Darpa to take humans out of network management

The Defense Advanced Research Projects Agency (Darpa) is researching computer networks that can organise and run themselves without human intervention, and dramatically increase available radio spectrum.

The organisation has been outlining its research goals to Congress in its 2009 Strategic Plan (PDF). One area is the design of a network infrastructure that can configure and maintain itself. It is initially intended for linking participants in battle, but could also have civilian uses.

"At the core of this concept are robust, secure and self-forming networks. These networks must be at least as reliable, available, secure and survivable as the weapons and forces they connect. They must distribute huge amounts of data quickly and precisely," says the report.

"But in order for these networks to realise their full potential, they must form, manage, defend and heal themselves, so they always function at the enormously high speeds that provide their advantages. This means that people can no longer be central to establishing, managing and administering them."

Some of the systems are in a very advanced stage, the agency reports. The Network Centric Radio System is already in operation, and can set up a self-healing ad hoc network gateway to link radio and network communications systems.

Darpa is also funding research into how to use existing spectrum more efficiently. Its neXt Generation Communications technology is being used to allocate spectrum dynamically, so that devices can use spectrum assigned to other uses when it is not being used. Tests have shown a tenfold increase in spectrum efficiency using this method.

from VUnet …

Njoy …

The Best Firewall for FREE !!! … just for today …

 

Online Armor - is a Personal Firewall to protect your money, identity and your Data. Whether you’re browsing , Transacting or receiving Email; Online Armor can protect you. This award winning software is easy to use right of the box.

The powerful “HIPS” functions, which is designed to stop all unrecognized programs from running on your computer, makes it possible to protect yourself against new threats and attacks.

In standard mode, most decisions are made completely automatically based on Online Armor’s whitelist - users never need answer a complex firewall prompt again.

Online Armor protects your passwords and private information from being stolen by blocking keyloggers as they try to activate. Online Armors behaviour detection ensures that even specially created or new keyloggers are detected and prevented.

The version given in GOTD is a full paid version which has following features … which are way more then any other firewall gives you for free !!!

• Keylogger Detection
• Mail Filter
• Web Filter
• Spam Shield
• Cookie Cutter
• Trusted Sites
• Untrusted Sites
• Prevent Spyware
• Remove Spyware
• Settings Monitor
• IE Extensions
• DNS Checker
• Hosts Checker
• Simple to Use
• Firewall
• Easy to Use Firewall
• Powerful Windows Firewall
• Firewall Leak Tests
• Run as Limited User
• Worm Protection
• Termination Protection
• Spyware Prevention Tips
• Spyware Prevention With Online Armor
• Trojan Protection
• How to Block Dangerous Sites
• Lightweight Security for
  Windows
• Spyware Removal Tips
• Autoruns Management
• Online Armor Test Results

ONLINE ARMOR had also been reviewed by many other people and nearly all of them found this firewall , perhaps the best in its category … some reviews are …

Matousec … an independent software testing company ..

Scot Finnie’s … Scot’s News letter …

CNET …

 

and just for today … my favorite site … Give away of the day .. is giving it away for free with 1 year subscription … perhaps it is one of the best giveaway by GOTD …

you can download online armor from here … GOTD site …

Njoy …

Ericsson to enable wireless kill switch for laptops !!!

 

A laptop remote-kill switch has long been a fantasy of those paranoid about theft and service providers alike. And now, with the latest wave of subsidized notebooks coming out of wireless carriers, said switches are coming in the form of a new mobile broadband card from Ericsson. The card, designed to work on HSPA/GPRS/EDGE networks, is slated for release in June, and carries with it a number of innovative features. But the most interesting is that it supports certain security options that work with Intel's anti-theft technology, allowing carriers to send a signal that will lock down the machine and make it unusable.

Ericsson's F3607gw module boasts reduced power consumption, prolonged battery life, and increased integration with the OS. Ericsson specifically highlights the F3607gw's wake-on-wireless feature, which allows users to remotely wake the notebook at specific times, like when an important message is received or the computer has been stolen.

"An anti-theft management service in the network can send a message via SMS to the mobile-broadband module inside the notebook, which securely transfers the message to Intel's Anti-Theft function inside the processor platform," says Ericsson. "This takes appropriate actions, such as completely locking the computer and making it unusable."

Intel's anti-theft technology (ATT) differs from current disk encryption because it would render the laptop useless even if the hard drive is replaced. While this may not help the victim get the laptop back, if widely adopted, ATT could deter thieves from stealing laptops in the first place if all they would end up with is an inoperable chunk of plastic and metal. Of course, if users want their data to be secure and for the laptop to be unbootable, it's probably wise to employ both ATT and some sort of disk encryption technology, in case the hard drive is removed and placed in another machine.

Theft isn't the only situation in which the machine may be remotely locked down, though. As noted by the AP, customers who bought their notebooks under heavy subsidies from wireless carriers in exchange for service contracts may also find their computers being locked down if they fall too far behind on their bills. This situation seems unlikely, however—not only would it be seen as a massive invasion of privacy for a carrier to lock users out of their own computers, but there will likely be a way for users to shut off the wake on wireless feature, rendering such attempts useless.

Njoy …

Nearly Half the Hard Drives on EBay Hold Personal Data !!!

 

 

EBay … one of my favorite place to buy computer junk online with good price and options … just like many people around the world …

Recently a New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders from eBay contained personal, private and sensitive information -- everything from corporate financial data to the Web-surfing history and downloads of a man with a foot fetish.

Kessler International conducted the survey over a six-month period, buying up disk drives from the United States and Canada ranging in size from 40GB to 300GB. The firm, which completed its survey about two weeks ago, bought a total of 100 relatively modern drives, the vast majority of them serial ATA.

"With size of the sample, I guess we were surprised with the percentage of disks that we found data on," said Michael Kessler, CEO of Kessler International. "We expected most of the drives to be wiped -- to find one or two disks with data. But 40 drives out of 100 is a lot."

While Kessler's engineers had to use special forensics software to retrieve data from some of the hard drives, others contained sensitive data in the clear, having never been overwritten or erased. The data included personal documents, financial information, e-mails, DNS server information and photographs.

"The average person who knows anything about computers could plug in these disks and just go surfing," Kessler said. "I know they found a guy's foot fetish on one disk. He'd been downloading loads and loads of stuff on feet. With what we got on that disk -- his name, address and all of his contacts -- it would have been extremely embarrassing if we were somebody who wanted to blackmail him."

Kessler said his company specifically avoided buying drives whose sellers indicated they'd been erased.

Kessler International broke down the kind of data it retrieved this way: Personal and confidential documents, including financial information, (36%); e-mails, (21%); photos, (13%); corporate documents, (11%); Web browsing histories, (11%); DNS server information, (4%); Miscellaneous data, (4%).

"We were more concerned with searching for people's identification, which is what we found, but we were surprised by all the corporate spreadsheets and business finance records we found," Kessler said.

The forensics firm even found one company's "secret" French fries recipe, Kessler said.

In recent years, hard drives have shown up on eBay that contain all kinds of sensitive data. In April 2006, Idaho Power Co. learned that drives it thought had been recycled had actually been sold on eBay with data still intact. The Boise, Idaho-based utility had used the drives in servers; when bought on eBay, they still contained proprietary corporate information such as memos, customer correspondence and confidential employee information.

well i think it may be true for all sites that sell old HDDs … it may contain personal information … and i think for this user may need something more then just disk formatting tool say … drive scrubber ?? … which can even re-write tracks and sectors of HDD which makes almost impossible to recover data from formatted HDD !!!

 

Njoy …

Be warned by Police for Botnet infection !!!

 

Police in the Netherlands claim a world's first in warning victims whose computers were infected by a botnet that was shut down last week. The victims will be forwarded to a special Web page offering instructions on cleaning up their systems.

The high-tech crime unit of the police started issuing the warnings on Wednesday. Users with infected systems are automatically sent a special page when they log onto the Internet. The page offers instructions on disabling the botnet, as well as a link to Kaspersky's online virus scanner and a request to file charges against the botnet herder, a 19- year-old man from the Dutch city of Sneek who was arrested last week.

The page, which was created in cooperation with Kaskersky Labs, marks the first time that botnet victims have been proactively warned by authorities, said Eddy Willems, a virus evangelist with Kaspersky Labs in the Netherlands. "This might initiate other actions in neighboring countries, so we can continue doing this in a coordinated fashion throughout the European Union," Willems told Webwereld. "That would be a good way to fight these crimes."

Releasing a computer from the controls of the botnet might not be for the amateur computer user. Users among other things have to dig into the Windows registry and disable a rootkit that prevented detection of the malware by the user and security software. Willems cautions that users should be careful even after they have followed the step-by-step removal instructions, because the computer is likely to contain additional malware and viruses.

Authorities are able to forward victims to the special page because they have taken over control of the botnet. Infected computers will contact a central server in Russia for instructions. Normally this controlling server will order the computers to start malicious tasks such as sending spam, hosting child pornography or launching a distributed denial of service attack. But the server has been reprogrammed to forward the systems to the warning page.

The botnet herder was arrested last week after he tried to sell his network to a man in Brazil for Euro 25,000. At the time, the botnet was estimated to have snared 100,000 computers. Willems claims current estimates peg the number of infections at 140,000 to 150,000.

from computerworld ….

Njoy …

Macs hit with BitTorrent-embedded malware attack

 

 

 

For years, Mac users have long been rightfully smug about their platform's relative immunity to virus and malware attacks, but it's inevitable that those days will eventually come to an end. (As the Mac gains in popularity, it also earns more attention from malware developers, and it's this lack of malware being actively developed, not some special, inherent security, that have really kept the Mac a "safe" platform for the time being.)

Now we're seeing one of the first moderately-sized exploits to take advantage of Mac users. The iServices.A Trojan horse is an attack being distributed via BitTorrent, where it's disguised as a bootleg copy of the new iWork 09. Once installed, the malware takes administrator access and connects to remote servers over the Internet, where it can be given additional instructions as the author commands, from installing additional malware to stealing information off the Mac in question. The malware creator can also take complete remote control of any compromised machine.

Security firm Intego said that just 20,000 machines had been infected as of January 21 but that the risk of ongoing infection was "serious, and users may face extremely serious consequences" if they are stricken with the malware.

Mac users are suggested to use common sense -- that is, don't try to download and installed pirated software -- and to update any antivirus definitions immediately. If you're a Mac user and aren't using security software, well, this might be a good time to start.

As well, if you've been hit by this piece of malware, a removal tool is available here. (Please note: I have not tested it.)

from yahoo news …

Njoy …

So Safe Linux ... is not much safe now ???

There seems to be a false sense of security among some Linux users. The number of malicious programs specifically written for GNU/Linux has been on the increase in recent years and in the year of 2005 alone has more than doubled: from 422 to 863. Some security consultants will argue that Linux has fewer viruses/malwares because it is less attractive as a target for having a smaller user base (compare ~90.66% Windows vs ~0.93% Linux). You may call me a traitor but I agree with that assessment. There is no reason why we will not see a rise of malware designed for Linux as it becomes more mainstream among ordinary users.

I’ve heard so many times from beginners “do I need an anti-virus?”, “Linux has no viruses”, “There’s no way a virus could infect a Linux box”. This is the false sense of security that many new Linux users are dealing with today. Most are just starting out as Linux users and have no idea about the risks and safe actions to take. Newbie Linux users tends to feel safe with statements they read about how the Linux OS could never be infected and if so could never be executed because of the way files works under Linux.


Linux does have its share of viruses, trojans and worms but would the Linux infected binaries really need to be exclusively executed by root for a major system apocalypse? Although in most cases the system programs are owned by root and the user is just running the program from a non-privileged account. Some people will argue that for a system wide infection, the infected binary would have to be derived exclusively from root and as a non-privileged user, by running an infected program would only effect the users /home directory and not a system wide infection.

There is a method to infect a system wide Linux OS without the need to become root, this procedure is a commonly known as “Privilege escalation” –

“Privilege escalation is the act of exploiting a bug or design fault in a software application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with more privileges than intended by the application developer or system administrator” (Privilege escalation).

Its not very likely that Linux malwares will ever compare to that of the Windows viruses and even more unlikely that Linux will ever see its share of the same issues with malware as the Windows operating system. If you take into consideration the email-borne viruses that Microsoft has, they are all executable and are in most cases executed by the user, whereas with Linux you would have to save the file make the file executable and manually run the file. Windows XP automatically makes the first named user an administrator, with the power to do anything to the system. Linux on the other hand uses the first named user as the root administrator but does not allow root login on boot-up.

As a Linux user, using the repositories, md5 checksums and using root privileges only when necessary are just a few ways to to guard against an intrusion. SSH is often the first point of entry to a Linux system but it’s not the last line of defense. Using a strong password and anti-virus software should always be common practice for any OS and could potentially limit the risk of a system catastrophe.

Njoy ...

Secure Sites may be not that "Secure" ....

~ Science fiction does not remain fiction for long. And certainly not on the Internet. ~

If you have ever noticed small pad-lock icon at corner of browser , ensures that connection is safe ... and its more important when we are dealing with financial transactions ... right ?? ... till present time we used to think that this secure certification method , that is generated with help of MD5 are secure enough that it can't be faked ... in other words ... if we are visiting citi bank's website then we are sure that its legitimate site ... but now , some people have proved that its quite possible to fake that CA certificate and hence secure sites may not be that secure in future ...

A team of U.S. and European researchers used a computing grid of more than 200 Sony PlayStation 3 video-game machines to create fake certificates and fool a browser into thinking it had a secure connection with a trusted site.

Researchers from California, teams from the Centrum Wiskunde & Informatica (CWI) and Eindhoven University of Technology in the Netherlands, and teams from the Ecole Polytechnique Federal de Lausanne (EPFL) in Switzerland presented a paper Tuesday at the 25C3 security congress in Berlin. They showed that they were able to generate two messages with one digital signature, similar to the process of an older digital-certificate system, using an algorithm called MD5.

A user who visits a Web site whose URL begins with https usually sees a locked padlock in a browser corner, indicating that the site employs a digital certificate issued by one of several trusted certificate authorities. The browser verifies the certificate, using one of several algorithms, including, for some sites, MD5.

The MD5 digital-certificate system is still in use by many sites, and could enable third parties to create fake certificates and fool a browser into thinking it was visiting a secure site. A more modern and secure digital-certificate system is used by many sites.

The vulnerability was first identified four years ago by Chinese researchers, who had created a collision attack by generating two different messages with the same digital signature. But the amount of computing power needed to generate a fake certificate was considered a huge obstacle to anyone attempting to take advantage.

if you like to read more about this .. then have a look here ...

Njoy !!!

What's Wrong with Aussie Companies ???

A new survey reveals almost 80% of local companies have experienced data breaches in the past five years, with 40% recording between six and 20 breaches.

The Symantec Australian data loss survey shows 59% of businesses suspect they have been the victim of data breaches, but are unable to identify stolen information.

A whopping 34% of respondents report an average breach cost them $5000, while 14% say breaches cost them between $100,000 and $999,999, and 7% over $1 million.

But the main cause of data breaches, the survey reports, was lost laptops at 45%, while human error accounted for 42% of cases. Malicious attacks were responsible for 28% of breaches, while hacking and malware were responsible for 24%.

njoy ...

MEWU - Scene 7 ... IDS for my Network ....

Well , its been an age old question from the days when people started using computers on network ... is my network secure ?? ... ah , i don't think that in this world there is any system that can't be penetrated !! unless there is no way to communicate with system other then mouse and keyboard ,without internet or any network ... hell even without FDD or CDD !!! ... because in many cases when system get jeopardized , by the inside man ( and believe me ,there is no way to protect the system from that mole until information gets stolen ) !!! ... anyways .... as a preventive measure , network admins install grid of network activity sensors , with help of Intrusion Detection System a.k.a. IDS .... basic function of IDS is to detect unauthorized attempt to enter network or other kind of activity that is illegal according to what so ever network policy ... Snort is the most famous personal IDS ,system that is used for network monitoring purpose .... it is also IPS , intrusion prevention system , and it works with other softwares such as BASE, OSSIM to provide visual output with good interface ...

For my trial , i have used SNORT with BASE (for front end )and My-SQL (for storing data in to database for analysis) and APACHE2 server ....





Getting Prepared ......

The first thing I like to do is grab all the dependent packages that I can from Synaptic. From the Desktop go to System > Administration > Synaptic Package Manager. Enter your password and select Search.

Search for the following packages and install them:

* Libpcap0.8-dev
* libmysqlclient15-dev
* mysql-client-5.0
* mysql-server-5.0
* bison
* flex
* apache2
* libapache2-mod-php5
* php5-gd
* php5-mysql
* libphp-adodb
* php-pear


Gain Root Privileges ...

From the Desktop go to Applications > Accessories > Terminal and type:

$ sudo -i
$ Then your password.

We need to get one more package here,

# apt-get install libc6-dev g++ gcc


Gathering Resources ...

We want to create a temp directory to download and untar files. I'm going to use edge's structure here. In the terminal window type the following:

# cd /root
# mkdir snorttmp
# cd /root/snorttmp

Let's get snort. The latest version of snort at the time of writing is 2.8.3.

Open a web browser and navigate to http://www.snort.org/dl; right click on the most recent release and copy link location.

In the terminal type:

# wget http://www.snort.org/dl/current/snort-2.8.3.tar.gz

It's time to untar the Snort package and remove the tar file.

# tar -xzvf /root/snorttmp/snort-2.8.3.tar.gz
# rm /root/snorttmp/snort-2.8.3.tar.gz


Get Snort Rules ...


Change directories into the new snort-2.8.3 folder.

# cd /root/snorttmp/snort-2.8.3

Open a web browser and navigate to http://www.snort.org/pub-bin/downloads.cgi.

Scroll down to the "Sourcefire VRT Certified Rules - The Official Snort Rule set (unregistered user release)" section. Right click on the most recent release and copy link location.

If you are a forum member you can get newer rules which are under the "registered user release".

In the terminal type:

# wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz

Untar the Snort Rules and remove the tar file.

# tar -xzvf /root/snorttmp/snort-2.8.3/snortrules-pr-2.4.tar.gz
# rm /root/snorttmp/snort-2.8.3/snortrules-pr-2.4.tar.gz


Getting PCRE ... Perl Compatible Regular Epressions ...


Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://www.pcre.org.

Click on the link for the newest release, right click on the newest tar.gz package and select copy link (at the time of writing this is pcre-7.8).

In the terminal type:

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.8.tar.gz

Untar PCRE and remove the tar file.

# tar -xzvf /root/snorttmp/pcre-7.8.tar.gz
# rm /root/snorttmp/pcre-7.8.tar.gz


Getting BASE ... Basic Analysis and Security Engine ...

Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://sourceforge.net/project/showfiles.php?group_id=103348.

Click on download then right click on the newest tar.gz package and select copy link (at the time of writing this is base-1.4.1).

In the terminal type:

# wget http://downloads.sourceforge.net/secureideas/base-1.4.1.tar.gz?modtime=1217804205&big_mirror=0

Untar BASE and remove the tar file.

# tar -xzvf /root/snorttmp/base-1.4.1.tar.gz
# rm /root/snorttmp/base-1.4.1.tar.gz


Getting ADOdb ... a database abstraction library for PHP ...


Change directory back into the snorttmp folder.

# cd /root/snorttmp

Open a web browser and go to http://sourceforge.net/project/showfiles.php?group_id=42718.

Click on the download link for adodb-php5-only then right click on the adodb505.tgz package and select copy link (adodb505 is the most recent package at the time of writing).

In the terminal type:

# wget http://downloads.sourceforge.net/adodb/adodb505.tgz?modtime=1215766049&big_mirror=0

Untar ADOdb and remove the tar file.

# tar -xzvf /root/snorttmp/adodb505.tgz
# rm /root/snorttmp/adodb505.tgz

Do an ls to be sure you have all the packages.

# ls /root/snorttmp

Lets have Some Fun !!

a. PCRE install.

# cd /root/snorttmp/pcre-7.8
Here we will do a make/install

# ./configure
# make
# make install

b. Snort install.

# cd /root/snorttmp/snort-2.8.3
Here we will do a make/install

# ./configure -enable-dynamicplugin --with-mysql
# make
# make install

We need to create some folders in /etc for snort to function correctly and copy some files over to them.


# mkdir /etc/snort /etc/snort/rules /var/log/snort

Let's move some files.

# cd /root/snorttmp/snort-2.8.3/rules
# cp * /etc/snort/rules/

Let's get the /etc snort files also.

# cd /root/snorttmp/snort-2.8.3/etc
# cp * /etc/snort/

One more file.

# cp /usr/local/lib/libpcre.so.0 /usr/lib


Configuring Snort ...

We need to modify the snort.conf file to suite our needs.

Open /etc/snort/snort.conf with your favorite text editor (nano, vi, vim, gedit etc.).

# gedit /etc/snort/snort.conf

Change "var HOME_NET any" to "var HOME_NET 192.168.1.0/24" (your home network may differ from 192.168.1.0)
Change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET" (this is stating everything except HOME_NET is external)
Change "var RULE_PATE ../rules" to "var RULE_PATH /etc/snort/rules"

Scroll down the list to the section with "# output database: log, mysql, user=", remove the "#" from in front of this line.
Leave the "user=root", change the "password=password" to "password=YOUR_PASSWORD", "dbname=snort"
Make note of the username, password, and dbname. You will need this information when we set up the Mysql db.

Save and quit.

Setting UP My-SQL Database ...

Log into the mysql server.

# mysql -u root -p

Sometimes there is no password set so just hit enter.

If you get a failed logon, try the above command again and enter YOUR_PASSWORD.

If there is no password you need to create a password for the root account.

Note: Once you are in mysql the # is now a mysql>

mysql> SET PASSWORD FOR root@localhost=PASSWORD('YOUR_PASSWORD');


Create the snort database.

mysql> create database snort;
mysql> exit

We will use the snort schema for the layout of the database.

# mysql -D snort -u root -p < /root/snorttmp/snort-2.8.3/schemas/create_mysql We need to comment out a few lines in the web rules before we can test snort, I am unsure if this has been fixed in the subscriber version. Open up /etc/snort/rules/web-misc.rules with your favorite text editor. # gedit /etc/snort/rules/web-misc.rules Comment out line's 97, 98, and 452 with a "#" (no quotes).

Testing Snort ...

we need to be sure that our installation works fine ,so we do a test drive of snort ...

In the terminal type:

# snort -c /etc/snort/snort.conf

If everything went well you should see an ascii pig.

To end the test hit ctrl + c.

Setting up BASE and APACHE2 ...

We have already installed both Apache2 and BASE, all we have to do now is move some files and modify a config file.
Create a file called test.php in /var/www/ with your favorite text editor.

# gedit /var/www/test.php

write in it:

Save and close this file

We need to edit /etc/php5/apache2/php.ini file.

# gedit /etc/php5/apache2/php.ini

You need to add the following under "Dynamic Extensions".

extension=mysql.so
extension=gd.so

Restart Apache2.

# /etc/init.d/apache2 restart

Get the ip address of the machine you are working on.

# ifconfig -a

Open a web browser and go to http://YOUR.IP.ADDRESS/test.php.

If everything went well, you will have PHP information displayed. Moving more files...

We need to move ADOdb into the /var/www directory.

# mv /root/snorttmp/adodb505 /var/www/

Let's make a directory in www and move BASE.

# mkdir /var/www/web
# mv /root/snorttmp/base-1.4.1 /var/www/web/

We need to temporarily enable writing to the base-1.4.1 folder for setup.

# chmod 757 /var/www/web/base-1.4.1

We also need to modify a PHP setup file using your favorite text editor.

# vim /var/www/web/base-1.4.1/setup/setup1.php

Find the line that says "base_header" and change it to "header".

Save and exit.


We want the graphs in base to work so we need to install a few pear extensions.

# pear install Image_Color
# pear install Image_Canvas-alpha
# pear install Image_Graph-alpha



BASE Setup via the web....

Open a web browser and navigate to http://YOUR.IP.ADDRESS/web/base-1.4.1/setup.

Click continue on the first page.


Step 1 of 5: Enter the path to ADODB.
This is /var/www/adodb505.


Step 2 of 5:
Database type = MySQL, Database name = snort, Database Host = localhost, Database username = root, Database Password = YOUR_PASSWORD


Step 3 of 5: If you want to use authentication enter a username and password here.


Step 4 of 5: Click on Create BASE AG.


Step 5 of 5: one step 4 is done at the bottom click on Now continue to step 5.


Bookmark this page.

Change the permissions back on the /var/www/web/base-1.4.1 folder.

# chmod 775 /var/www/web/base-1.4.1


We are DONE !!!

To start Snort in the terminal type:

# snort -c /etc/snort/snort.conf -i eth0 -D

This starts snort using eth0 interface in a daemon mode.

To make sure it is running you can check with the following command:

# ps aux | grep snort

If it's running you will see an entry similar to snort -c /etc/snort/snort.conf -i eth0 -D.



Finally , to see the snort in action , we can run BASE engine , by going that page we are using to run via apache server ...

phewww ... after following brain twisting procedures i was finally able to setup my personal IDS using SNORT ,which took me almost more then one and half hour ... i hope this walkthrough will work for you guys too ...

njoy ....

The DarkSide of LinuX !!!!

" The More you become silent , more you will be able to hear "

Err ... actually its not dark ... but can say its " penetration testing " system !!! well , i am talking about Remote Exploit Guys , who have already brought BackTrack 3 , the ultimate penetration testing operating system ... BT3 is basically used to test weakness of any system or network or server or anything you name it with any type of security leaks ...

BT3 comes as a Live CD , bt they have USB version too !!! BT3 is having all famous tools that are used to test system defence like , kismet , ASS or any you name it and they have it here ... But like they say , they are not professional guys so don't expect any professional help from 'em , but their forum is really great help ...

Sure its worth of try if you want to "test" .... Yours n/w or ... " other's " n/w ..... geeee ... its not wrong to test other's too ... right ?? ... well , its another point of dicussion .... if you want to try BT3 , here is the link to download it ...

Njoy ...

What is "ClickJacking" ??

"Click Jacking" ..... well , it means almost same to the word it resembles .... Hijacking ...

It is couple of the flaws discovered by researchers , would enable an attacker to make a user click on a virtually invisible, or only briefly visible, link instead of a legitimate one. This kind of weakness would be a goldmine for phishers and could provide a springboard for a host of other attacks. And for this each site needed to be updated but its almost impossible, to guys who have found it contacted vendors of browsers to fix it up ... people says , its been age old vulnerability of browsers but just under-appreciated and now came up with more serious problems ...

But , the details of this vulnerability hasn't been disclosed publicly just to give time to companies to fix this problem and not to give spammers and hackers an open ground ...

njoy ....

Find the Bots in your computer !!!

Well ... they are not acutally made of machines like we saw in terminator ( ... btw .. T2 was one of mine fav movie .. ) , its technically some kind of program or software application that are designed to do some specific works when computer gets connected to internet ... in "common man's " ... ( .. it includes women too !! ) ... a SPYWARE ...

Spyware are basically an application that runs in background and gathers specific information for which they are programmed ... for example , keeping track of sites user visited or what user search on internet or for example what user buy ... and in worst case , user login IDs and Passwords !!! and then it send all these information to their master ... to the spyware maker ... ( hmm , sounds like " The key maker " ,well it works same ... did anyone else got headache after watching matrix triology?? ).. but from this explaination you guys might have understood that its only effective when that computer have internet access , without internet its not effective ... ( hell, if i don't have internet access ,then there is almost very low chances of getting "any" kind of infection .. )

Anyways .... i have been knowing this junk from the time i know how to use internet explorer , and its very reliable .. they call its .. Spybot Search & Destroy ... It can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer. Modules chosen for removal can be sent directly to the included file shredder, ensuring complete elimination from your system. For advanced users, it allows you to fix Registry inconsistencies related to adware and to malicious program installations. The handy online-update feature ensures that Spybot always has the most current and complete listings of adware, dialers, and other uninvited system residents.

It has saved my #$* number of times ... so i trust this junk ... but like some have said ... " if you want to do something then do it your self " ... so better try yourself and judge it ..



njoy ....

MD5 ..... cross check the integrity ...

trust but verify ...
~ronald reagan

When ever we download any file ( setup file for an example ) , we never be sure that its the "original" file from original author . And hence it can be some malicious thing too !!! so guys of internet had been using an integrity checker that is Message Digest Algorithm 5 .. a.k.a. MD5 ... As an Internet standard RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. An MD5 hash is typically expressed as a 32 digit hexadecimal number.

MD5 is basically cryptographic hash function with 128 bit hash value... MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. For example, file servers often provide a pre-computed MD5 checksum for the files, so that a user can compare the checksum of the downloaded file to it. Unix-based operating systems include MD5 sum utilities in their distribution packages, whereas Windows users use third-party applications.

However, now that it is easy to generate MD5 collisions, it is possible for the person who created the file to create a second file with the same checksum, so this technique cannot protect against some forms of malicious tampering. Also, in some cases the checksum cannot be trusted (for example, if it was obtained over the same channel as the downloaded file), in which case MD5 can only provide error-checking functionality: it will recognize a corrupt or incomplete download, which becomes more likely when downloading larger files.

To check integrity of downloaded file in Unix/Linux based OS, simply type

md5sum file.name

it will return with some hash values which is then needed to be compared with values provided on site of that software ... but remember that this command has to be run in the folder where that file has been downloaded , no where else ...

for windows .. its a little easy , here hash values are compared with help of a software ... its winMD5sum , an open source and free software .... to check integrity ...

simply right click on the downloaded file and go to "send to" , in it winMD5Sum , it will calculate hash values automatically , now enter values provided by site and click on compare ... if values matches then it will say .. checksum are same ...





so from next time when you download something , better try to be sure that you have not downloaded rouge ...... best luck ...

njoy ....

MEWU - Scene 5 ... Playing With Shark !?!?

Owww, its not that always hungry long saw toothed terrifying wild creature from that movie JAWS .... its just a network analysis tool, Wire Shark , but its just same powerful as jaws of shark !!!... it is widely used to understand how internet itself that is , hidden behind web browsers and messengers and lots of other web based applications ... it shows us the way how protocols are stacked up or what protcol messages are interexchanged between client and server , when we do any kind of network transactions ...

Wireshark has a rich feature set which includes the following:

• Deep Inspection of hundered of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list for quick, intuitive analysis
• Output can be exported to XML, PostScript®, CSV, or plain text

To , install it in Ubuntu , search synaptic manager for "wireshark" , and select to install it ...
Or, type ,

sudp apt-get install wireshark

it will work fine too ... but to run wireshark you must be needed to have administrator privillages .. because without administrator privillage you will not be able to get any interface to capture packets .... so , to run it , you have to type at terminal ...

sudo wireshark

and it will work just fine ....



that is it , have a good play with shark ...

njoy ...

Protect your data in Bond Way !!!

well, True Crypt is an open source disk encryption software for all Operating Systems , including Windows / Linux / Mac OS ...

• Creates a virtual encrypted disk within a file and mounts it as a real disk.
  
  
• Encrypts an entire partition or storage device such as USB flash drive or hard drive.
  
  
• Encrypts a partition or drive where Windows is installed (Pre-boot authentication)
  
  
• Encryption is automatic , real-time and transparent .
  
  
• Provides two levels of plausible deniability , in case an adversary forces you to reveal the password:
  
  1) Hidden volume (steganography) and hidden operating system .
  
  2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data)

• Encryption algorithms : AES-256, Serpent and Twofish . Mode of operation: XTS.
  

check it out here ...



njoy ....

Broswer Protection just for that FOX ..

hey all ...

i am sorry for not being on web for a while , bcoz of ...err .. studies ... anyways , the thing that i am talking about is a just a browser extension , "NO SCRIPT" ... well, it works just same its name ... it don't allow "any" script like , java script or flash or something like that which are now a days most common methods to infect system via browser (and very popular too !!! ) ...



It works very simple way ... it simply don't allow any script unless user allow it manually by selecting either temporarily allowing or by adding that site to safe list of that extension ... and like all other browser extension for firefox ... its cool and easy to handle and very very useful ... but it can be experince like , eating healthy food which is not so teasty ... ( err.... you have two choise , either get fat and die ... or be slim ... and then die !!! ,but you gonna die either ways ... ahh .. it was not point of disucussion here ... ) ... this extension has many other features to increase security from malicious scripts ..

so all i mean to say is , its one good extension to have for firefox ... it adds a little security from now a day common type of attack , attack via web script ...






njoy ....

What is WiFi and How to Secure it ....

WiFi is the most popular wireless technology of present time .. it is a technology we use to connect to internet without need of any physical connection of wires , and i guess its the main feature of this technology .. technically its called IEEE 802.11 ( which is IEEE's project number 802 , group no. 11 ).. which has different versions ( A , B , G and the latest one is N having different bandwidth speed and range. )... all operate at 2.4GHz ISM band, which is a non-licenced band and free for use ... and this WiFi spectrum is devided in 14 channels, out of which only 1-11 are used at USA....

Now a days we use this technology everywhere , at home , at work or at school ... and due to huge popularity of this technology many devices are compatible in operation with WiFi ( PDAs or Gaming consoles like ,XBox , even Printers and Cameras !!! ) .... The basic difference between WiFi and Mobiles is , WiFi certified device can work anywhere in the world but mobiles can't right ?... but on the other hand , WiFi has a very short range limit , which is not in the case of mobile??? The graph shown below taken from wikipedia ,indicates that with WiFi we get perhaps maximum speed but less mobility compared to WiMAX or other packet switching technologies like , HSPA or UMTS ... but its relatively cheaper then later ones tooo .. right ??





Basic WiFi is a set of devices like , DSL/Cable Modem ( an internet connection ) and a Router ( a device which transmits signals and enables user to connect to internet wirelessly ) .. most of the Routers are also capable of connecting devices on LAN too ..

As a security ,at present WiFi gives use 3 basic type...

WEP- Wired Equivalent Privacy ... it is the weakest type of security and it had been already proved that this type of security can be breaked within 10-20 minutes !!!

WPA - Wi-Fi Protected Access ... its the presently popular and it provides good security ... comes in two general formats , PSK and RADIUS ... PSK is relatively weak compared to RADIUS and hence improper password selection may break it with little effort ..

WPA2 - WiFi Protected Access 2 ... Now a days , the latest WiFi routers are designed with WPA2 support which provides almost unbreachable security ..

Securing your WiFi ..

Like we know , WiFI will broadcast itself in air and so anyone can "sneak" into his/er network and use it for any malicious purpose !!! ... So when configuring WiFi , here are some "tips" to make your connection more secure ...

first of all , upgrade from WEP to WPA .. if you are having WEP security then better change it to WPA which is more secure then WEP ... for home use , generally we use WPA-PSK ( Pre Shared Key ) which is more vulnerable then other option RADIUS but its easy to setup then RADIUS so it is more preferred ...

As a preventive step , keep the password as long as possible and difficult to guess for others ( at least 8 characters ) .. with Number and Special Char. ( * , % , / , # etc... ) it will make more secure ...

Another Option is to hide your Network !! , The network name is know as , SSID , don't keep it default , change it as you like , and there must be option on your router's setup page to hide that SSID broadcasting , so others will not see your SSID at all !! ( well , still there are some software available which can "sniff" presence of your network !!! ) ..

Also , you can restrict access to router by allowing only selected MACs ... Media Access Control is a unique hardware ID of devices ( e.g. laptops , PDAs ) .. by selecting specific MAC to connect to router , you can always restrict others to connect even if they have your network key !!!

So, these are couple of things that you can follow to make secure your connection.. on Internet there are several software are available for testing security of wireless networks .. like BackTrack .. or Aircrack ..


So , be careful and Njoy reading .....

Get Secure DNS ???

Hey all...

Just like you guys know , what the hack is DNS cache poisoning and how it can harm you .. right ?? But still there are some "safe" places on internet ( or places that creates illusion of safety !! who knows .. ) ... anyways ... the topic of discussion here is , these guys ... Open DNS ...




Like we know ,what happens when DNS breaks. As i wrote , previously the DNS system translates computer names into IP addresses. So if it breaks, it may seem that your Internet connection is broken when in fact, it's fully functional. That is, from your ISP's (who is providing you local DNS) perspective everything can be working fine, all the lights on your modem and router* can be normal, but still, you can't get to any Web sites without DNS being alive and well...

On the other hand , these OpenDNS people , provieds same service as does the ISP's DNS provides , ( err .. means providing name server service ) .. but they have some "built-in" countermeasures which prevents user for getting poisoned ... and accidently opening sites which are not good for them ... well its only one of many feature they provide ... read more ...

Speed and reliability

OpenDNS claims to be fast. I don't doubt this is true, but this is probably not reason enough to switch. For one, it may or may not be faster than the DNS servers you now use. And even if it is faster, the speed boost may not be noticeable (it wasn't to me). Still, it's not hard to find people who claim the Internet runs faster after switching to OpenDNS ... but you can check by your self here ...

Phishing

Phishing protection is perhaps the most defensive computing reason to use OpenDNS. Of course, the latest versions of Firefox and Internet Explorer also include phishing protection. There should be no conflict between the protection from your browser and from OpenDNS. Neither Mozilla nor Microsoft say where their phishing data (the list of known bad Web sites) comes from. In typical corporate-speak, Microsoft says it comes from "several industry partners." OpenDNS gets its list of phishing Web sites from Phish Tank , a sister company it describes as "...a collaborative clearing house for data and information about phishing on the Internet." Anyone can report suspected phishing Web sites to PhishTank not even OpenDNS user !!!

Typos

Another type of intelligence added to the DNS name -> IP address translation involves typing mistakes. OpenDNS fixes a handful of common mistakes and sends you to the place you probably wanted to go in the first place. OpenDNS users can get to CNET using either cnet.cmo or cnet.comm. Not earth-shattering, but all in all, a nice feature to have.

Site blocking

If you sign up for an account at OpenDNS, then it can block Web sites for you. At home, this could be used to keep children from playing online games while they are supposed to be doing their homework. In a corporate setting, it can be used to prevent access to Webmail as a way of encouraging employees to use the corporate e-mail system. OpenDNS is able to, for example, block Yahoo e-mail (mail.yahoo.com), while still allowing access to the rest of Yahoo. Adult site blocking is a good feature of it ....

But if you know a "little" more then required computing , you can bypass this feature by chaning DNS servers itself !!! ( of course you must have administartor rights , but still its not "that"hard .. right ?? )

With all these features "free" , one simple question may arise ... if they are all proving all this free then how they earn their bread ??? right ?? well , here is the anwer in their own words ...

"OpenDNS makes money by offering clearly labeled advertisements alongside organic search results when the domain entered is not valid and not a typo we can fix. OpenDNS will provide additional services on top of its enhanced DNS service, and some of them may cost money. Speedy, reliable DNS will always be free."

Well , I am using it from last week , err ... i have not felt any changes , but i liked the features provided by them ... moreover , as was in recent news about DNS cache poisoning , there was another news , stating that , OpenDNS servers were remain un-effected , due to their ways ...

enjoy ...

Poisoned DNS cache !!!

"Television to brainwash us all and Internet to eliminate any last resistance."

~Paul Carvel

Well , its been in news since the beginning of new year ... and found by one researcher Dan Kaminsky accidentally !!! .. but originally this problem was in knowledge of people since year of 1999 !! .. hell ya , its very old problem , which has became nightmare now ...

First of all for people who don't know , even "i" of Internet .... may ask ... what the hell is this DNS (Domain Name Server ) and how can anyone poison a computer ?? ... right ?? ... Well in simple words ... its an internet directory ... Like we all know , computers are really the dumbest creation of mankind !!! They know only language of numbers .. and on the other side .. for all of us , its little difficult to remember 1000s of numbers in specific sequence .. ( err ... it's natural .. how can anyone remember lots of numbers. )..

Ideally, when we want to go to any site on internet , we have to type its IP ( Internet Protocol , a Network layer protocol ) address, e.g. for google , i found its , 64.233.161.103 ( it may be different , because they use dynamic IPs ... err IP are of two different kind, static and dynamic .. assume static IP as permanent resident address which remains constant and dynamic IP as temporary resident address which changes with certain parameters to increase server security !! ) .. so now when I want to go on google's site , i need to type its IP address , but like I said before , average human is little allergic to numbers .. so people who had designed internet backbone , kept one server , which contains all information about sites ( or knows which server know that particular site !! ) .. so now when i just type www.google.com , that web browser will send one query about this name to DNS .. and DNS will resolve it and reply it with acknowledgment and redirect browser to a server that is hosting www.google.com and so our browser will accept it and direct us to that website ... ( err .. i am not an expert , but i think this is the way things are done !!!) .. so in short the function of DNS is to direct browser and so user to that particular site requested by user ...

Now like we know , there are perhaps zillions of site on internet , and we also know that , we are not the only one in whole universe , who want to access www.google.com via same DNS... So , here those "smart guys" designed one sort of temporary storage called "DNS cache" , imagine it as a RAM of our PC ... actually it works same like RAM, it temporarily stores information about that requested page of any site for some time ( FYI , that time is known as Time To Live ,TTL) .. So meanwhile that page is cached , if anyone request same page then , it will be displayed in no time ... ( now you remember , why www.google.com or www.yahoo.com or any ultra famous website opens withing a few micro seconds and why , gaurangsays.blogspot.com not getting opened in same time ?? its because those sites popular pages are stored on DNS cache !!! and hence we are not even being connected to google's server !!! .... amazing .. isn't it ??)

Here is the climax of story ..

Normally, an Internet-connected computer uses a DNS server provided by the computer owner's ISP ( Internet Service Provider ). This DNS server generally serves the ISP's own customers only and contains a small amount of DNS information cached by previous users of the server. A poisoning attack on a single ISP DNS server can affect the users serviced directly by the compromised server or indirectly by its downstream server(s) if applicable.

To perform a cache poisoning attack, the attacker exploits a flaw in the DNS (Domain Name Server) software that can make it accept incorrect information. If the server does not correctly validate DNS responses to ensure that they have come from an authoritative source, the server will end up caching the incorrect entries locally and serve them to users that make the same request.

This technique can be used to replace arbitrary content for a set of victims with content of an attacker's choosing. For example, an attacker poisons the IP address DNS entries for a target website on a given DNS server, replacing them with the IP address of a server he controls. He then creates fake entries for files on the server they control with names matching those on the target server. These files could contain malicious content, such as a worm or a virus. A user whose computer has referenced the poisoned DNS server would be tricked into thinking that the content comes from the target server and unknowingly download malicious content. Just imagine that your are opening a banking site , which is not original banking site but its a fake created by that attacker and then you are requested to enter your online ID and Password .. and after couple of days , you see some of your money has gone to some unknown offshore account or someone has purchased an antique vassal from Ebay from your account !!! ( ... its scary reality )

Actually , this method of DNS cache poisoning was used by CHINA, to censorship internet and do surveillance of servers that are proving internet in china.. ( it is named as , The Golden Shield Project .. err some also know it as , The Great Wall China ... of course it exists virtually as well , which prevents all internet user within china to access some kind of special information , like , open talk of politics for example , on internet !!! )

So , Better be sure that your DNS is secure from this poisonning attack !!!

find more here..

Happy Surfing ....

Njoy