Friday, October 31, 2008

Piratebay talk - How to dismantle a multi-billion dollar industry

I was at HackInTheBox 2008 Conference and attended the talk from Piratebay guys and they talked about their experience about going to prison, fighting with cops, getting into legal problems and how people supported them so well.. I suggest you see this full video, it was awesome because they said screw you to everybody who came to bother them and they are up, running and growing so fast.



Piratebay rocks!!!

-Abhiz

Sunday, October 19, 2008

Seminar on privacy and data protection in Cyber Space

I attended the Seminar on Privacy Rights and Data protection in Cyber
Space yesterday at KLE Law College in Bangalore, The seminar was
organized by KILPAR and DSFI in association with KLE Society, Law
College, Bangalore.

The Seminar was about the new bill that is
going to be debated in the Indian Parliament about Privacy Rights and
Protection of Data. There were some really cool presentations on the
topic both technical as well as Law side. I gave a small presentation
about Privacy Incidents happening around in the real life and How
important it is to have a law that governs the rights of Indians. My
Presentation will be up at their website soon.

This was a
wonderful experience as even top lawyers were present to debate and
discuss their issues and points of conflicts in the current bill which
needs to be addressed. The great thing about this seminar was the
points of concerns being discussed will be forwarded to the government
which will help them to make appropriate amendments.

Oh yes, 17th October 2008 is also the Digital Society Day :)

-Abhiz

Powered by ScribeFire.

Wireless Security still lacking in mumbai, Survey Report

Deloitte has done a survey of Wireless devices
in Mumbai and wow the results are still alarming for the law
enforcement agencies even after the shocking terror activities. People
are just not willing to secure their wireless devices with WEP or WPA.

The key findings for the survey are:
1) Of the 6729 wireless networks seen, 36% appeared to be unprotected i.e. without any encryption,
2) 52% were using low level of protection i.e. Wired Equivalent Privacy (WEP) encryption.
3) Balance 12% were using the more secure Wi-Fi Protected Access (WPA).
4) This makes 88 % of the observed wireless networks relatively easy to compromise.

There
is a lot more to be done in mumbai because I remember going wardriving
around the city a few years back and got so many open wireless
connections that there was no need to buy internet connection at home
just sit in the car and do your stuff.

This is surely a
challenge for the law enforcement agencies, The ISP's should educate
users to secure their Wifi connections and there has to be a regular
audit from the ISP side to make sure the wireless devices in their
networks are using some sort of authentication. We can always argue
that even WEP can be cracked in a few hours and the same holds true for
WPA and WPA/2 which was recently cracked up to the speed boost of
10,000 times with the use of Nvidia Graphics card.

It is a
challenge to make all the wifi owners to fix their wireless devices but
with the proper help from ISP it should become easier but it is a task
government needs to take up.

-Abhiz

Powered by ScribeFire.

AntiVirus, IDS's all are prone to False Positives - AVG, Dragon and Snort

Today one of my machine with AVG Antivirus started to flash some popups
in quick succession and it was telling me that a few threats were
detected while they are trying to execute. it was Zone Alarm firewall
starting up during windows boot.

I knew there should be an
update to fix it and updated my AVG signatures immediately and those
popups stopped and Zone Alarm started, so that machine was again
protected. But I didn't like a few things that happened, AVG completely
stopped zonealarm from running so during the time updated AV signatures
were downloaded and installed my machine was unprotected. Again ideally
Firewall should have a priority over antivirus but the other way is
happening and very important when AVG is not allowing zonealarm to
start it should stop internet but thats an overkill.

More False Positives in IDS's

Writing
about AntiVirus false positives reminds me of IDS's which are one
biggest source of false positives. There is a larger problem with IDS
regarding False Positives, I have worked on multiple IDS's and SIM
products and it all the same.. everything is full of false positive.
for eq. Dragon IDS detects "uname" as a potential attack even when it
is running against a windows machine. Infact at one instace one of the
user was visiting wayn.com and orkut.com and just for the reason that
the developers of these websites used "uname" as username parameter in
the HTML that used to download when a user visits these two websites
and wow Dragon started to flash attack all over the place but it was
just a browsing activity.

I have worked on Multiple ID's and
Dragon is one IDS which I never want to work with, there is so much
tweaking to be done to supress false positives. Enterasys Dragon needs
to improve alot. Maybe till then you can try opensource snort or better
off SourceFire which has cool RNA and Defense Centre.

-Abhiz

Powered by ScribeFire.

PAPER on Threat Modeling

Adam Shostack from Microsoft has written a very good paper on threat modeling.

This paper is written in context of the Security Development Lifecycle used and developed by microsoft

-Abhiz

Powered by ScribeFire.

Saturday, October 11, 2008

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Malware protection over the Cloud by McAfee

Over the Cloud Malware scanning is first from a security company, the credit goes to McAfee, They have been pushing quite hard to get to the top position in the security space and I am pretty much sure they are the first ones to get malware detection over the cloud.

They talked about the over the cloud malware detection a few months back but wow they have delivered it, its out there now.

The Project is named Artemis.

“One of the things Artemis provides to researchers is very clear telemetry on active malware campaigns, and I want to share a few interesting examples. All the “measles maps” below show a one-day period and were all taken at the same time earlier today.”
Some other trivia details about Artemis:

* Queries are not sent for every file, just the suspicious ones.
* It will probably be invisible in the consumer products. (It’s a special driver.)
* A query and a response is around 340 bytes.
* It’s checksum/fingerprint independent, too.
* Actionable responses are cryptographically strong.
* Telemetry can be used to prioritize sample processing.
* Today Artemis should gain about 1.5 million new users.

You can find the blog posting McAfee Security Insights blog and Project Artemis can be found here.

-Abhiz

Tuesday, October 7, 2008

Ganguly Announced Retirement

This was a decision everyone knew was coming, but no one expected it to come when it eventually did.

Sourav Ganguly [Images] sent shockwaves throughout the country when he announced his decision to call it quits after the upcoming four-Test series against Australia[Images].

The decision, which comes just two days ahead of the high-profile series against Australia, beginning on Thursday, caught everyone by surprise.

"This is going to be my last series, I have decided to quit," he told reporters in Bangalore on Thursday.

"I have told my team mates before coming here that this four-Test series would be my last. I thank everyone for the support they have given me. I hope I will end my career on a winning note," the former India captain added.

Ganguly was a surprise inclusion in the squad for the Australia series after being left out of the Rest of India team for the Irani Trophy match against Delhi [Images].

"Honestly, I didn't expect to be picked for this series," said the left-hand batsman, who aggregated less than 100 runs in the recent series against Sri Lanka [Images].

The 36-year-old Bengal stalwart, who staged a spectacular entry into Tests with a debut ton at Lord's in 1996, made a storming return to the five-day game in South Africa [Images] in late 2006 after losing his place earlier that year.

He amassed over 1100 runs, with 239 his career-best score against Pakistan in Bangalore in late 2007, at a fantastic average of 61.44 last year, which compares very favourably with his career average of 41.74 in 109 Tests.

He was unable to maintain that high in the current year, though he came up with important knocks, like the 87 against the visiting South Africans at Kanpur, that helped India level the three-Test rubber in April.

This, however, was followed by his poor run in Sri Lanka, where his best score was 35 in six innings.

Ganguly is among the few Indians who have played over 100 Tests but has a poor record against Australia, especially at home, where he averages only 27.35 in nine matches, with a best innings of 66

-Abhiz

Powered by ScribeFire.

Saturday, October 4, 2008

Diapose your old IT equipments properly

Check out ebay and there are lots of old Firewalls and other hardware
waiting to be sold. We have seen in the past when old second hand hard
drives were bought on ebay and then data recovery was performed which
did land up giving up a lot of juicy information and many a times
government details were found which was very critical and did raise
data privacy concerns but this same ebay experiment was performed on
other hardware device which was a Cisco VPN box and guess what ? The
device was configured to connect back directly to the previous owners
VPN device without any authentication. the previous owner was none
other than Kirklees council. The new owner had complete access to the
Kirklees Council network which is a big threat concerning the data they
would have stored on file servers.

So friends please make it a
habit to shred the data, wipe disks according to DoD standards and
reset other devices to default configuration so that such blunders
don't happen with your company.

Read the story here

-Abhiz

Powered by ScribeFire.

Phishing Protection in GMail - Red Warning Google

Spam and Phishing attempts can be found in abundance on the internet
and here I got one from alert@google.com which originally seems to be
coming from 193.67.82.17 IP and the hostname of this IP is veronica and
the username is anupam.

So this guy anupam@veronica is an Indian Spammer but anyways the interesting things about the email are :

1) The email was in my spam folder - Good spam detection
2) Phishing attempted detected - SPF is working for me and Google
3) Red Warning label to make me aware that it is a phishing attempt. - New and Nice feature

The
red warning does not show up when you receive a spam email but it shows
up when an email is being forged and to enable the check your domain
must have SPF checking enabled. You can look at my previous post on how
to enable SPF for Google Apps.

You can see the screenshot of the new red warning phishing notification from Google.

It is not of great help to the geeks but of course for the normal human beings it is definitely a good feature.

Powered by ScribeFire.

PCI Standard 1.2 goes live today

Payment Card Industry Security standard today goes live with version
1.2 which some important changes. This revision was based on feedback
from the corporations and it also incorporates some relaxation to the
Security folks on Firewall rules review etc.

There are lot of
speculations and questions when relating to terms and statements used
in the old PCI standard which includes 1.1 and the PCI standard 1.2
tries to clarify the requirements rather than just beating around the
bush and tells the companies what to do and what they expect. For eq.

1) Firewall rules can now be reviewed in 6 months rather than the current 3 months /quarter.
2) Then every Wireless implementation should be with WEP / WPA encryption.
3) Risk based approach to patch management rather than deadline patching.
4) Penetration testing can be done internally no need for external third parties (cost saving).
5) Policy to outline and keep a check on Managed Security Services providers.

The standard can be found at PCI Security Standards Website.

-Abhiz

Powered by ScribeFire.