved CESG body.The VPN issue is likely to be addressed in the UBUNTU 14.04 LTS thats likely arrival date is somewhere in Apr 2014...ie in another about two months from now.

3.    The list of operating systems which were compared are mentioned below :

- Windows 7/8
- Android 4.2
- Samsung devices with Android 4.2
- Apple iOS6
- Apple OSX 10.8
- Blackberry 10.1(EMM Corporate)
- Blackberry 10.1(EMM Regulate)
- Google Chrome OS 26
- Windows 8 RT
- Windows Phone 8

4.  What Canonical has to say about this

“We are working hard to close the gap and make Ubuntu clearly stand out as the most trustworthy operating system for the future and we hope to make excellent progress before our next LTS release in April 2014, 14.04 LTS, which will be even better,” Darryl Weaver, Canonical Sales Engineer

5.  Few screen shots from web with this news :

6.   Source of news as above...thanks http://www.zdnet.com

Installing Dongle on Ubuntu : Mobile Internet@USB MODEM

1.   Writing after a long time... I post here few lines that I recently learnt on installing and accessing internet vide Dongle with SIM on Ubuntu LTS 12.04.So in my case I have a Micromax dongle with a mobile Sim.

2.  Simply said the steps are mentioned below :

- Insert the USB dongle in any of the USB drives on your PC/Laptop.

- Goto Terminal and login as Root

- At the terminal get the details of the usb detected interfaces by typing lsusb

- So in my case the dongle detected is shown at the end ie OMEGA TECHNOLOGY

- Now we need to run a terminal command to mount the device and get it running as shown in the screen shot below

sudo modprobe usbserial vendor=0x1c9e product=0x9605

- Once the command is executed at the terminal,wait for few minutes and you see the additional ENABLE MOBILE BROADBAND as seen in the screen shot below....

 

 

3.   and with this you should be on with the internet....

Nessus Installation @ Backtrack R3

1.   This post speaks less and shows more about how to install Nessus in Backtrack R3.Also it is assumed that the user is connected to the Internet while installation is in progress.

First Step :  Get to the terminal and type apt-get install nessus

 closer look to the above screen shot as in terminal.

 This screen shot shows a progress shot whilst installation is in progress....

 Installation gets over here....as seen

 Second Step : Creating a user for login into the Nessus Interface.........

 You get to see the following after you have created the user....

 Third step : Visit the website as seen in the screen shot below :
 

 Fourth Step : Click on the Home user option and register with your e-mail id.You get a activation key in few seconds at your e-mail.

 Fifth Step :  After you get the key...type in the following syntax followed by the key that you get in ur email id....

 A closer look of the above screen shot

 After you the user is registered he gets to see the following screen :

 Sixth Step : Now open your Backtrack Mozilla Browser and type in the following address as shown in the screen shot here.This initialising takes a little time...mine took 4 minutes and more...

 A closer look at the address .......

 Once initialised you get the following screen for login

 Here you are...the login screen for Nessus...

New Laptops without Windows 8 @ Rare

1.   Strange it may seem but the current availability of Laptops for sale in the market show a peculiar sad state of specs...ie they are available only with Windows 8.There are rare options on few sites that offer New laptops for sale without Windows OS.I have been planning to buy a laptop with i3/i5 processor and in my search over various sites I came across this sad but surprising stat.

2.  Infact leading online shopping retails in Dubai have got NIL option to buy a laptop without Windows 8.I checked up at the following sites :

- www.sharafdg.com/‎

- http://www.carrefouruae.com/

- http://www.ic4uae.com/

3.   Even the options without Windows 8 on leading retails in India have much lesser options then with Windows 8. Checked up at Flipkart, snapdeal,timesofindia shopping to mention a few.

 

 4.   Given these facts...it looks like Microsoft has put in rigorous and vigorous marketing efforts to increase there sales graph for Windows 8.For those guys who wish to buy Windows 8 laptop and then attempt removing the windows and install some Linux flavour...it is equally surprising that unlike till Windows 7 wherein it was relatively a matter of deleting Windows and installing Linux...it is complex removing Windows 8 so the user has to be content with a dual boot option wherein he has to compromise with wastage of space dedicated to Windows....

5.  Thus there is a kind of binding that comes along with these laptops with Windows 8 that you cannot mov to another OS.....:-(

BACKTRACK 5 R3 : 0trace

This post is going to introduce you to a "Identify Live Hosts" tool by the name of 0trace that enables a user to perform hop enumeration (“traceroute”) within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do. The important benefit of using an established connection and matching TCP packets to send a TTL-based probe is that such traffic is happily allowed through by many stateful firewalls and other defenses without further inspection (since it is related to an entry in the connection table).

How to reach 0trace ?

(Click to enlarge)

(Click to enlarge)

(Click to enlarge)

The command syntax :

root@bt:/pentest/enumeration/0trace# ./0trace.sh eth0 (IP ADDRESS1)

and then you need to then open another terminal and connect using netcat as below

root@bt:~# nc (IP ADDRESS1) 80

Here in the example as shown vide screenshots,i have used a web site ip address for sample check....without opening the second terminal window...you will not get any progress on the first terminal....

Facebook on Basic Phone : Possible@YESS!!!

1.  The penetration of smartphones in the market is rapidly setting new benchmark verticals.Smartphones have changed our basic routine access exercise of switching on laptops or workstations to access our facebook,gmail and other accounts...but somehow this access to facebook and other accounts has been limited to smartphones only...and thus the basic mobile user still has the traditional method of accessing the mails and social networking sites....but thankfully this is not likely to go on for long...

 

2. One Mr Sumesh Menon, co-founder and CEO of U2opia Mobile,has fine-tuned USSD (Unstructured Supplementary Service Data) technology and is using it to allow anyone with a mobile phone to connect to Facebook. Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network. Thus even if a user has a very basic phone and no data connection, he can use USSD to connect to Facebook.

3.  Offcourse the concept of USSD is not new per se as a technology..users have all been using it in some way or the other in routine.For example, when you check your remaining pre-paid balance in the phone using a code, you use the USSD technology.So basically it is a kind of 1G solution that works in a 3G world.For those who wish to know about the 'G' family...please click here to find the 'G' Generation.

HOW TO USE THIS SERVICE :

-  In India, it is available to almost all mobile phone users, except those who are using network of BSNL.

-  To access Facebook from a basic (or from a smartphone that has no data connection) a user has to first subscribe to the service by dialling *325#.

-  Once the service is active, which happens within a few minutes, users can utilize the USSD menu to go through their timeline, check status updates, post status updates and check likes or comments on their posts. The service also allows access to Facebook Messenger and users can exchange messages with their friends.

-  There is no limit on how many times you can access Facebook or how many messages you can send to your friends on Facebook messenger. While different operators charge different price for the service, usually the price is around Re 1 per day, making it a cost-effective way to keep in touch with friends.

Few interesting points about this :

-  The underlying technology is called FoneTwish.

-  Any operator can use FoneTwish to enable access to Facebook through USSD for its users.

-  Service is used by over 40 operators in 30 countries.

-  Currently, there are over 10 million users across the world who access Facebook through USSD.

LIMITATIONS :

-  Facebook will be limited to a text-based service when used through USSD.

-  A user cannot access photographs on his phone through FoneTwish.

-  Offcourse there will be limitations w.r.t the proper web based experience that we see on a smartphone...but still..kudos to the effort and congrats to basic phone users.

4.   Well there may be one good news that as on date such phones will be more secure than smartphones.Too early to say before they get broken  too...lets wait and watch...

5.   Thanks http://timesofindia.indiatimes.com

Sell your old PC & IT Hardware @ NCR Delhi

1.   Isn't it very often that you have a old working CRT monitor or a old pentium PC though working fine or even in a non workable condition and you find it hard to sell it to the local kabadi wala who would offer not greater the plastic scrap rate...and so that old box keeps lying in store room and you don't know what to do with it....do you know that even a dead motherboard would fetch you around Rs 150....but all this will be possible only if you hit it right...i mean you know a place to sell all this IT scrap....so i thought of writing this post..I have been to this shop at Nehru Place for about 4-5 years now....has a professional team and approach to rate your scrap be it working or not working!!!!

2.   Though I have no affiliation with this shop in any way but thought of sharing this exploitable info for all guys based in NCR.....few pics to help in identification for those of you who wish to visit this below :

Contact Details :

B-6 & B-7, Basement,Madhuban Building
55,Nehru Place, New Delhi-19 India
(L) + 91 11 26412642
(L) + 91 11 26293639
(M) + 91 9958977551
(Fax) 00-91-11-4654 2668
E-Mail :- ashish@2ndscomputers.com
Website :- www.2ndscomputers.com

3.   In fact shops like these should be promoted through advertising for benefit of all.....so that there is managed E-Waste.....

ENCRYPTED E-MAILS @ DARK MAIL ALLIANCE

1.   How often we keep reading so much about privacy and IT security issues across the web and daily surf's!!!....but we only have more to believe that privacy with times to come will be a matter of past...be it your mobile with loads of applications inbuilt already or your exchange on yahoo or gmail etc..every one is trying to vie for your data in some form or the other...your sms..your mms...your contacts..your stored data on the SD card,your browsing history or your location at various times of the day etc etc.....every one wants all this to make your profile and then in the long run use all this to market or even blackmail you(who knows!!!!!)...future will buzz a lot with our past....

2.  In such times it is good to read about "Dark Mail Alliance". Extract from their website is produced below for general direction of purpose :

" To bring the world our unique end-to-end encrypted protocol and architecture that is the 'next-generation' of private and secure email. As founding partners of The , both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and jointly work to proliferate the worlds first end-to-end encrypted 'Email 3.0' throughout the world's email providers. Our goal is to open source the protocol and architecture and help others implement this new technology to address privacy concerns against surveillance and back door threats of any kind."

3.   Silent Circle’s team as mentioned in the extract is a unique and eclectic mix of world-renowned cryptographers, Silicon Valley software engineers, German VoIP engineers, Latvian system analysts and former US Navy SEALs & British Special Air Service (SAS) security experts....while Lavabit was an encrypted email service, founded in 2004, that suspended operations on August 8, 2013 after it was ordered to turn over its Secure Sockets Layer (SSL) private key to the US government.So the combo of these two majors can be a force to reckon with provided the policies and strategies do not bar them again in some manner...till then lets give a "good night" to privacy!!!

4.   More at http://darkmail.info/