Introduction to SoftICE

1. SoftICE is a kernel mode debugger for Microsoft Windows. Crucially, it is designed to run underneath Windows such that the operating system is unaware of its presence.
2. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed. For driver debugging this is critical due to how hardware is accessed and the kernel of the operating system functions.
3. Because of its low-level capabilities, SoftICE is also popular as a software cracking tool.
4. Microsoft offers two kernel-mode debuggers, WinDbg and KD, for no charge.
5. However, the full capabilities of WinDbg and KD are available only when two interlinked computers are used.
6.  SoftICE therefore is an exceptionally useful tool for difficult driver related development.
7. The last released version was for Windows XP. Newer versions of Windows are seemingly unsupported as the tool is no longer listed on Compuware's website.
8. A commercial kernel-level debugger called Syser claims to continue where SoftICE left off.
   A shareware but free to use OllyDbg is a 32-bit assembler level debugger from Oleh Yuschuk. However, it can only be used for user-mode debugging.

See more  http://www.princeton.edu/~achaney/tmve/wiki100k/docs/SoftICE.html

SIM Card Forensics

1. The SIM (subscriber identity module) is a fundamental component of cellular phones. It also known as an integrated circuit card (ICC), which is a microcontroller-based access module.
2. It allows users to port identity, personal information, and service between devices.
3. Security in SIM
   
   SIM cards have built-in security features. The three file types, MF, DF, and EF, contain the security attributes. These security features filter every execution and allow only those with proper authorization to access the requested functionality. There are different level of access conditions in DF and EF files. They are:
   

• Always—This condition allows to access files without any restrictions.
• Card holder verification 1 (CHV1)—This condition allows access to files after successful verification of the user’s PIN or if PIN verification is disabled.
• Card holder verification 2 (CHV2)—This condition allows access to files after successful verification of the user’s PIN2 or if the PIN2 verification is disabled.
• Administrative (ADM)—The card issuer who provides SIM to the subscriber can access only after prescribed requirements for administrative access are fulfilled.
• Never (NEV)—Access of the file over the SIM/ME interface is forbidden.

Read More at  http://resources.infosecinstitute.com/sim-card-forensics-introduction/?utm_source=Newsletter&utm_medium=email&utm_campaign=November2013+Newsletter

Regular Testing Essential to Stop Hacker Access

1. RATs, or Remote Access Trojans (aka Remote Administration Tools), can give hackers total remote control of any compromised system(s). Once this type of malware payload is successfully delivered, through a phishing email, USB delivery or a malicious site, a hacker can easily get up to all kinds of costly mischief.
2. This week, reports surfaced that a banking Trojan employing RAT technology known as Neverquest is poised to explode in the coming months.
3. What do RATs do?
   • “Put simply, a RAT is malware that gives criminals a backdoor to the infected system. 
   • Once a RAT payload has been delivered, a hacker will have all the access and privileges to everything on the system or device the user does. 
   • Most APTs (Advanced Persistent Threats) employ some kind of RAT technology because of the absolute power it gives an attacker to do basically whatever they want.
   
   Read more: http://www.digitaljournal.com/pr/1628513#ixzz2mzHjfpat
    
    
   
   
    

Read more: http://www.digitaljournal.com/pr/1628513#ixzz2mzHIjXn3

Huawei security centre in UK gets security clearance

1. Huawei supplies software and equipment which channels phone calls and data around Britain and has found itself at the centre of a debate, particularly in the United States, over whether it is a risk for governments to allow foreign suppliers access to their networks
2. Britain will clear Chinese telecoms equipment firm Huawei to run a UK-based cyber security centre if it agrees to tighter rules to allay spying and hacking fears, a person familiar with the matter said.
3. Check detailed news at http://articles.timesofindia.indiatimes.com/2013-12-05/hardware/44806476_1_potential-chinese-state-influence-huawei-cyber-security.

2M Facebook, Gmail, Twitter Passwords Stolen in Massive Hack

1. Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week.
2. The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. 
3. The virus was capturing login credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers
4. On Nov. 24, Trustwave researchers tracked that server, located in the Netherlands. They discovered compromised credentials for 93,000 websites, including:
   318,000 Facebook accounts
   70,000 Gmail, Google+ and YouTube accounts 60,000 Yahoo accounts 22,000 Twitter accounts 9,000 Odnoklassniki accounts (a Russian social network) 8,000 ADP.accounts 8,000 LinkedIn accounts
5. http://www.8newsnow.com/story/24135669/2-million-facebook-gmail-twitter-passwords-stolen-in-massive-hack

Microsoft Beefs Up Encryption After NSA Spying Reports

1.  In response to reports that the feds are spying on tech firms' data as it moves between servers, Microsoft today pledged to step up encryption across its services. 
2.  If true, NSA spying could "seriously undermine confidence in the security and privacy of online communications," Microsoft's general counsel, Brad Smith, said in a blog post.
3. Smith said Office 365 and Outlook.com customer content is already encrypted when traveling between customers and Microsoft, while most Office 365 workloads as well as Windows Azure storage are now encrypted in transit between data centers.
4. The NSA denied those allegations. "NSA is a foreign intelligence agency. And we're focused on discovering and developing intelligence about valid foreign intelligence targets only."
5. Read more at ..http://www.pcmag.com/article2/0,2817,2427962,00.asp?mailingID=4A8C526FE94DD7A9EACC9565528CC0A8

The Estonian Cyberwar and Its Implications for U.S. National Security

On April 26, 2007, the small Baltic state of Estonia experienced the first wave of denial-of-service (DoS) attacks. Accompanied by riots in the streets, these cyberattacks were launched as a protest against the Estonian government’s removal of the Bronze Soldier monument in Tallinn, a Soviet war monument erected in 1947. These attacks targeted prominent government websites along with the websites of banks, universities, and Estonian newspapers. After three weeks, the attacks ceased as suddenly as they had begun, but not before the Estonian government undertook measures to block all international web traffic, effectively shutting off the “most wired country in Europe” from the rest of the world.
Forensic analysis by US for future defense

http://www.iar-gwu.org/node/65

Estonia’s experience in handling the cyber attacks of 2007 has positioned the country as a thought leader in cyber security.

A cyber attack against a country seems like something out of a science fiction movie. However, a perfect storm of political controversy and successful psychological warfare turned this into a reality in Estonia, when in 2007 the relocation of a Soviet World War II memorial started an unprecedented unrest in the country’s capital that has later been labelled the Bronze Night .

Read full report at Turning-around-2007-cyber-attack-lessons-estonia

Which is the commercial value of a hacked email account in the underground?

In the above image is reported a post from an underground forum that demonstrates the hacker’s interest to confidential data on CEO and top management of different well known brands, following the translation from Russian:
“Will buy information about the following companies: 
- Linkedin, Verizon, GoDaddy, British American Tobaco, Dupont, Pepsi, Names.co.uk, Facebook (private companies) 
- Commerzbank, Reiffeisen, RBS, Bank of America, Wells, Wachovia, Citibank + any russians, having online-banking
Interested in email + password, any stolen accounts of its employees in social networks (Facebook + Linkedin), will pay good, before selling need to have a garant and checking.
Interested in hacked accounts and data on:
- sustem administrators;
- top managers (operational managers, heads of the departments)
Reach me only through PM, confidential and in 1 hands
WIll talk only under OTR/NDC encryption in Jabber, don’t use ICQ “

Read More at  http://goo.gl/LIcQR5

Mobile OS Wars: Samsung Introduces Tizen

Android, ChromeOS, Windows for phone, iOS, Google, Microsoft and now Samsung.
They are all having their own Os but now another competitor in the Market Samsung with Tizen.

As Mozilla prepare to launch a new Firefox-based operating system (OS) for cheaper phones in emerging markets, Samsung is taking on iOS, Android and Windows Phone with Tizen.

What is Tizen?

Tizen is a fully featured operating system developed by Samsung, and it’s designed to run on Samsung Galaxy S4 phones, as well as TVs and other connected devices from the Korean company.

Why is Tizen Happening? Doesn’t Samsung use Android?

Yes, most Samsung smartphones and tablets use Android, and this means that Google can sell apps, music and movies on each product. It seems Samsung want a piece of that pie. Tizen is an OS set up by Samsung but, crucially, Intel also is open for use on smart TVs and even car entertainment and navigation. Soon after Google announced they were buying Motorola and making a new smartphone, Samsung issued a statement saying, "We plan to release new, competitive Tizen devices within this year and will keep expanding the lineup depending on market conditions."

How is Tizen Different From Android?

Like Firefox OS, Tizen uses the HTML5 Web format, which means that mobile and desktop apps are easily accessible on the OS without the need for extra apps or plug-ins. This also makes it easier to develop Tizen than, say, iOS, because Tizen is an open format. This means developers can experiment with minimum outlay or third party authorization. The backbone of the system is Linux, a popular development tool. Wannabe developers also have been offered $4 million in prize funds from the Tizen Foundation for making impressive apps and games. Samsung is keenly aware that Microsoft and BlackBerry smartphones are still suffering from a lack of key apps, compared to iOS and Android.

Will Tizen use Android Apps?

Yes, but not as standard. A setting allows native use of Android apps, but expect the push to be on evolved versions that are unique to Tizen in a similar way to the Samsung Edition of popular Android apps, like Trip Advisor.

When Will Tizen be Released?

On November 9, 2013, Tizen released its latest version 2.2.1 platform and software development kit (SDK). Samsung's principal engineer, Alvin Kim, spoke about the relationship between Android and Tizen, commenting that he hopes “some devices will be given to the market by the end of [2014].” Leaks have hinted at a Galaxy S4 running the OS, fueling speculation that it may reach existing smartphones, including the Galaxy S3, by early 2014.

Didn’t Samsung do This Before?

Yes, Bada was an early phone OS, and Intel also had a mobile operating system. Both failed in the face of iOS and Android. However, Tizen is an evolved joint effort between the two companies. Samsung is a major player in the smartphone, TV and tablet market, so there’s more chance of a bigger uptake, particularly in the East and for first-time smartphone users not already comfortable with iOS and Android. As a footnote, Samsung sold over 400 million smartphones in 2012 alone, globally.

What Does Tizen Look Like?

The color scheme and tiles blend the new look of iOS 7 with Windows Phone. Designed for Samsung fans and new smartphone owners, the focus is on speed and simplicity, although it’s expected to be highly customizable. J.K. Shin, Samsung's co-CEO, told CNET that Tizen is more than just "a simple alternative for Android." Tizen also will allow users to open multiple windows to simultaneously view email and a Web browser, blurring the lines between desktop and mobile. Modern BlackBerry users will be familiar with the ability to preview a second screen while using another.

Will a Tizen Smartphone be Powerful?

A Qualcomm processor is expected to power a dedicated Tizen smartphone, but a 720p display on a prototype suggests that the smartphone will be a powerful but affordable device. After all, the key aim is to dent the spread of iOS devices, and a Tizen smartphone is expected to be a key rival for the iPhone 5c. Last year's Tizen smartphone prototype featured a 1.2 Ghz processor and 1 GB of random access memory (RAM), offering a similar spec to a Nexus smartphone. Interestingly, both Fujitsu and NEC are developing Tizen smartphones that are likely to be high-end devices aimed toward Japanese business users.

Source: http://www.techopedia.com/2/28205/trends/the-laws-of-computing

Domain Name Server Amplification Attack

New type of DDoS wherein server is sent a large amount of data with the, the intent is to make a system unavailable to legitimate users.

Wanted: Cyber guards for India

More job opportunities for cyber security professionals;

 Even as India proclaims itself to be the hub of information technology, it has not been able to take on cyber attacks from ha­ckers across the world. This is due to lack of cyber security professionals.

“India is a country where youngsters are encouraged to take up jobs of application programming and not system programming, which is essential to equip one’s own desktop, one’s organization and his or her country, against cyber attacks,” noted an expert in cyber security on the event of World Computer Se­c­urity Day which falls on Friday.

Government itself has admitted that there are less that 1,000 people in the country who are experts in system side programming while the demand is for around 5 lakh professionals, noted Dr B Muthukumaran, cyber crime consultant for the Tamil Nadu police.

“Policing the cyber world may not be a job which a regular policeman can execute and calls for special cyber investigative skills and exposure to associated cyber laws. There should be more technically sound professionals in the force who can understand and handle cases,” noted another expert who has assisted intelligence agencies in cyber crime cases.

Indian youth focus more on application software and refuse to be trained in system side development beca­use the easily available job segment is in application development jobs in the information technology world. However in countries like China, Germany and US, youngsters are being trained to focus on system side programming, thus helping those countries to develop their defences in the cyber world, noted Dr Muthu­kum­aran, who is also DGM, Institute of Tec­hnology Management & Research, Chennai.

The recently anno­u­nced information security policy has opened up many entrepreneurial opportunities for youngsters trained in system side programming. The future world calls for specialization and it is difficult to survive without cyber security guards.

 

 

Reference http://goo.gl/RhiuoO

How to change the key in Windows 8

When I upgraded from windows 7 ultimate to windows 8, it was all smooth and the there was no problem. When I clicked on update now, the message was displayed that "Activate windows before updating"
However all trouble started when I wanted to activate the Windows 8 by entering the KEY.
Clicking on activate link said Windows cannot be activate now, contact your administrator!
For complete 72 hour I kept on repeating the process of installing and uninstalling thinking that there would have been some problem in installation.
Then  I  came across this process as given below

To change the product key without first activating Windows, use one of the following methods:

Method 1

1. Press Windows+r key.
2. Type Command in run



Type slui 3 at command prompt

 3. Then press enter. you will be taken to Screen where you enter the Activation key.

4. This is the method I followed to activation.

Method 2

1. Swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search.
2. In the search box, type Slui.exe 0x3.
3. Tap or click the Slui.exe 0x3 icon.
4. Type your product key in the Windows Activation window, and then click Activate.

Method 3

Run the following command at an elevated command prompt:

Cscript.exe %windir%\system32\slmgr.vbs /ipk <Your product key>

 You can also use the Volume Activation Management Tool (VAMT) 3.0 to change the product key remotely, or if you want to change the product key on multiple computers.
 

Ransomware virus threat getting worse

Taking advantage of anonymous payment services, cyber criminals are increasingly using a malicious software 'ransomware' that holds a computer hostage until the victim pays to free it, online security firm McAfee says.
"Ransomware has become an increasing problem during the last several quarters and the situation continues to worsen. The number of new, unique samples this quarter is greater than 312,000, slightly less than last quarter but still the second highest figure recorded by the firm," the McAfee Labs Threats Report Third Quarter 2013, said.

Petroleum Ministry warns PSU oil companies of cyber attacks

Following an advisory by the Indian Computer Emergency Response Team (CERT), the Petroleum and Natural Gas Ministry has alerted all the heads of oil marketing companies (OMCs) about the possibility of cyber attacks.
http://goo.gl/z9miIx

Indian tweens use risky or low level security passwords

 Indian tweens, children between the age of 8-12 years, are enthusiastically adopting Internet using multiple devices, but use risky or low level security passwords, a survey by cyber security major McAffee revealed.

McAfee's Tweens and Technology Report 2013 said online tweens are potentially vulnerable to risky behaviour on the Internet a good number of them have chatted to someone online that they didn't know previously.
A disturbing trend on the rise among tweens is their apathy towards their own online safety. 58 per cent of the respondents surveyed use risky or low level security passwords online and Almost half of the tweens surveyed share information about themselves over FB (41 per cent), it added.
Another dangerous trend that the survey by the US-based firm revealed is that Indian tweens are becoming more trusting of the virtual world to familiarise themselves with unknown people, in spite of being aware that it is risky.


http://zeenews.india.com/news/net-news/tweens-fast-adopting-internet-but-apathetic-towards-security_892783.html

Top Ten Biggest Cyber Crimes

 Though slightly outdated but still gives useful information on cyber attacks in modern times

Source  : http://www.infosecisland.com/blogview/17807-Top-Ten-Biggest-Cyber-Attacks-Of-All-Time.html

News Super Computing 13: GPUs would make terrific network monitors

1. A network researcher at the U.S. Department of Energy's Fermi National Accelerator Laboratory has found a potential new use for graphics processing units -- capturing data about network traffic in real time.
2. GPU-based network monitors could be uniquely qualified to keep pace with all the traffic flowing through networks running at 10Gbps (gigabits per second) or more, said Fermilab's Wenji Wu. 
3. What he is trying to tell that all the present technologies and tools used have their limitation and their traffic monitoring capabilities are extremely fault prone
4. CPUs don't have the memory bandwidth or the compute power to keep pace with the largest networks in real time. As a result, they can drop packets. 
5. Thus GPU are the future.
6. Checkout more at   http://goo.gl/Qqmy6N

Aviation industry vulnerable to cyber attacks: IATA

1. Think about the scenario when you suddenly find that the destination of your flight has been changed because the navigation system has been hacked and it has been set to some other country.  And most scary is the fact that all this is because of a prank by 12 year old. 
2. Faced with cyber security threats, the aviation industry, which has spent over US$ 100 billion on security since 9/11, should share best practices and partner with governments to adapt to new challenges and tackle them, airlines' body IATAhas said.
3. Noting that aviation now relies on computer systems for almost every aspect of the business, leaving it potentially vulnerable to cyber attack, IATA asked the industry, governments, regulators and manufacturers to work together to share best practices and mitigation strategies.
4. Checkout the complete article at http://goo.gl/VvuKH5

Spurt in attacks on Indian websites

Cyber attacks against Indian websites have increased exponentially in 2013, despite the government supposedly building a credible cyber defence system.

According to confidential reports by CERT-In (Indian Computer Emergency Response Team), 4,191 Indian websites were defaced or hacked into in August, 2,380 in July, 2,858 in June and 1,808 in May. An overwhelming percentage of these attacks occurred in the .in domain, whose servers are in India - 80% in June and over 60% thereafter.

Checkout full article here http://goo.gl/N9aTWB

Winamp is going to be silenced forever

http://cyberoxen.com/winamp-was-there-not-for-long-its-gonna-be-silenced-forever-%e2%80%a2-the-register/

Snowden Likely Used SSH Keys to Access Classified NSA Data

Using public statements from Edward Snowden and NSA officials, digital-certificate firm Venafi pieces together a likely scenario for how the former contractor accessed classified documents.

Edward Snowden has not publicly stated how he leveraged his privileged access to certain servers and top-secret information at the National Security Agency into a wider fishing expedition, netting classified secrets that he had no clearance to access. The NSA hasn't provided much insight either.

This week, however, security researchers at certificate-management firm Venafi threw their collective hat into the ring, posting an analysis stating that Snowden likely used authentication keys to give his account privileged access to other servers in the network. Secure shell (SSH) keys are frequently used by system administrators to log into remote computers without a password, and Snowden likely gained access to others' keys or to privileged accounts and inserted his own keys, the company said.

The most significant clue is General Keith Alexander's testimony in which the NSA chief reportedly stated that Snowden "fabricated digital keys" to gain access to classified systems, Jeff Hudson, CEO of Venafi, told eWEEK.

"It all comes back to one thing: 'He fabricated the SSH keys,'" he said. "What he did was he allowed himself access to other systems and in the process he elevated his privilege."

More news at http://www.eweek.com/security/snowden-likely-used-ssh-keys-to-access-classified-nsa-data-venafi.html

Tor Stands Tall Against the NSA

The National Security Agency tried to crack the encryption protecting the Tor network -- known as a bulletproof vehicle for anonymous communication -- but was unable to do so, according to news reports based on revelations provided by former NSA systems administrator Edward Snowden.

Source Tech news

It seems fairly clear that the U.S. security agency has been trying to hack into Tor for some time. "The real question here concerns who the exploit was targeting," suggested Ken Westin, founder of mobileprivacy.org. "Was is it people law enforcement had probable cause to monitor, or was it a blanket exploit that targeted all users of Tor?" It's pretty reasonable to assume the latter, Westin opined.

Follow  it here on http://www.technewsworld.com/story/79133.html

Whats App is not secure due to weak encryption policies

A serious vulnerability in WhatsApp allows anyone who is able to eavesdrop on WhatsApp connection to decrypt users' messages.

Whatsapp, the mobile application for instant messaging platform has become one of the main communication tools of the present day and its popularity makes it attractive for security researchers and hackers.

This time it is debated in the protection of the messages exchanged through the application, thanks to a vulnerability in the crypto implementation they can be intercepted by an attacker.

Thijs Alkemade is a computer science student at Utrecht University in The Netherlands who works on the open source Adium instant messaging project, during its research activity he disclosed a serious issue in the encryption used to secure WhatsApp messages.

In the post titled "Piercing Through WhatsApp’s Encryption" Alkemade remarked that Whatsapp has been plagued by numerous security issues recently, easily stolen passwords, unencrypted messages and even a website that can change anyone’s status.

"You should assume that anyone who is able to eavesdrop on your WhatsApp connection is capable of decrypting your messages, given enough effort. You should consider all your previous WhatsApp conversations compromised. There is nothing a WhatsApp user can do about this but expect to stop using it until the developers can update it." states the researcher.

An attacker sniffing a WhatsApp conversation is able to recover most of the plaintext bytes sent, WhatsApp uses RC4 software stream cipher to generate a stream of bytes that are encrypted with the XOR additive cipher.

The mistakes are:

• The same encryption key in both directions
• The same HMAC key in both directions

Below the trick used by the researcher to reveal the messages sent with WhatsApp exploiting first issue:

WhatsApp adopts the same key for the incoming and the outgoing RC4 stream, "we know that ciphertext byte i on the incoming stream xored with ciphertext byte i on the outgoing stream will be equal to xoring plaintext byte i on the incoming stream with plaintext byte i of the outgoing stream. By xoring this with either of the plaintext bytes, we can uncover the other byte."

The technique doesn't directly reveal all bytes but works in many cases, another element that advantage the attacker is that messages follow the same structure and are easy to predict starting from the portion of plaintext that is disclosed.

The second issue related to the HMAC id more difficult to exploit, Alkemade said WhatsApp also uses the same HMAC key in both directions, another implementation error that puts messages at risk, but is more difficult to exploit.

The MAC is used to detect data alteration but it is not enough to detect all forms of tampering, the attacker potentially could manipulate any message.

"TLS counters this by including a sequence number in the plaintext of every message and by using a different key for the HMAC for messages from the server to the client and for messages from the client to the server. WhatsApp does not use such a sequence counter and it reuses the key used for RC4 for the HMAC."

Alkemade is very critical to the development team of the popular platform:

“There are many pitfalls when developing a streaming encryption protocol. Considering they don’t know how to use a xor correctly, maybe the WhatsApp developers should stop trying to do this themselves and accept the solution that has been reviewed, updated and fixed for more than 15 years, like TLS,” he said.

I agree with the thinking of the researcher, security for applications such as WhatsApp is crucial given its level of penetration, it is true that the interest of the scientific community and cybercrime will surely lead them to discover new vulnerabilities to which WhatsApp have to provide a quick solution.

Alkemade confirmed that there is no remediation for the flaw in this moment, that's why he suggest to stop using WhatsApp until developers produce a patch.

Read more: http://thehackernews.com/2013/10/vulnerability-in-whatsapp-allows.html#ixzz2hsut182j 
Follow us: @TheHackersNews on Twitter | TheHackerNews on Facebook

Your wifi password is Known

You are proud of your new Android Smart Phone, that was gifted you by your girlfriend or boyfriend on your birthday. Or you just received a gift packed Samsung Galaxy.
First thing you do is download fancy apps, connect it with your Facebook account, connect Twitter and all this after configuring your WiFi.
You enter your secure WiFi password and click "save it".
World over the google is actually saving all these password AND your SECURE password is NO MORE SECRET.
Be it Android, Apple or Symbian
all Smart apps are storing your wifi password.
Disturbing yet detailed report can be read here.
Happy Hunting

http://cyberoxen.com/google-knows-nearly-every-wi-fi-password-in-the-world-computerworld-blogs/

Digital ForensicsTools : Top 20

The digital forensics are the highly specialized field. The tools are customized and easy to use. 

• Only thing you require is a lot of will power, dedication and lots of computing power and space in your system.
• You can explore the in-depth information about what’s “under the hood” of a system.
•  Happy hunting.

The fields it can be implemented are

1. Internal human resources case, 
2. Investigation into unauthorized access to a server, 
3. You just want to learn a new skill, 
4. Conduct memory forensic analysis,
5. Hard drive forensic analysis, 
6. Forensic image exploration,
7. Forensic imaging and 
8. Mobile forensics. .

 http://www.gfi.com/blog/top-20-free-digital-forensic-investigation-tools-for-sysadmins/#sthash.l5vach7I.dpuf

Phishing seems to be the latest fad and going strong

Phishing, though very well known, well advertised and popular term of hacking, there are very few person who take it seriously. The usual perception is " This is not going to effect me. I am safe". Even White-house is falling prey to Phishing attacks repeatedly

Take a look at this report.

Thomson Reuters was not the only one hit by the Syrian Electronic Army in recent days; White House staffers were also targeted by the hackers.

The group's activity prompted Twitter to suspend various SEA accounts. "The Twitter managment [sic] has suspended the SEA account today after the SEA hacked into Thomson Reuters Twitter account and try to hack the White House twitter account with some success in it," the SEA wrote on its website.

The @Official_SEA12 feed is now live. The SEA said that account came back online after it threatened to hack even more Twitter accounts, though there is no indication that that was the case.

On the @Official_SEA12 account, the SEA posted what it says is the Hootsuite login and password for the White House. Passwords it secured for the @WhiteHouse account were all old, the group said. "You were lucky this time," the SEA wrote.

According to Nextgov, the hackers secured data via phishing expeditions. They sent emails to White House staffers, which included links from what appeared to be news sites like CNN or BBC. After clicking on the links, however, users were asked to sign in via Gmail or Twitter in order to read them. Those links were fake, and typing in the info allowed the SEA to log the passwords that were entered and secure access to the staffers' accounts.

The hackers were likely in search of passwords for high-profile Twitter accounts, which might have been contained within one of the staffers' emails. It appears the current password for @WhiteHouse, however, was not stored on any of the hacked accounts, saving it from a hack, for now.

Last night, the @ThomsonReuters Twitter account was infiltrated and the SEA tweeted Syria-related tweets with photos and pro-Syria hashtags.

The Syrian Electronic Army emerged in September. The hackers reportedly started attacking Western websites in retaliation for Innocence of Muslims, an anti-Islamic video that resulted in violent demonstrations in the Middle East. They have since been targeting news sites they believe are reporting news hostile to the Syrian government, including theFinancial Times, The Guardian, the BBC, and even The Onion.

Balloon and Internet

http://www.goodnet.org/articles/1141

We say "everyone" is online these days – but is that really true? According to Google's Project Loon, not at all. Two-thirds of the world's population is still without Internet access, and the initiative is working to turn that around – with balloons, no less.
So how does it work? Superpressure balloons sit some 20 km above the Earth's stratosphere, and a Google-developed algorithm determines where they need to go. The balloons are then moved remotely into a layer of wind, which will carry them where they need to go. Each balloon provides Internet to a ground area of about 40 km in diameter, at speeds similar to the 3G mobile data you get on your smartphone.



The project is launching its pilot this month, using 30 balloons over New Zealand's South Island. Up, up and away!

Watch the video   http://www.youtube.com/watch?v=m96tYpEk1Ao&feature=player_embedded

Create Your own mobile app: Even Novices can develop apps

It would be great if we all had the time, skills, and patience to learn computer coding, especially since technology pervades so many areas of our life. But thankfully, there are applications and web developers out there who provide ways for the rest of us to produce apps with little or no coding skills.

Back in June, I reviewed one such web application called Buzztouch, which is designed to allow anyone to create their own smartphone application. Now a similar program has just been released called Infinite Monkeys, a web-based tool geared toward niche communities who want to share content on the iPhone and Android platforms. Infinite Monkeys is not as polished theme wise as Buzztouch, but unlike the latter, Infinite Monkeys, says the developers, “Is completely web-based, and works on any computer or tablet device. You never touch the source code and don’t have to know what it is or how it works.” There are several other differences that also might make Infinite Monkey more accessible to non-programmers than Buzztouch. But you’re free to explore both and see which fits your needs.
Web-based GUI

Infinite Monkeys’ web-based graphic user interface allows users to incorporate existing web content from social networking sites like Twitter, Flickr, YouTube, and blogging sites.


These web-based apps of course don’t compare to more advanced apps like Angry Birds, but they are great for small niche communities and businesses, such as school associations, sports teams, churches, musicians and restaurants, who want to share content privately or publicly.



Infinite Monkeys provides three different app platform models, ranging from free to the pro level version of $499. But for many users, the free HTML 5 web-based, and ad-supported model should suffice.

Building An App

Infinite Monkey provides a seriously easy step-by-step process for creating a smartphone app in less than an hour; that is if you have an ample amount of content already posted on the web.


The great thing about using a web-based platform is that you can constantly add content and updates to your app via your blog site, YouTube channel, photo sharing site, etc.

The Infinite Monkey web application uses a familiar drag-and-drop process. You start off by giving your app a title, followed by choosing a privacy setting. You can make the app public, or private for closed community access which will prompt users to enter a password to view content.


You can of course customize the background image and splash screen, as well as the font colors for the title and other text.

Core Content

The core content of your app consists of primarily news and third-party feeds such as your blog site(s) and specific URLs.


Infinite Monkeys includes additional content models for music and books, food and beverages, events, sports, reference materials, and location services such as a map and directions.

With the click of a button you can easily preview your app at any point in the development process. The online app also includes an embedded short video tutorial for each of the three part steps and multifunction tools.

You have poor control over the content of your app, including links to streaming videos, live chatrooms, shared calendars for upcoming events, shopping links to recommended products, and tap–t0–call phone contact information.
Publishing App

The free version of Infinite Monkeys allows you to instantly post your HTML 5 version immediately to the web so that anyone with a web-enabled smartphone can access it through the assigned URL.

Since your app is ad-supported, Infinite Monkeys will host it for free on their server. While it is not nearly as polished as professional apps that you will find in say the iTunes App Store, it does provide a way for anyone to get their content into this space.

Check out more on http://www.makeuseof.com/tag/create-smartphone-app-infinite-monkeys-coding-knowledge-required/

SQL injection......a shot that doctors wont prescribe

Came across the wonderful site presenting a simple tutorial on SQL injection problems and their remedies. Posting as it is for the benefit of all.

SQL Injection Tutorial: All common SQL injection problems and Solutions

Hello readers of BTS,
    Today I'll write an tutorial for you what covers most problems while doing SQL injection and solutions to them. Probably every person who has looked at tutorials to hack a website have noticed that there are too much SQL tutorials. Almost every forum has 10 tutorials and blogs 5 tutorials about SQL injection, but actually those tutorials are stolen from somewhere else and the author doesn't probably even know why does SQL injection work. All of those tutorials are like textbooks with their ABC's and the result is just a mess. Everyone are writing tutorials about SQL, but nobody covers the problems what will come with that attack.

What is the cause of most problems related to SQL injection?

Webdevelopers aren't always really dumb and they have also heard of hackers and have implemented some security measures like WAF or manual protetion. WAF is an Web application firewall and will block all malicous requests, but WAF's are quite easy to bypass. Nobody would like to have their site hacked and they are also implementing some security, but ofcourse it would be false to say that if we fail then it's the servers fault. There's also a huge possibility that we're injecting otherwise than we should.

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

If you're interested about WAF's and how they're working then I suggest to read it from wikipedia http://en.wikipedia.org/wiki/Application_firewall

http://www.breakthesecurity.com/2013/02/sql-injection-tutorial-all-common-sql.html

XSS vulnerability tutorials

XSS is the most talked about vulnerability exploits....done by everyone..... newbies to experts...I came across this tutorial that i found educative as well as informative.

What is XSS?
Cross Site Scripting also known as XSS , is one of the most common web appliction vulnerability that allows an attacker to run his own client side scripts(especially Javascript) into web pages viewed by other users.

In a typical XSS attack, a hacker inject his malicious javascript code in the legitimate website . When a user visit the specially-crafted link , it will execute the malicious javascript. A successfully exploited XSS vulnerability will allow attackers to do phishing attacks, steal accounts and even worms. 

Example :Let us imagine, a hacker has discovered XSS vulnerability in Gmail and inject malicious script. When a user visit the site, it will execute the malicious script. The malicious code can be used to redirect users to fake gmail page or capture cookies. Using this stolen cookies, he can login into your account and change password.

It will be easy to understand XSS , if you have the following prerequisite:

• Strong Knowledge in HTML,javascript(Reference).
• Basic Knowledge in HTTP client-Server Architecure(Reference)
• [optional]Basic Knowledge about server side programming(php,asp,jsp)

XSS Attack:
Step 1: Finding Vulnerable Website
Hackers use google dork for finding the vulnerable sites for instance  "?search=" or ".php?q=" .  1337 target specific sites instead of using google search.  If you are going to test your own site, you have to check every page in your site for the vulnerability. 

Step 2: Testing the Vulnerability:
First of all, we have to find a input field so that we can inject our own script, for example: search box, username,password or any other input fields.

Test 1 :
Once we found the input field, let us try to put some string inside the field, for instance let me input "BTS". It will display the  result .

Now right click on the page and select view source.   search for the string "BTS" which we entered in the input field.  Note the location where the input is placed.

Test 2:
Now we are going to check whether the server sanitize our input or not.  In order to do this , let us input the <script> tag inside the input field. 

View the source of the page . Find the location where input displayed place in previous test.

Thank god, our code is not being sanitized by the server and the code is just same as what we entered in the field. If the server sanitize our input, the code may look like this &lt;script&gt;. This indicates that the website vulnerable to XSS attack and we can execute our own scripts .

Step 3: Exploiting the vulnerability
Now we know the site is somewhat vulnerable to XSS attack.  But let us make sure whether the site is completely vulnerable to this attack by injecting a full javascript code.  For instance, let us input <script>alert('BTS')</script> .

Now it will display pop-up box with 'BTS' string. Finally, we successfully exploit the XSS .  By extending the code with malicious script, a hacker can do steal cookies or deface the site and more.

Disclaimer: This article is for educative purpose only.

Intel is closing its shop for Desktop motherboards...RIP Desktops/towers

Reset Administrative password in Mac Book Pro

Yesterday while sipping our evening tea, my roommate  came to me with the problem "I have Forgotten my Administrative Password ". The device in use was MAC pro note book loaded with Mac OS. Frankly speaking I  have never worked on Apple before, only had it as a staple fruit diet. ;). However itook upon myself the challenge of resetting the Administrative password. given below are the steps followed.

Step 1 Reboot your Mac. As soon as you hear the loading  jingle, Press Apple key and 's'(or Command+s key)
Step 2 When you get the text/command prompt, type following using all the spaces correctly one by one

mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now

Step 3  restart and you will be prompted for setting up your account. follow those steps and you have got a new administrative account.

Only problem faced was that either you should have the Apple id handy or reregister again.

Happy hunting