Thursday, October 30, 2008

Eyecandy cursor for Desktop !!

· 0 comments



Sick of looking at that same old cursor? Replace your plain old cursor with animated 3D pointers that look good and can be set to perform tricks, like dotting the screen with color when you click or leaving trails of bubbles in its wake.




CursorFX includes a number of nifty cursor options, and more await in Stardock's online user gallery. We love that your cursor changes over before you even close the program.

You can tweak the custom cursor's look and feel and can easily turn the cursor off if you need a reminder of what you've left behind. CursorFX integrates into the Mouse panel, takes only about 1MB of RAM, and does not slow the cursor's movement. This free application is a must-have for upgrading Vista or XP's look.


Njoy ....



Blogged with the Flock Browser

Tuesday, October 28, 2008

Beware of What you Type ???

· 0 comments

" Keyboard Sniffing " .... a very new kind of sniffing method which can be used to sniff keys pressed by target user on keyboard !!!

Actually it was just an experiment by swiss students to show a new way of cyber attack ... Doctoral students Martin Vuagnoux and Sylvain Pasini from the Security and Cryptography Laboratory at the Swiss Ecole Polytechnique Federale de Lausanne have revealed that the electromagnetic signals produced by every keystroke can be tracked by hackers.

The students claimed that by analyzing the signals produced by keystrokes, they can reproduce what the target typed. Results led the students to claim that keyboards were not safe to transmit sensitive information.

 

They tested the technology on 11 keyboard models that were connected either by a USB or a PS/2 socket and every keyboard tested was vulnerable to at least one of the four attacks the researchers used. One attack was shown to work over a distance of 20 meters.

 

The students used a radio antenna in their research to fully or partially recover keystrokes by spotting the electromagnetic radiation emitted when keys were pressed.



Njoy ...




Blogged with the Flock Browser

Monday, October 27, 2008

Some routers are susceptible to SNMP injection !!!

· 0 comments

   

yesterday , i was like always wondering here n there on internet found one article on one of my " source of information " ... that ... not all but some routers from popular vendors are vulnerable to SNMP injection ....

But first , what is SNMP , its Simple Network Management Protocol , which is basically used to monitor network attached devices for conditions that warrant administrative attention. Don't mislead from its name , implementation of this protocol is way too difficult...

Penetration Testing Co. .... ProCheckUp surveyed devices from vendors such as Cisco, Proxim, 3Com and ZyXEL which were all found to be vulnerable.

 

Identified in ProCheckUp's ‘ZyXEL Gateways Vulnerability Research' paper, it

allows hackers to cause a persistent HTML injection condition on the web management console of several ZyXEL Prestige router models. Provided that an attacker has guessed or cracked the write SNMP community string of a device, they would be able to inject malicious code into the administrative web interface by changing the values of OIDs (SNMP MIB objects) that are printed on HTML pages.

The purpose behind injecting malicious code into the web console via SNMP is to fully compromise the device once the page containing the payload is viewed by the administrator.

The company initially suspected that such an attack was possible on a large number of embedded devices in use in the market, and although the SNMP write community string must be guessed or cracked for this attack to work, some devices come with SNMP read/write access enabled by default using common community strings such as ‘public', ‘private', ‘write' and ‘cable-docsis'.

 

ProCheckUp also claimed that the use of customised but weak SNMP write community strings, and other weaknesses within the devices SNMP stack implementation should be taken into account when evaluating the feasibility of this attack.



Njoy ....

Friday, October 24, 2008

Converting Ordinary FlashDrive into Smart Drive !!

· 0 comments

Flash Drives / Pen Drives / USB Drives , are quite common in use today for easy transferring data to any place ... they gives us access to out files any time , any where ... right ?? During recent time , some smart guys have designed " Smart Drives " which not only carries data but it also carries bunch of software within that USB drive ... imagine that you are forced to work on some junk computer that even don't have required software for your work , or your favorite browser application or any AV installed !!! or just for sake of security you don't want to use browser of that unknown computer ... in this case these Smart Drives becomes very handy ,right ?? most of them use " U3 technology " .... hell, now a days even smarter drives are in market which uses "biometric ID system" , means you need to scan you finger before you access them !!! ( you can assume that in near future, they are gonna introduce face recognition technology in these drives too !!! )

But still these "smart drivers" are bit costlier then ordinary usb drives ... and perhaps it is the only drawback of them ... now you will ask me , " Why ordinary USB can't be U3 smart drive ? " right ?? ... answer is , U3 smart drives are smart because of embedded hardware chip like of CMOS , which ordinary usb drives doesn't have ...





Well, some good guys ( who believes in free software distribution systems ) developed one software, Portable Apps ,which basically can install applications to even ordinary usb drives and make them works same as smart drive ( ahh , please skip that biomatric part ... ) ... this software comes with plenty of useful stuffs like , open office, firefox , thunder bird, pidgin , an antivirus .... in short all opensource and free applications ( and that makes this application free !! )

Give it a try , i am sure you will not be disappointed ...

Njoy ...

Thursday, October 23, 2008

What's Wrong with Aussie Companies ???

· 0 comments



A new survey reveals almost 80% of local companies have experienced data breaches in the past five years, with 40% recording between six and 20 breaches.

The Symantec Australian data loss survey shows 59% of businesses suspect they have been the victim of data breaches, but are unable to identify stolen information.

A whopping 34% of respondents report an average breach cost them $5000, while 14% say breaches cost them between $100,000 and $999,999, and 7% over $1 million.

But the main cause of data breaches, the survey reports, was lost laptops at 45%, while human error accounted for 42% of cases. Malicious attacks were responsible for 28% of breaches, while hacking and malware were responsible for 24%.


njoy ...

Friday, October 17, 2008

MEWU - Scene 7 ... IDS for my Network ....

· 0 comments

Well , its been an age old question from the days when people started using computers on network ... is my network secure ?? ... ah , i don't think that in this world there is any system that can't be penetrated !! unless there is no way to communicate with system other then mouse and keyboard ,without internet or any network ... hell even without FDD or CDD !!! ... because in many cases when system get jeopardized , by the inside man ( and believe me ,there is no way to protect the system from that mole until information gets stolen ) !!! ... anyways .... as a preventive measure , network admins install grid of network activity sensors , with help of Intrusion Detection System a.k.a. IDS .... basic function of IDS is to detect unauthorized attempt to enter network or other kind of activity that is illegal according to what so ever network policy ... Snort is the most famous personal IDS ,system that is used for network monitoring purpose .... it is also IPS , intrusion prevention system , and it works with other softwares such as BASE, OSSIM to provide visual output with good interface ...

For my trial , i have used SNORT with BASE (for front end )and My-SQL (for storing data in to database for analysis) and APACHE2 server ....





Getting Prepared ......

The first thing I like to do is grab all the dependent packages that I can from Synaptic. From the Desktop go to System > Administration > Synaptic Package Manager. Enter your password and select Search.

Search for the following packages and install them:

* Libpcap0.8-dev
* libmysqlclient15-dev
* mysql-client-5.0
* mysql-server-5.0
* bison
* flex
* apache2
* libapache2-mod-php5
* php5-gd
* php5-mysql
* libphp-adodb
* php-pear


Gain Root Privileges ...

From the Desktop go to Applications > Accessories > Terminal and type:

$ sudo -i
$ Then your password.

We need to get one more package here,

# apt-get install libc6-dev g++ gcc


Gathering Resources ...

We want to create a temp directory to download and untar files. I'm going to use edge's structure here. In the terminal window type the following:

# cd /root
# mkdir snorttmp
# cd /root/snorttmp

Let's get snort. The latest version of snort at the time of writing is 2.8.3.

Open a web browser and navigate to http://www.snort.org/dl; right click on the most recent release and copy link location.

In the terminal type:

# wget http://www.snort.org/dl/current/snort-2.8.3.tar.gz

It's time to untar the Snort package and remove the tar file.

# tar -xzvf /root/snorttmp/snort-2.8.3.tar.gz
# rm /root/snorttmp/snort-2.8.3.tar.gz


Get Snort Rules ...


Change directories into the new snort-2.8.3 folder.

# cd /root/snorttmp/snort-2.8.3

Open a web browser and navigate to http://www.snort.org/pub-bin/downloads.cgi.

Scroll down to the "Sourcefire VRT Certified Rules - The Official Snort Rule set (unregistered user release)" section. Right click on the most recent release and copy link location.

If you are a forum member you can get newer rules which are under the "registered user release".

In the terminal type:

# wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz

Untar the Snort Rules and remove the tar file.

# tar -xzvf /root/snorttmp/snort-2.8.3/snortrules-pr-2.4.tar.gz
# rm /root/snorttmp/snort-2.8.3/snortrules-pr-2.4.tar.gz


Getting PCRE ... Perl Compatible Regular Epressions ...


Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://www.pcre.org.

Click on the link for the newest release, right click on the newest tar.gz package and select copy link (at the time of writing this is pcre-7.8).

In the terminal type:

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz

Untar PCRE and remove the tar file.

# tar -xzvf /root/snorttmp/pcre-7.8.tar.gz
# rm /root/snorttmp/pcre-7.8.tar.gz


Getting BASE ... Basic Analysis and Security Engine ...

Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://sourceforge.net/project/showfiles.php?group_id=103348.

Click on download then right click on the newest tar.gz package and select copy link (at the time of writing this is base-1.4.1).

In the terminal type:

# wget http://downloads.sourceforge.net/secureideas/base-1.4.1.tar.gz?modtime=1217804205&big_mirror=0

Untar BASE and remove the tar file.

# tar -xzvf /root/snorttmp/base-1.4.1.tar.gz
# rm /root/snorttmp/base-1.4.1.tar.gz


Getting ADOdb ... a database abstraction library for PHP ...


Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://sourceforge.net/project/showfiles.php?group_id=42718.

Click on the download link for adodb-php5-only then right click on the adodb505.tgz package and select copy link (adodb505 is the most recent package at the time of writing).

In the terminal type:

# wget http://downloads.sourceforge.net/adodb/adodb505.tgz?modtime=1215766049&big_mirror=0

Untar ADOdb and remove the tar file.

# tar -xzvf /root/snorttmp/adodb505.tgz
# rm /root/snorttmp/adodb505.tgz

Do an ls to be sure you have all the packages.

# ls /root/snorttmp

Lets have Some Fun !!

a. PCRE install.

# cd /root/snorttmp/pcre-7.8
Here we will do a make/install

# ./configure
# make
# make install

b. Snort install.


# cd /root/snorttmp/snort-2.8.3
Here we will do a make/install

# ./configure -enable-dynamicplugin --with-mysql
# make
# make install

We need to create some folders in /etc for snort to function correctly and copy some files over to them.


# mkdir /etc/snort /etc/snort/rules /var/log/snort

Let's move some files.

# cd /root/snorttmp/snort-2.8.3/rules
# cp * /etc/snort/rules/

Let's get the /etc snort files also.

# cd /root/snorttmp/snort-2.8.3/etc
# cp * /etc/snort/

One more file.

# cp /usr/local/lib/libpcre.so.0 /usr/lib


Configuring Snort ...


We need to modify the snort.conf file to suite our needs.

Open /etc/snort/snort.conf with your favorite text editor (nano, vi, vim, gedit etc.).

# gedit /etc/snort/snort.conf

Change "var HOME_NET any" to "var HOME_NET 192.168.1.0/24" (your home network may differ from 192.168.1.0)
Change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET" (this is stating everything except HOME_NET is external)
Change "var RULE_PATE ../rules" to "var RULE_PATH /etc/snort/rules"

Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.

Save and quit.

Setting UP My-SQL Database ...

Log into the mysql server.

# mysql -u root -p

Sometimes there is no password set so just hit enter.

If you get a failed logon, try the above command again and enter YOUR_PASSWORD.

If there is no password you need to create a password for the root account.

Note: Once you are in mysql the # is now a mysql>

mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');


Create the snort database.


mysql> create database snort;
mysql> exit

We will use the snort schema for the layout of the database.

# mysql -D snort -u root -p < /root/snorttmp/snort-2.8.3/schemas/create_mysql We need to comment out a few lines in the web rules before we can test snort, I am unsure if this has been fixed in the subscriber version. Open up /etc/snort/rules/web-misc.rules with your favorite text editor. # gedit /etc/snort/rules/web-misc.rules Comment out line's 97, 98, and 452 with a "#" (no quotes).

Testing Snort ...

we need to be sure that our installation works fine ,so we do a test drive of snort ...

In the terminal type:

# snort -c /etc/snort/snort.conf

If everything went well you should see an ascii pig.

To end the test hit ctrl + c.

Setting up BASE and APACHE2 ...

We have already installed both Apache2 and BASE, all we have to do now is move some files and modify a config file.
Create a file called test.php in /var/www/ with your favorite text editor.

# gedit /var/www/test.php

write in it:

Save and close this file

We need to edit /etc/php5/apache2/php.ini file.

# gedit /etc/php5/apache2/php.ini

You need to add the following under "Dynamic Extensions".

extension=mysql.so
extension=gd.so

Restart Apache2.

# /etc/init.d/apache2 restart

Get the ip address of the machine you are working on.

# ifconfig -a

Open a web browser and go to http://YOUR.IP.ADDRESS/test.php.

If everything went well, you will have PHP information displayed. Moving more files...

We need to move ADOdb into the /var/www directory.

# mv /root/snorttmp/adodb505 /var/www/

Let's make a directory in www and move BASE.

# mkdir /var/www/web
# mv /root/snorttmp/base-1.4.1 /var/www/web/

We need to temporarily enable writing to the base-1.4.1 folder for setup.

# chmod 757 /var/www/web/base-1.4.1

We also need to modify a PHP setup file using your favorite text editor.

# vim /var/www/web/base-1.4.1/setup/setup1.php

Find the line that says "base_header" and change it to "header".

Save and exit.


We want the graphs in base to work so we need to install a few pear extensions.


# pear install Image_Color
# pear install Image_Canvas-alpha
# pear install Image_Graph-alpha



BASE Setup via the web....

Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/base-1.4.1/setup.

Click continue on the first page.


Step 1 of 5: Enter the path to ADODB.
This is /var/www/adodb505.


Step 2 of 5:
Database type = MySQL, Database name = snort, Database Host = localhost, Database username = root, Database Password = YOUR_PASSWORD


Step 3 of 5: If you want to use authentication enter a username and password here.


Step 4 of 5: Click on Create BASE AG.


Step 5 of 5: one step 4 is done at the bottom click on Now continue to step 5.


Bookmark this page.

Change the permissions back on the /var/www/web/base-1.4.1 folder.

# chmod 775 /var/www/web/base-1.4.1


We are DONE !!!

To start Snort in the terminal type:

# snort -c /etc/snort/snort.conf -i eth0 -D

This starts snort using eth0 interface in a daemon mode.

To make sure it is running you can check with the following command:

# ps aux | grep snort

If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.



Finally , to see the snort in action , we can run BASE engine , by going that page we are using to run via apache server ...

phewww ... after following brain twisting procedures i was finally able to setup my personal IDS using SNORT ,which took me almost more then one and half hour ... i hope this walkthrough will work for you guys too ...

njoy ....

Thursday, October 16, 2008

Cloud Computing ..... future of Computing !!!

· 0 comments

The Cloud ... refers to Internet itself ... and so Cloud Computing means , computing with help of internet itself ... The roots of cloud computing is lying near early 90s ... where they first ever thought that internet can be used to provide various services !!! ( at that time it was used to run ATMs ) ...

But people dared to go beyond it and tried to visualize the world where all the applications run via internet .. even operating system's basic functions too !! , just Imagine you are playing free cell on internet !!! well .. its quite possible ... at present the Cloud computing offers various services like .. Web 2.0 applications ... software as a service ... tried google apps ??? ... no application installed on system ... all software and data are stored on server !!!

It has been said that Microsoft and some other companies are working to develop very first OS that is based on Cloud Computing ... who know ... may be after a year or a two .. we might be using it !!!

Cloud computing is getting fame at present time ... because of couple of unbeatable features that no one else can offer .... features like ... its very cheap to use ... device and location independence ... scalability ... but still there are some features that need to gain confidence of users like ... less security ... how can you feel secure about your data stored online rather then on your hard driver ?? ... and unreliability ... what if the application server goes down ?? or if you have insufficient bandwidth ?? ...

But the basic and main requirement of cloud computing is ... guess what ??? ..... ya .. its High speed internet ... right ?? and bad news is the total percentage of internet uses are about nealy 21% ... and even worse is , all these 21% aren't using high speed internet like DSL or Cable ... high number of people are still using DialUp .. i guess its pretty slow for cloud computing ... and i think it is the only reason whey cloud computing is not much popular ....

Wednesday, October 15, 2008

Subsubstitute of MS Office !!!

· 0 comments

If you are not knowing Microsoft's super famous product MS Office ... then i think you are from the planets of Wookiees ... ( hell , even they must be knowing it !!! ) ...

Actually , its about one the rival application that has got a bit of fame from its first release , its Open Office from Sun !!! ... like we know , its an open source project started by Sun microsystems ... which was originally known as Star Office , a product from German company brought by Sun during end of millennium ...





Open Office , supports all file formats created by MS Office , like .doc , .xls , .ppt etc ... which we use most of the time ... and moreover its all Freeeeee !! , thats the key point to its success , because everybody likes free ... right ??

Recently they have release Open Office 3 ... the latest beta of OO, and like expected from sun .... it supports all extensions created by MS Office 2008 , like .docx and .xlsx .... as it was major hit , the office download site got crashed right on the first day of beta release !!! ... and still its down ( ahh ... but still you can download it ) ...
If you are into search of Open Source software or something that is simply free and yet as powerful as MS Office .. then this is worth trying....

njoy ....

Thursday, October 9, 2008

List the Folders ...

· 0 comments

Sometimes , when i have lots of files under one folder and i want to just get the name of all files ... Or in another case , i have an external HDD of massive 750Gigs ... and i simply want to list all the folders and subfolders and files in it ... just imagine you are big fan of RnB and have big collection and you want to make cataloge of it ??? .... then it is really pain in a$$ to first read name and then type in text editor ... and it takes hell lot time too .. right ??

Well , for me , it was just a few mouse clicks ... with help of this junk ... Print Folders .... it simply prints all files / folders / sub folders ( or any of them ) to simple text file .. or a html file ... so we can save it too and read / review it later !!! ...




This tool is pretty handy when you have massive number of files !!!

Njoy ....

Wednesday, October 8, 2008

Surf Anonymously !!!

· 0 comments

In present time , its really easy for anyone to get someone else' identity on internet , even you IP can reveal you geographical location or worse , your identity !!! Like , we know , any computer on internet is identified by its IP address , and hence all websites use this numbers to identify users ... But with just that information of IP number , wrong guys can make your life hell !!!

Or consider another scenario ... suppose some sites like facebook or myspace are restricted to access from your place !!! .. ( its very common .. right ?? ) ... in that case what you can do ??

For this , we can use PROXY sites .... from webster's dictionary .... Proxy means ...

the agency, function, or office of a deputy who acts as a substitute for another.

authority, power to act for another

a person authorized to work for another


computers have not actual meaning of it ... but you can think it same as above definition ..Well , there are many proxy sites are available on internet ... some are free some are not ... but some works excellent ... These sites don't send any information about user to main server and hence it bypasses restricted web access !!! From the view of end server , it just see the server of proxy site , and hence user can remain hidden .... ( hmm ... isn't technology wonderful ?? ) ... But though proxy sites keep you surfing completely anonymous ... it stores / logs all user activities with their real IPs ... and so , if you are doing something really wrong , then it may be possible that you can be tracked back from it !!! ... ( i guess , if someone is for dirty work .. then s/he , must be knowing other ways, they would never go for this junk ... right ?? )

anyways ... in general ... proxies can be used to just surf anonymously or to bypass internet restrictions ....

Njoy ...

Monday, October 6, 2008

The DarkSide of LinuX !!!!

· 0 comments

" The More you become silent , more you will be able to hear "
Err ... actually its not dark ... but can say its " penetration testing " system !!! well , i am talking about Remote Exploit Guys , who have already brought BackTrack 3 , the ultimate penetration testing operating system ... BT3 is basically used to test weakness of any system or network or server or anything you name it with any type of security leaks ...

BT3 comes as a Live CD , bt they have USB version too !!! BT3 is having all famous tools that are used to test system defence like , kismet , ASS or any you name it and they have it here ... But like they say , they are not professional guys so don't expect any professional help from 'em , but their forum is really great help ...

Sure its worth of try if you want to "test" .... Yours n/w or ... " other's " n/w ..... geeee ... its not wrong to test other's too ... right ?? ... well , its another point of dicussion .... if you want to try BT3 , here is the link to download it ...

Njoy ...

Thursday, October 2, 2008

What is "ClickJacking" ??

· 0 comments

"Click Jacking" ..... well , it means almost same to the word it resembles .... Hijacking ...

It is couple of the flaws discovered by researchers , would enable an attacker to make a user click on a virtually invisible, or only briefly visible, link instead of a legitimate one. This kind of weakness would be a goldmine for phishers and could provide a springboard for a host of other attacks. And for this each site needed to be updated but its almost impossible, to guys who have found it contacted vendors of browsers to fix it up ... people says , its been age old vulnerability of browsers but just under-appreciated and now came up with more serious problems ...

But , the details of this vulnerability hasn't been disclosed publicly just to give time to companies to fix this problem and not to give spammers and hackers an open ground ...

njoy ....

Supporting the Cause

Creative Commons

Translate into your Language

New Day New Giveaway

Powered By Blogger