Cyber Security Tip & Tricks

Tuesday, September 25, 2007

Indian IT Act 2006 to be reviewed to tackle Cyber Crimes

Stung by criticism by a Parliamentary panel over the draft of Information Technology Act 2006, the government is planning to review the whole act for tackling cyber crime.

The proposed amendments would address a number of concerns such as data protection, data theft, e-commerce frauds, child pornography, identity documents theft, privacy issues among others.

The ministry is holding discussions with various stakeholders to evolve the amendments, a senior official in the Department of Information Technology said. "Discussions are being held with the stakeholders including private companies, CBI and other investigative agencies," the official said. DIT would put the draft act for public comments once the review process is over.

"The law pertaining to IT should be self-containing and easily comprehensible to the global village community. Despite the experience gained in about seven years in the administration of the IT Law, no effort has been made to bring a new and exclusive legislation," the Standing Committee on Information Technology said in a report.
The Committee observed that the term 'cyber terrorism' has not been defined anywhere in the IT Act, 2000 or in the proposed amendments. Similarly, 'child pornography' has also not been mentioned anywhere in the section on pornography.

"In view of the several manifestations of sexual abuse of children and its loathsome ramifications, the Committee desires that the act of grooming the child for sexual relationship through online enticement or distributing/showing pornography or through any online means should also be made a criminal offence," it said.

Noting the complex language of legislations on monitoring the cyber space, the Parliamentary panel which was constituted to look into the proposed changes in the IT Act 2000 (which is in the form of Draft IT Act 2006), had criticised the government for not preparing a new set of laws and instead taking a "short-cut route" of making changes in the existing norms.

Source: PTI

Monday, September 24, 2007

Acrobat Reader security flaw exposes Windows to arbitrary exploits

A security researcher and self-described hacker known as "pdp" claims he has found a critical exploit in Adobe's Acrobat software that can compromise many Windows PCs simply by viewing a maliciously-crafted PDF file. The flaw affects both Windows XP SP2 and Windows 2003; Windows Vista, OS X, and Linux users are unaffected.

The bug affects Acrobat Reader, versions 8.1, 8.0, and 7, either when run in stand-alone mode or embedded inside a web page. Some work-alike PDF readers, such as the svelte Foxit Reader, are also affected but in a lesser manner: they display a confirmation dialog before the exploit is allowed to run.

The exploit uses a flaw in Adobe's scripting language to automatically run an executable program—the discoverer tested this by harmlessly running Calculator and Notepad in a video on his site. Yet, as noted, the exploit could be used to run any program, including a trojan or virus or a scripted attack. The malware in question would have to have already been downloaded onto the victim's computer, but this could be accomplished in various ways, including putting the executable inside a .ZIP file that includes the original PDF, or linking to a remote executable (the latter option would still trigger a warning by the operating system, however).

Source: ars

Thursday, September 20, 2007

Netstat - Know your network connection

netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. It is available on Unix, Unix-like, and Windows NT-based operating systems.

If you are worried that some programs on your PC are secretly making connections to websites in the background, here's a quick tip that uses a simple DOS command to detect and prevent such suspicious activity:

1. Open Windows Run Command from the Start Menu

2. Type CMD command in the Run box and press OK.

3. Type "netstat -b 10 > netact.txt" in the command window and press ENTER. After some times say 2 minutes, press Ctrl+C.

4. Type "netact.txt" on the command line to open the log file in notepad (or your default text editor)

The file netact.txt will have a log of all process that made a connection to the Internet in the last two minutes. It will also show which process connected to which website in this time. And not just the web browsers (like iexplore.exe , firefox.exe or opera.exe), the log will also show your IM clients, download managers, email programs or any software that requires a net connection.

Scroll though the netact.txt file and look for any process names or website addresses that you are not aware of. If you track one, go to the task manager (or Process Explorer) to find the location of the executable on your computer and eliminate it.

Tuesday, September 18, 2007

The net is an insecure place - US CERT Reminder

If you use Gmail, eBay, MySpace, or any one of dozens of other web-based services, the United States Computer Emergency Readiness Team wants you to know you're vulnerable to a simple attack that could give an attacker complete control over your account.

US CERT warned that Google, eBay, MySpace, Yahoo, and Microsoft were vulnerable, but that list is nowhere near exhaustive. It said the world's biggest websites have yet to fix the gaping security bug, which can bite even careful users who only log in using the secure sockets layer protocol, which is denoted by an HTTPS in the beginning of browser address window. Just about any banking website, online social network or other electronic forum that transmits certain types of security cookies is also susceptible.

The vulnerability stems from websites' use of authentication cookies, which work much the way an ink-based hand stamp does at your favorite night club. Like the stamp, the cookie acts as assurance to sensitive web servers that the user has already been vetted by security and is authorized to tread beyond the velvet rope.

The thing is just about every website transmits these digital hand stamps in the clear, which leaves them wide open to snoops monitoring public Wi-Fi traffic or some other type of network. Once attackers have the cookie, they gain complete access to the victim's account, and depending on the way many cookies are crafted, those privileges may continue in perpetuity - even if the victim changes the account password.

Indeed, awareness of this man-in-the-middle vulnerability is by no means new. For more than a decade people have known that authentication cookies could be manipulated, but somehow it took the folks at Errata Security to make a presentation at Black Hat to remind the world that the risks continue.

If you're waiting for a fix, we recommend you pack a very large lunch. And beyond that, where possible you might switch to Google, which has already gone a long way to closing the hole.

As the only web-based email service we know of that offers a start-to-finish SSL session, the service is among the most resilient to cookie hijacking. Unfortunately, Gmail doesn't enable persistent SSL by default, and has done little to educate its users about its benefits.

The company also offers SSL for its calendar, search history, documents and reader services, and a Google spokesman said security engineers "are actively working to expand capacity to enable HTTPS encryption for all users."

In the meantime, a Firefox extension called CustomizeGoogle provides a simple way to ensure that all sessions with the above-mentioned Google services are automatically protected by SSL.

Vulnerability in Google’s XSSploding Gadgets

RSnake revealed a cross site scripting vulnerability affecting Google Gadgets in the gmodules.com domain.
This XSS hole allows anybody to store his/her own web content, including JavaScript code, anywhere and to have it rendered and executed in the context of the gmodules.com domain, with no further validation of sort.

RSnake responsibly reported his finding to Google before resorting to public disclosure, but the G guys answered that this behavior is “by design” and won’t be fixed.

What does it mean?

For the average user, such a vulnerability means that phishers can effectively exploit a site owned by Google as a free hosting facility, making quite impractical blacklisting and/or shutting down the scam: don’t forget Firefox’s built-in anti-phishing blacklist is provided by Google itself.

Friday, September 14, 2007

Auto Shutdown Tool for Firefox When All Files Have Downloaded


Firefox Auto Shutdown add-on by InBasic help you to shutdown the computer after all downloads finished or failed. This extension help you to sleep without any tension, if you are downloading some huge files from the Internet by using Firefox Download Manager and will takes another long hours to finish.

All professional Download Managers have ability to Auto Shutdown after all downloads finished but this extension add icon to "status bar" and "Download Manager Window" so by click on status icon or check in download manager you can be sure that your PC will be turnoff after all downloads finished or failed.


Now this add-on only support windows platform. The Auto Shutdown extension of Firefox internally executes the windows shell command shutdown. Windows Shutdown command allows you to shut down or restart a local or remote computer. If you use the command without parameters, it will log off the current user. If you want to turn off your computer in next two hours, type the command shutdown -s -t 7200 [7200 = 2 hours] in Windows Run box and then press OK.

You could either cancel the downloads, or leave the computer in running state or just download and install Auto Shutdown extension from mozilla.org.

Friday, September 7, 2007

Pentagon Computer Hacked Into By Chinese

The Chinese military hacked into a Pentagon computer network in June
in the most successful cyber attack on the US defense department, say
American ­officials.

The Pentagon acknowledged shutting down part of a computer system
serving the office of Robert Gates, defense secretary, but declined to
say who it believed was behind the attack.

Current and former officials have told the Financial Times an internal
investigation has revealed that the incursion came from the People’s
Liberation Army.

One senior US official said the Pentagon had pinpointed the exact
origins of the attack. Another person familiar with the event said
there was a “very high level of confidence...trending towards total
certainty” that the PLA was responsible. The defense ministry in
Beijing declined to comment on Monday.

Tuesday, September 4, 2007

2007 Hacker Reverse Engineering Challenge

Similar to the Hacker Challenge in 2006, it is being run by a U.S. company performing security testing and security metric research. The purpose of this challenge is to evaluate the effectiveness of software protections. The results of this effort will be used to improve protection measures.

There will be three distinct, yet related, phases to this contest. The first phase will be a hacker challenge, for which anyone can register to participate. The second stage of the contest will be a market (based on the Phase 1 challenge). Participation in this second phase will be by invitation only, based on performance in the first phase. The third phase of the contest will be a more challenging hacker challenge; this phase may or may not be invitation-only. There are opportunities to earn money in all three phases of the contest.

All file downloads and uploads necessary for the contest will be possible after the participant has logged in. The market will also be visible, at the appropriate time, after logging in.

All payments are in U.S. dollars, and will be made anonymously via PayPal with prizes up to $50,000USD for the three phases.

You can read more here.

http://www.hackerchallenge.org/

Monday, September 3, 2007

E-mail accounts of embassies and Government offices across the world, including India hacked due to lack of Cyber Security

A hacker, Dan Egerstad from Sweden, who published passwords of 100 e-mail accounts of embassies and Government offices across the world, including India, on his website http://derangedsecurity.com. The hacker said he took only a few minutes to figure out the account details.

This shows that there is lack of basic cyber security. Due to the lack of security anyone with moderate skills in security could have figured this out and done it. A cyber security expert said that a POP (Post Office Protocol) server that had not been updated for security could have been exploited by the hacker to get usernames and passwords.

The Indian Express said in their website that they were sent a test mail to the Indian Ambassador in China on her official email ID and, using the password posted online, to check the authenticity and was able to access it. These email IDs contained important official details including phone numbers, commercial documents, official correspondence and personal mails.

Within hours of the story appearing in the Indian Express, the DRDO mail server was shut down and all embassy e-mail accounts were taken offline by the Ministry of External Affairs (MEA). However, it will take cyber forensic experts several days to get an idea of how much confidential material was illegally accessed.

DRDO confirmed that the hacked account belonged to a Defense Scientific Information and Documentation Centre (DESIDOC) official, but it was rarely used. The Ministry of Defense (MoD), however, said it was conducting a detailed investigation into the incident.

Recent Comments