Tuesday, December 23, 2014

Sony Hack and aftermath, Begining an era of Cyber War !!!!!!

The Sony servers were hacked allegedly by North Korea hackers at the behest of their leaders in order to protest for the : The Interview” a movie by Sony Picture , putting their supreme leader in bad frame.
This lead to compromise of various servers of Sony Pictures, loss of many unreleased pictures and otherwise sensitive information and data, besides receive of threatening emails by Sony Pictures employees as alleged by them
This forced Sony Pictures to subsequently postpone the release of the movies
Also came into the picture the statements form US presidents and counter statement from North Korea, escalating in retaliatory cyber attacks on each other.
Is this start of A full fledged Cyber war?
Maybe Yes or maybe its just a case of Cyber Vandalism as said by Mr Obama.
Lets say goodbye to 2014 and welcome 2015 with New, Unknown challenges of Cyber Space

Monday, December 22, 2014

Cyber Threats:The Year That Was 2014

The year of 2014 was a hectic and busy year for CISOs and CIOs. There were many revelation by ex- Employees about their agencies gathering information or spying on even friendly nations in the name National Security.
Wikileaks, Snowden, PRISM etc scared the hell out of common Internet users as well as Governments across the world. Everyone felt naked. There was an aura of Disbelief that swept across EU and other friendly nations of US when it was revealed that their data transmissions were intercepted by NSA to "Quell " any suspected Terrorist strikes.
Similarly revelation of many long standing Bugs and vulnerabilities by various independent researchers introduced the cyberworld of Heartbleed, Shellshock,etc . It's possible that these vulnerabilities had been exploited by them for years.
Lastly not to mention was the case of iOS being targeted big time by WireLurker.
Are we going to see the resurgence of old bugs or there are going to be some new evils that will emerge in 2015!!!!!!!!!!!!!!!!!!

Thursday, December 18, 2014

ICANN Hacked ....Again

image source: www.darknet.org.uk

The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for the coordination of maintenance and methodology of several databases of unique identifiers related to the namespaces of the Internet, and ensuring the network's stable and secure operation.(Wikipedia definition).
It address the issue of domain name ownership resolution for generic top-level domains (gTLDs).
As per the information available, ICANN has been subject to a spear-phishing attacks since November 2014.
The attack has caused the loss of email credentials, names and addresses of personal user details stored in Centralised Zone Data System.
Besides this the ICANN blog, ICANN wiki and WHOIS information portal has also been compromised.
Since its creation, ICANN has been the subject of criticism and controversy.
This is not the first such attack targeted towards ICANN. In June 2008, a Turkish gp "NetDevilz" hijacked the ICANN site and redirected it to site giving out message as "You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us?"
Here is the first hand information given by ICANN on its site https://www.icann.org/news/announcement-2-2014-12-16-en

Thursday, December 4, 2014

Sony picture hacking linked to allegedly to unreleased film on North Korean supreme leader

The recent hacking attack on Sony Pictures that resulted in loss both in terms of finances as well as the leaking of digital prints of unreleased motion pictures.
It has been observed by FBI that potential threat exists for Business in US particularly from the similar malware attack that would wipe out data when infected .
Besides leaked movies, Sony Pictures also lost information related to emails and casting details of yet to be produced motion pictures

The movie, The Interview, slated for a Dec 25 release, featured a plot to assassinate Kim Jong Un, the supreme leader of the DPRK, leading to speculation that hackers from North Korea may have been responsible for the incident.

Wednesday, October 29, 2014

Digital wallet ......a boon for e shoppers and online merchants.

Digital wallet: A step towards reduced financial fraud risk?

Updated Oct 29th, 2014..http://www.cysectips.blogspot.in

We started trading as homo-sapiens, using surplus items to barter for things we require. It then graduated to introducing a form of currency with fixed values predefined to be paid in lieu of an item being purchased.

Slowly but surely the present day currency started formulating. It moved from metal currency to paper currency to plastic currency, as and when the technology changed and demands and desires of th Man increased.

Now with #online frauds and #cybercrimes threatening banks and individuals alike, involving skimming money out if accounts by stealing credit card details and online banking credentials, the use of #DigitalWallet has provided an alternate and relatively secure medium to transact online.

The #DigitalWallet requires one to setup an account with one of the #DigiWallet service providers/apps, register with them and keep topping up periodically as per your shopping requirement.

Advantages:

· No physical carrying of plastic card.

· Minimal exposure risk due to non filling of card or account details like credit or debit card.

· Transactions can be carried out via apps or internet or sms in case of limited connectivity..

· One can keep track on spending by setting up limits.

· Can track the expenditure and items purchased list.

· Being a new service, a lot of discounts are on offer.

· Only login-id required to make transaction. Thus very easy and user friendly.

Limitations:

· Limited number of merchants as on date provide this facility.

· limits to national boundaries. International purchases not yet possible.

· If your phone is lost then very high risk of fraud and you are not covered under money back if a transaction is made.

Available options In India:

· Paytm....lots of online offers.

· Ruplee..for payment at restaurants.

· Oxi-wallet...can pay bills, recharge mobiles, dth etc

https://www.evernote.com/shard/s376/sh/fb94f679-c838-4d62-bba0-7185028bcb41/1eba5ac184e6a99f7c99e7f5fac08c8d

Saturday, September 27, 2014

Russia wants Twitter and Facebook to store the data in local servers

It has always been a bone of contention between the social networking sites Facebook and Twitter, who are having their servers in US, for installing local servers by many countries like China, Russia and India,
In their efforts only China have been successful, forcing US based social networking sites to have local data servers for sifting of all online activities of their citizen.

"Back in July, Vladimir Putin signed a law requiring all web services handling Russians’ personal data to store that information in local data centers. It was always obvious that this would be a problem for the likes of Google, Facebook and Twitter, which do not use Russian data centers – and so, it has come to pass." Source: http://www.gigaom.com

This may be seen as an aftermath of Russian interference in Ukraine. However in general it is being viewed as attack on freedom of speech
Read full article at http://goo.gl/UqDArl

Saturday, August 16, 2014

You are Being Tracked and Yes ! YOU have agreed to it!!!!!!!

Recent years have seen uncovering of many secret projects, government sponsored, wherein unsuspected users of Internet have been subject to monitoring of their activities without even being aware of.
Neither the permission nor willingness or permission of all those subjected to monitoring were sought. they were also not informed of it.PRISM, Snowden, Wikileaks etc may not be a strange name now.
However Are You aware that at times "YOU ARE APPROVING THE TRACKING OF YOUR MOVEMENT "
Yes you read it correctly, but HOW.

Here's How! When you log into your account through mobile/smart phone, you are asked to accept "track My Location". By using this the Google Maps keep on putting blips for every movement and keep track of it.
Secondly Track my location is also utilised by most of the users to locate nearest available Store, Cinema houses, Bus Stations, Restaurants etc. This way you get the information of your locality. BUT you have also given away your location.
Check this web sit out for proof of it!

http://junkee.com/google-maps-has-been-tracking-your-every-move-and-theres-a-website-to-prove-it/39639

Tuesday, July 29, 2014

Blutooth attacks and their types

Couple of months back I posted on Bluetooth security, how it was not so safe to keep your blue tooth on in public places.

Now in the same series I am going to introduce you to various types of attacks.

Bluetooth hacking or bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e. for bluedating or bluechat) to another bluetooth enabled device via the OBEX protocol.
Bluetooth has a very limited range, usually around 10 metres on mobile phones, but laptops can reach up to 100 metres with powerful (Class 1) transmitters.
The bluetooth protocol allows devices to use 16 digit long pairing codes. Unfortunately many applications continue to use only 4 digit pairing codes which can be easily brute-forced. This is known as short pairing codes. Most slave bluetooth devices continue to use default pairing codes such as 0000, 1111, 1234, etc. So, easy to crack and gain access.
There are a variety of different types of bluetooth related threats and attacks that can be executed against unsuspecting mobile phone users. Following are some of the most common types of threats :-
- Blueprinting Attack :- Information gathering is the first step in the quest to break into target system. Even Bluetooth devices can be fingerprinted or probed for information gathering using the technique known as Blueprinting. Using this one can determine manufacturer, model, version, etc. for target bluetooth enabled device.
- BlueJack Attack :- Bluejacking is the process of sending an anonymous message from a bluetooth enabled phone to another, within a particular range without knowing the exact source of the received message to the recipient.
- BlueSnarf Attack :- Bluesnarfing is the process of connecting vulnerable mobile phones through bluetooth, without knowing the victim. It involves OBEX protocol by which an attacker can forcibly push/pull sensitive data in/out of the victim's mobile phone, hence also known as OBEX pull attack. This attack requires J2ME enabled mobile phones as the attacker tool. With J2ME enabled phone, just by using bluesnarfing tools like Blooover, Redsnarf, Bluesnarf, etc. an attacker can break into target mobile phone for stealing sensitive data such as address book, photos, mp3, videos, SMS.
- Blue Backdoor Attack :- Here, the bluetooth related vulnerability exploits the pairing mechanism that is used to establish a connection between two bluetooth enabled devices. Not only does it gives the attacker complete access and control over the target but also allows the attacker to place strategic backdoors for continued access and entry.
- BlueBug Attack :- It was first discovered by Martin Herfurt and allows attackers to gain complete control over the data, voice and messaging channels of vulnerable target mobile phones.
  
  Source on internet:
  
  http://insecure.in/bluetooth_hacking_02.asp

Tuesday, July 1, 2014

R I P Orkut

Orkut....a first in social networking site
Orkut.....a networking site with a difference
Orkut......a networks for true friendship
Orkut.....an invitation only networking group.
These were the features given by Google when launching Orkut in early 2000. Though this network grew with gr8 speed, it failed to sustain his membership. After several attempts of revival, finally it toll the final bell for Orkut.
Come September, Orkut will be laid to rest. Long live Orkut.

Saturday, June 21, 2014

True Crypt.....what went wrong

Many of the so called data security,experts,sqore by the True Crypt to store their sensitive data safe by encrypting in a container.
Besides being user friendly and extensive help documents, it was reliable and has variety of options for encrypting data, be it selecring encryption algorithm, random key generation and option of hidden volume.
Therfore sudden announcement of True Crypt project being discontinued came as a shocking news.
Now the obvious question that comes to my mind is " was this one of the numerous Projects of US govt to snoop" and this was shut down once it achieved its aim.
This is just a hunch and food for thought.

Happy Hunting

What the F##k is Cyber security.

Now a days its a buzz word. Everyone who has to do something or nothing with electronics, yes u read it correctly, is just blabbering about a deamon known as " We are vulnerable in cyber space"
Well let me tell you, even though evrything they say may not make a sense, its a serious threat to your PRIVACY.
Well the first doubt that comes to your mind is

" What the #### is it and why should I care about it?
Second thought that crossed ones mind is " I dont have to worry about it. Its not going to effect me. "
4. Its a flawed thought process. Though you may not be a direct victim of cyber attack, but you could be accomplice in a crime. WHAT?
HOW? is the natural reaction.
Here are the details of modus-operandi.
5. A #hacker gains access to your PC, Laptop or smartphone by installing #malacious softwares also know as #malware, called #trojans. This way your computer becomes a,member of a worlwide network called in short as #botnet. As and when a hacker deseeies he carries out an attack using your computer ie #bot. The attack can be #DDoS abbreviatiin for Distributed Denial of Service attack and being down the victim. This way unknowingly, you have become an accomplice in #cyber #crime.
6. How do I come to know about it?
First sign is that your system becomes slow, the CPU shows unusual activity.
7.How to mitigate the risk?
Just follow three simple steps.
* Install an effective #antivirus that incl
scanning your mobile also.
* # Update all softwares and operating sust from known and reliable sources.
* Do not leave your internet connection and computer on when you are not using it.
Happy Hunting.

Monday, May 12, 2014

OAuth...what is it

What is Oauth?

It is an access authentication token utilised to allow " Secure Delegated Access" to server ( as per WIKI) on behalf of the owner.
It is an open standard for authorisation.
It has been designed basically to work with Hyper Text Transfer Protocol (HTTP).
Herein an authorisation server provides a third party access token with the approval of authorised users.
Commonly used by Facebook, Twitter and other popular social media networking sites to allow users to login without any worry about their credentials being compromised.
(Image source wiki)
This has been in the news because OAuth has been hacking community's favourite punching bag. latest to be compromised is the Bitly service.

Bitly Compromised

Bitly... a URL shortening site that helped many bloggers shorten the URL, hide their paths and post them through microbloggng sites and other social networking sites HAVE been hacked.
Their CEO Mark Josephson has blogged in his post.
He blogged that

"We have reason to believe that Bitly account credentials have been compromised; specifically, users' email addresses, encrypted passwords, API keys and OAuth tokens,"

The registered users of Bitly has been advised to

Log into Bitly account from Twitter or Facebook
Reset Legacy API keys
Copy and replace this key in all your profiles.
Then reset all your passwords.

Bitly has invalidated all Twitter and Facebook credentials, meaning that a user will not be able to use Bitly from these social networking sites till he resets the options given above.
So Beware...Be Aware and keep urself safe
Happy Hunting
Sourcehttp://www.pcmag.com/article2/0,2817,2457837,00.asp?mailingID=F1BEF928D79843FDAF41D5B2084CF083

Sunday, March 23, 2014

Bluetooth.....is it a gateway to hackers on mobile devices

Blue tooth, innocuously innocent, safe way of handling transfer of songs, pics, data from one device to another. Some use it to exchange messages to save the mobile charges.
Blue tooth transfers are very popular for their ease in use for short distance transfer of data besides hands free calling options. It is also widely believed to be a safe option.
But THIS IS NOT TRUE.
YOU CAN BE HACKED through open, discoverable blue tooth connection. You can be target 8of OBEX push and OBEX pull attacks wherein a message concealing a Trojan is transmitted to your phone and it gets installed on your mobile device, then it can be exploited to steal contacts, pics and sensitive data without your permission.

Python tutorials : Quick video guides

Trying to learn a new language named Python...(Ajgar) in hindi. (I hope it doesnt swallow me.)
Some good links I think for benefit of others, because they seem to very basic and graduate from beginners to expert level.
Video Tutes for Python

Wednesday, March 12, 2014

Deep Dark Web

There are always two sides of a coin, two natures of woods. Similarly Internet has two Faces ....Surface Web and Deep Web, Also referred as dark internet.
The Surface web is full of spams, bogey sites to the extent of 99% claimed by certain experts and rest 1%is porn.
Besides that there are many pages not indexed by normal search engines like Yahoo!, Google, Bing etc.
These pages contain lots of information that is both useful and dangerous at the same time, depending on which side of morality You are.
Deepweb search and Tor are two most popular search engines used for exploring Deepweb. Some crawlers also carry out deep search.
Happy hunting

Thursday, March 6, 2014

Three tips to avoid bluejacking

1. Do not switch your mobile bluetooth 24 hours.
2. Do not accept messages received from unknown sources via bluetooth and
3. If u have received any message by mistake, do not pen it. Just delete it.
Happy hunting and blue tooth-ing.

Sunday, February 23, 2014

CYBER PROTECTION BODY IN INDIA

1. The National Cyber Coordination Center (NCCC) has received in-principal approval from Cabinet Committee of Security on 19 January 2014. Though the project was in pipeline since May 2013, it did come in force.

2. The NCCC will be like one point for monitoring all incoming and outgoing traffic on Internet in the country, through the ISP. The in-principle approval has rolled out a bigger plan to keep an eye in internet traffic. Then it will go to Cabinet Committee for Economic Affairs for allotment and release of funds. The NCCC will work closely with the Economic Offences Wing (EoW) in Central Bureau of Investigation to tap cases of illegal online money transfer.

3. Responsibility of the NCCC:

The NCCC would be responsible for,

a. Cyber Intelligence

b. IP traffic Analysis.

c. Screening all forms of Meta data.

d. Cyber security.

e. Coordination between various Intelligence agencies.

f. Streamline Intelligence gathering and

g. Alert all affected agencies during Cyber attack.

4. Points of Concern: Though the NCCC will be concentrating on meta data, ordinary netizens are likely to feel naked to the prying eyes of government. They may feel cheated because

a. No clear privacy laws.

b. Lack of transparency in intelligence gathering.

5. There are various government agencies setup for coordination between various intelligence gathering agencies. But the political issues has hampered the working of these agencies. For example National Cyber Security Policy 2013 released in August is yet to be ratified.

6. Conclusion:

Being optimistic, one wishes all the best to this new organisation as the efforts are on to recruit professionals to the tune of fifteen lakh for raising Cyber Army to counter Chinese and US threats. Now the Government of India has declared to setup the NCCC by March 2014. The NCCC will coordinate with the National Disaster Management Authority and the Indian Metrological Department to execute the five-year project worth Rs. 1,305 crore.

THIN RED LINE :HACKER OR SECURITY PROFESSIONAL

There is a very fine line between being an ethical hacker and unethical criminal gaining access to confidential user data and username and passwords. They use them not only to gain an access for personal gains, make money but also they have become Hacker-On-Hire.
Its not limited to two penny criminals looking for making quick buck. There are highly qualified, hi- tech professional making it full time activity. then live examples are the recent arrest of a techie in Allahabad, UP, India. An MCA graduate, and software professional, he used his skills to develop a software and programme to hack the websites. He had acquired the ID and password of the website of North Malaka-based businessman who runs a multi-recharge website, after stealing the database. Apart from mobile and DTH charge, he had also shopped online. He was arrested on 18 February 2014 from Civil lines by cyber cell of Allahabad Police. Ref http://timesofindia.indiatimes.com/city/allahabad/Techie-turns-hacker-held/articleshow/30584488.cms

CYBER PROTECTION BODY IN INDIA

3. Responsibility of the NCCC:

The NCCC would be responsible for,

a. Cyber Intelligence

b. IP traffic Analysis.

c. Screening all forms of Meta data.

d. Cyber security.

e. Coordination between various Intelligence agencies.

f. Streamline Intelligence gathering and

g. Alert all affected agencies during Cyber attack.

4. Points of Concern: Though the NCCC will be concentrating on meta data, ordinary netizens are likely to feel naked to the prying eyes of government. They may feel cheated because

a. No clear privacy laws.

b. Lack of transparency in intelligence gathering.

6. Conclusion:

Being optimistic, one wishes all the best to this new organisation as the efforts are on to recruit professionals to the tune of fifteen lakh for raising Cyber Army to counter Chinese and US threats.

References :http://www.hindustantimes.com/india-news/cyber-protection-body-pushes-ahead/article1-1174753.aspx

Friday, February 14, 2014

Your Email Account Was Hacked: What to do

3 Things To Do If Your Email Account Was Hacked

TIP1:
Change your password right away.
Hacking is in the news almost every day, but the danger is still the same. Choose a new password, and make sure it isn't one of these.

TIP 2:
Switch up log-in credentials for any account with the same password.

This point is especially true if you used the compromised Yahoo email address as your username, The Washington Post noted. Even a similar email address may not beafe; after all, "it's not a big leap for hackers to think that you may be both jdoe@yahoo.com and jdoe@gmail.com."

TIP 3:
Watch for spam.

The hackers job is togather names and email addresses most recently contacted by the compromised accounts, therefore if you get a fishy email from someone you don't know, it could be spam. Don't open it, don't reply to it and definitely don't click any links in the message.
http://www.autoworldnews.com/articles/6049/20140131/3-things-to-do-if-your-yahoo-email-was-hacked.htm

Child abuse and cyber bullying

Child abuse and cyber bullying are danger lurking in abyss of cyberspace. Three tips
1. Restrict website access
2. Keep an eye on what your child surfs on internet.
3. Dint hesitate to report to Cyber crime cell, if you feel something's wrong.
Happy hunting and safe surfing.

Monday, February 3, 2014

10 Worst Password Mistakes That We Make Often

10 Biggest Password Mistakes People Make

Posted by ketty rose in Not the Top Lists | 0 comments

Jan 4, 2014

I do keep my all precious things and hard copies in lockers as all people do but when we talk about online security, one of the coolest techniques to have your online security conceded and offer yourself to ferocity by a hacker is to have a bad password. All of us should know the dense passwords that entire stand between us and a possible security instance. Still, a part of that many people end up influenced with a virus or with an immense credit card notice because they decayed to track the ABCs of password safety. For a brief consideration, here are the 10 biggest password mistakes people make:

10. Applying an observable password

A number of people use some obvious passwords e.g. ‘1234567’, Imissu’ and ‘princess’. Hence your individual name is also a mutual optimal and off course anybody annoying to hack your account will check for these easy-going choices.

9. Practicing the same password everywhere

People reuse their same password for many accounts. Though this habit is suitable for the user, it likewise means that one account breach interprets into several account openings. Therefore, if you use a similar password for your Gmail, online bank account and eBay as well, you are alluring hackers to comfort themselves to your personal life.

8. Not consuming extra safety features

One of the mostly avoided mistakes is that many people don’t use the additional safety services while many services offer two-factor verification, where as well as demanding a fixed password, you also need additional one-time password, which can be referred via text message or bred via a hardware security nominal. Google bids that option when signing into your account. In this way, even if somebody discerns your main password, they quiet won’t be able to admittance the service.

7. Having a too short password

Sometimes people create a short password to keep it in their minds every time but they forget that a lengthier password is more secure as compare to a short one as every additional character makes the password tougher to blemish. A password containing 20 characters might be inflexible to remember, but 12 characters are certainly feasible.

6. Sharing passwords with others

I have many friends and all of them are trustworthy. We share almost our all belongings with each other but I never share my password with any as it seems to share your too personal locker-keys. But I have observed many fellows who trusted their buddies in the matter of password sharing and the conclusion was lose, fake and prangs as well.

5. Not using safe browsing terms

Whenever people become online on open networks and don’t use HTTPS, it’s riskily cool for those with criminal committed to snip their passwords. So, always check out the HTTPS Everywhere extension to exploit security.

4. Using “secret” queries that many people already identifies

The “secret questions” are the interrogations that sites ask you when you sign up for a check in situation your password is ever lost or you want to alternate your account info. There are many renowned examples of accounts that have been hacked for the “hackers” have security inquiries that are very easy to reply simply by observing their social media accounts.

3. Not keeping machine up when others use it

It happens for several times that someone asks if he can hurriedly use your machine to become online, and your answer is “yeah! Why not”. I congratulate your friendliness, but make sure you defend your secrecy as your friend or asking fellow might establish something you’d slightly they didn’t.

2. Not varying passwords habitually

Sometimes a number of people don’t change their passwords regularly whether frequently changing passwords guarantees that you’re fewer helpless. So, set manually a calendar appointment to appraise your passwords and keep it up.

1. Not to apply a password administrator

The prime mistake ranking here 1st as is not to use aPassword Manager. Using a password supervision system confirms that you can attain most of the other objectives on this list effortlessly. There are many password managing systems out there; find one you’re contented with and practice it. Likely writing passwords in any file document or an account could be also dangerous as anyone can have access with an ease. Any information that is easy to find, such as your birthday, as part of your password is conveniently reachable. Hope this list of 10 biggest password mistakes people make will help you all while applying passwords or sitting online at any strange network.

Pages