ANDROID & GOOGLE : AT LOGGER HEADS????

1.    This news is bound for only one thing.....a first big dent on Google's untouched Kingdom in the cyber world.There is a reported discord among the Android developers who are irked at Google’s Android Market policies.They have formed the Android Developers Union to protest the policies.The new union has compiled a list of seven demands including renegotiation of the 32pc ‘Google Tax’ on app sales, public bug tracking, algorithmic transparency and increased payment options.They threaten Google that if these demands are not met they will cease development and move their efforts to rival platforms.

2.  "If the demands are not met, we will move our applications to alternative marketplaces or the web, cease Android development in favour of other more open platforms, we will dissuade other developers from developing Android projects, and we will work tirelessly to counter any of Google's hypocritical claims about openness in the media."

3.   This seems to be the first kind of big set back to google who may find loosing an edge in its battle for the smartphone operating system and applications market vis-a-vis Apple and Microsoft.The seven demands of the android union can be seen here...

4.   This writeup does not reflect my views of standing against anyone or supporting anyone but wishes to inform the readers only for info........

Be veri careful : Recent cases of duping online in DELHI

1.    Inspite of regular discussions,regular readings of various advisories,the tongue(greed) of lust for more money doesnt stop..& it keeps looking for opportunities and thus keeps succumbing by loosing more ....In a recent case both pertaining to saadi own dilli...two understandably IT educated pers were robbed of a high value money transaction...how????briefly mentioned below :

- New Palam Vihar Resident case : The case pertains to the resident of New Palam Vihar at New Delhi, India, Mr Dalbir Singh who recently recieved the typical e-mail of winning a lottery of ` 14 Crore ($ 37,000 approx) in the UK.Mr Dalbir Singh contacted the accused for ascertaining the lottery amount and was convinced to pay Rs 17 Lakh for exchange purpose as foreign currency had to be converted to rupee.Mr Dalbir Singh instantly transferred money from his account to the account of the fraud.Since that day of transfer Mr Dalbir Singh has been only recieving CONDOLONCES from all his friends and relative circle around.A very typical case of cyber lottery fraud.....

- E-mail Scam Tricks Student of JNU : This case pertains to the a Jawaharlal Nehru University (JNU) student who was recently defrauded off Rupees 3 lakhs when he fell for a malicious e-mail scam.Initially an e-mail came to the student apparently from an institution called Global Watch Institute, asking him for being present in dual seminars on the topic: Racism and Human Rights the Institute was holding one each in Madrid and New York.The student stated that the first message came to him on December 17, 2010. And, according to him, since his field of study had a connection with the topic, he responded stating he was interested.The e-mail also promised about bearing the entire cost of the student's trip. However, over time the fraudsters started asking for money from him to take care of certain expenditures such as booking his hotel at Madrid along with health insurance asserting that they'd all be refunded when he'd arrive in New York.The student, believing the e-mail, wired the money, but neither heard of any seminar nor a trip abroad, he stated. Indeed, all the things written inside the electronic mail was false.Worryingly, the above mentioned e-mail fraud, according to security specialists, is an edition of the 419 scam, which's also called Advance-fee Fraud.They (specialists) outline that the method of operation in these malicious e-mail campaigns involves duping a victim with fake pledges about certain huge reward to such an extent that he acquiesces to remit money. For example, in the current instance, the scammers tricked the student into transferring cash after promising falsely about arranging his presence at the seminars abroad.This is more organised form of the frauds and scams that are happening all across.....

2. A Netizen need to know that they cannot win a lottery unless they have not invested money on it.Please always take care of what you do on the net specially when u r doing some kind of finacial transaction

3. Thanks http://www.hindustantimes.com/,http://www.spamfighter.com/

Easy Upgrade from USB 2.0 to USB 3.0 :Transcend's USB 3.0 Express Card Adapter

1.  Transcend has come up with a USB 3.0 Express Card Adapter, an easy-to-install add-in that allows users to speedup their notebook with blatant flying speed of USB 3.0 technology.The new USB 3.0 Express Card Adapter comes with 2 high-speed USB ports that fully support Super Speed USB 3.0 standard with bandwidth of up to 5 GB/s. In addition to this, its quick and easy 2 install, the card enables speed enthusiasts to experience data transfer rates up to ten times faster than USB 2.0 with optimized power efficiency.

2.  Transcend's PNU3 USB 3.0 Express Card Adapter is fully compatible with Windows 7 and comes at an affordable price of approx Rs 1900 with 2 years Warranty(check out Nehru Place rates before buying)

3.  Thanks http://itvoir.com

NOKIA should have merged with GOOGLE : Google CEO

This comes straight after the earlier post news spread across about the merge of Nokia & Microsoft......When asked about Nokia's choice of Windows Phone 7 as its smartphone system, Schmidt said "Google would have loved to see Nokia pick Android instead. Google tried to convince Nokia to choose Android, and it can still make that decision in the future".....(ha ha ha....Google still has hopes of a future revertive action by NOKIA....and who knows...it may just happen..we are just the readers!!!!!)

NOKIA & MICROSOFT : A MERGER TO READ ABOUT

1.    In todays shrinking world when we hear of merger of giants...its part of normal breaking news which hardly puts together rolling eyeballs 7 pop ups ....But this one is slightly different or if not different it is really BIGGGGGGG.This is about merger of fantabulous phone hardware NOKIA and the operating system giant MICROSOFT coming toether to produce and try beating the phones across?

2.    The deal which was in the rumour rounds already went much ahead of the expectations.....in effect, Nokia is handing over its future - in smartphones at least - to Microsoft and Windows Phone 7.  That means Good bye & Happy journey Symbian . So can the combo really become the third horse in the race, giving Apple and Android a run for their money ?I have my doubts....

3.    Crux of the acquisition pointwise listed below :

- Nokia to embrace Windows Phone as its principal smartphone.

- Nokia to contribute its expertise on hardware design, language support.

- Both would closely collaborate on joint marketing initiatives .

- Bing would power Nokia’s search services(nobodys guess!!!)

- Nokia Maps would be a core part of Microsoft’s mapping services.

4.    Just to mention,a year earlier when this merger was being talked about, was once declared an april fools rumour. And now about a year later it is on official Microsoft site.Thanks Microsoft site for info

The Gawker case : EXPERIENCING A HACK

1.   A six-letter password in lower-case text takes a hacker's computer just 10 minutes to crack. But make those letters upper-case and it takes 10 hours for it to randomly work out your password. Thus simply upper-casing your password can minimise a hacker's chance of finding out your account.Add numbers and/or symbols to your password and the hacker's computer has to work for 18 days.Despite widespread warning, 50 per cent of people choose a common word or simple key combination for their password.The most used passwords are 123456, password, 12345678, qwerty and abc123. 

2.   I read about the Gawker case recently wherein the subject media firm Gawker urged subscribers to change their passwords after its user database was hacked and more than 1.3 million passwords were stolen.Now imagine some one like Yahoo or Google requesting one fine day on a similar line....won't our heart come out????

3.   The exact Gawker announce ment goes like this 

“Our user databases appear to have been compromised. The passwords were encrypted. But simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords. We’re deeply embarrassed by this breach. We should not be in the position of relying on the goodwill of the hackers who identified the weakness in our systems. And, yes, the irony is not lost on us.”

4.   The problem emanated when Gawker recently launched a multi-site redesign thatthat failed spectacularly, leading visitors to blank pages. The culprit was a misbehaving piece of JavaScript, but when a single line of JavaScript causes your entire suite of sites to fail you no longer have websites, you have, well, nothing.The problem with Gawker’s redesign is that it uses JavaScript to load everything. That means that, not only is there no chance for the site to degrade gracefully in browsers that don’t have JavaScript enabled, the smallest JavaScript typo can crash the entire website.

5.   Now we all have seen it personally as we sometimes tend to have the same password for multiple accounts on the web.....this could be a simple fall like a pack of cards...one point failure leads to the complete fort coming down.....so guys...take care....change ur passwords for better and stronger security.....

MALWARE & AUTORUN : LOVE BIRDS OF PROPOGATION

1.    All the family members of trojans,malware and adwares few of which are mentioned above have one similarity in form of a common propagation method. They all ab"use" the autoplay feature of Autorun, many by creating or manipulating Autorun.inf files on network drives and removable media, so that when a user connects, the malware is automatically executed on their system. Newer operating systems, like Windows Vista and Windows 7, have made changes to the way Autorun is configured (Windows Vista) and how it works by default (Windows 7). These changes appear to have had a significant difference in the ability for autorun-abusing malware to successfully infect these newer operating systems, especially for Windows 7.

2.   More interesting details here

3.  Thanks http://blogs.technet.com & Microsoft Malware Protection Center

INTERNET KILL SWITCH????

1.   Recent events in Egypt and the debate over the “Cyber Security and American Competitiveness Act of 2011”, has introduced the cyber world with a yet another jargon term “INTERNET KILL SWITCH”.Whats this all about and what does this mean.....crux in brief as i understood after going through few good informative sites....read onnnnn!!!!!

2.   The term would give US the best tools available to swiftly respond to a significant CYBER threat.Thus if the U.S. detected a serious cyberthreat at some point of time, this switch would enable the US President to instantly shut down any infrastructure connected to subject infrastructure.It is not a mandate to be able to shut down the entire Internet but rather authorizes the president to order turning off access to “critical infrastructure” .

3.   Our interest here is to look at just one dimension of the issue – the technical feasibility; the political and policy aspects, we’ll leave to others.

4.   Thanks http://www.switched.com

DATA STORAGE IN BACTERIA : 9,00,000 GB stored in 1 gm of Bacteria

1.  Earlier discussed here & here in my 2009 posts when the study,the concept and experiments were on test bench have now touched reality....

2.  A team of undergraduates and instructors from the Chinese University of Hong Kong (CUHK) has found a way to store a whole lot of data onto living bacteria cells through a process they call “massively parallel bacterial data storage.” And in addition to storing huge amounts of data, they have also figured out how to store and en/decrypt data onto living bacteria cells.

3.  The team has managed to squeeze more than 931,322GB of data onto 1 gram of bacteria (specifically a DH5-alpha strain of E.coli, chosen for its extracted plasmid DNA size) by creating a massively parallel bacterial data storage system. Compared to 1 to 4GB per gram data density of conventional media, the 900,000GB per gram figure the team has returned is genuinely stupefying ie like  to fit the equivalent of 450 2TB hard disks (900TB) on a single gram of E.coli bacteria.

4.   A small ppt straight from the team can be seen here.


5.   Thanks devilsduke.com for the pic

DRIVE BY ATTACK

1.   A small and easy to infer article on DRIVE BY ATTACK here

2.   Thanks http://www.bitesofapple.com

Win32.Hlux : January 2011 " King of worms"

1.   Email-Worm.Win32.Hlux was talk of the E-town in January across the webosphere. This mail worm spreads via emails containing malicious links that prompt users to install a bogus Flash Player, supposedly to view an e-card. The link leads to a dialog window that asks if the user agrees to download a file. Irrespective of the response, the worm sets about to penetrate the system. In addition to propagating via email, Hlux also has bot functionality and adds infected computers to a botnet before connecting to its command center and executing its commands, which are primarily directed at sending pharmaceutical spam.

2.   Kaspersky Lab also detected a Trojan dropper masquerading as a key generator for the company's products. The old adage "There's no such thing as a free lunch" is particularly fitting here as the dropper goes on to install and launch two malicious programs. One of them steals program registration data and passwords for online games. The second is a backdoor that also has keylogger functionality.

3.   Kaspersky Lab also found the mass distribution of malicious short links on Twitter. After a number of redirects, the attention-grabbing links led users to a page promoting a rogue AV program.

4.   Apart from these two hardworkers(?????..i mean mal hardworkers) in january,the other shining star in the E-crime world is AdWare.Win32.WhiteSmoke.a which if clicked, will download a program that demands payment to rectify errors it supposedly detects on the system.

5.   More detailed report on http://www.kaspersky.com

AMD comes up with FUSION

1.   A small mention made earlier at this blog about ISTANBUL,an AMD launch...now comes up with the next gen processor known as FUSION.

2.  The 'Fusion' family will utilize a single-die design that combines multi-core CPU (x86) technology with a powerful DirectX 11-capable graphics and parallel processing engine. The APUs will also include a dedicated high-definition video acceleration block and a high-speed bus that transmits data across differing types of processor cores within the same design and will include power-saving features enabling all-day battery life. 

3.     More about FUSION here

IE users stand vulnerable again : Warning from MICROSOFT

1. This one is a real eye (....or more simply account) opener of so many IE Web browser users across the globe and this one comes straight from the horses mouth....ie MICROSOFT which has warned that the approx 900 million users of its Internet Explorer Web browser are at risk of having their computers commandeered and their personal information stolen by hackers.Microsoft has issued a 'critical' security alert over a newly-disclosed flaw that impacts all versions of the company's Windows operating system, including Windows XP (SP3), Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 (R2).

2. The trouble is meant primarily for users of IE only since no other major web browser available supports MHTML files.Microsoft also adds that the bug is inside Windows, (else who is going to use IE??????).Till date/hr as of now no hackers have been reported to exploit the vulnerability. 

3. An attacker could construct an HTML link designed to trigger a malicious script and somehow convince the targeted user to click it. When the user clicks that link, the malicious script would run on the user's computer for the rest of the current Internet Explorer session.Such a script might collect user information (e.g. email), spoof content displayed in the browser, or otherwise interfere with the user's experience.

4. For the otherwise already loosing users at a quick pace,this release would pacen up the loosing percentage of IE users across.

5.   Thanks http://www.smh.com.au

BitDefender : Tips for Safe Shopping on Mobile Devices

A small piece of advice by BitDefender on security aspects while using new generation mobile devices.Pls click HERE

Trojan.Spy.YEK : The Corporate Spying Tool

1. The Stuxnet trembles and quakes are still not over and unlikely to be forgotten for some years.After the stuxnet storm ,each one from the corporate sector IT bosses to IT admins in individual capacities,every one was trying to be careful of any sign of outside intrusion . These days when some e-threat comes along and sniffs for critical data, it could mean billions & trillions of money IN/OUT in seconds. 

2. Trojan.Spy.YEK is unlike a regular Spying Trojan that looks for documents and archives that may hold private information but also sends it back to the attacker.

3. Trojan.Spy.YEK has both spying & backdoor features with an encrypted dll in its overlay, this Trojan is easily saved in windows\system32\netconf32.dll and once injected in explorer.exe nothing can stop it from connecting (whenever necessary) to a couple of easy pings & sharing all with the attacker.

4. The backdoor component helps it register itself as a service so as to receive and follow instructions from a command and control center, while the spyware component sends away data about files, operating system, while also making screenshots(trying to make a user freindly hand guide for later action...isn't it so caring?????) of the ongoing processes.

5. Some of the commands it is supposed to execute are: sending the collected files using a GET request, sending info regarding the operating system and computer, taking screenshots and sending the results, listing the processes that run on the system and sends them away, finding files with a certain extension. Shortly put, it uploads all the interesting data on a FTP server without the user’s consent.

6. The fact that it looks for all that it is linked to archives, e-mails (.eml, .dbx), address books (.wab), database and documents (.doc, .odt, .pdf etc) makes Trojan.Spy.YEKa prime suspect of corporate espionage as it seems to target the private data of the companies.

7. This infection will change the registry settings and other important windows system files. If Trojan.Spy.YEK is not removed it can cause a complete computer crash.Some Trojan.Spy.YEK infections contain trojan and keyloggers which can be used to steal sensitive data like passwords, credit card, bank account information etc. 

8. On top of that, the Trojan can run without problems on all versions of Windows® from Win 95® to Seven®. 

FBI : A Parent's Guide to Internet Safety

A must read guide from  The Federal Bureau of Investigation (FBI), an agency of the United States Department of Justice for all the parents in the world, advising & trying to make them understand the complexities of online child exploitation.....please click HERE

Case of Albert Gonzalez : The Largest Online Fraud in U.S. History

1. This case that I recently read in brief pertains to an interesting online fraud case against Albert Gonzalez.I have made it in a sequential point to compress the complete story for easy reading and grasping :

(a) Albert started using computers at an early age, and while in high school, managed to hack into the Government of India's website[ :( ]. Sadly, he was not charged at this stage and only warned to stay away from computers for six months.

(b) At the age of 19, he started his own group of hackers, named ShadowCrew, which trafficked over a million credit card numbers for use in online fraud. When the FBI finally managed to shut the group down, Albert was charged. However, he worked with the investigators and gave away vital information on his cohorts and did not need to serve a sentence. 

(c) Still on,Albert after two years worth of hardwork(????) compromised on sensitive data including 45.6 million credit and debit cards.

(d) TJX Companies notified the authorities of their data leakage. Albert had the abilities to crack and hack his way through, but the low security measures didn't help TJX. Albert was able to install his malware and sniffing software onto the networks of TJX and all the stores operating under them, even outside of the United States. TJX discovered the breach in December of 2006 and was under the belief that they had only been losing data for the past six to seven months, dating back to May 2006. After further investigation, they found that they were losing sensitive data since 2005. Albert had already moved on to bigger and better operations by the time TJX had even started discovering the extent of their security breach.

(e) Gonzalez and his accomplices used SQL injection techniques to create malware backdoors on several corporate systems in order to launch packet sniffing (specifically, ARP Spoofing) attacks which allowed him to steal computer data from internal corporate networks.

(f) During his spree he was said to have thrown himself a $75,000 birthday party and complained about having to count $340,000 by hand after his currency-counting machine broke.(ha ha ha.....wow!!!!anyway)

(g) Gonzalez had three federal indictments:

- May 2008 in New York for the Dave & Busters case (trial schedule September 2009)

- May 2008 in Massachusetts for the TJ Maxx case (trial scheduled early 2010)

- August 2009 in New Jersey in connection with the Heartland Payment case.

(h). On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison.

2. For details of the case with many links please visit HERE