Cyber Junk

Google Announces PC Operating System to Compete with Windows …

2009-07-09T22:45:00.001-04:00

Google is releasing a lightweight, open-source PC-operating system later this year, the company announced Tuesday night, a move that threatens the very heart of Microsoft, long seen as Google’s biggest rival.

Chrome OS is intended to be a very lightweight, quick-starting operating system whose central focus is supporting Google’s Chrome browser. Applications will run mostly inside the browser, making the web — not the desktop — into the computer’s default operating system.

It’s a sign that Google truly believes in the age of cloud computing — where the usefulness of a computer is in its connection to the net where data is stored remotely and information processing happens in a dance between a browser and remote servers.

The Linux-based OS is the second for Google, following on Android, another open-source OS that intended for small devices such as mobile phones. Chrome OS will first be on netbooks — the popular lightweight and inexpensive notebook computers — in the second half of 2010, the company said in a blog post. Desktops will come later.

The code itself will be released under an unspecified open-source license at the end of the year.

The announcement included some not so veiled jabs at Microsoft.

People want to get to their email instantly, without wasting time waiting for their computers to boot and browsers to start up. They want their computers to always run as fast as when they first bought them. [...] Even more importantly, they don’t want to spend hours configuring their computers to work with every new piece of hardware, or have to worry about constant software updates.

Google has already laid the ground work for a web OS by revolutionizing webmail with Gmail’s speed, features and capacity (now over 7GB). It followed that with free online word processing and spreadsheet software. Add in its online photo sharing services, and the myriad other online applications from Facebook to customized radio station Pandora, and most common uses of a computer can be done through a browser.

With Tuesday’s announcement, Google is going after Microsoft’s most lucrative and dominant business — the operating system.

Google is implicitly making the argument that there’s no need to pay the premium for a Microsoft OS, when there is lighter, faster and free. And Google is arguing, rather persuasively, that the Web and modern, standards-based browsers like Chrome, Safari, Opera and Firefox are where innovative third-party development is taking place these days.

Speed, simplicity and security are the key aspects of Google Chrome OS. We’re designing the OS to be fast and lightweight, to start up and get you onto the web in a few seconds. The user interface is minimal to stay out of your way, and most of the user experience takes place on the web. And as we did for the Google Chrome browser, we are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates. It should just work.

More to the point, more web usage equals more money for Google, which basically makes more money the more people use the web — thanks to its dominant ad platform that brought in more than $5 billion in revenue in the first three months of 2009.

Microsoft has been looking forward to the fall release of Windows 7, its successor to the not-well received Vista. Windows 7 beta releases have gotten good reviews. It’s a bit more complicated in the enterprise space, where IT departments are slow to migrate to anything, but for the average consumer the question now becomes, why ever pay again for a Microsoft operating system, unless you are a gamer or run custom, legacy software?

If indeed Google puts out a fast, easy to use operating system that lets netbooks soar and free users from constant software patches, Microsoft will find it very hard to explain to consumers why they should continue to use its software, other than just out of a foolish consistency.

Don’t be evil, Google’s unofficial motto, has long been understood as code for “Don’t be Microsoft.” Perhaps, it ought now it to be augmented with the commandment, “Leave no Microsoft product unchallenged.

from Wired …

Njoy ..

New Firefox knows where you live !!!

2009-06-30T22:26:00.001-04:00

The all new Firefox v. 3.5 is finally out for download … with lots of new features and enhancements … but the feature i am talking about is … embedded Google technology called .. Geo-location … so , now new firefox browser can know your geographical location from your IP !!! …

I don’t know about others out there , but for me , i sure don’t like this feature .. ( i am not paranoid about my identification but still i don’t like this feature ) … so , i do very little reading about it … and found that its easy to disable this feature ( lucky for me that i am not alone to think this feature is invasion on privacy just same like google do every time we use google search or any of its services ) …

to disable this feature … just type …

about:config

in browser address bar … and it will show warning page indicating that , now firefox warranty will expire if we change this options !!! ( i never had any idea that softwares DO COME with warranty ) … just say OK … and in FILTER … just type GEO , it will list all strings starts with GEO … just locate ..

geo.enabled

.. and make it FALSE …

and you are done with it …

enjoy …

Pirated Windows 7 Builds Botnet with Trojan

2009-06-11T19:27:00.001-04:00

Attackers pushing pirated, malware-laced copies of Microsoft's upcoming Windows 7 operating system have been actively trying to build a botnet.

According to researchers at Damballa, attackers hid a Trojan inside of pirated copies of the operating system and began circulating them on BitTorrent sites. Damballa reported that it shut down the botnet's command and control server May 10, but by that time infection rates had risen as high as 552 users per hour.

"Since the pirated package was released on April 24th, my best guess is that this botnet probably had at least 27,000 successful installs prior to our takedown of its CnC [command and control] on May 10th," said Tripp Cox, vice president of engineering at Damballa.

Targeting users through pirated software is nothing new for hackers. Earlier in 2008, for example, attackers sought to build a Mac botnet on the backs of users of pirated versions of iWork '09 and the Mac version of Adobe Photoshop CS4.

Even aside from the malware threat, piracy is big business. A joint report by the BSA and IDC estimated software companies experienced $50 billion in losses in 2008 due to piracy.

In the case of Windows 7 RC, pirated copies were leaked on BitTorrent sites with a Trojan horse that, once downloaded, attempts to install a bundle of other malware on the infected machine. Blocking infections is tricky, as many anti-virus tools do not yet support Windows 7 and the operating system is infected before the tools can even be installed, according to Damballa.

"We continue to see new installs happening at a rate of about 1,600 per day with broad geographic distribution," Cox said. "Since our takedown, any new installs of this pirated distribution of Windows 7 RC are inaccessible by the botmaster. The old installs are accessible. The countries with the largest percentage of installs are the U.S. (10 percent), Netherlands (7 percent) and Italy (7 percent)."

from EWeek ..

Njoy !!!

Conficker still infecting 50,000 PCs per day

2009-06-09T11:15:00.001-04:00

The Conficker worm is still infecting systems at a brisk rate and continues to snag computers in Fortune 1000 companies, according to security researchers.

The worm is infecting about 50,000 new PCs each day, according to researchers at Symantec, who reported that the U.S., Brazil and India have been hit the hardest.. "Much of the media hype seems to have died down around Conficker/Downadup, but it is still out there spreading far and wide," Symantec said in a blog post.

Conficker began spreading late last year, taking advantage of a recently patched flaw in Microsoft's Windows operating system to infect entire networks and also using removable storage devices to hop from PC to PC. Security experts say it has now infected millions of computers worldwide, which now comprise the world's biggest botnet network.

"We can see that companies that spend literally millions of dollars on equipment and gear to prevent infections … these Fortune companies have had this infection and it's stayed in their networks for a long period of time," said Rick Wesson, CEO of Support Intelligence and a member of the Conficker Working Group. "It's really hard and really expensive, and if the Fortune companies can't stop it, how can you expect small businesses to do it?"

The Working Group has set up so-called sinkhole servers that can communicate with infected machines. It has spotted infections within many Fortune 1000 companies, Wesson said. "Everybody got hit," he said. "Even Microsoft still has infections."

The worm got a lot of media attention in late March, and while the news stories have tapered off, the worm isn't going anywhere.

Some worried that an April 1 change in the way Conficker received updates could mark the beginning of a new round of Internet attacks, but in reality the Conficker network has been only lightly used, security experts say.

"It's still a significant botnet. It hasn't done anything of significance, but it has not gone away," said Andre DiMino, cofounder of The Shadowserver Foundation and a member of the Working Group. "The remediations need to ramp up."

Njoy !!!

Darpa to take humans out of network management

2009-06-06T22:25:00.001-04:00

The Defense Advanced Research Projects Agency (Darpa) is researching computer networks that can organise and run themselves without human intervention, and dramatically increase available radio spectrum.

The organisation has been outlining its research goals to Congress in its 2009 Strategic Plan (PDF). One area is the design of a network infrastructure that can configure and maintain itself. It is initially intended for linking participants in battle, but could also have civilian uses.

"At the core of this concept are robust, secure and self-forming networks. These networks must be at least as reliable, available, secure and survivable as the weapons and forces they connect. They must distribute huge amounts of data quickly and precisely," says the report.

"But in order for these networks to realise their full potential, they must form, manage, defend and heal themselves, so they always function at the enormously high speeds that provide their advantages. This means that people can no longer be central to establishing, managing and administering them."

Some of the systems are in a very advanced stage, the agency reports. The Network Centric Radio System is already in operation, and can set up a self-healing ad hoc network gateway to link radio and network communications systems.

Darpa is also funding research into how to use existing spectrum more efficiently. Its neXt Generation Communications technology is being used to allocate spectrum dynamically, so that devices can use spectrum assigned to other uses when it is not being used. Tests have shown a tenfold increase in spectrum efficiency using this method.

from VUnet …

Njoy …

All new UBUNTU 9.04 ....

2009-06-05T23:15:00.008-04:00

Well , its not so new ... it has been about two months since the release of Ubuntu 9.04 aka Jaunty Jackalope ... being perhaps the easiest version of so called OS of Geeks , its even very easy for noob like me ... so i have been using this from past couple of years ... and i must say that i learned lot from it ...

Origianlly i involved in learning Ubuntu was because I found that , linux / unix is home of devil ... the dark forces are very strong in this side of computing ... ( :D starwars ?? ) ... and being easy to use , ubuntu still holds power of mighty linux ...

actually i wanted to install this at time when i had downloaded (which happens to be about 2 months before) , but due to volatile experiments with my HDD ... i wasn't able to use it for long time at that time ...

Here are couple of things that i liked in new version ...

New Themes ... now Ubuntu looks even more sexy then its previous versions without any makeup :D ..

Newer Kernel ... Under the surface, Jaunty sports the 2.6.28 Linux kernel, ~~the latest stable release~~ (2.6.29.1 is the latest stable kernel as of 7 April). While most of the new features in the kernel are of little consequence to most desktop users, changes most likely to affect the desktop include a more feature-rich wireless stack with support for a broader range of devices, which will be a welcome improvement among users who previously had to install wireless drivers manually.

New Gnome ... Ubuntu 9.04 comes with Gnome 2.26 desktop environment , which, unsurprisingly, is responsible for the lion’s share of new features useful to desktop users.

One thing that i liked the most is , now i don't need to install / patch my atheros wifi drivers with madwifi ... because they are available as built-in !!! just look at the screenshot ...

and another useful tool is , no more use of command line to remove unused packages from system !!!

Well , I'm not an expert to review anything ... these are just couple of features i like of reincarnation of my beloved OS ...

Njoy ...

The Impact of Computing : 78% More Each Year

2009-06-03T23:45:00.001-04:00

Anyone who follows technology is familiar with Moore's Law and its many variations, and has come to expect the price of computing power to halve every 18 months. But many people don't see the true long-term impact of this beyond the need to upgrade their computer every three or four years. To not internalize this more deeply is to miss investment opportunities, grossly mispredict the future, and be utterly unprepared for massive, sweeping changes to human society.

Today, we will introduce another layer to the concept of Moore's Law-type exponential improvement. Consider that on top of the 18-month doubling times of both computational power and storage capacity (an annual improvement rate of 59%), both of these industries have grown by an average of approximately 15% a year for the last fifty years. Individual years have ranged between +30% and -12%, but let's say these industries have grown large enough that their growth rate slows down to an average of 12% a year for the next couple of decades.

So, we can crudely conclude that a dollar gets 59% more power each year, and 12% more dollars are absorbed by such exponentially growing technology each year. If we combine the two growth rates to estimate the rate of technology diffusion simultaneously with exponential improvement, we get (1.59)(1.12) = 1.78.

The Impact of Computing grows at a screaming rate of 78% a year.

Sure, this is a very imperfect method of measuring technology diffusion, but many visible examples of this surging wave present themselves. Consider the most popular television shows of the 1970s, such as The Brady Bunch or The Jeffersons, where the characters had virtually all the household furnishings and electrical appliances that are common today, except for anything with computational capacity. Yet, economic growth has averaged 3.5% a year since that time, nearly doubling the standard of living in the United States since 1970. It is obvious what has changed during this period, to induce the economic gains.

In the 1970s, there was virtually no household product with a semiconductor component. Even digital calculators were not affordable to the average household until very late in the decade.

In the 1980s, many people bought basic game consoles like the Atari 2600, had digital calculators, and purchased their first VCR, but only a fraction of the VCR's internals, maybe 20%, comprised of exponentially deflating semiconductors, so VCR prices did not drop that much per year.

In the early 1990s, many people began to have home PCs. For the first time, a major, essential home device was pegged to the curve of 18-month halving in cost per unit of power.

In the late 1990s, the PC was joined by the Internet connection and the DVD player, bringing the number of household devices on the Moore's Law-type curve to three.

Today, many homes also have a wireless router, a cellular phone, an iPod, a flat-panel TV, a digital camera, and a couple more PCs. In 2006, a typical home may have as many as 8 or 9 devices which are expected to have descendants that are twice as powerful for the same price, in just the next 12 to 24 months.

To summarize, the number of devices in an average home that are on this curve, by decade :

1960s and earlier : 0

1970s : 0

1980s : 1-2

1990s : 3-4

2000s : 6-12

If this doesn't persuade people of the exponentially accelerating penetration of information technology, then nothing can.

One extraordinary product provides a useful example, the iPod :

First Generation iPod, released October 2001, 5 GB capacity for $399

Fifth Generation iPod, released October 2005, 60 GB capacity for $399, or 12X more capacity in four years, for the same price.

Total iPods sold in 2002 : 381,000

Total iPods sold in 2005 : 22,497,000, or 59 times more than 2002.

12X the capacity, yet 59X the units, so (12 x 59) = 708 times the impact in just three years. The rate of iPod sales growth will moderate, of course, but another product will simply take up the baton, and have a similar growth in impact.

Now, we have a trend to project into the near future. It is a safe prediction that by 2015, the average home will contain 25-30 such computationally advanced devices, including sophisticated safety and navigation systems in cars, multiple thin HDTVs greater than 60 inches wide diagonally, networked storage that can house over 1000 HD movies in a tiny volume, virtual-reality ready goggles and gloves for advanced gaming, microchips and sensors embedded into several articles of clothing, and a few robots to perform simple household chores.

Not only does Moore's Law ensure that these devices are over 100 times more advanced than their predecessors today, but there are many more of them in number. This is the true vision of the Impact of Computing, and the shocking, accelerating pace at which our world is being reshaped.

I will expand on this topic greatly in the near future. In the meantime, some food for thought :

Visualizing Moore's Law is easy when viewing the history of video games.

The Law of Accelerating Returns is the most important thing a person could read.

How semiconductors are becoming a larger share of the total economy.

Economic Growth is Exponential and Accelerating, primarily due to information technology becoming all-encompassing.

from The Futurist …

Njoy …

New Cyber-Security Standards for N. American Power System

2009-06-01T11:11:00.001-04:00

It was recently in news that N. American Power Grid was hacked / breached by foreign hackers and that was perhaps the greatest threat , so finally Government has revised cyber-security standards for the North American bulk power system were approved by the North American Electric Reliability Corporation's (NERC) independent board of trustees.

The revised standards were passed by the electric industry last week with an 88 percent approval, according to NERC officials, which noted the majority approval indicated strong support in the industry for the more stringent standards.

"The approval of these revisions is evidence that NERC's industry-driven standards development process is producing results, with the aim of developing a strong foundation for the cyber security of the electric grid," said Michael Assante, Vice President and Chief Security Officer at NERC, in a statement.

The standards, according to the statement, are comprised of approximately 40 'good housekeeping' requirements designed to lay a solid foundation of sound security practices. The revisions approved address concerns raised by the Federal Energy Regulatory Commission when it conditionally approved the standards currently in effect. The revisions notably include the removal of the term "reasonable business judgment," said NERC officials.

The standards "if properly implemented, will develop the capabilities needed to secure critical infrastructure from cyber security threats," the statement noted. Entities that fail to comply can be fined up to $1 million per day, per violation in the U.S., with other enforcement provisions in place throughout much of Canada, said NERC. Audits for compliance will begin on July 1, 2009.

The changes come on the heels of a Wall Street Journal report last month that cited national-security officials who claimed cyberspies from China, Russia and other countries had successfully penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. However, Assante stressed in his statement that the changes were part of a process that was launched last July and was already well underway.

"It's important to note, however, that these standards are not designed to address specific, imminent cyber security threats," he said. "We firmly believe carefully crafted emergency authority is needed at the government level to address this gap."

The revised Critical Infrastructure Protection reliability standards are available here. A second phase of revisions will be presented to the board in 2010.

From CSO …

Njoy …

The Best Firewall for FREE !!! … just for today …

2009-05-26T11:33:00.001-04:00

Online Armor - is a Personal Firewall to protect your money, identity and your Data. Whether you’re browsing , Transacting or receiving Email; Online Armor can protect you. This award winning software is easy to use right of the box.

The powerful “HIPS” functions, which is designed to stop all unrecognized programs from running on your computer, makes it possible to protect yourself against new threats and attacks.

In standard mode, most decisions are made completely automatically based on Online Armor’s whitelist - users never need answer a complex firewall prompt again.

Online Armor protects your passwords and private information from being stolen by blocking keyloggers as they try to activate. Online Armors behaviour detection ensures that even specially created or new keyloggers are detected and prevented.

The version given in GOTD is a full paid version which has following features … which are way more then any other firewall gives you for free !!!

ONLINE ARMOR had also been reviewed by many other people and nearly all of them found this firewall , perhaps the best in its category … some reviews are …

Matousec … an independent software testing company ..

Scot Finnie’s … Scot’s News letter …

CNET …

and just for today … my favorite site … Give away of the day .. is giving it away for free with 1 year subscription … perhaps it is one of the best giveaway by GOTD …

you can download online armor from here … GOTD site …

Njoy …

GPS system 'close to breakdown' ???

2009-05-22T11:35:00.001-04:00

It has become one of the staples of modern, hi-tech life: using satellite navigation tools built into your car or mobile phone to find your way from A to B. But experts have warned that the system may be close to breakdown.

US government officials are concerned that the quality of the Global Positioning System (GPS) could begin to deteriorate as early as next year, resulting in regular blackouts and failures – or even dishing out inaccurate directions to millions of people worldwide.

The warning centres on the network of GPS satellites that constantly orbit the planet and beam signals back to the ground that help pinpoint your position on the Earth's surface.

The satellites are overseen by the US Air Force, which has maintained the GPS network since the early 1990s. According to a study by the US government accountability office (GAO), mismanagement and a lack of investment means that some of the crucial GPS satellites could begin to fail as early as next year.

"It is uncertain whether the Air Force will be able to acquire new satellites in time to maintain current GPS service without interruption," said the report, presented to Congress. "If not, some military operations and some civilian users could be adversely affected."

The report says that Air Force officials have failed to execute the necessary steps to keep the system running smoothly.

Although it is currently spending nearly $2bn (£1.3bn) to bring the 20-year-old system up to date, the GAO – which is the equivalent of Britain's National Audit Office – says that delays and overspending are putting the entire system in jeopardy.

"In recent years, the Air Force has struggled to successfully build GPS satellites within cost and schedule goals," said the report. "It encountered significant technical problems … [and] struggled with a different contractor."

The first replacement GPS satellite was due to launch at the beginning of 2007, but has been delayed several times and is now scheduled to go into orbit in November this year – almost three years late.

The impact on ordinary users could be significant, with millions of satnav users potential victims of bad directions or failed services. There would also be similar side effects on the military, which uses GPS for mapping, reconnaissance and for tracking hostile targets.

Some suggest that it could also have an impact on the proliferation of so-called location applications on mobile handsets – just as applications on the iPhone and other GPS-enabled smartphones are starting to get more popular.

Tom Coates, the head of Yahoo's Fire Eagle system – which lets users share their location data from their mobile – said he was sceptical that US officials would let the system fall into total disrepair because it was important to so many people and companies.

"I'd be surprised if anyone in the US government was actually OK with letting it fail – it's too useful," he told the Guardian.

"It sounds like something that could be very serious in a whole range of areas if it were to actually happen. It probably wouldn't damage many locative services applications now, but potentially it would retard their development and mainstreaming if it were to come to pass."

The failings of GPS could also play into the hands of other countries – including opening the door to Galileo, the European-funded attempt to rival America's satellite navigation system, which is scheduled to start rolling out later next year.

Russia, India and China have developed their own satellite navigation technologies that are currently being expanded …

Njoy …

WiMAX challenges Wi-Fi

2009-05-12T17:24:00.001-04:00

When most people hear “wireless Internet,” they think “Wi-Fi.” The technology has allowed millions of computers and mobile devices to browse the Web without the snarl of cords. But there’s another wireless standard out there – one that’s arguably more tempting if it can get its act together.

WiMAX delivers the Web similar to Wi-Fi, but covers wide areas like a cellphone tower. While the range of a Wi-Fi router is measured in yards – enough to blanket a house or office – WiMAX can broadcast for miles. This added range has attracted interest from local governments looking into citywide wireless networks.

Several early citywide Wi-Fi plans were abandoned because they underestimated the cost of installing enough hot spots. But with WiMAX, “Instead of needing 20 or 30 Wi-Fi access points per square mile, you need one,” says Craig Settles, an independent wireless analyst. And many cities won’t need to brainstorm creative places to stick a WiMAX antenna, because it can be attached to current cell phone towers. Sprint rolled out a pilot WiMAX program in Baltimore last year. The network delivers average download speeds of two to four megabits per second, half the rate of cable Internet but several times faster than the 3G mobile service used by many of today’s smart phones, according to Sprint’s tests. The company plans to introduce WiMAX in 10 American cities this year and five more in 2010.

“But here’s the big problem,” says Mr. Settles. “How many iPhones have a WiMAX chip in them? None.”

In fact, barely any devices understand a WiMAX signal because it uses different frequencies from Wi-Fi. This incompatibility issue has exacerbated the normal chicken-and-egg problem that plagues new technology: People won’t buy WiMAX devices until there are more WiMAX networks, but why build the network when Wi-Fi is doing so well? Sprint’s plan requires a proprietary antenna that plugs into laptops, similar to the early Wi-Fi cards that have since been built into computers.

If WiMAX takes off, its performance could drop off quickly, says Settles, because fewer towers means that each station needs to juggle more requests. “Some testers were stunned at the difference in reliability as more people join,” he says. “3G has about a 90 percent uptime. WiMAX is around 70% .” In the US, WiMAX has an additional hurdle because it relies on frequencies that are regulated by the government, so companies will need to pay extra for broadcast rights.

While Settles questions WiMAX’s chances, he says there’s a middle solution. “Locally owned” service provider B2X Online harnesses WiMAX-like towers to deliver broadband Internet to Franklin County, Va. The towers, which transmit over an unlicensed frequency, allow the small company to circumvent the expensive process of laying Internet cables to rural areas.

from the CSMonitor …

Njoy …

An invention that could change the internet for ever

2009-05-11T23:08:00.001-04:00

The new system, Wolfram Alpha, showcased at Harvard University in the US last week, takes the first step towards what many consider to be the internet's Holy Grail – a global store of information that understands and responds to ordinary language in the same way a person does.

Although the system is still new, it has already produced massive interest and excitement among technology pundits and internet watchers.

Computer experts believe the new search engine will be an evolutionary leap in the development of the internet. Nova Spivack, an internet and computer expert, said that Wolfram Alpha could prove just as important as Google. "It is really impressive and significant," he wrote. "In fact it may be as important for the web (and the world) as Google, but for a different purpose.

Tom Simpson, of the blog Convergenceofeverything.com, said: "What are the wider implications exactly? A new paradigm for using computers and the web? Probably. Emerging artificial intelligence and a step towards a self-organizing internet? Possibly... I think this could be big."

Wolfram Alpha will not only give a straight answer to questions such as "how high is Mount Everest?", but it will also produce a neat page of related information – all properly sourced – such as geographical location and nearby towns, and other mountains, complete with graphs and charts.

The real innovation, however, is in its ability to work things out "on the fly", according to its British inventor, Dr Stephen Wolfram. If you ask it to compare the height of Mount Everest to the length of the Golden Gate Bridge, it will tell you. Or ask what the weather was like in London on the day John F Kennedy was assassinated, it will cross-check and provide the answer. Ask it about D sharp major, it will play the scale. Type in "10 flips for four heads" and it will guess that you need to know the probability of coin-tossing. If you want to know when the next solar eclipse over Chicago is, or the exact current location of the International Space Station, it can work it out.

Dr Wolfram, an award-winning physicist who is based in America, added that the information is "curated", meaning it is assessed first by experts. This means that the weaknesses of sites such as Wikipedia, where doubts are cast on the information because anyone can contribute, are taken out. It is based on his best-selling Mathematica software, a standard tool for scientists, engineers and academics for crunching complex maths.

"I've wanted to make the knowledge we've accumulated in our civilization computable," he said last week. "I was not sure it was possible. I'm a little surprised it worked out so well."

Dr Wolfram, 49, who was educated at Eton and had completed his PhD in particle physics by the time he was 20, added that the launch of Wolfram Alpha later this month would be just the beginning of the project.

"It will understand what you are talking about," he said. "We are just at the beginning. I think we've got a reasonable start on 90 per cent of the shelves in a typical reference library."

The engine, which will be free to use, works by drawing on the knowledge on the internet, as well as private databases. Dr Wolfram said he expected that about 1,000 people would be needed to keep its databases updated with the latest discoveries and information.

He also added that he would not go down the road of storing information on ordinary people, although he was aware that others might use the technology to do so.

Wolfram Alpha has been designed with professionals and academics in mind, so its grasp of popular culture is, at the moment, comparatively poor. The term "50 Cent" caused "absolute horror" in tests, for example, because it confused a discussion on currency with the American rap artist. For this reason alone it is unlikely to provide an immediate threat to Google, which is working on a similar type of search engine, a version of which it launched last week.

"We have a certain amount of popular culture information," Dr Wolfram said. "In some senses popular culture information is much more shallowly computable, so we can find out who's related to who and how tall people are. I fully expect we will have lots of popular culture information. There are linguistic horrors because if you put in books and music a lot of the names clash with other concepts."

He added that to help with that Wolfram Alpha would be using Wikipedia's popularity index to decide what users were likely to be interested in.

With Google now one of the world's top brands, worth $100bn, Wolfram Alpha has the potential to become one of the biggest names on the planet.

Dr Wolfram, however, did not rule out working with Google in the future, as well as Wikipedia. "We're working to partner with all possible organizations that make sense," he said. "Search, narrative, news are complementary to what we have. Hopefully there will be some great synergies."

from Independent …

Njoy …

Black Holes of Internet !!!

2009-05-10T00:45:00.001-04:00

There are plenty of places online that you would do well to steer clear of. A brief visit to some unsavoury websites, for instance, could leave your computer infected with worms or viruses. Then there are the "black holes" to worry about.

If your emails mysteriously disappear, or your favorite website is suddenly unobtainable, you might have run into one. Though nowhere near as destructive as their cosmological cousins, information black holes can create all kinds of problems for surfers. Essentially they are points on the network at which data packets simply disappear due to broken connections, say, or misconfigured routers - devices that maintain lists of addresses and which help direct internet traffic. A team including computer scientist Ethan Katz-Bassett at the University of Washington in Seattle has detected almost 1.5 million black holes since it began looking in 2007. The majority persist for over 2 hours, he says. Unfortunately it is tough to predict where they will appear next, so it's hard for the average surfer to avoid them.

Far easier to avoid are a kind of online chatroom called Internet Relay Chat channels. Though the majority are legitimate, a few IRC channels have a very dark reputation, and are run as open markets for stolen goods. One 2007 survey found $37 million worth of illegal stuff in IRC channels, including 80,000 credit card numbers and bank account details. And if that is not bad enough, some of these chatrooms are also used by hackers to send commands to their networks of malicious software bots, or botnets. When a PC is infected by a virus or malicious software it may be hijacked and used as part of a botnet to launch spam or cyber-attacks elsewhere.

Then there are significant pockets of cyberspace - some 5 per cent of all internet addresses - that are not fully connected to the rest of the net. Dubbed the "dark internet", they are often the result of faulty routers or networks with strict security policies that block traffic.

Amongst these dark regions are blocks of seemingly unused internet addresses that may suddenly and briefly flare into activity. Although this behavior might have an innocent explanation, it can also hint at dubious activities.

A three-year study by online security consultants Arbor Networks revealed that dark internet addresses can be a source of cyber-attacks and junk email. The study suggests that hackers or spammers hijack routers and use them to create false addresses which are left dormant until the hackers bring them to life to facilitate their nefarious ends. These dark addresses seem to be multiplying in proportion to the growth of the net, says Arbor Networks' Craig Labovitz.

from New Scientist ..

Njoy …

Hiding Identity under the Onion … How To of TOR software

2009-05-08T16:40:00.001-04:00

Just like i said before … Tor is really good application … in this post i will show how this thing works and anonymize our identity on internet !!!

first all you need is to download the TOR from TOR project website … i chose , the 2nd option, “ Tor Browser Bundle for Windows (Contains Tor, Vidalia, Torbutton, Polipo, and Firefox) “ … its 0.2.1.14-rc … they says its UNSTABLE so … may give unexpected results or may be it will not make you much “anonymous” around the internet but i really don’t know the actual reason .. sigh … i use this version because , NO NEED TO INSTALL or SETUP anything and its PORTABLE …

once you download it , extract it on a usb drive ( if you are planning to use it on any other pc )or in any folder of computer ( to use only in that machine ) …

now , simply double click on that Vidalia icon … it will run the script and automatically

once connected to Tor network , it will launch Tor’s old buddy …. the Firefox … you can make sure that you are connected by viewing , the Vidalia control panel , which shows CONNECTED TO THE TOR NETWORK message with green onion …

as it will launch FF, you will see the welcome message just like above ( ofcouse IP will be different ) … just remember to NOT TO CLOSE FIREFOX , because it will automatically exit TOR … ( i think you can change that option ) …

the thing is , i was using google’s chrome too , now see when is check the website … www.whatismyip.com …

the chrome shows my real IP , but the TORed firefox shows the IP that others will SEE when i use TOR … hmm …thats TORrific .. right ??

and if you ever wonder what is the route to that IP from ur IP , and how you are anonymized … just try to see the routing path of TOR … it shows TOR NETWORK MAP … as you know TOR uses onion routing , so after passing through these much number of nodes … its really hard to find your real IP ( that’s the best part ) … !!!

and the thing is , i am sitting in public library which has restricted access to sites and can’t access to youtube ( no offence ) … but i really like to watch cartoons on it … so before i can’t use it because it has been blocked by firewall and filters … but now ?? … nothing is between me and my favorite show ( expect my g/f .. hehehe ) …

so that is the way how can you anonymize your identity on internet using tor … but you need to remember that TOR is all free , open to public and non profit thing , so may be you won’t feel glitch when you surf the internet , but you will feel a bit leggy performance when you watch video on youtube …and about security , TOR CAN NOT secure your connection outside the TOR network , means hacker sitting at the end of exit node can intercept / sniff your packets and crack your password ( for security, TOR recommends SSL connection between End to End Connection )… also , many times the search results are different then what you expected or language is different … this is because , now you have IP of another geographic location , the search engine thinks you are from that place so it will display results according to it ( its good if you surf porn sites a lot , because they will not get your real location ….. huh, wait a minute … do you really want it ??? ) …

Njoy …

Windows 7 RC goes public …

2009-05-05T11:20:00.001-04:00

Just like they have said in their windows blog … the Latest Operating System from microsoft … Windows 7 … is available to public … but this time , its Release Candidate version …. v. 7100 … which means , its better then beta … and most of this will come as it is in final version of windows 7 ….

This RC version is available to download till JULY,and will expire on 1st of June 2010 … to download it you need to have account with any of microsoft services … and product key will be given at time of downloading …

Njoy …

Hiding Identity under the Onion !!!

2009-05-04T15:44:00.001-04:00

Vidalia … a sweet onion , great in taste indeed and better choice for eating raw compared to other breeds … but the vidalia onion i am talking about is something different … its the TOR Project , which has symbol of vidalia onion, because it uses onion routing concept … Tor is a software , which allows user to surf internet anonymously …

Logic behind the Onion …

Onion routing is a technique for anonymous communication over a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. This prevents these intermediary nodes from knowing the origin, destination, and contents of the message. Here, volunteers provide their network node ( at their expense of bandwidth and $$$ ofcourse ) …

But Tor is not the magic wend of fairy god-mother that will make user completely anonymous on internet … it has its own limitation and rules … it does not guarantee for security of data transmitted , once it leaves tor network … so to ensure end-to-end security, measures need to be taken ( SSL connection for example ) … because it has been already proved that , a user ( a hacker , to be more precise ) sitting at end node of network can sniff / capture data leaving tor network and can use it too …

But if you are an adventurer just like me … who just want to try tor for study and experiment … then its really amazing …

the tor software which runs from usb drive gives you ultra portability , ease of use … you don’t even need to install anything in pc … and more good , we can use it anywhere … is just amazing …

i want to write about it but some another time …

history about tor …

tor official site …

till then …

Njoy …

Antivirus that lives in the Cloud …

2009-05-03T19:49:00.001-04:00

Now a days , everything seem to be adopting itself for cloud computing … the latest edition is an antivirus by PANDA ANTIVIRUS … they call its Cloud Antivirus … which according to panda , lives in the cloud and , consumes least memory … yet provides the best protection against everything threat that internet posses to average joe !!! … But still its in BETA … and so only time can say who much successful it will be in reality … but good thing is , panda thinks to keep it free even after releasing its final version … at present its available only for XP and Vista ( too bad for me , as user of 7 and Jaunty Jackalope ) … but they are planning to release version for windows 7 too

till then , read this article from my favorite site about cloud antivirus …

With threats like Conficker fresh in the public's mind, security remains a top concern for Windows users. Panda Security, publishers of Panda Internet Security and Panda Antivirus, is set to take antivirus where it hasn't been yet: into the clouds. Panda Cloud Antivirus beta bets that nearly three years of development can pay off into a better protection system for users. To that end, Panda's willing to make the client free for personal use--even after it leaves beta testing.

the program uses Panda's proprietary cloud computing technology, which they call Collective Intelligence, to detect viruses, malware, rootkits, and heuristics. It takes advantage of "millions of users," according to Panda, to identify new malware almost in real time. Panda says that Collective Intelligence can classify new malware in under six minutes, and that it handles more than 50,000 new samples per day. The Cloud Antivirus works by classifying threats into executables that must be scanned immediately, and non-executables that are checked at a lower priority--usually when the computer is idle.

In exchange for using consumer data to build the Collective Intelligence database, Panda decided to offer the Panda Cloud Antivirus for free, said Pedro Bustamante, senior research adviser at Panda Security.

The new program reportedly takes up around 50 MB on the hard drive and eats around 17 MB of RAM when in use. That compares well against the industry average that Panda provided of 60 MB, and Bustamante said that they're aiming for 12 MB of RAM when in use.

Cloud computing may make sense from a system resources point of view, but what happens to system security when the computer isn't connected to the Internet? "The model we've implemented is to break down the traditional antivirus to client and server, so when the user is not connected they keep a local cache copy of Collective Intelligence, including detections for what Collective Intelligence sees is spreading through the community," he said.

Panda Cloud Antivirus is for Windows XP and Windows Vista, with planned support for Windows 7 when it's released. Bustamante added that it will stay in beta as it's being accepted by users, although they hope it will leave beta by the end of this summer.

from CNET …

Njoy …

Is Internet running out of fuel ???

2009-05-01T12:45:00.001-04:00

Internet users face regular “brownouts” that will freeze their computers as capacity runs out in cyberspace, according to research to be published later this year.

Experts predict that consumer demand, already growing at 60 per cent a year, will start to exceed supply from as early as next year because of more people working online and the soaring popularity of bandwidth-hungry websites such as YouTube and services such as the BBC’s iPlayer.

It will initially lead to computers being disrupted and going offline for several minutes at a time. From 2012, however, PCs and laptops are likely to operate at a much reduced speed, rendering the internet an “unreliable toy”.

When Sir Tim Berners-Lee, the British scientist, wrote the code that transformed a private computer network into the world wide web in 1989, the internet appeared to be a limitless resource. However, a report being compiled by Nemertes Research, a respected American think-tank, will warn that the web has reached a critical point and that even the recession has failed to stave off impending problems.

“With more people working or looking for work from home, or using their PCs more for cheap entertainment, demand could double in 2009,” said Ted Ritter, a Nemertes analyst. “At best, we see the [economic] slowdown delaying the fractures for maybe a year.”

In America, telecoms companies are spending £40 billion a year upgrading cables and supercomputers to increase capacity, while in Britain proposals to replace copper cabling across part of the network with fibreoptic wires would cost at least £5 billion.

Yet sites such as YouTube, the video-sharing service launched in 2005, which has exploded in popularity, can throw the most ambitious plans into disarray.

The amount of traffic generated each month by YouTube is now equivalent to the amount of traffic generated across the entire internet in all of 2000.

The extent of its popularity is indicated by the 100 million people who have logged on to the site to see the talent show contestant Susan Boyle in the past three weeks.

Another so-called “net bomb” being studied by Nemertes is BBC iPlayer, which allows viewers to watch high-definition television on their computers. In February there were more than 35 million requests for shows and iPlayer now accounts for 5 per cent of all UK internet traffic.

Analysts express such traffic in exabytes – a quintillion (or a million trillion) bytes or units of computer data. One exabyte is equivalent to 50,000 years’ worth of DVD-quality data.

Monthly traffic across the internet is running at about eight exabytes. A recent study by the University of Minnesota estimated that traffic was growing by at least 60 per cent a year, although that did not take into account plans for greater internet access in China and India.

While the net itself will ultimately survive, Ritter said that waves of disruption would begin to emerge next year, when computers would jitter and freeze. This would be followed by “brownouts” – a combination of temporary freezing and computers being reduced to a slow speed.

Ritter’s report will warn that an unreliable internet is merely a toy. “For business purposes, such as delivering medical records between hospitals in real time, it’s useless,” he said.

“Today people know how home computers slow down when the kids get back from school and start playing games, but by 2012 that traffic jam could last all day long.”

Engineers are already preparing for the worst. While some are planning a lightning-fast parallel network called “the grid”, others are building “caches”, private computer stations where popular entertainments are stored on local PCs rather than sent through the global backbone. Telephone companies want to recoup escalating costs by increasing prices for “net hogs” who use more than their share of capacity.

Is it just a theory .. or will it become nightmare of technology …. only time will answer this question … in world of today , where applications are transforming them selves into web applications …. it will surely death call for them ….

from TimesOnline …

Njoy …

Hide your tracks at work ???

2009-04-28T14:37:00.001-04:00

We all spend some of our time at work doing things that have nothing to do with our job. We surf the Web. We play games. Sure, we all need our downtime, and the enlightened manager knows that. But still, we'd rather just surf in private than deal with the raised eyebrows.

That's why we need ways to ensure that when our boss surprises us or sneaks up behind us, she'll think that we're actually working. Here's a list of apps and services that help.

Camouflaged Web services

SpreadTweet If you're a Twitter fanatic, try SpreadTweet. The software hides your Twitter stream in what looks like an Excel window. It displays everything in plain text to make it look like a real spreadsheet. It's sure to fool any boss.

1cup1coffee 1cup1coffee looks like a Windows Explorer pane (so don't use it on a Mac), but all those Word documents and Powerpoint presentations are actually a collection of Flash games. Simply click on one of the "files" and you can play a game in what looks like your Windows Explorer window. If you hear your boss, you can hit the back button and you'll be brought back to the file listing.

Anonymizer If you don't want the IT folks to know what you're up to, spend $30 and get Anonymizer. The software redirects your Web traffic through its servers to not only safeguard your IP from outside sources, but also to get your employer's IT people off your trail.

C.H.I.M.P. Rearview Monitor Mirror While playing a game or doing something you shouldn't, just glance up at the C.H.I.M.P. Rearview Monitor Mirror to see if your boss is approaching from behind. The mirror won't hide what you're doing, but it will give you some time to switch to something more appropriate. And in case you're wondering, C.H.I.M.P. stands for Chimp Has Invincible Monkey Powers. Yeah, I don't get it either. But it is worth the $6.99 price tag.

Don's Boss Page Don's Boss Page (no relation) is full of great boss trickery. If you want to aimlessly browse the Web, but make it sound like you're working, you can keep clicking the site's keyboard audio clips to make others think you're typing.

Quick tip: Resize your windows When I was an accountant, I used Outlook. To make everyone think I was so engrossed in my e-mail, I resized Firefox to fit perfectly in the Outlook preview pane. Anyone who walked by thought I was just reading an e-mail. If they ever got too close, I'd switch to another message. It worked beautifully.

Don't Panic 1.2 If you don't want to get busted by the boss, try installing Don't Panic 1.2 onto your Windows machine. The software will allow you to minimize multiple windows at the same time. You can also maximize multiple windows simultaneously to ensure your boss will be happy when they walk by.

Or just use keyboard shortcuts Brush up on your knowledge of keyboard shortcuts. Whenever you hear someone coming, you can quickly drop a few keys and you'll immediately look like you're working.

StealthSwitch You'll have to pay $40 to get it, but StealthSwitch is worth the price -- until your boss finds it. Once connected to your computer via USB, StealthSwitch sits on the floor. While playing a game or doing something you shouldn't at work, you can quickly tap the StealthSwitch when you hear your boss approaching. It immediately makes the current window invisible and brings you back to a window that's related to your work. Once your boss walks away, you can tap the StealthSwitch again to get back to your game.

The Last ( and my fav. too ) $25 USB Panic Button is similar, if you're quicker with your hands than your mouse and don't mind a garish missile-launch control button sitting on your desk. Simply push the plastic covering up, press the red button, and the tool will automatically change the screen on your computer to a spreadsheet, your favorite picture, your company's Web site, or anything else you set it to switch to.

from CNET …

Njoy … (your work) …

Hackers created 1.6m security threats last year !!!

2009-04-25T10:24:00.001-04:00

Hackers were responsible for creating 1.6 million new security threats last year, says Symantec.

According to the security vendor's Internet Security Threat Report, the web was the primary source of infection, with hackers relying on methods to embed malicious code into websites.

"As malicious code continues to grow at a record pace we're also seeing that attackers have shifted away from mass distribution of a few threats to micro-distribution of millions of distinct threats," said Stephen Trilling, vice president at Symantec Security Technology and Response.

The report also revealed that 90 percent of attacks were designed to steal personal information such as names, addresses and credit card details.

"The unfortunate reality is that innocent web surfers can visit a compromised website and unknowingly place their personal and financial information at risk," added Marc Fossi, executive editor of the report.

"Computer users have to be extra vigilant about their security practices."

Symantec said that phishing websites had increased by 66 percent since 2007, with 55,389 found on the web. Spam also increased by 192 percent.

Symantec said that 349 billion spam messages were received in 2008, compared to the 119 billion in 2007. The security vendor blamed botnets, saying were responsible for 90 percent of the spam received.

from PCADVISOR …

Njoy …

H-1B visa filing drops by 50 percent !!!

2009-04-24T10:33:00.001-04:00

he protectionist measures and the economic slump in the U.S. have hit the demand for the H -1B visas as the U.S. Citizen and Immigration Council (USCIS) is yet to reach the targeted cap of 65,000 petitions for fiscal 2010. The council has received around 42,000 applications, which is just 'about half' the applications it needs for the quota to be filled.

"The visa cap has not been met yet as there is not enough business in the U.S. The visa update also validates our argument that H-1Bs are not being used to replace American workers, because if that was so, companies would have flocked to file petitions amid lay-offs in the US. That has not happened," said Nasscom President, Som Mittal told Business Line. The Indian firms, which had filed around 11,000 visas last year have opted for less applications this year.
Poorvi Chothani, a U.S. immigration attorney based in Mumbai, admits her firm has seen a 50 percent drop in H-1B filings this time. "Besides the fact that the basic demand is less, other factors such as a possible fear of a backlash in employing foreign professionals, and Troubled Assets Relief Program (TARP) curbs are likely to have influenced the filings," she said. The USCIS maintained that due to the lowered rate of filing, it will continue accepting petitions till it receives the required number of petitions to meet the respective caps.

from SiliconIndia …

Njoy …

DOD says … We're always under cyberattack

2009-04-23T11:55:00.001-04:00

In an interview for an upcoming edition of 60 Minutes, CBS News anchor Katie Couric asked Gates about the nation's cybersecurity after hackers stole specifications from a $300 billion fighter jet development program as well as other sensitive information.

In a series of spy attacks, hackers stole information about the Pentagon's F-35 Joint Strike Fighter project and the Air Force's air traffic control system, according to a Wall Street Journal report Tuesday.

The computer spies copied several terabytes of data from the Joint Strike Fighter project, the most expensive in Defense Department history, pertaining to the electronics and design systems of the aircraft, several current and former officials told the Journal. Officials said the separate incursion into the air traffic control system could allow intruders to interfere with military aircraft.

Gates would not discuss the specifics of the attacks, but said, "I believe we still have security of the sensitive systems." Generally, "We think we have pretty good control of our sensitive information both with respect to intelligence and equipment systems, but we, like everybody else, is under attack. Banks are under attack. Every country is under attack," Gates told Couric.

But, he said, "It's sometimes very difficult to figure out a home address on these attacks so one of the things that I am doing in the budget is significantly increasing the resources for cyber experts. We're going to more than quadruple the number of experts that we have in this area. We're devoting a lot more money to it."

The source of the espionage appears to be China, according to a former official, though the origin of any attacks could be masked. Chinese officials deny any involvement and say U.S. suspicion is the result of a "Cold War mentality." Similar attacks have become more frequent in recent months, underscoring the increasingly heated battles taking place in cyberspace. Earlier this month, the Wall Street Journal reported that Russian and Chinese spies gained access to the U.S. electrical grid, inserting software that could disrupt the system.

In the Joint Strike Fighter attack, officials said that while spies made off with some data, the most sensitive information is stored on separate, non-networked computers. But the vulnerability lies in the Pentagon's reliance on private defense contractors, some foreign, who have less-than-secure networks. The breaches apparently took place in Turkey and another U.S. ally nation, according to the report.

While there is no U.S. agency currently dedicated solely to cybersecurity, the Obama administration is expected tode propose a senior White House post to coordinate military efforts to guard against further breaches. The White House may also look to extend a $17 billion security initiative originally planned by the Bush administration.

"This is going to be an enduring problem and it is going to be a challenge not just for the Department of Defense but for the entirety of the United States," Gates said.

from ZDnet ..

Njoy ??? …

Supporting Piracy !!!

2009-04-22T11:56:00.001-04:00

The convictions and prison sentences handed down to the defendants in The Pirate Bay case have prompted Sweden's youth to action. The Pirate Party reports booming support as demonstrators turn out in force on Saturday.

The Pirate Party organized demonstrations against the convictions at several cities across Sweden on Saturday. More than 1,000 people turned out in Stockholm to show support for The Pirate Bay defendents and the practice of file sharing.
"We young people have a whole platform on the internet, where we have all our social contacts - it is there that we live. The state is trying to control the internet and, by extension, our private lives," said Malin Littorin-Ferm of the party's Ung Pirat youth league to the assembled crowd in Stockholm on Saturday. Since the Stockholm district court passed judgment on April 17th the Pirate Party confirmed on Saturday afternoon that its membership has swelled to 21,000. The party's youth league is now, with its 10,000 members, larger than all of the parliamentary party youth organizations.
To claim seats in the European parliament, to which elections will be held on June 7th in Sweden, the party must gain at least four percent of the vote and the support of Sweden's younger voters will be crucial to achieving this.
In the last European parliamentary elections the Swedish voter turnout was a mere 27 percent.
The debate around file sharing and the future of the internet has piqued the interest of many young people and could increase the voter turnout among the unusually large number of first time voters, concluded Henrik Oscarsson, a political scientist at Gothenburg University.
"If they can mobilize their passive support to the voting booth on June 7th then voter turnout could increase among this group. It is a long way to the four percent threshold," he pointed out.
The Pirate Party's leader Rickard Falkvinge is confident of the attraction of the party's platform.
"These citizens have never previously had a significant issue with which to become involved. It is not that politics does not interest young people - it is that the former generation's problems and political solutions do not interest the youth," he said.

Just a day before this demonstration … Internet service providers refuse to cooperate with an entertainment industry group's demand to shut down The Pirate Bay. The International Federation of the Phonographic Industry (IFPI) is demanding that Pirate Bay website be shut down.
But Internet service providers (ISPs) refuse to cooperate, reports the Svenska Dagbladet newspaper.
Neither has the judgement slowed down file sharing. Several minutes after the Stockholm District Court delivered the verdict, almost ten billion files were being downloaded.
The ISPs maintain that the ruling doesn't apply to them.
"In part, this is not a legally binding decision, but above all, this is a judgement against Pirate Bay and nothing that effects any service provider. We will not take any action (to block) the contents if we are not compelled to do so," Patrik Hiselius, a lawyer at Telia Sonera, told Svenska Dagbladet. Bredbandsbolaget and Com Hem had the same reply. Jon Karlung, managing director of Bahnhofs, said the judgement does not change anything.
"We will not censor sites for our customers; that is not our job. I am against anything that contradicts the principle of a free and open Internet."

By reading all these news , it seems that these pirate guys will not be convicted … or even if they will be , then they will not be charged notably … which will be not good , because it will encourage more piracy all around the world !!!

from theLocal ….

Njoy …

PIN Crackers Nab Holy Grail of Bank Card Security ….

2009-04-18T15:00:00.001-04:00

Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to an investigator behind a new report looking at the data breaches.

The attacks, says Bryan Sartin, director of investigative response for Verizon Business, are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States.

"We're seeing entirely new attacks that a year ago were thought to be only academically possible," says Sartin. Verizon Business released a report Wednesday that examines trends in security breaches. "What we see now is people going right to the source ... and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks."

The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side.

But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process. Information about the theft of encrypted PINs first surfaced in an indictment last year against 11 alleged hackers accused of stealing some 40 million debit and credit card details from TJ Maxx and other U.S. retail networks. The affidavit, which accused Albert "Cumbajohnny" Gonzalez of leading the carding ring, indicated that the thieves had stolen "PIN blocks associated with millions of debit cards" and obtained "technical assistance from criminal associates in decrypting encrypted PIN numbers."

But until now, no one had confirmed that thieves were actively cracking PIN encryption.

Sartin, whose division at Verizon conducts forensic investigations for companies that experience data breaches, wouldn't identify the institutions that were hit or indicate exactly how much stolen money was being attributed to the attacks, but according to the 2009 Data Breach Investigations report, the hacks have resulted in "more targeted, cutting-edge, complex, and clever cybercrime attacks than seen in previous years." "While statistically not a large percentage of our overall caseload in 2008, attacks against PIN information represent individual data-theft cases having the largest aggregate exposure in terms of unique records," says the report. "In other words, PIN-based attacks and many of the very large compromises from the past year go hand in hand."

Although there are ways to mitigate the attacks, experts say the problem can only really be resolved if the financial industry overhauls the entire payment processing system. "You really have to start right from the beginning," says Graham Steel, a research fellow at the French National Institute for Research in Computer Science and Control who wrote about one solution to mitigate some of the attacks. "But then you make changes that aren't backwards-compatible."

PIN hacks hit consumers particularly hard, because they allow thieves to withdraw cash directly from the consumer's checking, savings or brokerage account, Sartin says. Unlike fraudulent credit card charges, which generally carry zero liability for the consumer, fraudulent cash withdrawals that involve a customer's PIN can be more difficult to resolve since, in the absence of evidence of a breach, the burden is placed on the customer to prove that he or she didn't make the withdrawal. Some of the attacks involve grabbing unencrypted PINs, while they sit in memory on bank systems during the authorization process. But the most sophisticated attacks involve encrypted PINs.

Sartin says the latter attacks involve a device called a hardware security module (HSM), a security appliance that sits on bank networks and on switches through which PIN numbers pass on their way from an ATM or retail cash register to the card issuer. The module is a tamper-resistant device that provides a secure environment for certain functions, such as encryption and decryption, to occur.

According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API.

"Essentially, the thief tricks the HSM into providing the encryption key," says Sartin. "This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device." Sartin says HSMs need to be able to serve many types of customers in many countries where processing standards may be different from the U.S. As a result, the devices come with enabled functions that aren't needed and can be exploited by an intruder into working to defeat the device's security measures. Once a thief captures and decrypts one PIN block, it becomes trivial to decrypt others on a network.

Other kinds of attacks occur against PINs after they arrive at the card-issuing bank. Once encrypted PINs arrive at the HSM at the issuing bank, the HSM communicates with the bank's mainframe system to decrypt the PIN and the customer's 16-digit account number for a brief period to authorize the transaction.

During that period, the data is briefly held in the system's memory in unencrypted form. Sartin says some attackers have created malware that scrapes the memory to capture the data. "Memory scrapers are in as much as a third of all cases we're seeing, or utilities that scrape data from unallocated space," Sartin says. "This is a huge vulnerability." He says the stolen data is often stored in a file right on the hacked system. "These victims don't see it," Sartin says. "They rely almost purely on anti-virus to detect things that show up on systems that aren't supposed to be there. But they're not looking for a 30-gig file growing on a system."

Information about how to conduct attacks on encrypted PINs isn't new and has been surfacing in academic research for several years. In the first paper, in 2003, a researcher at Cambridge University published information about attacks that, with the help of an insider, would yield PINs from an issuer bank's system.

The paper, however, was little noticed outside academic circles and the HSM industry. But in 2006, two Israeli computer security researchers outlined an additional attack scenario (.pdf) that got widespread publicity. The attack was much more sophisticated and also required the assistance of an insider who possessed credentials to access the HSM and the API and who also had knowledge of the HSM configuration and how it interacted with the network. As a result, industry experts dismissed it as a minimal threat. But Steel and others say they began to see interest for the attack research from the Russian carding community. But until now no one had seen the attacks actually being used in the wild.

Steel wrote a paper in 2006 that addressed attacks against HSMs (.pdf) as well as a solution to mitigate some of the risks. The paper was submitted to nCipher, a British company that manufactures HSMs and is now owned by Thales. He says the solution involved guidelines for configuring an HSM in a more secure manner and says nCipher passed the guidelines to customers.

Steel says his solution wouldn't address all of the types of attacks. To fix the problem would take a redesign. But he notes that "a complete rethink of the system would just cost more than the banks were willing to make at this time."

Thales is the largest maker of HSMs for the payment-card and other industries, with "multiple tens of thousands" of HSMs deployed in payment-processing networks around the world, according to the company. A spokesman said the company is not aware of any of the attacks on HSMs that Sartin described, and noted that Thales and most other HSM vendors have implemented controls in their devices to prevent such attacks. The problem, however, is how the systems are configured and managed. "It's a very difficult challenge to protect against the lazy administrator," says Brian Phelps, director of program services for Thales. "Out of the box, the HSMs come configured in a very secure fashion if customers just deploy them as is. But for many operational reasons, customers choose to alter those default security configurations — supporting legacy applications may be one example — which creates vulnerabilities." Redesigning the global payment system to eliminate legacy vulnerabilities "would require a mammoth overhaul of virtually every point-of-sale system in the world," he says.

Responding to questions about the vulnerabilities in HSMs, the PCI Security Standards Council said that beginning next week the council would begin testing HSMs as well as unattended payment terminals. Bob Russo, general manager of the global standards body, said in a statement that although there are general market standards that cover HSMs, the council's testing of the devices would "focus specifically on security properties that are critical to the payment system." The testing program conducted in council-approved laboratories would cover "both physical and logical security properties."

From Wired …

Njoy …

Man Says He Has USB Drive in Prosthetic Finger ??

2009-04-12T20:51:00.001-04:00

It is the story of Jerry Jalava, 29, a self-described software developer from Finland who lost part of his left ring finger in May in a motorcycle accident.

Now, he says, he wears a prosthetic finger made of silicone, which looks fairly natural -- except that he can peel back the tip to uncover a USB drive tucked inside. Jalava's finger of the future has become a small Internet sensation.

The USB drive -- also called a flash drive or thumb drive or memory stick -- contains 2 gigabytes of memory and can plug into almost any currently sold computer. Jalava keeps several computer programs on it, he says, and hopes eventually for an upgraded version.

My friends take it same way as I do," he told . "First, they are terrified, hearing about the lost finger, but then they are relieved and laughing after hearing about the USB finger."

Digitally Enhanced Digit

"It is not attached permanently into my body; it is removable prosthetic, which has USB memory stick inside it," he writes, in slightly broken English, on his blog protoblogr.net. "When I'm using the USB, I just leave my finger inside the slot and pick it up after I'm ready."

Jalava said he has two different prosthetic fingertips that he can use. The other is conventional, made to look like a natural finger, but Jalava says he does not plan to keep it that way.

"Right now I use it mostly when I need to do network inspections or memory testing on computers in our office," he said, "but when I get the latest one ready, it will be my single sign-on to my computer and my e-mails."

All this began one day last spring, Jalava says, when he was driving his motorcycle home from work. He hit a deer, slid a couple of hundred feet and lost the tip of his finger. He was taken by ambulance to a hospital in nearby Helsinki.

from ABC

Njoy …

Are We Breeding a generation of computer hackers ??, study warns !!!

2009-04-11T12:52:00.001-04:00

Researchers found that a large proportion of today's youngsters are devoid of "e-morals" and have no scruples about hacking into other peoples' emails, bank accounts or personal networking profiles.

More than 10 per cent of youths aged from 12 to 18 said they thought it was "cool" or even "funny" to pose as someone else online, while one in seven children aged 12 to 13 admitted they already had. A third of those polled said they would consider hacking or spying on the internet if they could earn money by doing so.

Forty per cent of youngsters admitted they had logged on to another person's social networking profile. The same proportion of young people had accessed someone else's online banking or email accounts. Boys were found to be twice as likely as girls to log into someone's social networking site. Girls were up to three times more likely than boys to access someone's online shopping or bank accounts without the owner knowing.

However, researchers also discovered that parents are setting a poor example for their children, as one in three said they had hacked into someone else's online accounts. The survey, which polled 1,000 children and parents across the Britain, was undertaken by internet security firm Trend Micro.

Company spokesman Rik Ferguson said: "These results come as a stark warning to parents become a lot more familiar with what their kids get up to when online.

"Parents need to ensure they lead by example at all times."

from Telegraph …

Njoy ??? …

Access any Hard Drive from internet …

2009-04-10T18:43:00.001-04:00

PogoPlug, available in North America as of today, is a cheap, straightforward, single-purpose device that aims to transform network-attached storage into an appliance. It combines any old USB hard drive with your existing Internet connection, and then, voila: everything delicious and convenient about network-attached storage is now within reach.

What is network-attached storage, you ask? It's any device that makes a hard drive available on a network and/or the Internet. Having a network-attached storage device means you can: access all your music, movies, and critical documents, no matter where you are; back up your important files to a single location; and share all your photos, media, and anything else with friends -- without the intervening step of uploading them to YouTube, Flickr, etc.

Here's how it works.

The PogoPlug is $99, and no bigger than the wall plate for a light switch. It resembles an oversized wall wart (like the one hanging off the end of your cell phone charger).

By design, it's dead easy. You plug it into the wall, and into your home router via an ethernet cable, and then into an external USB 2.0-compatible hard drive (or even USB thumb drive) which you've probably got sitting around anyway (and if you don't, they can be had very cheaply).

Go online, register your PogoPlug, and voila -- the drive connected to the PogoPlug is now accessible via my.pogoplug.com. No setting up IP addresses for your home server, or tunneling through your firewall, or needing a spare computer to use as a media server -- all of that is taken care of by a combination of firmware in the PogoPlug and an independent back-end service running on Cloud Engine's own servers.

And this is what it does.

Aside from all the things that any network-attached storage device is capable of, the PogoPlug does a number of nifty things, including automatically generating thumbnails for your media and transcoding video on the fly so that it can be streamed to remote devices without you having to wait for the whole thing to download first.

There's even an iPhone application in case you want to, say, access to every vacation photo you've ever taken, ever. Or swap out your tired playlist for some new music, even if you're in Aruba and your hard drive is in Saskatchewan.

Sharing files with friends is even easier -- you just punch in their email address and the PogoPlug software emails them a link; they don't even have to register. There's no backup software specific to the PogoPlug, though, which, unfortunately, means backing up is still a drag-and-drop operation.

Because it's based on the ultra-low-power Marvell chipset (Marvell works with the same ARM chips that show up in cell phones and portable gaming devices like the Nintendo DS), the PogoPlug draws fewer than 5 watts of power. Most external hard drives are smart enough to turn themselves off after a pre-set period of inactivity, so together the two devices aren't going to draw a lot of power unless you're hitting the server all day long -- even then, it's a lot less than the 20-100 watts that would be required to run a full-blown laptop or tower-based server.

If you want to get really crazy, Cloud Engine's engineers have apparently created an API for the PogoPlug. This means you could access it from any other website, thus making it a DIY media server. However, that would mean that your home or apartment would then be a DIY colocation facility, which is fine if you're sharing baby pictures but not so great if you're hosting business-critical files. Either way, it's nice to have the versatility, and it probably means hackers will come up with a number of cool, off-label uses for the device.

Njoy …

What is Social Media ???

2009-04-08T23:52:00.001-04:00

Definition from Wikipedia:

Social media are primarily Internet-based tools for sharing and discussing information among human beings. Social media is information content created by people using highly accessible and scalable publishing technologies. It is intended to facilitate communications, influence interaction between peers and with public audiences.

DetectorPRO opinion of social media:
I don’t think Social Media has to be an object or a tool. I think Social Media transpires anytime a conversation happens: talking to a friend at a coffee shop, standing on a soap box in the park, or even just walking around the city talking to random people.
Social Media is about the interaction, but we try to manage it through the tools.
And, a bit simpler: Social media is any online space where people have public conversations.

Social media humor:
But, if you browser looks like following picture you may consider yourself as a big social media person (as my colleague used to say: socialist), or at the other hand - you must go outside in the real world and socialize with real people FAST.

from DetectorPro …

Njoy …

Bill Gates’ own Facebook page !!!

2009-04-08T23:50:00.001-04:00

i am sure that Bill Gates … or even anyone mentioned in this facebook page … really does have it … but just imagine , how Mr. Gates would be doing if he really had it …

again from my same fav. site … geeks are sexy …

Njoy …

Are we really ready for Cloud ??

2009-04-07T17:11:00.001-04:00

All the data that make up our lives seem to be heading for the clouds. From photos on Flickr to memos on Google Docs, we are entrusting more and more to computers in giant data centers—a model called cloud computing. It's certainly convenient to have access to our stuff wherever we are and on whatever device we choose. But is it safe?

There are two kinds of risks in putting your data online. One is that you can never be quite sure who has access to your information once it has migrated beyond the hard drives and backup storage devices in your home. The other risk is that the information, and sometimes the applications you need to make use of it, may be available only when you are connected to the Internet and the service is up and running. These twin dangers are now abundantly obvious to users of a collaborative Web-based word-processing program called Google Docs. Google recently notified its users that a software glitch had allowed some subscribers unauthorized access to "a very small percentage" of these documents, which are stored on Google's servers.

The security of data stored in the cloud varies with both the design of the system and how well the safety measures are implemented. Some services encrypt information both in transit and in storage in such a way that only the owner can decrypt it. These services are generally the most secure against either accidental or malicious disclosure—though your information can be lost forever if you lose the password. In general, services that allow Web access to data from any computer are riskier than more restrictive systems, and those that allow the information to be shared among a group of users pose even greater hazards.

Sometimes you have control over this—for example, by declining an option that lets you access your data from a Web site. This choice is available on many online backup services and can be handy if, say, you are on the road and need to get a file that's on your home or business computer. But clearly that access increases the risk that your information could be exposed to third parties.

The security practices of cloud storage systems are usually described in the fine print of their security and privacy policies, but in practice it's difficult to assess safety. Corporations run security audits to gauge the practices of cloud computing operations, but this is beyond the reach of individuals or smaller businesses. The simpler course for most of us is to think before committing data to the cloud. Those photos from the family trip to Disney World ? No problem. But the term sheet for a proposed merger or acquisition should probably stay encrypted on a hard drive that you control. Anything in between? Just consider how much embarrassment or trouble it would cause in the wrong hands.

The issues of getting to your online data are less serious. The growing ubiquity of wireless services means there are fewer and fewer places where you can't get on the Net if you need to. Wi-Fi is even slowly creeping onto airplanes, the last wireless frontier.

Will your cloud service be there when you need it? Google got a lot of unwelcome attention recently when its Gmail service was unavailable for about three hours. Back in the days of the Ma Bell monopoly, AT&T promised 99.999% availability, which allowed a bit over five minutes of downtime a year. But "five nines" of reliability is fabulously expensive. Google promises its corporate Google Apps customers 99.9% uptime, which leaves room for outages of nearly nine hours a year. The fact is, most enterprises don't deliver higher reliability on their own systems; the difference is that outages on big public services get publicity.

Ultimately, putting your data in the cloud involves choosing convenience and productivity at the cost of some security risk. In the real world, convenience almost always wins, and there's nothing wrong with that. What's important is that you understand the dangers.

from BusinessWeek …

Njoy …

EVERY LINK YOU CLICK IS DANGEROUS !!!!

2009-04-03T16:42:00.001-04:00

Well , title seems to be a bit more paranoidal … i should say …. every link you click can be dangerous ??? or simply … don’t click randomly ??? …. what ever it is … but the essence of the story is as follows …. from one of my fav. sites ….

Magic tricks are all about suggestion, psychology, misdirection and showmanship (see Tricks of the Mind), or as Cutter perhaps will say, every magic trick has tree parts: the pledge (where the magician shows you something ordinary), the turn (where the ordinary becomes something extraordinary), and the prestige (where the extraordinary turns into something you have never seen before).

In a similar way, real world information security breaches are combination of the characteristics you will often find in the performance of skillful magicians. Therefore, allow me introduce you to a simplistic form of an attack, perhaps so simple that in fact it may work far more often than we would like to admit, which skillfully uses suggestion, psychology, misdirection and a great doze of showmanship.

So, we’ve all heard of clickjacking and we know that it is a design bug and therefore it is very hard to deal with. However, are there other flawed areas of modern browsers design which can be abused? Of course there are. It just takes time to find them all because they are often well hidden underneath our common believes, ignorance and prejudice. Here is some code

<html> <body>

<script>

function clickme() {

var w = window.open('http://www.google.com');

setTimeout(function () { w.location = 'http://www.gnucitizen.org'; }, 5000); }

</script>

<input type="button" value="click me" onclick="clickme(this)"/> </body> </html>

Quite boring! I agree. First of all the user clicks on a button/link. Then a new tab/window opens which loads the content of http://www.google.com. Five seconds later, the newly created tab is preloaded with the content of http://www.gnucitizen.org. Do you find this code disturbing? I do. It is disturbing because it breaks the trust relationship that is going on between the user and google.com in this specific example. Call it surfjacking, framejacking,tabjacking or whatever you want to call it, but at the end of the day, I believe that this is just yet another form of bad design.

Here is another example. You browse the web, you click to digg a story, you get redirected to digg.com to login. SSL looks fine. The browser lights up all green. It is OK to type your username/password and you do. In the background, the page which initially took you to digg.com waits for you to login. It subsequently queries the digg.com login page for changes in the DOM structure by using script tags and error handlers to capture different error code offsets (check AttackAPI), and as such it tries to detect when you are fully logged on. It does these checks every half a second. Once a successful login is detected, it simply fires w.location = "some evil url here"; which will force the browser to render something else, perhaps something malicious, instead of the page that should have came after a successful authentication. Perhaps, the evil caller could even fire just a simple alert('Hey there!'); message as a form of misdirection and than return back the control with another w.focus().

Would you check the address bar again? Perhaps not, because the page which was forced onto you now contains similarly looking digg.com login page accompanied with some red and quite scary looking text which tells you that your login was unsuccessful. This is the psychology. The attacker uses the red color to distract your from the address bar so that you put all of your attention into the login form. You cannot escape your instincts. The forms screams at you that all you have to do is to fill in your username and password and everything will be fine again. You rush to fill in your credentials again. Your request is recorded. A 302 redirect fires back and the browser redirects you to your digg.com account like nothing has ever happened. This is the prestige.

As far as I know, although I might be wrong, this form of an attack is new. It is definitely not devastating and it wont break the Web. However, my honest opinion is that it does break a lot of things. For example, it breaks the user’s normal surfing experience. The good news is that there is an easy fix. Simply put, do not allow pages to redirect windows which are preloaded with content from a different origin! We fix this, we save the Web again.

from GNU Citizen …

Njoy …

Ericsson to enable wireless kill switch for laptops !!!

2009-04-02T13:43:00.001-04:00

A laptop remote-kill switch has long been a fantasy of those paranoid about theft and service providers alike. And now, with the latest wave of subsidized notebooks coming out of wireless carriers, said switches are coming in the form of a new mobile broadband card from Ericsson. The card, designed to work on HSPA/GPRS/EDGE networks, is slated for release in June, and carries with it a number of innovative features. But the most interesting is that it supports certain security options that work with Intel's anti-theft technology, allowing carriers to send a signal that will lock down the machine and make it unusable.

Ericsson's F3607gw module boasts reduced power consumption, prolonged battery life, and increased integration with the OS. Ericsson specifically highlights the F3607gw's wake-on-wireless feature, which allows users to remotely wake the notebook at specific times, like when an important message is received or the computer has been stolen.

"An anti-theft management service in the network can send a message via SMS to the mobile-broadband module inside the notebook, which securely transfers the message to Intel's Anti-Theft function inside the processor platform," says Ericsson. "This takes appropriate actions, such as completely locking the computer and making it unusable."

Intel's anti-theft technology (ATT) differs from current disk encryption because it would render the laptop useless even if the hard drive is replaced. While this may not help the victim get the laptop back, if widely adopted, ATT could deter thieves from stealing laptops in the first place if all they would end up with is an inoperable chunk of plastic and metal. Of course, if users want their data to be secure and for the laptop to be unbootable, it's probably wise to employ both ATT and some sort of disk encryption technology, in case the hard drive is removed and placed in another machine.

Theft isn't the only situation in which the machine may be remotely locked down, though. As noted by the AP, customers who bought their notebooks under heavy subsidies from wireless carriers in exchange for service contracts may also find their computers being locked down if they fall too far behind on their bills. This situation seems unlikely, however—not only would it be seen as a massive invasion of privacy for a carrier to lock users out of their own computers, but there will likely be a way for users to shut off the wake on wireless feature, rendering such attempts useless.

Njoy …

US-CERT Advisory for Conficker worm …

2009-04-01T00:36:00.001-04:00

HISTORY …

Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000,Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta . The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.

Although the origin of the name "conficker" is not known with certainty, Internet specialists and others have speculated that it is a German portmanteau fusing the term "configure" with "ficken", the German word for "fuck !!!". Microsoft analyst Joshua Phillips describes "conficker" as a rearrangement of portions of the domain name 'trafficconverter.biz'

Four main variants of the Conficker worm are known and have been dubbed Conficker A, B, C and D. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, and 4 March 2009, respectively.

SYMPTOMS …

Account lockout policies being reset automatically.
Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
Domain controllers responding slowly to client requests.
Unusual amounts of traffic on local area networks.
Websites related to antivirus software becoming inaccessible.

EFFECTS …

Experts say it is the worst infection since 2003's SQL Slammer. Estimates of the number of computers infected range from almost 9 million PCsto 15 million computers.The initial rapid spread of the worm has been attributed to the number of Windows computers—estimated at 30%—which have yet to apply the Microsoft MS08-067 patch.

Another antivirus software vendor, Panda Security, reported that of the 2 million computers analyzed through ActiveScan, around 115,000 (6%) were infected with this malware.

Intramar, the French Navy computer network, was infected with Conficker in 15 January 2009. The network was subsequently quarantined, forcing aircraft at several airbases to be grounded because their flight plans could not be downloaded.

The U.K. Ministry of Defence reported that some of its major systems and desktops were infected. The worm has spread across administrative offices, NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines, and hospitals across the city of Sheffield reported infection of over 800 computers.

On 13 February 2009, the Bundeswehr reported that about one hundred of their computers were infected.

A memo from the British Director of Parliamentary ICT informed the users of the House of Commons on 24 March 2009 that it had been infected with the worm. The memo, which was subsequently leaked, called for users to avoid connecting any unauthorized equipment to the network.

IN NEWS !!!

As of 13 February 2009, Microsoft is offering a $250,000 USD reward for information leading to the arrest and conviction of the individuals behind the creation and/or distribution of Conficker.

On 24 March 2009, CIRA, the Canadian Internet Registration Authority, locked all previously-unregistered .ca domain names expected to be generated by Conficker C over the next 12 months.^[35]

On 31 March 2009 NASK, the Polish national registrar, locked over 150,000 .pl domains expected to be generated by Conficker C over the coming 5 weeks. NASK has also warned that worm traffic may unintentionally inflict a DDoS attack to legitimate domains which happen to be in the generated set.

Message , FROM United State Computer Emergency Readiness Team …

Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a corporate network, if the network servers are not patched with the MS08-067 patch from Microsoft.
Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of a Conficker/Downadup infection may be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites, by downloading detection/removal tools available free from those sites:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
http://www.mcafee.com
If a user is unable to reach any of these websites, it may indicate a Conficker/Downadup infection. The most recent variant of Conficker/Downadup interferes with queries for these sites, preventing a user from visiting them. If a Conficker/Downadup infection is suspected, the system or computer should be removed from the network or unplugged from the Internet - in the case for home users.
Instructions, support and more information on how to manually remove a Conficker/Downadup infection from a system have been published by major security vendors. Please see below for a few of those sites. Each of these vendors offers free tools that can verify the presence of a Conficker/Downadup infection and remove the worm:
Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
Microsoft:
http://support.microsoft.com/kb/962007
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.
US-CERT encourages users to prevent a Conficker/Downadup infection by ensuring all systems have the MS08-067 patch (seehttp://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx), disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software.

currently this worm is set to get active at 1st April , 2009 ( TODAY !!! ) … and yet nobody knows what’s it upto … lets hope people come with some sound solution to this perhaps the most notorious virus in history of viruses !!!

Njoy …

parts from … US-CERT and Wikipedia …

Security professionals fear smart phone threat …

2009-03-31T23:54:00.001-04:00

Ninety per cent of security professionals believe that smart phones pose a significant risk to the enterprise, according to a new survey of over 2,000 members of security certifications organization ISC2.

Employees are increasingly bringing their own smart phones to work and using them for corporate purposes, but ISC2 explained that, instead of banning them outright, IT security chiefs should learn how to accommodate them safely into the organization.

"Internet phones are like wireless networks four or five years ago: security professionals are against them because of the security problems, but in reality people like to use them," said John Colley, European managing director at ISC2.

"We have to relax and find ways of making them secure, which will need a combination of rules, education and technology."

However, Colley warned that, aside from the BlackBerry, many smart phones "do not have a good security model behind them". He urged security professionals to engage with manufacturers and suppliers to address the problem.

"Targeted attacks represent a significant threat, but most losses come from the accidental threat - leaving handsets in taxis and so on - where password protection can help," he said.

Njoy …

Online Banking Fraud is at its peak !!!

2009-03-28T23:27:00.001-04:00

Software allowing fraudsters to track what you type led to the level of online banking fraud more than doubling in 2008, according to a banking body.

Fraudsters use a device called keylogging - when keystrokes on a computer are tracked to gather passwords and credit card numbers.

Online banking fraud jumped to £52.5m last year, up from £22.6m in 2007, said UK payments association Apacs. Total fraud losses on UK debit and credit cards rose by 14% to £609m. Most victims of card fraud are not liable, so their money is refunded.

Malicious programs

Online banking has become increasingly popular in recent years, with consumers becoming more comfortable using their home computers rather than queuing at branches.

But fraudsters tend to adapt to new technology more quickly than consumers, so online banking fraud losses have been rising steadily in recent years. The £52.5m stolen from accounts in 2008 compares with £12.2m in 2004. Malicious computer programs, including those that track what users type without their knowledge, generally find their way onto computers when users click on an unsolicited e-mail. "The industry continues to remind customers to ensure that they have their computer's firewall switched on and anti-virus software up to date," said an Apacs spokeswoman.

Targeting cards

UK credit and debit card fraud had been falling following the introduction of chip-and-pin, but in 2007 and 2008 the figures have started to rise again. The biggest area of card fraud continued to be with goods bought over the internet, phone or by mail order - where chip-and-pin was not used. Fraud levels in these instances rose 13% to £328m. The most significant rise in 2008 was when criminals took over other people's accounts, known as card ID theft, with losses up by 39% to £47.4m.

Apacs said that, although card fraud losses had increased during the last year, losses as a percentage of card turnover were falling, dropping to 0.12% of turnover in 2008 from 0.14% in 2004. The group also stressed that over the last five years, the most rapid acceleration in fraud has not been in the UK, but by fraudsters using UK cards overseas. This was usually in countries where chip-and-pin technology was not in place. Apacs said it was putting pressure on countries such as the US to introduce chip-and-pin.

Anyone in the UK who is a victim of fraud is not liable, under terms outlined in the Banking Code. As long as they have not acted fraudulently or without "reasonable care", they will be reimbursed if somebody uses their card, steals it, or clones it. The code says that if somebody uses a card before it is reported lost or stolen, or somebody knows a Pin, then the victim could have to pay the first £50 that is lost.

from UK.BBC

Njoy …

Hackers start P2P Bank !!!

2009-03-26T14:20:00.001-04:00

The hacking community and open source hardware developers have joined forces to create a funding source.
Usually when you think "open source", software comes to mind. However, in the background, the open source hardware market is booming.
The concept is great -- eventually there will be specs published for a variety of hardware ranging from graphic cards and CPUs to laptops and desktops. Anyone who wishes will have the ability to take the designs and build upon them. This would allow for individuals to make money based on free designs, while also giving back their improvements to the community that they've benefited from.
The downside is that open source hardware development needs a lot more money than software, due to the physical materials needed for test builds, and the services of the specialized plants used to build chips and printed circuit boards.

Hardware enthusiasts often find that they have a difficult time securing funding for their projects.
When Justin Huynh and Matt Stack met at a New York event they found that they had a major common interest: open source hardware. Huynh works as a pharmaceutical consultant and saw a need for community-funded open source projects. Huynh and Stack have now opened the Open Source Hardware Bank which they will utilize to fund hardware projects. Details of the bank and its concept are laid out in Stack’s blog.

Their new bank will work to raise capital from hardware enthusiasts and then share the wealth with developers. Much like any other social network or community, this group will work to finance one another. Currently the two manage the bank using Open Office Calc and a statistics program called R. Eventually they want to take the banking online via their website and provide a list of funded projects. "This speaks to the rise of the do-it-yourselfer, someone who is not just a consumer but also a producer, inventor and investor," Huynh told Wired.com. "But someone also ought to be thinking about the money problem when it comes to open source hardware and we are doing just that."

The Open Source Hardware Bank wants to deliver freedom from two financial issues faced by hardware developers: throwaway costs that come from having to repeatedly revise a product during the development process and the unfortunate inability to take advantage of reduced rates that come when one purchases in bulk.
Each project which the bank funds is provided with the funds to build twice as many units as there are potential buyers. This doubles the number of units which are developed, thus reducing production rates by 10 to 30 percent for each unit. The bank received some of its inspiration from peer-to-peer lending sites like Prosper and Zopa. Prior to the current credit crisis these sites delivered borrowers and investors with a connection tool that acted as a secondary market for funds and investments.

Currently, the Open Source Hardware Bank is not fully open for business. Additionally it is not yet a federally regulated lending institution. With 70 lenders signed up with the bank it does allow individuals with interest to make investments in specific products and then ideally reap the benefit of a 5 to 15 percent return for the successful project sales. For developers the bank is capable of delivering funds which could significantly reduce their project costs and push them to continuously be ingenious and create. For investors these returns are much greater than those you’ll find anywhere else in today’s economy.

The lenders are given their returns based on rolling six-month averages, meaning that projects that do not take off will be offset by those which flourish. The bank owners feel that it won’t take but a few deals to make great money and with the community which it is developed around being both knowledgeable and dedicated to their craft great projects will be funded with ease.

How Open Source Hardware Bank tells you to invest:

The SEC has many regulations which involve peer-to-peer lending and they are not always simple or cut and dry. Currently Open Source Hardware bank is working through these issues. Regardless the company is in business and ready to work.

from … APC Magazine …

Njoy …

Chrome … the safest browser … ( for now )

2009-03-25T19:06:00.001-04:00

Browser vendors often make strong claims about their responsiveness to vulnerability reports and their ability to preemptively prevent exploits. Security is becoming one of the most significant fronts in the new round of browser wars, but it's also arguably one of the hardest aspects of software to measure or quantify.

A recent contest at CanSecWest, an event that brings together some of the most skilled experts in the security community, has demonstrated that the three most popular browser are susceptible to security bugs despite the vigilance and engineering prowess of their creators. Firefox, Safari, and Internet Explorer were all exploited during thePwn2Own competition that took place at the conference. Google's Chrome browser, however, was the only one left standing—a victory that security researchers attribute to its innovative sandbox feature.

The contest awards security researchers with hardware and cash prizes for finding efficient ways to trick browsers into executing arbitrary code. During the first day of the competition, the contestants are required to do this in default browser installations without plugins such as Flash or Java, which are commonly used as vectors for attacks. Researchers typically prepare for the event far in advance by finding zero-day exploits ahead of time.

Early this month, prior champion Charlie Miller told reporters that he would be attempting to exploit a Safari vulnerability on Mac OS X. Safari, he said, would be the first to succumb to the contestants. As he promised, Safari went down first: he was able to execute his prepared hack in only a matter of seconds. Another security expert known only as Nils took longer, but was able to successfully exploit all three of the most popular browsers.

These contests contribute to the growing culture of commercialism that surrounds the art of exploitation. In an interview with ZDNet, Miller said that the vulnerability he used in the contest was one that he had originally found while preparing for the contest last year. Instead of disclosing it at that time, he decided to save it for the contest this year, because the contest only pays for one bug per year. This is part of his new philosophy, he says, which is that bugs shouldn't be disclosed to vendors for free.

"I never give up free bugs. I have a new campaign. It's called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away," Miller told ZDNet. "Apple pays people to do the same job so we know there's value to this work."

Miller also told reporters that he targeted Safari on Mac OS X because he believes that it is the easiest to exploit. Windows, on the other hand, he claims is tougher because of its address randomization feature and other security measures. As for Chrome, he says that he has identified a security bug in Google's browser but has been unable to exploit it because the browser's sandboxing feature and the operating system's security measures together pose a formidable challenge.

The game isn't over yet. During the second day of the event, the focus will turn towards Chrome. Nils, who demonstrated impressive skill during the first day by conquering the three most popular browsers, might have a few more tricks up his sleeve. According to the official rules, the participants will be permitted to use plugins during the second day.

from arstechnica …

Njoy …

10 reasons to not to switch to LINUX !!!

2009-03-22T02:24:00.001-04:00

My eyes caught this nice post on one of my regular visit site , this guy is explaining why one should not switch to LINUX …

1) You shouldn’t switch to Linux because… you actually enjoy paying for an operating system that is so mired with bugs and issues that it shouldn’t be even released as an alpha build. What recession?

2) You shouldn’t switch to Linux because… change is always scary. Look at Obama, he scares the shit out of me. I voted for him but he always talks about change and change is always scary even if that change will make things better.

3) You shouldn’t switch to Linux because… the only thing you use your computer is to play games. I mean people still use computer for anything other than games?

4) You shouldn’t switch to Linux because… You love to dedicate one whole day of your week just for scanning purposes. Anti-virus scan – Spyware Scan – Defragmentation scan – Registry Scan & defrag. What Fun!

5) You shouldn’t switch to Linux because… You love to pay for Anti-virus/spywares (with yearly subscription renewal) for protection that the OS should provide you in the first place. Even though Windows Defender does a fabulous job, its just not there yet.

6) You shouldn’t switch to Linux because… most people use Windows. If most people use windows it must be good!

7) You shouldn’t switch to Linux because… you realize that nothing lasts forever. Eventually your windows will succumb to a BSOD, while Linux has its version of kernel panic, you might have to wait couple of years to experience it, if at all.

8) You shouldn’t switch to Linux because… you LOVE Internet Explorer and you can only use the latest version of Internet explorer on windows. Imagine going online without IE?

9) You shouldn’t switch to Linux because… you have to be a geek to use Linux and we all know that geeks don’t have girlfriend.

10) Last but not least. You shouldn’t switch to Linux because… you don’t want to be a conformist and do what everyone tells you to do. You want to be unique, which is why you want to use windows. Oh wait…

from linuxhexor …

Njoy …

Tax Time Is a Feast for Identity Thieves !!!

2009-03-15T21:38:00.001-04:00

The ease of filing income tax returns via the Internet or other electronic means is lulling consumers into a false sense of personal security , identity-protection experts warn.

A common misconception is that important files with sensitive information such as Social Security numbers stored on a home computer are risk-free, according to Todd Feinman, an identity-theft-prevention expert.

"Hackers may access your computer in various ways at any time via viruses, trojans and botnets," said Feinman, chief executive of Identity Finder software. "Confidential information on PDFs is not safe."

Many viruses are transmitted via e-mail attachments, though some data-stealing programs disguise themselves as trusted Web sites.

The explosion of online tax filing, coupled with residential broadband and wireless Internet connections, has created an abundance of opportunities for hackers to invade home computers that lack proper firewall protection.

Nationally, nearly 89.9 million taxpayers -- about 58 percent -- filed their 2007 returns electronically.

In 2008, a record 9.9 million adult Americans -- roughly one in 23 -- fell victim to identity theft, according to Javelin Strategy & Research.

Consumers have come to believe in several myths, including that electronic transmissions of confidential data to seemingly safe recipients such as the IRS are secure, Feinman said.

The best fix is to be sure your computer's firewall is working.

"Your personal information is at the greatest risk when it is en route from one location to another," he said.

Even paper copies of tax information are accessible to identity thieves. A common mistake is to leave tax filings in home mailboxes for collection.

Another identity-theft trick is to hack into public photocopiers at tax time, particularly those that store the image in memory.

"Identity thieves are incredibly creative," Feinman said.

from … enterprisesecurity..

Njoy …

Panda Anti-virus : ID theft Trojans on 1 in 100 PCs ???

2009-03-15T00:11:00.001-04:00

Perhaps as many as 10 million PCs are infected with sneaky programs designed to steal sensitive financial information, anti-virus vendor Panda Security reports.The company found that just over 1 percent of systems belonging to the 67 million people who tried out its free ActiveScan test site last year were infected with malicious software designed to help thieves steal sensitive information about victims. If 1 percent of the world's 1 billion computers are infected, that would mean that this kind of software is on 10 million PCs worldwide, the company reports.

These identity-theft-focused Trojan programs are becoming more sophisticated and more common. Panda's detection rate jumped 800 percent between the middle of 2008 and the end of the year, according to Carlos Zevallos, a security evangelist with the security company. "The report shows a very sobering number," he said. "We don't want it to seem that it is a hopeless battle [but] all businesses innovate, and crime ware is a business."

Identity theft is a big problem. The U.S. Federal Trade Commission estimates that 9 million U.S. residents have their identities stolen each year through a variety of techniques, including dumpster diving, skimming credit card numbers at legitimate businesses, and phishing.

According to Panda, these Trojan programs are a now a serious threat too. Victims of the Trojans are usually tricked into installing the software themselves. They may think they're installing a new plug-in in order to view a video. Once the software is installed, it typically sends messages to a central command and control server.

Although banking Web sites have added a lot of features over the years to prevent hackers in another country such as Russia from logging into online accounts, these banking Trojans can be really hard to stop, Zevallos said. "They essentially have complete control of your machine, so they can send a request from your machine and the Web site will not know that it is not being initiated by the user."

Trojans can take screen shots of everything on your screen and search the machine for credit-card numbers, Social Security numbers, resumes -- anything that could be used in identity theft. Today's Trojans can even download software updates from their criminal masters.

Today's most common financial Trojans go by names like Cimuz, Sinowal, and Torpig.

Most of these programs come from China or Russia, but Panda says that a growing number are coming from Brazil and Korea too.

In the past few years, hackers have become very good at cranking out new, slightly altered, variants of their malware, designed to evade anti-virus detection. So anti-virus products will detect identity theft Trojans, but not all of them. Panda said that 35 percent of the infected PCs that it spotted last year were already using up-to-date anti-virus programs.

from … infoworld

Njoy …

Rigged Podcasts can leak your iTunes username/password !!!

2009-03-13T20:22:00.001-04:00

Hackers can create malicious podcasts to hijack usernames and passwords from Apple’s iTunes software.

According to a warning from Apple, a “design issue” in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user. From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.

From Apple’s advisory:

A design issue exists in the iTunes podcast feature. A subscription to a malicious podcast may cause an authentication dialog to be presented to the user. This dialog may entice the user to send iTunes credentials to the podcast server.

Apple has shipped a patch in iTunes 8.1 to clarify the origin of the authentication request in the dialog box.

The iTunes update also corrects a denial-of-service flaw that can be caused via maliciously crafted DAAP messages.

An infinite loop exists in the handling of iTunes Digital Audio Access Protocol (DAAP) messages. Sending a message containing a maliciously crafted Content-Length parameter in the DAAP header may lead to a denial of service. This update addresses the issue by performing additional validation of DAAP messages.

The denial -of-service bug does not affect Mac OS X systems.

Njoy …

5 great Windows Web-services that we have never used !!!

2009-03-08T12:32:00.001-04:00

Undoubtly google is the best for web-based services such as , e-mails or online document view or data storage or maps … right ?? but there is one thing to notice is that, there are other providers too are available that have good features and application integration with applications that we use on our desktop … here are some of the best web services that microsoft windows provides !!!

Windows Live SkyDrive

How's this for a deal: Get 25GB of online storage, at no cost, with no strings attached. That's whatWindows Live SkyDriveoffers. Just create folders on the site and upload files to it. You can share any of your folders with colleagues, as well. The site's design is simple and straightforward.

That isn't to say SkyDrive is flawless. You can't use it as a virtual drive--it won't appear on your PC as a drive, so you can't save files directly to it within a program like Microsoft Word. That's a minor point, though. You can't argue with 25GB of free storage, especially considering that neither Google nor Yahoo currently has this kind of service. While Google is rumored to be working on a similar service called GDrive, Yahoo's Briefcase provides only 25MB of space, and is shutting down at the end of March anyway. So right now Windows Live SkyDrive is as good as online storage gets.

Windows Live Sync

If you have more than one PC and you want to keep files and folders on them synchronized, you need this service. After you download and run a small piece of software on each PC, head to the Windows Live Sync Web site and tell it which folders on which PCs should stay in sync.

You can synchronize your personal folders as well as your shared ones. Whenever any of your PCs are connected to the Internet, they will automatically sync the specified folders with one another. In addition, you can connect to any synced computer from any other computer to browse through the remote system's entire hard disk and to download files.

Note that unlike some of the fee-based sync services we looked at last year, Live Sync does not keep copies of your files in the cloud: It merely serves as a conduit between PCs. Since it involves no online storage, however, it puts no iimit on the amount of data you can sync. And, of course, it's free.

Live Mesh

Here's a free Microsoft service for people who do want to keep their files in the cloud. Though Live Mesh is more powerful than Windows Live Sync, it's also a bit more complicated.

Rather than synchronize files and folders from PC to PC, you create folders in Live Mesh and then have all of your PCs synchronize with those folders. With this arrangement, you can access the files and folders from any Internet-connected computer. You have an exceptional amount of control over the synchronization, too--for example, you can choose to synchronize only the files modified in the last 30 days, or those under 500MB. Live Mesh supports remote control of any PC in your mesh, as well. So far, Microsoft has announced no plans to charge for storage--or to limit the amount of data you can store.

Microsoft Office Live Workspace

Office Live Workspace will help anyone with a small business or in a workgroup who needs a simple way to collaborate on projects. With this service you can create and share documents, schedules, to-do lists, and more.

You start by creating a shared "workspace." You can choose from 11 prebuilt ones--such as a Project Workspace, a Meeting Workspace, or a Travel Workspace--or you can create your own from scratch. Each workspace has templates already created for it, including PowerPoint presentations, Excel worksheets, and Word documents. Group members can work on the documents and save them for colleagues to see and edit. To edit the Office documents, you'll need to install a free Office add-in, although anyone can view them without the add-in or Office.

Why use this rather than Google Docs or Zoho? One big, exclusive benefit is its direct integration with Microsoft Office--right within the Office suite, you can save files to your workspace, and you can use the Office programs to edit files in your workspace. On top of that, the template-driven approach to creating documents and workspaces is superior to anything you'll find in Google Docs or Zoho.

Microsoft's Virtual Earth 3D

Okay, this one isn't a Web service, strictly speaking--it's a desktop app that works with a Web service. But it's a good one: Microsoft Virtual Earth 3D.

Because Google Earth is so predominant in this arena, not many people bother with Microsoft's product, and that's a shame. This downloadable application works in concert with Windows Live Maps to give you dramatic and compelling 3D views of places around the world. Using simple controls, you can fly in and out of cities in full 3D. You can also go on guided tours that other people create, and you can make tours of your own. You can save your tours for future visits, too, or share them with other users.

The views are richer and more compelling than what Google has to offer, so if you're looking for great 3D mapping, this is the service to try.

To use Virtual Earth 3D in concert with Microsoft's Live Maps service, you must download the Virtual Earth 3D software, from either Windows Live Maps or Microsoft's general downloads site.

Microsoft says that the software will work with a 1GHz processor and 256MB of RAM, but recommends a 2.8GHz or faster CPU and 1GB of RAM. Go with the recommended specs or better, or else you'll find the app very slow going.

from … pcworld

Njoy …

Netbooks … Sale Decliners of Micro$oft !!!

2009-03-02T00:27:00.001-05:00

When Microsoft laid off 5,000 people in January, analysts and pundits pointed to plenty of reasons for the first major layoffs in the company’s history. The obvious culprits included the overall economic meltdown, Apple’s continued success and Wall Street’s desire to see a leaner Microsoft.

But the real cause of the layoffs can be summed up in a single word: netbooks. These lightweight, stripped-down laptops that sell for between $200 and $400 have taken a big chunk out of Microsoft’s bottom line. Unless the company comes up with a plan to handle them, its revenue will stagnate. In announcing the layoffs, Microsoft said that its revenue had increased an anemic 1.6 per cent in the quarter that ended 31 December compared to the same quarter a year earlier.

But that number doesn’t tell the whole story. Windows took the biggest hit, while systems for servers and related tools had hefty increases in sales. Windows sales were down an eye-popping 8 percent; server and related revenue grew 15 per cent. Microsoft clearly blames netbooks for the drop in Windows sales. Here’s what it said in its statement: “Client revenue declined 8 per cent as a result of PC market weakness and a continued shift to lower priced netbooks.” Netbooks have become the only bright spot for PC makers, with sales accelerating while the rest of the PC market stays in the doldrums. According to IDC, 10 million netbooks were sold in 2008 and that number should double to 20 million in 2009.

Why is all this bad news for Microsoft? First, an estimated 30 per cent of all netbooks ship with Linux. That means Microsoft doesn’t get a penny for Windows from 30 per cent of all netbooks being sold. Given that netbooks represent the fastest-growing PC market segment, the company’s problem may get worse with time. In addition, netbook owners who buy Linux machines won’t be buying Microsoft Office, handing Microsoft an additional revenue hit for every Linux netbook sold.

So it’s not surprising that in the most recent quarter, sales of Office were anemic. Overall, sales for Microsoft’s business division, which is in charge of Office, were up slightly, at 1.9 percent. But sales of the consumer version of Office plummeted 23 per cent—and consumers are the people buying netbook.

Microsoft faces other netbook-related woes as well. The company doesn’t get paid as much for a version of Windows sold on a netbook as it does for a version of Windows sold on a laptop or desktop PC. There’s very little margin on a machine selling for $200 to $400, and so Microsoft simply can’t charge full freight for Windows on one. And given the price that Microsoft charges for consumer versions of Office - usually about $200 for the lowest-priced version – netbook owners who use Windows aren’t likely to pay for Office either. It doesn’t make much sense to pay as much for a piece of software as you did for your entire PC. Microsoft clearly recognizes the problem and is taking action to try to solve it. First, it built windows 7 to run on netbook, something that Vista doesn’t do. When windows 7 ships, expect Microsoft to spend plenty of money promoting it for use on netbook, in an attempt to drastically cut into Linux sales.

In addition, Microsoft is working on low-cost, ad-supported, Web-based versions of Office. That way, it can start to get Office revenue from netbook owners. Will these steps be enough to make up for the overall shortfall in revenue caused by netbooks? Probably not. That’s why the company is desperate to figure out a way to make its online businesses succeed. If it can’t, the days of big revenue growth are behind Microsoft, thanks in part to netbooks.

from Macworld !!!

Njoy …

New Excel 0-day being exploited in the wild

2009-02-25T00:48:00.001-05:00

Zero-day malware/virus is something like , a fresh candidate from graduate school !!! It’s just some virus for which antivirus software has not information or in “technical” term … no known virus signature !!!

Symantec is reporting that a new remote vulnerability has been discovered in Microsoft Excel 2007, and that this vulnerability is being exploited in the wild.
Details are sparse, but it looks like Symantec has discovered a code-execution vulnerability in Excel 2007 and Excel 2007 SP1. The issue is beingactively exploited in the wild by a variant of the Mdropper trojan.

There is no patch for the vulnerability yet, so until one arrives, don’t open anything that looks like an Excel document from sources you cannot completely trust and verify !!!

part from Znet …

Njoy …

Billions to eavesdrop Skype !!!

2009-02-15T12:31:00.001-05:00

During old times it was always big problem for Govt. agencies to tape phones of suspected individuals … then technology evolved with time and phone taping became handy tool to keep an “ear” on people … but then age came of mobile phone and satellite phones which became another challenge for agencies to spy on … and now at internet age … new way to communication has been evolved … that we use knowingly or unknowingly … its called VOIP (Voice Over IP) a.k.a. interne telephone !!! …

Yes, when we make any call using internet it uses internet protocol ,just like we surf internet … and it becomes a bit difficult to watch over all these calls because its very cheap and easy to use … so users using this method of call is very hugeeeeeeeee number … and perhaps its the biggest problem spy agencies facing to tape terrorists who are using modern technology to communicate ( before 9/11 we had never thought that they can use e-Mails’ draft service to communicate ,right ??? ) …

Recently , An industry source disclosed that America's super secret National Security Agency (NSA) is offering "billions" to any firm which can offer reliable eavesdropping on Skype IM and voice traffic. Skype in particular is a serious problem for spooks and cops. Being P2P, the network can't be accessed by the company providing it and the authorities can't gain access by that route. The company won't disclose details of its encryption, either, and isn't required to as it is Europe based. This lack of openness prompts many security pros to rubbish Skype on "security through obscurity" grounds: but nonetheless it remains a popular choice with those who think they might find themselves under surveillance. Rumor suggests that America's NSA may be able to break Skype encryption - assuming they have access to a given call or message - but nobody else.

The NSA may be able to do that: but it seems that if so, this uses up too much of the agency's resources at present.

"They are saying to the industry, you get us into Skype and we will make you a very rich company," said the industry source, adding that the obscure encryption used by the P2Pware is believed to change frequently as part of software updates.

The spyware kingpin suggested that Skype is deliberately seeking to frustrate national listening agencies, which seems an odd thing to do - Skype has difficulties enough getting revenues out of its vast user base at any time, and a paid secure-voice system for subversives doesn't seem like a money-spinner.

But corporate parent eBay, having had to write down $1.4bn already following its $2.6bn purchase of Skype back in the bubble-2.0 days of 2005, might see an opportunity here. A billion or two from the NSA for a backdoor into Skype might make the acquisition seem like a sensible idea.

The spybiz exec, who preferred to remain anonymous, confirmed that Skype continues to be a major problem for government listening agencies, spooks and police. This was already thought to be the case, following requests from German authorities for special intercept/bugging powers to help them deal with Skype-loving malefactors. Britain's GCHQ has also stated that it has severe problems intercepting VoIP and internet communication in general

Njoy …

We will have same confusing versions of 7 too …

2009-02-13T10:39:00.001-05:00

Like M$ offered different Versions for Vista ( for the record , 4 … home basic, home premium , business and ultimate ) … new forthcoming OS of M$ … windows 7 too will have same or may be more flavors … on 3rd of Feb. Microsoft officially announced what versions Windows 7 may be available in market.

according to them , there will be two primary versions … Home Premium and Professional … but in one question they have mentioned that … they will have other flavors too ..

PressPass: So that covers most people. What will you offer for customers at the “poles” of your worldwide market?

Ybarra: Within a customer base of over one billion, there are a lot of important customer niches, or segments, and we want to make sure we have an appropriate product for everybody. Again, for a majority of our customers the choice is really simple: Windows 7 Home Premium or Windows 7 Professional. We understand some of our customers have different needs, like enthusiasts who want every feature in Windows, for example.

For our biggest enterprise customers, we'll continue to have an Enterprise edition. And we will work to make sure there continues to be strong value in Enterprise edition for our annuity customers with Software Assurance agreements. This edition will not be available at retail or by OEMs for pre-installation on a new PC. Windows 7 Enterprise edition offers advanced data protection, lower cost compliance and IT tools to streamline PC management and help save costs, while enabling access to information from anywhere for business users.

We know emerging markets have unique needs and we will offer Windows 7 Home Basic, only in emerging markets, for customers looking for an entry-point Windows experience on a full-size value PC.

We’ll also continue to offer Windows Starter edition, which will only be offered pre-installed by an OEM. Windows Starter edition will now be available worldwide. This edition is available only in the OEM channel on new PCs limited to specific types of hardware.

And certainly there is also a small set of customers who want everything Windows 7 has to offer. So we will continue to have Windows 7 Ultimate edition to meet that specialized need. Windows 7 Ultimate edition is designed for PC enthusiasts who “want it all” and customers who want the security features such as BitLocker found in Windows 7 Enterprise edition.

I just don’t understand … why they can’t simply offer one basic version for less $$$ and then offer different paid upgrades like aero theme or bit locker for extra $$$ … or just two versions one for home users and another for professionals just like XP ?? … but if they do this , then how they gonna make more $$$ by confusing people and make them buy something that they really don’t want !!!

Njoy …

“Fix It” … from Microsoft

2009-02-13T10:06:00.001-05:00

It has been always difficult to find help using standard help documents that we get with our Windows … right ?? … even sometimes it is more difficult to find help document on M$ website too … so most of time people like me prefer to ask google then microsoft .. right ??

Over the past six weeks, Microsoft has quietly added a "Fix it" button to a few of the thousands of help documents on its Web site. When clicked, the computer then takes all the recommended steps automatically.

"If we know what those 15 steps are why shouldn't we just script it," said Lori Brownell, Microsoft's general manager of product quality and online support

The "Fix it" option is still fairly rare, showing up in around 100 different help documents. The effort is growing rapidly, though, up from just four such fixes when the program quietly began in December.

Microsoft continues to offer users the option of doing things on their own if they either don't trust Microsoft or just like being in control.

"We're not trying to hide anything," she said.

The first fixes included a number of common issues, including restoring a missing Internet Explorer icon to the desktop, how to enable the DVD library in Vista's Windows Media Center as well as what to do when encountering the error message in Street & Trips 2008 that "Construction information for routes could not be downloaded"

For now, Microsoft is having to go back and search its archives to see which of its problem solving tips can be automated. Eventually, it hopes to create the automated fixes at the same time the help articles are created.

Where it can, Microsoft is also adding the "Fix it" option into the error reporting tool built into Windows. Initially, all users could do when a program crashed was send a report to Microsoft. More recently, the system has started checking to see if there is any information on the issue. Next up, said Brownell, is offering the option to have the issue solved automatically.

another one example can be action center of windows 7 … which pinpoints and fixes issues that it can fix regarding security and maintenance issues with operating system.

Njoy …

Nearly Half the Hard Drives on EBay Hold Personal Data !!!

2009-02-12T00:01:00.001-05:00

EBay … one of my favorite place to buy computer junk online with good price and options … just like many people around the world …

Recently a New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders from eBay contained personal, private and sensitive information -- everything from corporate financial data to the Web-surfing history and downloads of a man with a foot fetish.

Kessler International conducted the survey over a six-month period, buying up disk drives from the United States and Canada ranging in size from 40GB to 300GB. The firm, which completed its survey about two weeks ago, bought a total of 100 relatively modern drives, the vast majority of them serial ATA.

"With size of the sample, I guess we were surprised with the percentage of disks that we found data on," said Michael Kessler, CEO of Kessler International. "We expected most of the drives to be wiped -- to find one or two disks with data. But 40 drives out of 100 is a lot."

While Kessler's engineers had to use special forensics software to retrieve data from some of the hard drives, others contained sensitive data in the clear, having never been overwritten or erased. The data included personal documents, financial information, e-mails, DNS server information and photographs.

"The average person who knows anything about computers could plug in these disks and just go surfing," Kessler said. "I know they found a guy's foot fetish on one disk. He'd been downloading loads and loads of stuff on feet. With what we got on that disk -- his name, address and all of his contacts -- it would have been extremely embarrassing if we were somebody who wanted to blackmail him."

Kessler said his company specifically avoided buying drives whose sellers indicated they'd been erased.

Kessler International broke down the kind of data it retrieved this way: Personal and confidential documents, including financial information, (36%); e-mails, (21%); photos, (13%); corporate documents, (11%); Web browsing histories, (11%); DNS server information, (4%); Miscellaneous data, (4%).

"We were more concerned with searching for people's identification, which is what we found, but we were surprised by all the corporate spreadsheets and business finance records we found," Kessler said.

The forensics firm even found one company's "secret" French fries recipe, Kessler said.

In recent years, hard drives have shown up on eBay that contain all kinds of sensitive data. In April 2006, Idaho Power Co. learned that drives it thought had been recycled had actually been sold on eBay with data still intact. The Boise, Idaho-based utility had used the drives in servers; when bought on eBay, they still contained proprietary corporate information such as memos, customer correspondence and confidential employee information.

well i think it may be true for all sites that sell old HDDs … it may contain personal information … and i think for this user may need something more then just disk formatting tool say … drive scrubber ?? … which can even re-write tracks and sectors of HDD which makes almost impossible to recover data from formatted HDD !!!

Njoy …

Be warned by Police for Botnet infection !!!

2009-02-10T12:38:00.001-05:00

Police in the Netherlands claim a world's first in warning victims whose computers were infected by a botnet that was shut down last week. The victims will be forwarded to a special Web page offering instructions on cleaning up their systems.

The high-tech crime unit of the police started issuing the warnings on Wednesday. Users with infected systems are automatically sent a special page when they log onto the Internet. The page offers instructions on disabling the botnet, as well as a link to Kaspersky's online virus scanner and a request to file charges against the botnet herder, a 19- year-old man from the Dutch city of Sneek who was arrested last week.

The page, which was created in cooperation with Kaskersky Labs, marks the first time that botnet victims have been proactively warned by authorities, said Eddy Willems, a virus evangelist with Kaspersky Labs in the Netherlands. "This might initiate other actions in neighboring countries, so we can continue doing this in a coordinated fashion throughout the European Union," Willems told Webwereld. "That would be a good way to fight these crimes."

Releasing a computer from the controls of the botnet might not be for the amateur computer user. Users among other things have to dig into the Windows registry and disable a rootkit that prevented detection of the malware by the user and security software. Willems cautions that users should be careful even after they have followed the step-by-step removal instructions, because the computer is likely to contain additional malware and viruses.

Authorities are able to forward victims to the special page because they have taken over control of the botnet. Infected computers will contact a central server in Russia for instructions. Normally this controlling server will order the computers to start malicious tasks such as sending spam, hosting child pornography or launching a distributed denial of service attack. But the server has been reprogrammed to forward the systems to the warning page.

The botnet herder was arrested last week after he tried to sell his network to a man in Brazil for Euro 25,000. At the time, the botnet was estimated to have snared 100,000 computers. Willems claims current estimates peg the number of infections at 140,000 to 150,000.

from computerworld ….

Njoy …

Google mistakenly calls entire Net malicious !!!

2009-02-08T14:13:00.001-05:00

A typing mistake led search giant Google last weekend to briefly classify the entire Internet as potentially malicious.

On Saturday morning of last day of month , every search result began to display the "This site may harm your computer" link that Google uses to flag potentially malicious sites. The search company quickly fixed the issue and stated in a blog post that human error caused a flawed update to its list of bad sites, resulting in every Internet site being classified as dangerous.

"We periodically update that list and released one such update to the site this morning," Marissa Mayer, vice president of Google's search products and user experience, said in a blog post. "Unfortunately — and here's the human error — the URL of '/' was mistakenly checked in as a value to the file, and '/' expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file."

The StopBadware project, which maintains criteria that Google's uses to create its own filters, clarified a misperception in many media reports that the list used by Google comes directly from StopBadware.

"The mistake in Google’s initial statement, indicating that we supply them with badware data, is a common misperception," the statement said. "We appreciate their follow up efforts in clarifying the relationship on their blog and with the media. Despite today’s glitch, we continue to support Google’s effort to proactively warn users of badware sites, and our experience is that they are committed to doing so as accurately and as fairly as possible."

Google stated that, because its updates are staggered, the problems should have lasted only about 40 minutes for any particular users. However, in a separate blog post, the company added that the block list is also used in its spam filters, so legitimate messages may have been classified as spam. Google is currently reviewing all filtered messages to return legitimate e-mail to its recipients' inbox.

Njoy …

Net Neutrality Tools from Google & group !!!

2009-02-07T23:04:00.001-05:00

Its been in news from long time that IPS were throttling some particular type of network traffic such as BitTorrent … and also there was many online tools with which’s help you can find out weather your ISP is throttling Torrent Client or not … but i think its an interesting thing to mention that , Google is now it the field !!!

Google and a group of partners have released a set of tools designed to help broadband customers and researchers measure performance of Internet connections. The set of tools, at MeasurementLab.net, includes a network diagnostic tool, a network path diagnostic tool and a tool to measure whether the user's broadband provider is slowing BitTorrent peer-to-peer (P-to-P) traffic. Coming soon to the M-Lab applications is a tool to determine whether a broadband provider is giving some traffic a lower priority than other traffic, and a tool to determine whether a provider is degrading certain users or applications.

"Transparency is our goal," said Vint Cerf, chief Internet evangelist at Google and a co-developer of TCP/IP. "Our intent is to make more [information] visible for all who are interested in the way the network is functioning at all layers."

The tools will not only allow broadband customers to test their Internet connections, but also allow security and other researchers to work on ways to improve the Internet, Cerf said. Current Internet performance tools "are geeky to the extreme," he said during a Washington, D.C., forum on the M-Lab tools.

The M-Lab project, launched Wednesday, comes after controversy over network management practices by Comcast and other broadband providers. Earlier this month, two officials at the U.S. Federal Communications Commission questioned why Comcast, the largest cable modem provider in the U.S., was exempting its own VoIP (voice over Internet protocol) from traffic congestion slowdowns, but not offering the same protections to competing VoIP services.

The set of tools will allow broadband customers to measure their providers' performance, said Michael Calabrese, director of the Wireless Future Program at the New America Foundation, a think tank involved in the M-Lab project. Consumers "deserve to be well-informed" about their broadband performance, he said.

Some of the M-Lab tools have already been released, but participants in the project plan to further develop the tools and host them on servers around the world, added Sascha Meinrath, research director at the Wireless Future Program. All the M-Lab tools will be released under open-source licenses, allowing others to modify and improve them, he said.

People on either side of a debate on whether the FCC or U.S. Congress should develop network neutrality rules should welcome the tools, said Ed Felten, director of the Center for Information Policy and a computer science and public policy professor at Princeton University. It took months for policymakers to gather solid information on Comcast's network management practices, but net neutrality advocates can use the tools if they suspect broadband providers of interfering with traffic.

"If you believe that network neutrality government regulation is not needed, if you believe that the market will handle this ... then you should also welcome Measurement Labs," Felten said. "What you are appealing to is a process of public discussion ... in which consumers move to the ISP [Internet service provider] that gives them the best performance. It's a market that's facilitated by better information."

However, one ISP industry source, who asked not to be identified, questioned whether the tools would accurately point to the cause of broadband problems. Spyware or malware on computers can affect browser performance, and problems with the wider Internet can cause slowdowns, the source said.

The M-Labs partners seemed to bypass broadband providers when putting together their tools, the source added. "It may appear that issues that are occurring off an ISP's network may be the ISP's problem," the source said of the tools. "It's important for groups like this to collaborate, not only among themselves, but also with ISPs."

from … CIO

Njoy …

How do they make all that malware !!!

2009-02-03T23:49:00.001-05:00

It is hard to believe that a man is telling the truth when you know that you would lie if you were in his place.

-H. L. Mencken

Anti-virus vendors are getting more than 50,000 submissions of new malware per day now. How can the malware business be so productive? It turns out the numbers aren't really as big as all that.

Welcome to the malware generation business model. So you want to be a malware star? Well listen now to what I say. Unfortunately, I will be somewhat vague, but the fact is that anyone who's technically competent and has the will to do so can find the missing pieces of the puzzle I'll lay out.

First, very little malware is lovingly hand-crafted from scratch these days. The name of the game in defeating anti-virus software is volume. You generate huge numbers of slight variants of a malicious program, do things like use different packers on the executable, and some end up different enough that the anti-malware products can't detect them.

So you write or get someone else's malcode generator. These are programs that generate malicious code variants. (No, I won't tell you where to find them.) You can get source to lots of popular malware, make your own changes and make zillions of variants. But the overwhelming majority of these variants will be detected by any decent anti-malware program, and you can't distribute all of then, so how are you to know which are the undetectable ones?

The answer is to use one of the public malware scanning services. The first and most famous one is VirusTotal, but there are several others. You upload a file to these services, and they scan it with a collection of scanners. Here's the list of VirusTotal's scanners, ripped straight off of their site:

AhnLab (V3)
Aladdin (eSafe)
ALWIL (Avast! Antivirus)
Authentium (Command Antivirus)
AVG Technologies (AVG)
Avira (AntiVir)
Cat Computer Services (Quick Heal)
ClamAV (ClamAV)
Comodo (Comodo)
CA Inc. (Vet)
Doctor Web, Ltd. (DrWeb)
Emsi Software GmbH (a-squared)
Eset Software (ESET NOD32)
Fortinet (Fortinet)
FRISK Software (F-Prot)
F-Secure (F-Secure)
G DATA Software (GData)
Hacksoft (The Hacker)
Hauri (ViRobot)
Ikarus Software (Ikarus)
INCA Internet (nProtect)
K7 Computing (K7AntiVirus)
Kaspersky Lab (AVP)
McAfee (VirusScan)
Microsoft (Malware Protection)
Norman (Norman Antivirus)
Panda Security (Panda Platinum)
PC Tools (PCTools)
Prevx (Prevx1)
Rising Antivirus (Rising)
Secure Computing (SecureWeb)
BitDefender GmbH (BitDefender)
Sophos (SAV)
Sunbelt Software (Antivirus)
Symantec (Norton Antivirus)
VirusBlokAda (VBA32)
Trend Micro (TrendMicro)
VirusBuster (VirusBuster)

You get a report back saying what scanners found the malware, what they detected it as, and which didn't find it. With new malware, the detections will be overwhelmingly generic/heuristic.

The good news is you can see which variants are undetected enough to be useful. The bad news is that when a product does not detect your sample, VirusTotal and the other scanners submit it to the AV companies so that they can add a signature or adjust their heuristics. You won't go undetected for long. And of those 50,000 submissions, probably no more than a few hundred, perhaps much less than that, are ever seen in the wild. Even fewer do real damage.

This arrangement is what makes it worthwhile for the anti-malware companies to cooperate with VirusTotal. It gets them early access to new malware. It's also how the AV companies are getting 50,000 submissions a day: The malware authors are, in effect, sending the new malware directly to the companies. That they will only have a limited window of opportunity to attack protected users with the new malware is just a cost of doing business.

If you want to spend some money to avoid having to inform the industry about your new code, start your own multiproduct scanning lab. You'll need current subscriptions for as many products as you can get, but I'm not sure it would buy you much time. These companies talk to each other, and if a new, undetectable variant came out from the wild, word would spread pretty quickly; soon someone would feed it through VirusTotal or one of the other services, and the jig would be up.

None of this is news and shouldn't be surprising. The moral of it all, and this too should not be news to you, is that anti-malware should not be your only line of defense. Many people call it useless because some attacks get through, and now you know how, but no line of defense is perfect. Anti-malware needs to be combined with other forms of defense, like a firewall, an intrusion prevention product, running your system with least privileged access and not clicking on links in e-mails (or at least being very careful about doing so).

from eWeek.com

Njoy …

Macs hit with BitTorrent-embedded malware attack

2009-01-27T00:12:00.001-05:00

For years, Mac users have long been rightfully smug about their platform's relative immunity to virus and malware attacks, but it's inevitable that those days will eventually come to an end. (As the Mac gains in popularity, it also earns more attention from malware developers, and it's this lack of malware being actively developed, not some special, inherent security, that have really kept the Mac a "safe" platform for the time being.)

Now we're seeing one of the first moderately-sized exploits to take advantage of Mac users. The iServices.A Trojan horse is an attack being distributed via BitTorrent, where it's disguised as a bootleg copy of the new iWork 09. Once installed, the malware takes administrator access and connects to remote servers over the Internet, where it can be given additional instructions as the author commands, from installing additional malware to stealing information off the Mac in question. The malware creator can also take complete remote control of any compromised machine.

Security firm Intego said that just 20,000 machines had been infected as of January 21 but that the risk of ongoing infection was "serious, and users may face extremely serious consequences" if they are stricken with the malware.

Mac users are suggested to use common sense -- that is, don't try to download and installed pirated software -- and to update any antivirus definitions immediately. If you're a Mac user and aren't using security software, well, this might be a good time to start.

As well, if you've been hit by this piece of malware, a removal tool is available here. (Please note: I have not tested it.)

from yahoo news …

Njoy …

$ 236 million fine for spamming !!!

2009-01-25T18:04:00.001-05:00

First of all , before digging much deep we need to understand what is spamming …. well standard definition of Spam is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages , in terms of computer terminology of course … Spam is the same thing many times. It originally appeared as a term to describe EMP (Excessive Multi Posting) and ECP (Excessive Cross Posting) on USENET. It is also used to describe UBE (Unsolicited Bulk E-mail) and UCE (Unsolicited Commercial E-mail)…

The term spam is said to come from a Monty Python skit from the second series of Monty Python's Flying Circus. In this skit, Vikings sing a chorus about spam while a woman tries to get something to eat that doesn't contain spam. Much like our attempts to limit the amount of UBE that comes into our mailboxes, she was unsuccessful in getting a meal that doesn't contain spam…

then you will ask , What is wrong with mass mailing ? right ?? well simple explanation to this question is … the Internet was set up so people could exchange information. Commercial use of the 'net' was frowned upon. In the last few years, the use was expanded by the World Wide Web to include commercial uses. The Web does not force you to receive Web advertisements; you choose what Web sites you care to visit. Spammers feel it is their right to send advertisements you don't want. They impose upon your rights to receive what you want. The constant barrage of unwanted, and sometimes offensive, advertisements is objectionable to many families that use the net. On the practical side, spam, a form of net abuse, costs you, the user. The problem with spam is that you pay for it. Whenever a spammer sends his e-mail to you, your ISP has to store the junk on the server until you download it. Also,the Internet is International. All countries of the world do not have unlimited access to the Internet either with their phone systems, or their service provider. Many countries' phone systems charge by the minute. In the US, there are some areas that charge this way also. When a spammer sends his message to those without unmetered service they pay to download it.

So , by all manner , SPAMMING is bad thing and illegal by law too …

Recently , a US couple who sent vast quantities of spam via a small ISP for around four months in 2003 have been fined a whacking $236 million.

According to the IDG newswire, Perez and Suzanne Bartok used a bulk emailing package to send millions of spammed messages to CIS Internet Services in Iowa.
The small ISP said it had to dedicate three servers to blocking the couple's spam, which amounted to an astonishing 500 million emails every day for around four months in 2003.

"There were millions of e-mails being delivered to us for each spam campaign to users that didn't exist on our servers," said the ISP's big cheese in an interview.
Interestingly, CIS is reported to have won judgments against 10 spammers to date, and other ISPs are watching with interest.
The bad news is that the Bartok's assets probably don't come anywhere near $236 million, so the lawsuit seems to have been academic...

news from , ITProportal.com

Internet Web has been finally connected !!!

2009-01-20T19:48:00.002-05:00

It sounds a bit weird right ?? … but if you are into heavy internet use then you must have always felt that there is something missing in internet … still internet is not convenient … still doesn’t have all-in-one web service … right ??

For example , You’re writing an email to invite a friend to meet at a local San Francisco restaurant that neither of you has been to. You’d like to include a map. Today, this involves the disjointed tasks of message composition on a web-mail service, mapping the address on a map site, searching for reviews on the restaurant on a search engine, and finally copying all links into the message being composed. This familiar sequence is an awful lot of clicking, typing, searching, copying, and pasting in order to do a very simple task. And you haven’t even really sent a map or useful reviews—only links to them. This kind of clunky, time-consuming interaction is common on the Web, because there’s no easy way other than copy-and-paste to get your data between one web-application and another. Its kind of advanced Mashup , a web 2 replacement of Portal .. right ???

Ubiquity for Firefox from Aza Raskin on Vimeo.

I found something amazing research is going on at Mozilla Labs , they call it , Ubiquity … an application / add-on to firefox that will connect and allow users to use many different web services and combine them together !!! its still in beta phase , but it really looks promising to me … ( i am not critic , so please don’t consider my words seriously ) … Mozilla Labs define ubiquity as ,

Make it extremely easy to Extend browser functionality, and share new functionality with other users.
Enable on-demand, user-generated mashups with existing open Web APIs. (In other words, allowing everyone–not just Web developers–to remix the Web so it fits their needs, no matter what page they are on, or what they are doing.)
Empower users to control the web browser using a natural-language-like command interface. (With search, users type what they want to find. With Ubiquity, they type what they want to do.)
Use Trust networks and social constructs to balance security with ease of extensibility.

but i should say , it requires a bit of advance computer knowledge , because to perform any task you are required to write down certain commands which you have to remember …

Njoy …

New generation of “smart” malwares !!!

2009-01-18T12:24:00.001-05:00

Malware authors are adopting a new technique to avoid getting caught.

Recently, two malware families -- Swizzor and Conficker -- stopped infecting machines in countries out of which the authors were operating, so not to attract law enforcement, Pierre-Marc Bureau, senior researcher at ESET, told SCMagazineUS.com on Friday. If a cybercriminals targets users outside of their country, it's harder for authorities to respond, he said.
The Swizzor malware has been around for about two years but only recently stopped infecting Russian machines by identifying the language of a user's operating system, Bureau said. Users running a Russian version of Windows will not be infected.
The fact that the trojan is now avoiding Russian targets reveals some clues about the cybercriminals behind the Swizzor malware, Bureau said. The individuals likely have servers located there and perhaps are conducting other operations, such as money laundering.

Meanwhile, the earliest variants of the rapidly spreading Conficker virus, which exploits a patched Windows Server Service vulnerability, was avoiding Ukraine targets. The malware was able to detect the keyboard layout.
However, the latest variant of Conficker -- responsible for infecting millions of machines this week, according to F-Secure -- is not choosing which victims to infect.
Still, big malware families are adopting this technique to avoid bringing attention on themselves, Bureau said.

“We have not seen this before a couple of months ago,” he said.

from SC Magazine ..

Njoy !!!

Yet another attempt to tap the internet !!!

2009-01-15T20:05:00.002-05:00

its been ages since china is monitoring and filtering its internet with the setup of network filters and firewalls .. known as Golden Shield Project … which prevents users within china to access sites or even use or create or communicate or anything that is related to flow of information which is “inappropriate” according to government of china !!!

But recently , a group of Canadian human-rights activists and computer security researchers has discovered a huge surveillance system in China that monitors and archives certain Internet text conversations that include politically charged words.

The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service.

The discovery draws more attention to the Chinese government's Internet monitoring and filtering efforts, which created controversy this summer during the Beijing Olympics. Researchers in China have estimated that 30,000 or more "Internet police" monitor online traffic, Web sites and blogs for political and other offending content in what is called the Golden Shield Project or the Great Firewall of China.

The activists, who are based at Citizen Lab, a research group that focuses on politics and the Internet at the University of Toronto, discovered the surveillance operation last month. They said a cluster of eight message-logging computers in China contained more than a million censored messages. They examined the text messages and reconstructed a list of restricted words.

More about it .. here on Newyork Times …

Njoy !!!

History of Internet !!!

2009-01-12T10:52:00.003-05:00

Take a look at animation which describes history of internet ...

History of the Internet from PICOL on Vimeo.

nice work ...

Njoy ...

Windows Essentials …. Essential tools for free

2009-01-10T21:29:00.001-05:00

If you are an internet savvy … then these tools are perhaps the most required items in your arsenal of internet essentials … just one download and you will get messenger , mail client , offline blog-writer together ….

Microsoft just released newer version of essential series which makes its performance far more batter then its pervious versions … it contains tools that we need very frequently … such as …

Photo Gallery … to edit photos and even share them instantly …

Movie Maker … the same old movie maker and editor but very new look and easy to follow online sharing …

Family Safety … a safety program , which helps user to prevent his/her family from harm of internet … and its highly customizable yet very simple to use …

Writer … all in one required blog writer … if you are into blogging then this is the best of the best tool for offline writing and then publishing them later on … it has all tools that are required for average blog writer like me … ( for example , can you believe that i’m using live writer right now to write this blog ?? ) … the great thing is , it downloads your blog theme too so you can have “feel” of your blog in real time !!! … more over it supports almost all blogging sites such as live or blogger or wordpress or livejournal … and many more …

Mail … its that again old offline mail client that we used to use … outlook express in older windows and windows mail in vista … its Live Mail … same like them , but with more sexy look and better performance … i don’t even need to setup my google account manually for this software … just put you email address and it will be configured automatically !!!

Messenger … its that live messenger that we use … i’m not much into chatting so …………. really can’t write much about its features … :D …

Toolbar … well its also one of the required essential for internet … its all in one toolbar has everything that we need while we surf …

Most good thing is … this all is just free to download and use …

i hope you will like it …

Njoy …

WINDOWS 7 for DOWNLOAD

2009-01-09T11:18:00.002-05:00

Microsoft’s well praised baby …… Windows 7 will be available for download publically by today on 9th of January … obviously it’s a BETA edition … but according to reviews this new OS will be Rocking …

From Official Windows 7 Blog …

On January 9th, the Windows 7 Beta will be available for Windows enthusiasts to download via the Windows 7 page on Windows.com. The Windows 7 Beta is going to be available download-only (we’re not sending out physical media) and available for a limited time to the first 2.5 million people who download the beta.

The Windows 7 Beta will be available in English, German, Japanese, Arabic, and Hindi, and each language will be available in 32-bit and 64-bit versions (except Hindi which will only be available in 32-bit). Because the Windows 7 Beta will be offered download-only, it will be provided to you as an ISO image (an .iso file) that you download. After downloading either the 32-bit or 64-bit ISO image of the Windows 7 Beta, you will be required to burn the ISO image to a DVD to install Windows 7. So you want to be sure you have a DVD burner before spending the time downloading the ISO image.

To burn the ISO image of the Windows 7 Beta to DVD, if your PC comes with Nero or Roxio products – you should be able to burn the ISO image to DVD. If you don’t already have DVD burning software on your PC, you can also check out ImgBurn which is free and can be downloaded here.

The Windows 7 Beta only supports Windows Vista SP1 to Windows 7 upgrades. So if you intend to do an upgrade – be sure it is on a PC running Windows Vista with Service Pack 1. We are not yet announcing anything regarding finalized upgrade paths for Windows 7.

The Windows 7 Beta will be only available in one edition, which is roughly equivalent the Ultimate edition of Windows Vista.

Also, another important thing to keep in mind is that the Windows 7 Beta will expire on August 1st, 2009.

I also need to emphasize that this is a beta of an unreleased operating system. Be sure to backup all your important data. As much as the Windows 7 Beta completely rocks, part of the beta process is discovering bugs and reporting those bugs. Some of those bugs could possibly lead to data loss. I tend to be a risk-taker myself and have gone all-out with the Windows 7 Beta by putting it on almost all my PCs both at work and at home, but not everyone should do this. I recommend using Windows Vista’s Backup and Restore features to ensure your information is backed up before trying out the Windows 7 Beta. Click here for several methods of backing up your data in Windows Vista.

Just can’t wait to have my own copy …

Njoy …

So Safe Linux ... is not much safe now ???

2009-01-08T18:16:00.003-05:00

There seems to be a false sense of security among some Linux users. The number of malicious programs specifically written for GNU/Linux has been on the increase in recent years and in the year of 2005 alone has more than doubled: from 422 to 863. Some security consultants will argue that Linux has fewer viruses/malwares because it is less attractive as a target for having a smaller user base (compare ~90.66% Windows vs ~0.93% Linux). You may call me a traitor but I agree with that assessment. There is no reason why we will not see a rise of malware designed for Linux as it becomes more mainstream among ordinary users.

I’ve heard so many times from beginners “do I need an anti-virus?”, “Linux has no viruses”, “There’s no way a virus could infect a Linux box”. This is the false sense of security that many new Linux users are dealing with today. Most are just starting out as Linux users and have no idea about the risks and safe actions to take. Newbie Linux users tends to feel safe with statements they read about how the Linux OS could never be infected and if so could never be executed because of the way files works under Linux.

Linux does have its share of viruses, trojans and worms but would the Linux infected binaries really need to be exclusively executed by root for a major system apocalypse? Although in most cases the system programs are owned by root and the user is just running the program from a non-privileged account. Some people will argue that for a system wide infection, the infected binary would have to be derived exclusively from root and as a non-privileged user, by running an infected program would only effect the users /home directory and not a system wide infection.

There is a method to infect a system wide Linux OS without the need to become root, this procedure is a commonly known as “Privilege escalation” –

“Privilege escalation is the act of exploiting a bug or design fault in a software application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with more privileges than intended by the application developer or system administrator” (Privilege escalation).

Its not very likely that Linux malwares will ever compare to that of the Windows viruses and even more unlikely that Linux will ever see its share of the same issues with malware as the Windows operating system. If you take into consideration the email-borne viruses that Microsoft has, they are all executable and are in most cases executed by the user, whereas with Linux you would have to save the file make the file executable and manually run the file. Windows XP automatically makes the first named user an administrator, with the power to do anything to the system. Linux on the other hand uses the first named user as the root administrator but does not allow root login on boot-up.

As a Linux user, using the repositories, md5 checksums and using root privileges only when necessary are just a few ways to to guard against an intrusion. SSH is often the first point of entry to a Linux system but it’s not the last line of defense. Using a strong password and anti-virus software should always be common practice for any OS and could potentially limit the risk of a system catastrophe.

Njoy ...

Malicious Tune ???

2009-01-07T20:52:00.005-05:00

We already know that malwares can be spread via , PDF files or by rouge flash player .. right ?? .. but the new most recent way to infect computer is using WMA ... windows media audio format music file ?? ... its hard to imagine right ?? , but if you have ever noticed ... sometimes media player asks user to download codecs or to agree some sort of licences ... and its quite common ....

But in October this year, for example, the biggest threat found by Kaspersky Lab was a Trojan Downloader named WMA Wimad.n - a Trojan masquerading as a WMA file. The Kaspersky advice is if you open a music file and your media player asks you to download a codec or read a licence agreement, don't.

So if in future you get any music file ... better make sure that its playing correct tune ...

Njoy ...

Secure Sites may be not that "Secure" ....

2009-01-06T12:54:00.004-05:00

~ Science fiction does not remain fiction for long. And certainly not on the Internet. ~

If you have ever noticed small pad-lock icon at corner of browser , ensures that connection is safe ... and its more important when we are dealing with financial transactions ... right ?? ... till present time we used to think that this secure certification method , that is generated with help of MD5 are secure enough that it can't be faked ... in other words ... if we are visiting citi bank's website then we are sure that its legitimate site ... but now , some people have proved that its quite possible to fake that CA certificate and hence secure sites may not be that secure in future ...

A team of U.S. and European researchers used a computing grid of more than 200 Sony PlayStation 3 video-game machines to create fake certificates and fool a browser into thinking it had a secure connection with a trusted site.

Researchers from California, teams from the Centrum Wiskunde & Informatica (CWI) and Eindhoven University of Technology in the Netherlands, and teams from the Ecole Polytechnique Federal de Lausanne (EPFL) in Switzerland presented a paper Tuesday at the 25C3 security congress in Berlin. They showed that they were able to generate two messages with one digital signature, similar to the process of an older digital-certificate system, using an algorithm called MD5.

A user who visits a Web site whose URL begins with https usually sees a locked padlock in a browser corner, indicating that the site employs a digital certificate issued by one of several trusted certificate authorities. The browser verifies the certificate, using one of several algorithms, including, for some sites, MD5.

The MD5 digital-certificate system is still in use by many sites, and could enable third parties to create fake certificates and fool a browser into thinking it was visiting a secure site. A more modern and secure digital-certificate system is used by many sites.

The vulnerability was first identified four years ago by Chinese researchers, who had created a collision attack by generating two different messages with the same digital signature. But the amount of computing power needed to generate a fake certificate was considered a huge obstacle to anyone attempting to take advantage.

if you like to read more about this .. then have a look here ...

Njoy !!!

XP Vs Vista Vs Vienna... Ultimate Windows Comparison

2009-01-03T22:50:00.006-05:00

If you have seen snapshots of all new windows 7 .. a.k.a. windows Vienna ... you will see that , still its in pre-beta phase , but looks sexy ;) .... but like any average windows user , i was just curious to see if there is any sort of comparison is available to check with other operating systems like windows XP and Vista ... because , my WOW experience was pretty bad ... its extremely resource hungry OS , by all means ... either by use of RAM or by use of Processor or by use of HDD installation space ... so on this blog i found very brief comparison of all three OSes ... XP , Vista and Windows 7 (Vienna) ...

There are 23 tests in all, most of which are self explanatory:

Install OS - Time it takes to install the OS
Boot up - Average boot time to usable desktop
Shut down - Average shut down time
Move 100MB files - Move 100MB of JPEG files from one hard drive to another
Move 2.5GB files - Move 2.5GB of mixed size files (ranging from 1MB to 100MB) from one hard drive to another
Network transfer 100MB files - Move 100MB of JPEG files from test machine to NAS device
Network transfer 2.5GB files - Move 2.5GB of mixed size files (ranging from 1MB to 100MB) from test machine to NAS device
Move 100MB files under load - Move 100MB of JPEG files from one hard drive to another while ripping DVD to .ISO file
Move 2.5GB files under load - Move 2.5GB of mixed size files (ranging from 1MB to 100MB) from one hard drive to another while ripping DVD to .ISO file
Network transfer 100MB files under load - Move 100MB of JPEG files from test machine to NAS device while ripping DVD to .ISO file
Network transfer 2.5GB files under load - Move 2.5GB of mixed size files (ranging from 1MB to 100MB) from test machine to NAS device while ripping DVD to .ISO file
Compress 100MB files - Using built-in ZIP compression
Compress 1GB files - Using built-in ZIP compression
Extract 100MB files - Using built-in ZIP compression
Extract 1GB files - Using built-in ZIP compression
Install Office 2007 - Ultimate version, from DVD
Open 10 page Word doc - Text only
Open 100 page Word doc - Text and images only
Open simple Excel doc - Basic formatting
Open complex Excel doc - Including formula and charts
Burn DVD - Win 7 beta 1 .ISO to disc using CDBurnerXP
Open 10 page PDF - Text only, using latest Adobe Reader 8
Open 100 page PDF - Text and images, using latest Adobe Reader 8

for these tests they have used two different PC configurations ...

An AMD Phenom 9700 2.4GHz system fitted with an ATI Radeon 3850 and 4GB of RAM
An Intel Pentium Dual Core E2200 2.2GHz fitted with an NVIDIA GeForce 8400 GS and 1GB of RAM

and the results were much similar that Microsoft had promised when they announced their new OS project ...

I would surely try to get "hands on" experience with Windows 7 by myself .... lets see ....

Njoy ....

Cooliris .... transforming browser into 3D cinema !!!

2008-12-31T21:02:00.003-05:00

Cooliris blows up your Web-surfing experience into a larger-than-life graphical experience. It takes the images it finds on nearly any Web site, expands them to super-extra-large size, and then lets you surf through them in a classy scaling interface that we think we last saw in the Iron Man movie. Or maybe it was The Dark Knight.

Whatever the inspiration, there's no doubt that the cross-platform and cross-browser Cooliris puts the "graphic" back in "graphic user interface". Installing it places a button on the Toolbar. When you're on a Cooliris-enabled Web site, click the Cooliris button to activate the Cooliris interface. Your screen will go black, and all the images on the site will zoom past you as if on a roller-coaster. They stop soon after, and from there you can surf the site using the subtly-placed search bar at the top of your monitor. Click on an image to enlarge it. If it's a still image, it simply enlarges. If it's a video, it enlarges and starts playing.

Currently, the plug-in only supports a handful of the most popular graphics-intensive site, such as Facebook, MySpace, YouTube, Picasa, Flickr, and a few others. A WordPress plug-in allows those who use that blogging system to create Cooliris functionality, and there's a Webmaster's guide on the Cooliris site for users who host their own sites. We also noticed occasional stability problems on Internet Explorer, but they were intermittent at best. Installing the add-on is worth it just for the sweeping, futuristic way that images stream by when you browse, even though there might not be much practical application at this point.

Acrobat Replacement ...

2008-12-27T11:45:00.003-05:00

This is the cheaper replacement of the famous pdf maker software ... Adobe Acrobat ... its Primo PDF ... but the problem is its just a PDF maker not PDF viewer ... so we can't see PDF files , we can just create it ... to view PDF files then we need some other software ... for example Foxit reader !!! Both apps are free and by combining them two , i have replaced requirement of Adobe Acrobat for my system...

More about Primo ...

PrimoPDF converts just about any file type to a PDF, using the source program the file was created with and its print command. Two new changes make the program easier to use and more useful. The interface redesign is definitely easier to navigate, and users can now choose to email the PDF instantly after its creation.

The conversion process from whatever document is on your screen to PDF is quick and efficient. Other features include a security feature, which allows the user to wrap the PDF in 40-bit or 128-bit encryption, PDF merging, and password protection. The user also can restrict editing of the new PDF, leaving comments and making other changes.

More about Foxit Reader ...

Its Incredibly small , the download size of Foxit Reader is just a fraction of Acrobat Reader 20 M size. Its Breezing-fast, When you run Foxit Reader, it launches instantly without any delay. You are not forced to view an annoying splash window displaying company logo, author names, etc. Good Annotation tool , Foxit Reader allows you to draw graphics, highlight text, type text and make notes on a PDF document and then print out or save the annotated document. Save fillable forms after filling them out so you can continue anytime. Good text converter, You may convert the whole PDF document into a simple text file. High security and privacy: Foxit Reader highly respects the security and privacy of users and will never connect to the Internet without users' permission while other PDF readers often silently connect.

Njoy ...

IE 7 Emergency ??

2008-12-23T19:05:00.003-05:00

Its been not a new thing that we get time to time updates for various softwares that we use and even for our operating systems from their makes , microsoft or apple for example ... and being good computer user we keep automatic update feature "ON" so our operating system gets updated automatically ... right ?? ...

Well , its about a patch for internet explorer 7 that microsoft released just in an overnight !!! the IE7 vulnerability was such a critical that they had to act fast .. according to microsoft , the systems with OS, XP, Vista , server 2003 , server 2008 were effected.

Once exploited the IE , it downloads trojan that modify files and steals personal informations , it also downloads melicious files that infect user's PC.

So if you still haven't downloaded the patch , then its time ....

Njoy ....

Toad ... for windows !!!

2008-12-19T23:43:00.004-05:00

Being the best DBMS software of the world Oracle is the most complex and perhaps the most difficult system to work with ... and i realized that when i took database design course for my fall '08 semester ....

Well one of the reasons why i felt Oracle difficult is may be because of lacking so called "computer science" background of mine , ( still i don't know why , i always loved database compared to programming ) ... but when our professor told us that if we do our final project using Oracle as DBMS , we will get extra credit , i jumped in !!! .... before that i had tried SQL Server 2000 , ( and now its 2008 version is already in market ) so i was a bit of lacking knowledge about complexity of Oracle ...

The main problem i faced with Oracle was , there is no GUI at all !!! ... being windows user that made my life miserable at first because , we just can't move a single step without help of Mr. Mouse !! right ??? and i guess Oracle , doesn't even know what mouse is for !! so it took me a while for getting things done .. another thing that always confused me was after defining tables , how do we know primary key or foreign key of the table ?? , and i still don't know how to do that in Oracle ....

And some day , i came to know this software ... Tool for Application Developer a.k.a TOAD ... actually there are bunch of other software are available just for getting things done with Database development and administration. i found TOAD quite handy tool for my works with Oracle , we can access database directly from TOAD with our Oracle login , and so we can do all the boring command line stuff with fully functional GUI !!! ... it has every thing that we ever need to work with any DBMS , weather its Oracle or SQL server or MYSQL or DB2 or anything ...

Njoy ...

MEWU - Scene 8 ... Change your Identity !!!

2008-12-09T23:48:00.004-05:00

When we do "experiments" sometimes are need to hide ... or say more softly , change our MAC address. And for this , Ubuntu has very hand tool, called MAC Changer.

But first some words about MAC address... Media Access Control a.k.a. MAC is a unique identifier used to identify network adapters weather it is a Ethernet or WiFi or any Bluetooth , all networking hardware has unique ID , and with who's help those devices --- and so --- "USER" of that device can be identified. This method is used in very basic security schemes that includes mobile networks too !!!

Well, i don't wanna ask why would you ever think to change your MAC address but i know there are always "reasons" to change it for sometime. There are number of ways to change it ,

one method is ...

go to your termainal and write ,

sudo gedit /etc/network/interfaces

it will open interface file of network , it should look like ,

auto eth0
iface eth0 inet dhcp

then simply add a line after these two lines , and it will look like this ,

auto eth0
iface eth0 inet dhcp
hwaddress ether 01:02:03:04:05:06

where 01:02:03:04:05:06 is a FAKE MAC address...

sudo /etc/init.d/networking restart

and you will see your "all new" identity.

WiFi SD !!!

2008-11-21T21:20:00.001-05:00

SDs are part of our digital life , we find them in many devices that uses them to store anything ... songs , photos , data for example ... and almost all laptops come with SD card readers which make our life even more easy ( oww.... exclude SONY ... they don't belong here ) ... all we need is to put card in reader and get all the data ...

But how if we can transfer data without even taking out SD card !!! or more briefly ... without even making any physical connection of hardwares !!! well , i guess it will make our life even more easy .. right ??? well there are technologies that can help us for data transformation , for example blue-tooth or Infra RED ... but each has its own limitations , some like .. lower transfer rate or less mobility ... but a yeasterday i found one site ... Eye-Fi ... who claims to sell , SD card equiped with their own WiFi transmission capability !!!! ... now thats something really amazing that we can transfer our data from SD card via WiFi ... according to them , it is secure too because they store all information about on which network the card should transmit on that card it self ... but still i am a little worried about security , i don't want everybody around my house get my girl's pics .. on their network :P ...

also the cost is way too high .... the cheapest one is about $ 80 for 2 Gigs ... compared to about $ 10/15 for same size !!! ... but still if you are tech savvy ... may be you can afford that price ...

Njoy ...

Blogged with the Flock Browser

Tune up your Windows ...

2008-11-11T21:59:00.002-05:00

Not just another optimizer that we find on internet here and there ... this one is good one ... TuneUp Utilities 2008: The complete Windows optimization package.The Highlights: Boosts system performance by de-fragmenting hard drives; Identifies and deletes non-required files; Deactivates unused Windows functions; Effortlessly solves common computer and display problems; Offers more than 400 options to customize Windows; Analyzes the file system and corrects errors; Performs maintenance functions with a single click.

Temp file management, registry cleaners and start-up program controls are the bread-and-butter of these utilities, and these basics work in TuneUp more quickly and easily than most. However, the app also sports great add-on tools you don't usually see in a utility program. It offers a variety of Internet and program-acceleration tweaks as well as Windows performance enhancers. The crash-preventing MemOptimizer, a file shredder, deleted file recovery, and a respectable uninstall utility round out the suite. You even can automate maintenance tasks with the scheduler or tweak Windows' appearance with the styler tool. The built-in RescueCenter can restore all changes completely or one by one.

Between the guts of steel and the stylish, logically arranged interface, TuneUp Utilities suits all users--from complete beginners who will appreciate the one-click optimization to more daring users who will experiment with all the settings.

Njoy...

Web Browsers .... the new battlefront of hackers !!!

2008-11-07T18:05:00.002-05:00

Attacks on operating systems may be decreasing since last year, but attacks on applications, incidents of malware, and unwanted software are rising and account for 90 percent of vulnerabilities, according to the Microsoft Security Intelligence Report, released Saturday. Microsoft said 30 percent of the malware was Trojan-based, and China accounted for 50 percent of browser based attacks, while the U.S. was second at 23 percent.

The amount of malware and unwanted software removed from computers increased 43 percent in the first half of the year, according to the 150-page report, now in its fifth installment. Thirty percent of that malware was Trojan-based, usually in the form of a computer worm or virus disguised as another application that erases data, corrupts files, and reinstalls itself after being disabled. China had the highest percentage of browser-based attacks at 50 percent, with the United States following with 23 percent. China's infection rate of 6.6 percent, a 41 percent increase from the second half of 2007, was a bit lower than industry experts expected.

Microsoft suggests consumers and businesses check for and apply software updates on a continuing basis, enable firewalls, and install antivirus and anti-spyware programs that add another layer of protection.The software giant also suggests that consumers refrain from opening links and attachments in e-mails and instant messages -- even if they are from a trusted source -- without first considering the harm that opening may cause.

njoy ...

Javascript - hacker's favorite language !!!

2008-11-04T17:52:00.001-05:00

Well , like as usual i came across this article ... and it was good to read it ... so i thought to post it here again ....

The demand that the development of web 2.0 has placed on browsers to become more interactive and act as a portal rather than just a viewing platform is opening up new vulnerabilities to unsuspecting users, Itzik Kotler, team leader of the Security Operation Center at Radware, has warned.

As well as developing new signatures and analytic tools for Radware scanning software, Kotler also works on finding new classes of vulnerabilities before they appear in the wild.

One such security hole is in Javascript, which would allow a hacker to copy any file from a user's PC with little chance of detection – something many have considered to be impossible.

Koter demoed the hack, dubbed Jinx, to vnunet.com at this week's RSA security show in London. He showed how the process was done from within the browser itself, not by altering the browser binary, which can be detected by most anti-virus systems, but rather by adding plain HTML code into just one specific file.

According to Koter, this new class of attack will be attractive to cyber-criminals whose existing techniques are increasingly vulnerable to detection because the approach is cross platform and cross browser, allowing the hackers to access systems previously unavailable to them, such as Linux, Mac and mobile.

The problem stems from the fact that internet browsers have quickly moved from being passive text and picture viewers to essentially an operating system in their own right, through interactive services such as user-generated content, hosted applications, web mail and social networks.

"HTML is now like a batch file for everything," said Koter.

"It's only down to shaping and redirecting it from this intended purpose."

He concluded that, although these types of attack are not yet in the wild, security firms and browser developers need to ensure that the increased demand for a more flexible browser does not open the door to hackers.

Njoy

Eyecandy cursor for Desktop !!

2008-10-30T09:57:00.005-04:00

Sick of looking at that same old cursor? Replace your plain old cursor with animated 3D pointers that look good and can be set to perform tricks, like dotting the screen with color when you click or leaving trails of bubbles in its wake.

CursorFX includes a number of nifty cursor options, and more await in Stardock's online user gallery. We love that your cursor changes over before you even close the program.

You can tweak the custom cursor's look and feel and can easily turn the cursor off if you need a reminder of what you've left behind. CursorFX integrates into the Mouse panel, takes only about 1MB of RAM, and does not slow the cursor's movement. This free application is a must-have for upgrading Vista or XP's look.

Njoy ....

Blogged with the Flock Browser

Beware of What you Type ???

2008-10-28T17:14:00.001-04:00

" Keyboard Sniffing " .... a very new kind of sniffing method which can be used to sniff keys pressed by target user on keyboard !!!

Actually it was just an experiment by swiss students to show a new way of cyber attack ... Doctoral students Martin Vuagnoux and Sylvain Pasini from the Security and Cryptography Laboratory at the Swiss Ecole Polytechnique Federale de Lausanne have revealed that the electromagnetic signals produced by every keystroke can be tracked by hackers.

The students claimed that by analyzing the signals produced by keystrokes, they can reproduce what the target typed. Results led the students to claim that keyboards were not safe to transmit sensitive information.

They tested the technology on 11 keyboard models that were connected either by a USB or a PS/2 socket and every keyboard tested was vulnerable to at least one of the four attacks the researchers used. One attack was shown to work over a distance of 20 meters.

The students used a radio antenna in their research to fully or partially recover keystrokes by spotting the electromagnetic radiation emitted when keys were pressed.

Njoy ...

Blogged with the Flock Browser

Some routers are susceptible to SNMP injection !!!

2008-10-27T12:28:00.001-04:00

yesterday , i was like always wondering here n there on internet found one article on one of my " source of information " ... that ... not all but some routers from popular vendors are vulnerable to SNMP injection ....

But first , what is SNMP , its Simple Network Management Protocol , which is basically used to monitor network attached devices for conditions that warrant administrative attention. Don't mislead from its name , implementation of this protocol is way too difficult...

Penetration Testing Co. .... ProCheckUp surveyed devices from vendors such as Cisco, Proxim, 3Com and ZyXEL which were all found to be vulnerable.

Identified in ProCheckUp's ‘ZyXEL Gateways Vulnerability Research' paper, it

allows hackers to cause a persistent HTML injection condition on the web management console of several ZyXEL Prestige router models. Provided that an attacker has guessed or cracked the write SNMP community string of a device, they would be able to inject malicious code into the administrative web interface by changing the values of OIDs (SNMP MIB objects) that are printed on HTML pages.

The purpose behind injecting malicious code into the web console via SNMP is to fully compromise the device once the page containing the payload is viewed by the administrator.

The company initially suspected that such an attack was possible on a large number of embedded devices in use in the market, and although the SNMP write community string must be guessed or cracked for this attack to work, some devices come with SNMP read/write access enabled by default using common community strings such as ‘public', ‘private', ‘write' and ‘cable-docsis'.

ProCheckUp also claimed that the use of customised but weak SNMP write community strings, and other weaknesses within the devices SNMP stack implementation should be taken into account when evaluating the feasibility of this attack.

Njoy ....

Converting Ordinary FlashDrive into Smart Drive !!

2008-10-24T16:29:00.002-04:00

Flash Drives / Pen Drives / USB Drives , are quite common in use today for easy transferring data to any place ... they gives us access to out files any time , any where ... right ?? During recent time , some smart guys have designed " Smart Drives " which not only carries data but it also carries bunch of software within that USB drive ... imagine that you are forced to work on some junk computer that even don't have required software for your work , or your favorite browser application or any AV installed !!! or just for sake of security you don't want to use browser of that unknown computer ... in this case these Smart Drives becomes very handy ,right ?? most of them use " U3 technology " .... hell, now a days even smarter drives are in market which uses "biometric ID system" , means you need to scan you finger before you access them !!! ( you can assume that in near future, they are gonna introduce face recognition technology in these drives too !!! )

But still these "smart drivers" are bit costlier then ordinary usb drives ... and perhaps it is the only drawback of them ... now you will ask me , " Why ordinary USB can't be U3 smart drive ? " right ?? ... answer is , U3 smart drives are smart because of embedded hardware chip like of CMOS , which ordinary usb drives doesn't have ...

Well, some good guys ( who believes in free software distribution systems ) developed one software, Portable Apps ,which basically can install applications to even ordinary usb drives and make them works same as smart drive ( ahh , please skip that biomatric part ... ) ... this software comes with plenty of useful stuffs like , open office, firefox , thunder bird, pidgin , an antivirus .... in short all opensource and free applications ( and that makes this application free !! )

Give it a try , i am sure you will not be disappointed ...

Njoy ...

What's Wrong with Aussie Companies ???

2008-10-23T12:59:00.002-04:00

A new survey reveals almost 80% of local companies have experienced data breaches in the past five years, with 40% recording between six and 20 breaches.

The Symantec Australian data loss survey shows 59% of businesses suspect they have been the victim of data breaches, but are unable to identify stolen information.

A whopping 34% of respondents report an average breach cost them $5000, while 14% say breaches cost them between $100,000 and $999,999, and 7% over $1 million.

But the main cause of data breaches, the survey reports, was lost laptops at 45%, while human error accounted for 42% of cases. Malicious attacks were responsible for 28% of breaches, while hacking and malware were responsible for 24%.

njoy ...

MEWU - Scene 7 ... IDS for my Network ....

2008-10-17T18:23:00.006-04:00

Well , its been an age old question from the days when people started using computers on network ... is my network secure ?? ... ah , i don't think that in this world there is any system that can't be penetrated !! unless there is no way to communicate with system other then mouse and keyboard ,without internet or any network ... hell even without FDD or CDD !!! ... because in many cases when system get jeopardized , by the inside man ( and believe me ,there is no way to protect the system from that mole until information gets stolen ) !!! ... anyways .... as a preventive measure , network admins install grid of network activity sensors , with help of Intrusion Detection System a.k.a. IDS .... basic function of IDS is to detect unauthorized attempt to enter network or other kind of activity that is illegal according to what so ever network policy ... Snort is the most famous personal IDS ,system that is used for network monitoring purpose .... it is also IPS , intrusion prevention system , and it works with other softwares such as BASE, OSSIM to provide visual output with good interface ...

For my trial , i have used SNORT with BASE (for front end )and My-SQL (for storing data in to database for analysis) and APACHE2 server ....

Getting Prepared ......

The first thing I like to do is grab all the dependent packages that I can from Synaptic. From the Desktop go to System > Administration > Synaptic Package Manager. Enter your password and select Search.

Search for the following packages and install them:

* Libpcap0.8-dev
* libmysqlclient15-dev
* mysql-client-5.0
* mysql-server-5.0
* bison
* flex
* apache2
* libapache2-mod-php5
* php5-gd
* php5-mysql
* libphp-adodb
* php-pear

Gain Root Privileges ...

From the Desktop go to Applications > Accessories > Terminal and type:

$ sudo -i
$ Then your password.

We need to get one more package here,

# apt-get install libc6-dev g++ gcc

Gathering Resources ...

We want to create a temp directory to download and untar files. I'm going to use edge's structure here. In the terminal window type the following:

# cd /root
# mkdir snorttmp
# cd /root/snorttmp

Let's get snort. The latest version of snort at the time of writing is 2.8.3.

Open a web browser and navigate to http://www.snort.org/dl; right click on the most recent release and copy link location.

In the terminal type:

# wget http://www.snort.org/dl/current/snort-2.8.3.tar.gz

It's time to untar the Snort package and remove the tar file.

# tar -xzvf /root/snorttmp/snort-2.8.3.tar.gz
# rm /root/snorttmp/snort-2.8.3.tar.gz

Get Snort Rules ...

Change directories into the new snort-2.8.3 folder.

# cd /root/snorttmp/snort-2.8.3

Open a web browser and navigate to http://www.snort.org/pub-bin/downloads.cgi.

Scroll down to the "Sourcefire VRT Certified Rules - The Official Snort Rule set (unregistered user release)" section. Right click on the most recent release and copy link location.

If you are a forum member you can get newer rules which are under the "registered user release".

In the terminal type:

# wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz

Untar the Snort Rules and remove the tar file.

# tar -xzvf /root/snorttmp/snort-2.8.3/snortrules-pr-2.4.tar.gz
# rm /root/snorttmp/snort-2.8.3/snortrules-pr-2.4.tar.gz

Getting PCRE ... Perl Compatible Regular Epressions ...

Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://www.pcre.org.

Click on the link for the newest release, right click on the newest tar.gz package and select copy link (at the time of writing this is pcre-7.8).

In the terminal type:

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz

Untar PCRE and remove the tar file.

# tar -xzvf /root/snorttmp/pcre-7.8.tar.gz
# rm /root/snorttmp/pcre-7.8.tar.gz

Getting BASE ... Basic Analysis and Security Engine ...

Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://sourceforge.net/project/showfiles.php?group_id=103348.

Click on download then right click on the newest tar.gz package and select copy link (at the time of writing this is base-1.4.1).

In the terminal type:

# wget http://downloads.sourceforge.net/secureideas/base-1.4.1.tar.gz?modtime=1217804205&big_mirror=0

Untar BASE and remove the tar file.

# tar -xzvf /root/snorttmp/base-1.4.1.tar.gz
# rm /root/snorttmp/base-1.4.1.tar.gz

Getting ADOdb ... a database abstraction library for PHP ...

Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://sourceforge.net/project/showfiles.php?group_id=42718.

Click on the download link for adodb-php5-only then right click on the adodb505.tgz package and select copy link (adodb505 is the most recent package at the time of writing).

In the terminal type:

# wget http://downloads.sourceforge.net/adodb/adodb505.tgz?modtime=1215766049&big_mirror=0

Untar ADOdb and remove the tar file.

# tar -xzvf /root/snorttmp/adodb505.tgz
# rm /root/snorttmp/adodb505.tgz

Do an ls to be sure you have all the packages.

# ls /root/snorttmp

Lets have Some Fun !!

a. PCRE install.

# cd /root/snorttmp/pcre-7.8
Here we will do a make/install

# ./configure
# make
# make install

b. Snort install.

# cd /root/snorttmp/snort-2.8.3
Here we will do a make/install

# ./configure -enable-dynamicplugin --with-mysql
# make
# make install

We need to create some folders in /etc for snort to function correctly and copy some files over to them.

# mkdir /etc/snort /etc/snort/rules /var/log/snort

Let's move some files.

# cd /root/snorttmp/snort-2.8.3/rules
# cp * /etc/snort/rules/

Let's get the /etc snort files also.

# cd /root/snorttmp/snort-2.8.3/etc
# cp * /etc/snort/

One more file.

# cp /usr/local/lib/libpcre.so.0 /usr/lib

Configuring Snort ...

We need to modify the snort.conf file to suite our needs.

Open /etc/snort/snort.conf with your favorite text editor (nano, vi, vim, gedit etc.).

# gedit /etc/snort/snort.conf

Change "var HOME_NET any" to "var HOME_NET 192.168.1.0/24" (your home network may differ from 192.168.1.0)
Change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET" (this is stating everything except HOME_NET is external)
Change "var RULE_PATE ../rules" to "var RULE_PATH /etc/snort/rules"

Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.

Save and quit.

Setting UP My-SQL Database ...

Log into the mysql server.

# mysql -u root -p

Sometimes there is no password set so just hit enter.

If you get a failed logon, try the above command again and enter YOUR_PASSWORD.

If there is no password you need to create a password for the root account.

Note: Once you are in mysql the # is now a mysql>

mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');

Create the snort database.

mysql> create database snort;
mysql> exit

We will use the snort schema for the layout of the database.

# mysql -D snort -u root -p < /root/snorttmp/snort-2.8.3/schemas/create_mysql We need to comment out a few lines in the web rules before we can test snort, I am unsure if this has been fixed in the subscriber version. Open up /etc/snort/rules/web-misc.rules with your favorite text editor. # gedit /etc/snort/rules/web-misc.rules Comment out line's 97, 98, and 452 with a "#" (no quotes).

Testing Snort ...

we need to be sure that our installation works fine ,so we do a test drive of snort ...

In the terminal type:

# snort -c /etc/snort/snort.conf

If everything went well you should see an ascii pig.

To end the test hit ctrl + c.

Setting up BASE and APACHE2 ...

We have already installed both Apache2 and BASE, all we have to do now is move some files and modify a config file.
Create a file called test.php in /var/www/ with your favorite text editor.

# gedit /var/www/test.php

write in it:

Save and close this file

We need to edit /etc/php5/apache2/php.ini file.

# gedit /etc/php5/apache2/php.ini

You need to add the following under "Dynamic Extensions".

extension=mysql.so
extension=gd.so

Restart Apache2.

# /etc/init.d/apache2 restart

Get the ip address of the machine you are working on.

# ifconfig -a

Open a web browser and go to http://YOUR.IP.ADDRESS/test.php.

If everything went well, you will have PHP information displayed. Moving more files...

We need to move ADOdb into the /var/www directory.

# mv /root/snorttmp/adodb505 /var/www/

Let's make a directory in www and move BASE.

# mkdir /var/www/web
# mv /root/snorttmp/base-1.4.1 /var/www/web/

We need to temporarily enable writing to the base-1.4.1 folder for setup.

# chmod 757 /var/www/web/base-1.4.1

We also need to modify a PHP setup file using your favorite text editor.

# vim /var/www/web/base-1.4.1/setup/setup1.php

Find the line that says "base_header" and change it to "header".

Save and exit.

We want the graphs in base to work so we need to install a few pear extensions.

# pear install Image_Color
# pear install Image_Canvas-alpha
# pear install Image_Graph-alpha

BASE Setup via the web....

Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/base-1.4.1/setup.

Click continue on the first page.

Step 1 of 5: Enter the path to ADODB.
This is /var/www/adodb505.

Step 2 of 5:
Database type = MySQL, Database name = snort, Database Host = localhost, Database username = root, Database Password = YOUR_PASSWORD

Step 3 of 5: If you want to use authentication enter a username and password here.

Step 4 of 5: Click on Create BASE AG.

Step 5 of 5: one step 4 is done at the bottom click on Now continue to step 5.

Bookmark this page.

Change the permissions back on the /var/www/web/base-1.4.1 folder.

# chmod 775 /var/www/web/base-1.4.1

We are DONE !!!

To start Snort in the terminal type:

# snort -c /etc/snort/snort.conf -i eth0 -D

This starts snort using eth0 interface in a daemon mode.

To make sure it is running you can check with the following command:

# ps aux | grep snort

If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.

Finally , to see the snort in action , we can run BASE engine , by going that page we are using to run via apache server ...

phewww ... after following brain twisting procedures i was finally able to setup my personal IDS using SNORT ,which took me almost more then one and half hour ... i hope this walkthrough will work for you guys too ...

njoy ....

Cloud Computing ..... future of Computing !!!

2008-10-16T11:08:00.003-04:00

The Cloud ... refers to Internet itself ... and so Cloud Computing means , computing with help of internet itself ... The roots of cloud computing is lying near early 90s ... where they first ever thought that internet can be used to provide various services !!! ( at that time it was used to run ATMs ) ...

But people dared to go beyond it and tried to visualize the world where all the applications run via internet .. even operating system's basic functions too !! , just Imagine you are playing free cell on internet !!! well .. its quite possible ... at present the Cloud computing offers various services like .. Web 2.0 applications ... software as a service ... tried google apps ??? ... no application installed on system ... all software and data are stored on server !!!

It has been said that Microsoft and some other companies are working to develop very first OS that is based on Cloud Computing ... who know ... may be after a year or a two .. we might be using it !!!

Cloud computing is getting fame at present time ... because of couple of unbeatable features that no one else can offer .... features like ... its very cheap to use ... device and location independence ... scalability ... but still there are some features that need to gain confidence of users like ... less security ... how can you feel secure about your data stored online rather then on your hard driver ?? ... and unreliability ... what if the application server goes down ?? or if you have insufficient bandwidth ?? ...

But the basic and main requirement of cloud computing is ... guess what ??? ..... ya .. its High speed internet ... right ?? and bad news is the total percentage of internet uses are about nealy 21% ... and even worse is , all these 21% aren't using high speed internet like DSL or Cable ... high number of people are still using DialUp .. i guess its pretty slow for cloud computing ... and i think it is the only reason whey cloud computing is not much popular ....

Subsubstitute of MS Office !!!

2008-10-15T11:36:00.005-04:00

If you are not knowing Microsoft's super famous product MS Office ... then i think you are from the planets of Wookiees ... ( hell , even they must be knowing it !!! ) ...

Actually , its about one the rival application that has got a bit of fame from its first release , its Open Office from Sun !!! ... like we know , its an open source project started by Sun microsystems ... which was originally known as Star Office , a product from German company brought by Sun during end of millennium ...

Open Office , supports all file formats created by MS Office , like .doc , .xls , .ppt etc ... which we use most of the time ... and moreover its all Freeeeee !! , thats the key point to its success , because everybody likes free ... right ??

Recently they have release Open Office 3 ... the latest beta of OO, and like expected from sun .... it supports all extensions created by MS Office 2008 , like .docx and .xlsx .... as it was major hit , the office download site got crashed right on the first day of beta release !!! ... and still its down ( ahh ... but still you can download it ) ...
If you are into search of Open Source software or something that is simply free and yet as powerful as MS Office .. then this is worth trying....

njoy ....

List the Folders ...

2008-10-09T18:53:00.006-04:00

Sometimes , when i have lots of files under one folder and i want to just get the name of all files ... Or in another case , i have an external HDD of massive 750Gigs ... and i simply want to list all the folders and subfolders and files in it ... just imagine you are big fan of RnB and have big collection and you want to make cataloge of it ??? .... then it is really pain in a$$ to first read name and then type in text editor ... and it takes hell lot time too .. right ??

Well , for me , it was just a few mouse clicks ... with help of this junk ... Print Folders .... it simply prints all files / folders / sub folders ( or any of them ) to simple text file .. or a html file ... so we can save it too and read / review it later !!! ...

This tool is pretty handy when you have massive number of files !!!

Njoy ....

Surf Anonymously !!!

2008-10-08T18:40:00.004-04:00

In present time , its really easy for anyone to get someone else' identity on internet , even you IP can reveal you geographical location or worse , your identity !!! Like , we know , any computer on internet is identified by its IP address , and hence all websites use this numbers to identify users ... But with just that information of IP number , wrong guys can make your life hell !!!

Or consider another scenario ... suppose some sites like facebook or myspace are restricted to access from your place !!! .. ( its very common .. right ?? ) ... in that case what you can do ??

For this , we can use PROXY sites .... from webster's dictionary .... Proxy means ...

the agency, function, or office of a deputy who acts as a substitute for another.

authority, power to act for another

a person authorized to work for another

computers have not actual meaning of it ... but you can think it same as above definition ..Well , there are many proxy sites are available on internet ... some are free some are not ... but some works excellent ... These sites don't send any information about user to main server and hence it bypasses restricted web access !!! From the view of end server , it just see the server of proxy site , and hence user can remain hidden .... ( hmm ... isn't technology wonderful ?? ) ... But though proxy sites keep you surfing completely anonymous ... it stores / logs all user activities with their real IPs ... and so , if you are doing something really wrong , then it may be possible that you can be tracked back from it !!! ... ( i guess , if someone is for dirty work .. then s/he , must be knowing other ways, they would never go for this junk ... right ?? )

anyways ... in general ... proxies can be used to just surf anonymously or to bypass internet restrictions ....

Njoy ...

The DarkSide of LinuX !!!!

2008-10-06T16:45:00.005-04:00

" The More you become silent , more you will be able to hear "

Err ... actually its not dark ... but can say its " penetration testing " system !!! well , i am talking about Remote Exploit Guys , who have already brought BackTrack 3 , the ultimate penetration testing operating system ... BT3 is basically used to test weakness of any system or network or server or anything you name it with any type of security leaks ...

BT3 comes as a Live CD , bt they have USB version too !!! BT3 is having all famous tools that are used to test system defence like , kismet , ASS or any you name it and they have it here ... But like they say , they are not professional guys so don't expect any professional help from 'em , but their forum is really great help ...

Sure its worth of try if you want to "test" .... Yours n/w or ... " other's " n/w ..... geeee ... its not wrong to test other's too ... right ?? ... well , its another point of dicussion .... if you want to try BT3 , here is the link to download it ...

Njoy ...

What is "ClickJacking" ??

2008-10-02T10:58:00.004-04:00

"Click Jacking" ..... well , it means almost same to the word it resembles .... Hijacking ...

It is couple of the flaws discovered by researchers , would enable an attacker to make a user click on a virtually invisible, or only briefly visible, link instead of a legitimate one. This kind of weakness would be a goldmine for phishers and could provide a springboard for a host of other attacks. And for this each site needed to be updated but its almost impossible, to guys who have found it contacted vendors of browsers to fix it up ... people says , its been age old vulnerability of browsers but just under-appreciated and now came up with more serious problems ...

But , the details of this vulnerability hasn't been disclosed publicly just to give time to companies to fix this problem and not to give spammers and hackers an open ground ...

njoy ....

Lyrics with Song ...

2008-09-28T19:18:00.006-04:00

Sometimes i just wanted to do karaoke .. ( err , only when i am alone !!! ) ... i always need to search lyrics for songs on internet and then match it track by track to that song ... but its real pain in a$$ ... yesterday , when i was browsing internet , i found one junk software , called ... "mini Lyrics" ...

When i did test drive with my winamp's shoutcast radio .... i was just amazed !!! , this software is awesome ... even with internet radio , it works superfine , and as they change track , this junk gets new song's lyrics automatically almost in no time !!! , and yet its very resource low application that is the plus point .... it supports lots of other popular players , like , winamp , jetaudio , foobar , windows media player , real player and many more .... also , its skinable , so you have have feel and look of your choise ...

better try your self ...

Njoy ...

Beware of PDFs ???

2008-09-26T22:42:00.005-04:00

The Portable Document Format ... PDF .... perhaps the most used way to share or distribute documents on internet ... its because it provides , portability , security and authoritativeness for documents , right ?? You might be surprised to read that , Acrobat Reader is perhaps the most downloaded and uses application among internet users ... reason ?? , because , its free , popular and ultra light .. ( err not by "weight" , by performance and resource consumption ) ...

Secure Computing’s Anti-Malware Research Labs spotted a new and yet unknown exploit toolkit which exclusively targets Adobe’s PDF format !!! This new toolkit targets only PDFs, no other exploits are used to leverage vulnerabilities. Typical functions like caching the already infected users are deployed by this toolkit on the sever-side. Whenever a malicious PDF exploit is successfully delivered, the victim’s IP address is remembered for a certain period of time. During this “ban time” the exploit is not delivered to that IP again, which is another burden for incident handling. Malware spreaders have put this kind of exploits to their arsenal of malicious weapons for a longer time already. The “Tibs” group of malware, for example, is known for planting malicious IFRAMEs onto infected legitimate web sites and having them refer back to their exploit servers. Dissecting the shellcode shows that the payload of the exploits tries to load more malware and the different number per exploit appears to be a kind of affilation ID to keep some statistics and track their different malware campaigns.

But , Secure Anti-Malware customers are protected since such PDF exploits are blocked proactively as “Script.Shellcode.Gen”!!! And don’t forget to not only patch the latested operating system and browser vulnerabilities, but also keep an eye on third-party browser plugins like Adobe Reader, Flash Player and QuickTime.

Better be carefull out there ....

Njoy ...

Make the way for P4P .......

2008-09-25T12:27:00.004-04:00

Peer to Peer a.k.a. P2P technology is on main stream now a days .... but like all of us know, it has recently raised questions about network neutrality 'coz of ISPs like Comcast which tried to throttle p2p activities of users .... its not case of only one ISP , in USA all major ISPs are worried for their large bandwidth consumption and congested networks because of P2P usages ...

So some smartass guys of "Verizon" have formed a group to develope a new kind of protocol for this kind of file sharing ... they call it P4P ... "Proactive network Provider Participation for P2P" ... that ultimately aims to decrease backbone traffic and bring down network operation costs by enabling service providers to communicate information about network conditions to client applications for the purpose of facilitating improved P2P file transfer performance. Instead of selecting peers at random, the P4P protocol leverages network topology data so that peers can be selected in a manner that increases routing efficiency. Verizon believes that P2P technology is moving into the mainstream and is being legitimized for large-scale commercial content delivery. The company sees P4P as a way to enable broader commercial adoption of P2P tech while unclogging the tubes and relieving network congestion.

In a paper published by the P4P group, "P4P: Explicit Communications for Cooperative Control Between P2P and Network Providers," researchers look at some of the unique advantages of P4P compared to other solutions. The report notes that traffic-shaping technologies that rely on deep packet inspection to throttle P2P are easily thwarted by client applications that encrypt traffic and use dynamic ports to evade identification. Without the cooperation of the actual P2P services, the report says, no solution will succeed. "It remains unclear whether in the long run traffic shaping can effectively control the bandwidth consumption of P2P applications and reduce provider's operational costs," the paper's authors note. "By enabling explicit communication between P2P and the network, P4P can enable applications to use network status information to reduce backbone traffic and lower operation costs."

I think its better option chosen by Verizon , then its competitor AT&T ... who want to spy on their own network users for use of this kind of file sharing which violates copyright infringment !!! ... ( damn .... what the hack ??? ... sounds like a private police ... right ??) ... well its another issue ... we'll talk about it someother day ....

njoy ....

MEWU - Scene 6 ... Want to replace FireFox ??

2008-09-24T22:41:00.006-04:00

Well , like you all know , FF is default browser in Ubuntu ... No doubt FF is da best in performance then any other browsers .... ( mostly !!! ) ... But still , its not "catchy" !!! .... yup , its very true ... There are many many other substitutes available for Ubuntu and linux itself .... but all are same dull like FF ... But there is one eye candy browser exists for linux which makes me think twice ... its one and only ... FLOCK ... the social browser !!!

I think , people who are using internet , might be knowing already about this browser , actually its lot more then simple browser , just imagine netscape nevigator with look of chrome !!! .. ( err , i think netscape nevigator is almost obsolate now , but i still remember using that all in one browser which had ability to play a role of web browser to mail manager !!! .. it was late years of millenium , ahh beautiful old days ) ... gasp ... anyways , here we are talking about this new shiney browser ... with its help you can also do things like writing blogs offline and then upload em on supported services of flock ... i mean , all web 2.0 stuffs !!!

Unfortunately they haven't got any .DEB package for flock yet ... so there is not direct way to install it in Debian Systems like Ubuntu ... but there are "ways" for getting things done !!!

Download Flock 2 and select “Save File” to store it on your Desktop.
Open a terminal and run: sudo tar -C /opt -xzvf Desktop/flock-*.tar.gz
Create a link to the new browser within your PATH: sudo ln -s /opt/flock/flock /usr/bin/flock-browser
copy the following into a new file by command , sudo gedit /usr/share/applications/flock.desktop

[Desktop Entry] Encoding=UTF-8 Name=Flock Comment=Flock Web Browser Exec=flock-browser Icon=/opt/flock/icons/mozicon128.png StartupNotify=true Terminal=false Type=Application Categories=Applications;Network

You should now have a new entry in your Applications menu called “Flock Web Browser” (your menu may need to refresh first). You can also launch the browser from the terminal using the command:

flock-browser

If Anytime there is a Flock Browser update you should be able to safely repeat steps 1 and 2 and you’re set.

Njoy ....

(Un)Official Chrome for Linux !!!

2008-09-21T00:35:00.007-04:00

well ... its too unfortunate that they haven't got it for linux yet .... because like you might be knowing that any application uses some native files of OS to run application so , "generally" program designed for one platform doesn't work for another OS platform !!! ( .. why generally?? , well because some application are designed to not to use native files so they may run independently ... ) ... but google guys have been found talking about developement of chrome for linux and mac .... till then we have to wait for " official " release !!!

But some guys of codewavers .... designed an open source project called "Chromium" ... their aim ?? .. obviously to develope a web browser that have a "look" and "feel" and "performance" of chrome !!! but for linux and mac .... Actually , this is not a native port of chrome for linux, but a package installer to be used with wine embedded. Also, this is nowhere close to being as stable as it is under windows and as rightfully pointed out by the developers; this is essentially a proof of concept to show Wine’s capabilities of running native windows application. Packages are available for debian and RPM based linux systems; Mac OS build is also available.

Here are the couple of shots from official site ....

njoy ...

Find the Bots in your computer !!!

2008-09-21T00:05:00.005-04:00

Well ... they are not acutally made of machines like we saw in terminator ( ... btw .. T2 was one of mine fav movie .. ) , its technically some kind of program or software application that are designed to do some specific works when computer gets connected to internet ... in "common man's " ... ( .. it includes women too !! ) ... a SPYWARE ...

Spyware are basically an application that runs in background and gathers specific information for which they are programmed ... for example , keeping track of sites user visited or what user search on internet or for example what user buy ... and in worst case , user login IDs and Passwords !!! and then it send all these information to their master ... to the spyware maker ... ( hmm , sounds like " The key maker " ,well it works same ... did anyone else got headache after watching matrix triology?? ).. but from this explaination you guys might have understood that its only effective when that computer have internet access , without internet its not effective ... ( hell, if i don't have internet access ,then there is almost very low chances of getting "any" kind of infection .. )

Anyways .... i have been knowing this junk from the time i know how to use internet explorer , and its very reliable .. they call its .. Spybot Search & Destroy ... It can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer. Modules chosen for removal can be sent directly to the included file shredder, ensuring complete elimination from your system. For advanced users, it allows you to fix Registry inconsistencies related to adware and to malicious program installations. The handy online-update feature ensures that Spybot always has the most current and complete listings of adware, dialers, and other uninvited system residents.

It has saved my #$* number of times ... so i trust this junk ... but like some have said ... " if you want to do something then do it your self " ... so better try yourself and judge it ..

njoy ....

MD5 ..... cross check the integrity ...

2008-09-14T19:23:00.007-04:00

trust but verify ...
~ronald reagan

When ever we download any file ( setup file for an example ) , we never be sure that its the "original" file from original author . And hence it can be some malicious thing too !!! so guys of internet had been using an integrity checker that is Message Digest Algorithm 5 .. a.k.a. MD5 ... As an Internet standard RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. An MD5 hash is typically expressed as a 32 digit hexadecimal number.

MD5 is basically cryptographic hash function with 128 bit hash value... MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. For example, file servers often provide a pre-computed MD5 checksum for the files, so that a user can compare the checksum of the downloaded file to it. Unix-based operating systems include MD5 sum utilities in their distribution packages, whereas Windows users use third-party applications.

However, now that it is easy to generate MD5 collisions, it is possible for the person who created the file to create a second file with the same checksum, so this technique cannot protect against some forms of malicious tampering. Also, in some cases the checksum cannot be trusted (for example, if it was obtained over the same channel as the downloaded file), in which case MD5 can only provide error-checking functionality: it will recognize a corrupt or incomplete download, which becomes more likely when downloading larger files.

To check integrity of downloaded file in Unix/Linux based OS, simply type

md5sum file.name

it will return with some hash values which is then needed to be compared with values provided on site of that software ... but remember that this command has to be run in the folder where that file has been downloaded , no where else ...

for windows .. its a little easy , here hash values are compared with help of a software ... its winMD5sum , an open source and free software .... to check integrity ...

simply right click on the downloaded file and go to "send to" , in it winMD5Sum , it will calculate hash values automatically , now enter values provided by site and click on compare ... if values matches then it will say .. checksum are same ...

so from next time when you download something , better try to be sure that you have not downloaded rouge ...... best luck ...

njoy ....

Free AntiVirus for One Year !!!

2008-09-14T01:01:00.003-04:00

There is one company called CA , ( ahh , its the same company makes ERWin , a very popular database modeling software ) is offering one year free subscription to their Antivirus product .. "CA Antivirus 2008" ... its pretty good antivirus with a very good price --- "free" ...

If you're unprotected, viruses can invade through email, downloads, instant messages, and even Web pages. From there, they can erase your files, damage your hard drive, and destroy the information you value most: photos, music, documents, and more. CA Anti-Virus provides comprehensive protection against viruses, worms and Trojan horse programs ....

All you need is to go to their registration page and get registered to get your Serial Key ....

njoy ... and have a safe system ..