Cyber Security Tip & Tricks

Wednesday, June 27, 2007

CM's website hacking: State Police to sent ‘Letter of Rogatory’

The State police are planning to sent a ‘Letter of Rogatory’, a formal request by a Court to the Interpol, to get certain details pertaining to the Chief Minister's website hacking case.

Though the State police had earlier sent a request to the Interpol Wing attached to the CBI seeking the details through their counterparts in the US, Russia and China, they refused to had over the requests for want of a ‘Letter of rogatory’.

They have however preserved the electronic evidence including log files required by the State Police to crack the case.

The State Police are concerned that this would delay the investigation. The State Police would prepare the draft ‘letter of rogatory’ and send it to the Interpol wing of CBI who will forward it to the External Affairs Ministry.

The letters would be later produced before the Chief Judicial Magistrate and letter would be forwarded through the court.

It may be recalled that the Vigilance and Anti-Corruption Bureau had initiated a ‘letter of rogatory’ for collecting certain details from a French company involved in the Brahmapuram power plant corruption case.

Chief Minister's website ‘www.keralacm.gov.in’ was hacked and inserted objectionable contents. The police had found that the site was hacked from Internet Protocol addressed located in the US, Russia and China following the help of Interpol was sought.
Source: newindpress

Tuesday, June 26, 2007

NASSCOM Tracks IT Adoption

NASSCOM has announced the 2006 Study, titled "Tracking of the IT Adoption Study" conducted among IT heads and senior IT managers from about 292 companies in India, across multiple verticals. The study showed that the growth of IT adoption was on an incline, with both large and SME companies buying more IT.

The study indicated that the highest average IT spending for 2006 was for the BFSI vertical followed by the energy and utility segment. The rate of increase in the average spending in each of these verticals was expected to be in the range of 12-27%, making them the most likely highest spending sectors in 2007 as well.

The third sector which was projected to witness a considerable hike in its IT spend was the tourism and hospitality industry. Rs.18 crore of IT expenditure, in this sector, was projected to grow by 13%, placing it among the highest tech-spenders in India, in 2007.

Interestingly, 1 out of 4 companies in both large scale and medium scale organizations indicated that their IT budgets would increase by around 10-19% during the current year.

NASSCOM's findings revealed that business continuity and risk mitigation were the key priority areas for CIOs. Increasing efficiency and process productivity was the business goal achieved through IT adoption in 2006.

Also, it revealed that the CIO's role as the "business leader" and then as a "technologist" was not the current prototype. IT spends were driven by hardware, followed by application and network software.

The NASSCOM study made it clear that CIOs would need to ensure that the business value of IT was proven and delivered. According to the study, the business benefit would have to be proved up-front, and the means of measuring benefits of IT - by perhaps using an overlay IT-business balanced scorecard approach, or by mapping the benefits perceived and by pre-empting outcome scenarios.

This in fact, was stated to be a major CIO challenge, which required them to be more business oriented. The effort of mapping business benefits was immense, even though some CIOs had already started measuring IT advantages, juxtapositioning them as trusted business advisors.

Technorati

Technorati Profile

Monday, June 18, 2007

Thumbstrips - View or Search Your Web Browser History in a Picture Timeline

Thumbstrips is a wonderful Firefox extension that helps you view recently visited web pages in a visual manner - it's a more user friendly and powerful approach than the native Firefox History view (Ctrl+H).

Thumbstrips, like an automatic screen capture program, takes screenshots of the websites that you are visiting and also records other details like how long you stayed on that web page and the number of times you viewed that page in your current session.
Thumbstrips Extension[Firefox Only]
Source: Digital Inspiration

Netstat - Hackers Tool



A video about netstat is in the Youtube. Those who do not play with it could see the possibilities it offers to us. Anyway check it out and tell me your opinion.



Network Statistics - Netstat is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics. It is available on Unix, Linux, and Windows XP, Windows NT-based operating systems.


Thursday, June 14, 2007

Michigan Man Fined for Using Coffee Shop's Wi-Fi Network


A Michigan man has been fined $400 and given 40 hours of community service for accessing an open wireless Internet connection outside a coffee shop. Under a little known state law against computer hackers, Sam Peterson II, of Cedar Springs, Mich., faced a felony charge after cops found him on March 27 sitting in front of the Re-Union street Café in Sparta, Mich., surfing the Web from his brand-new laptop. Last week, Peterson chose to pay the fine instead as part of a jail-diversion program.

Someone from a nearby barbershop had called cops after seeing Peterson’s car pull up every day and sit in front of the coffee shop without anybody getting out.

“I just curiously asked him, ‘Where are you getting the Internet connection?’, you know,” Sparta Police Chief Andrew Milanowski said. “And he said, ‘From the café.’”

Milanowski ruled out Peterson as a possible stalker of the attractive local hairdresser, but still felt that a law might have been broken.

“We came back and we looked up the laws and we figured if we found one and thought, ‘Well, let’s run it by the prosecutor’s office and see what they want to do,’” Milanowski said.

A few weeks later Peterson said he received a letter from the Kent County prosecutor’s office saying that he faced a felony charge of fraudulent access to computer networks and that a request had been made for an arrest warrant.

Source: FoxNews



Skype is great!

Convert Powerpoint Presentations to Flash with GMail PPT Viewer

Now GMail has an inbuilt PPT viewer that lets you view PowerPoint attachment as a Flash picture slide show in the Web Browser itself without requiring Microsoft PowerPoint application.

If you manually advance the entire PPT slide show using the arrow keys GMail converts every slide of your PowerPoint presentation to a Flash (swf) file. All the slides will become available as Flash files in your browser's temp folder. The swf files may then be embedded in your blog for sharing with readers.


Network Security Monitoring with Sguil - An Intuitive GUI



Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. The Sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).



It ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information. When you’ve identified an alert that needs more investigation, the sguil client provides you with seamless access to the data you need to decide how to handle the situation. In other words, sguil simply ties together the outputs of various security monitoring tools into a single interface, providing you with the most information in the shortest amount of time.Sguil uses a database backend for most of its data, which allows you to perform SQL queries against several different types of security events.

Sguil’s design centers on providing convenient, quick access to a host of supporting information, which both saves you time and helps you make better decisions. Incidentally, because sguil uses a dedicated client instead of running through a web browser, you get a richer, more responsive user interface as well.

Installing the Sguil client on MicroSoft Windows

Getting the Sguil client up and running in MicroSoft Windows is a fairly easy process. First download and unpack the most recent version of Sguil from here. Next, download and install the freeActiveTcl libraries. Finally, associate the sguil.tk application with the tcl interpreter.

You can read more and download Sguil here

http://sguil.sourceforge.net/



Tuesday, June 12, 2007

10 Free Ways to Track All Your Passwords

With the proliferation of web services — there’s a new one out each day, it seems — it feels like we’re always creating new accounts, each with a different username and password.

The easy options — using the same password each time or writing them down on paper or in a spreadsheet — aren’t exactly the most secure. In fact, security experts strongly warn against these options as they leave you vulnerable to online theft.

So what’s a web surfer to do? If you’ve got more than a dozen services, you’re not going to remember all of them. It’s time to look into a password manager — and if you’re a cheapskate like me, you want a free one.

Let’s agree, from here on in, to stop using our dog’s name and birth date for our single password. Here are 10 free options for doing that:

Firefoxx or IE: Both popular browsers offer fairly secure ways of storing your username or passwords for different sites, once you enter them the first time. This is very handy, and can save a ton of time. Unfortunately, under certain conditions, the password could be lost, requiring you to enter the password again. And if you’ve been relying on the browser to remember the password, you’re out of luck. Also, this solution is only for online passwords, not for network or desktop passwords.
KeePass: One of the most popular password managers out there, KeePass is great because it’s open-source, free and cross-platform — available for Windows, Linux, OS X, and even mobile devices. It keeps all your passwords, online and off, in a secure database, so you only have to remember one master password. Be sure that master password is safe!
Clipperz: Unlike most password managers, this solution is online — so you can access it anywhere. And it stores more than passwords — credit card numbers, account numbers, anything really. Storing passwords and other confidential information online can make someplace nervous, but Clipperz uses an encryption method that means not even Clipperz knows what it’s storing. This is a good solution if you need access to your passwords from multiple computers, rather than just one or two.
OSX Keychain: If you use a Mac, you’re most likely familiar with Keychain, which comes with OSX. Basically, it’s a password manager that uses your OSX admin password as the master password.
KeyWallet: Windows only, this little utility sits in your system tray, and you just pull it up when you need to enter a password. As a utility, it is browswer-independent, which is ideal for some.
Password Manager Plus: The Billeo Free Password Manager Plus toolbar works with both Firefox and Internet Explorer, and allows you to store not only passwords but credit card numbers and online account information, and can autofill your information as you shop online or paying bills, for example.
Password Hasher: This Firefox extension generates strong passwords for you by scrambling your master password with the site’s name. The passwords generated by this extension are better than any you could come up with yourself.
PasswordSafe: This free online service works on any modern web browser, for any OS, and a desktop version is available for Windows or Mac. Basically, it uses an encrypted safe to store your passwords, along with other information including software keys, website logins, pin numbers, email logins and more.
Password generator: This is a little bookmarklet that combines your master password with the site’s name to create a stronger password, and one that is different for each site. Very handy and simple.
Algorithm: The best solution may not even be a technology solution — remembering strong passwords could be as simple as coming up with a way to change a base password using the name of the online service you’re logging into. For example, if you come up with a base password of “xlg519″ (based on your partner’s initials and your cat’s birthday), you can add the first two and last two letters of a service’s name (”amon” for Amazon) and you’ve got your password!

Some notes on passwords:





Never give out your master password if you use a password manager. Be sure you never forget it.
Don’t write passwords on a little piece of paper and stick it in your drawer. If it gets stolen, you only have yourself to blame.
Password managers may not be safe on a shared computer — it is probably best to only install them on a computer that only you use.
Using common information for your password is not secure — such as your birthday, initials, kids’ birthdays, names, etc. And no, “password” is not a safe password.
Using the same password for everything is a bad idea, because once that password is discovered, a thief has access to all your accounts.
Source: Lifehack.org

Sunday, June 10, 2007

Hacking of CM's Website - Kerala Police sought INTERPOL help

The Kerala Police have sought the assistance of the International Police Organisation (INTERPOL) to track those who behind the hacking of the official Website of Kerala Chief Minister www.keralacm.gov.in.

Hackers had inserted links to objectionable contents in the CM’s Website. New topics were created in the Discussion Forum and links to certain websites with objectionable contents are inserted.

The Website was hacked by unidentified persons four times recently. The Hi-Tech Crime Enquiry Cell of Kerala Police with the help of C-DAC Cyber Forensic Division Experts traced the IP (Internet Protocol) Addresses. These addresses are located in the US, Russia and China. Meanwhile, the official Website run by C-DIT has been pulled out from the World Wide Web for an overhaul.

Source: Newindpress

Monday, June 4, 2007

വിഎസിന്‍റെ സൈറ്റ് ഹാക്ക് ചെയ്തു



തിരുവനന്തപുരം: മുഖ്യമന്ത്രി വി എസ്‌ അച്യുതാനന്ദന്‍റെ ഔദ്യോഗിക വെബ്സൈറ്റ്‌ നാലുതവണ ഹാക്ക്‌ ചെയ്യപ്പെട്ടതായി വെളിപ്പെട്ടു.സൈബര്‍ ക്രൈം സെല്‍ ഇതേകുറിച്ച്‌ നടത്തിയ അന്വേഷണം എങ്ങും എത്തിയിട്ടില്ല.മുഖ്യമന്ത്രിയുടെ സൈറ്റിന്‍റെ പരിപാലന ചുമതല സിഡിറ്റിനാണ്‌.

കൃത്രിമ പാസ്‌വേഡ്‌ ഉപയോഗിച്ച്‌ വെബ്സൈറ്റിലെ വിവരങ്ങള്‍ മാറ്റുകയും പുതിയവ തിരുകി കയറ്റുകയും ചെയ്തിരുന്നു. സൈബര്‍ ക്രൈംസെല്‍ മേധാവി ഐ ജി ലോക്നാഥ്‌ ബെഹ്‌റയുടെ നേതൃത്വത്തില്‍ അന്വേഷണം പുരോഗമിക്കുന്നുണ്ട്‌.

മൂന്നാര്‍ ദൗത്യസംഘത്തില്‍പെട്ട ഐ ജി ഋഷിരാജ്സിങ്ങിനെ കൊന്നുകളയുമെന്ന ഭീഷണിയും മുഖ്യമന്ത്രിയുടെ വെബ്സൈറ്റില്‍ പ്രത്യക്ഷപ്പെട്ടിരുന്നു. വധഭീഷണി അയച്ച മേല്‍വിലാസത്തെ കുറിച്ച്‌ അന്വേഷണം പുരോഗമിക്കുന്നു. എന്നാല്‍ അന്വേഷണത്തിന്‍റെ കൂടുതല്‍ വിവരങ്ങള്‍ പറത്തുവിട്ടിട്ടില്ല.
Source: MSN India

AddThis Social Bookmark Button

Friday, June 1, 2007

Internet Spam King Robert Soloway, 27 was arrested by US Police


A man nicknamed the "spam king" for allegedly sending out millions of junk e-mails has been arrested in the US.
Robert Soloway, 27, was arrested in Seattle, Washington, after being indicted on charges of mail fraud, identity theft and money laundering.
Mr Soloway allegedly sent millions of e-mails on hijacked computers. Using computers secretly infected with orders to send out millions of his e-mails. Such computers are known as "zombies" because their owners often have no idea they have been hijacked for another purpose.

According to prosecutors, Mr Soloway was responsible for tens of millions of unsolicited e-mails promoting his own company between November 2003 and May 2007.
He is said to have frequently changed the web address of his internet marketing business to avoid being caught.
A US lawyer said Mr Soloway was the first person to be prosecuted for sending out spam e-mails using federal laws against identity theft.
Prosecutors want to seize the sum of $773,000 (£391,000) that Mr Soloway is said to have made from his firm.
If convicted of all the charges, he also faces a fine of $250,000 (£126,500) and a maximum prison term of 65 years.


Video on Robert Soloway Arrest.
Source: BBC News

AddThis Social Bookmark Button

Recent Comments