BOY in the BROWSER attack

1.  Funny names keep propping up...and keep getting accepted too...first it was Man in the Middle attack....then Man in the Browser...and now comes Boy in the Browser attack....actually, is a trojan that reroutes its victim's web traffic information through an attacker’s proxy site.  ....a cool video here explains it in a simple language....

Resurgence of Boy-in-the-Browser Attacks

View more videos from Imperva

HUMANE COMPUTING

1.  The cyber space keeps coming up with such new terms and will continue doing so for years to come.So this is one term I heard of when I recently got an opportunity to attend a Two day symposium conducted by CSI ie COMPUTER SOCIETY OF INDIA,Indore Chapter.The Computer Society of India is the first and the largest body of computer professionals in India.

2.  So whats exactly HUMANE COMPUTING to which even google has limited answers....what i could gather from the forum which was presided by distinguised and expert speakers is produced below in as brief to understand possible words.

3.  The concept would be easier to understand with the help of few examples cited by the speaker :

-  Firstly imagine one typical branded washing machine getting faulty after few months of completion of warranty.Is it typical? or could it have been programmed to do so intentionally?

-  Secondly ,remember the movies I-Robot@Will Smith or Robot@my favorite Rajini Sir......both the movies revolve around the protagonist struggle to control his creation, the  robot whose software was upgraded to give it the ability to comprehend and generate human emotions.....so in both the cases laws of robotics failed and the plan back fired!So both the movies were based on imagination that may be possible in future...both were runaway hits...

-   Thirdly, the matrix series(triology)...that depicts a future in which reality as perceived by most humans is actually a simulated reality created by sentient machines to pacify and subdue the human population, while their bodies' heat and electrical activity are used as an energy source. So the lead computer programmer is drawn into a rebellion against the machines, involving other people who have been freed from the "dream world" and into reality.

-   Fourthly....any time a computer programme is made ...the code is written...so many aspects are considered at design level but any where is human thought process or kind of human psych is involved?.....no!!!m sure on that...windows or linux OS has got nothing to do with human emotions....person who is drunk and is in inebriated state would be able to conduct some kind of damage via the system that he might not have attempted if he was not drunk!!!!!

4.   So by giving these examples here I am trying to make you think the reverse way....@we all are getting IT/Computer savvy in our life but when we see it from the top...do we need to become COMPUTER SAVVY?...or it should have been the reverse way...the gadget/IT around us should have become HUMAN SAVVY....u might need to read this sentence twice since I might have just pinged ur thought process and not actaully conveyed the actual meaning.The field is actually just setting in and will take much time to evolve.....its neither black nor white...its just grey...and its upto the present genre of scientists and developers to actually start sorting out black and white!!

5.   "The term Humane Computing comes to encourage study of ethics, empowerment,empathy, equality, environmental sustainability with reference to the use of technology. Since it involves coming together and study of humans as well as computers, it involves technical as well as soft subjects and diverse disciplines

ranging from computing technology to soft disciplines like sociology, psychology, education, medicine, behavioral science and communication theory. The study of Humane Computing will be able to provide insights, which may make it possible to bridge the digital divide and which may help tilt the usage of computing in a direction, which makes it work for promoting ethical practices."

6.   So thats HUMANE COMPUTING in the most grey manner...the field as on date is not even an understood thing but yes...the field is enough to create a mind start thinking of ahead ie FUTURE....

THE TOR PROJECT

1.  Privacy is really becoming a big and serious issue and no one knows what all is all set to come ahead.For now I came across and even started using TOR.For the bigger details you need to visit the site at https://www.torproject.org/.I got aware of this at the ANKIT FADIA WORKSHOP@INDORE

2.  For the in brief , point wise detail that just scroll down to get a brief overview :

KEY FEATURES

- Tor is free software made under www.torproject.org/

- Helps defend against network surveillance that threaten personal freedom and privacy.

- Protects by bouncing your communications around a distributed network of relays run by volunteers all around the world.

- Prevents somebody watching your Internet connection from learning what sites you visit

- Prevents sites you visit from learning your physical location.

- Works with web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

- Individuals can use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers.

- A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently.

HOW/WHAT IT DOES?

- Actually a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

- Based on "Onion routing" that simply refers to original data being encrypted and re-encrypted multiple times.

- It is then sent through successive Tor relays, each one of which decrypts a "layer" of encryption before passing the data on to the next relay and, ultimately, its destination.

- This reduces the possibility of the original data being unscrambled or understood in transit

- Enables to create new communication tools with built-in privacy features.

- Provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

3.  Thanks https://www.torproject.org and Ankit Fadia

ANKIT FADIA @ INDORE 19 FEB 2012

1.   The Sunday that was@ Ethical Hacking Workshop by Ankit Fadia Indore....is all I have to say now after a great great lively interactive (with demonstration) workshop with Ankit Fadia at Indore here...right from 10 in the morning to 1810h in the evening.This was my second workshop with him and this guy is only improving from his own earlier version for much better.The best thing about him is that he keeps it very very simple to understand for those who wish to.....and tops it with simple demos which actually make the thing go in the mind.Last I attended him at Adobe.

2.  I would always recommend all the young techo enthusiasts across not to miss attending any of his workshops if he is in your town.He never wastes a moment....never takes any unnecessary breaks in between...no calls....all for you...the best part....he is so down to earth...no frillls......grt....for now I will start reading so many new things and terms that I got introduced owing to him......

3.  Thanks Ankit....and all the best!!!

HOW TO ACCESS THOSE SITES(BLOCKED BY UR OFFICE)?

1.    It is so common to see and hear that offices and corp-orates block ur most desired websites....so the smart ones try using proxy.....but what to do when even those proxies are so configured that u cannot access.....here goes step by step

- Suppose ur office has blocked yahoo.com.

- Goto Command prompt and type ping yahoo.com

- You get the yahoo ip ie 209.191.122.70(it may be different for you)

- Now convert these 4 octets into binaries with the help of a calculator in programmers mode.

- So u get 

209 @ 11010001

191@  10111111

122@  1111010

70 @   1000110

- Now place zeros in front of octet converted binaries who are not complete 8 in number count 

- So it becomes 11010001101111110111101001000110

- Now convert this to decimal again  and u get 3518986822

- Go to the browser and write http://3518986822

Thats it..kaam khatam....all the best....

UNDO A SENT EMAIL :YES,IT IS POSSIBLE!!

1.   Ever thought like u shouldn't have sent that mail....or u sent it too early....like all things u can do UNDO in your PC and various applications...can u do it in EMAIL?......the answer is YES.....

2.   The feature is currently available in Gmail and Blumail only.How?...it goes like this

- Log into your GMail account

- Go To mail settings tab.

- Click on Labs

- Scroll down u will find UNDO SEND

- Enable it.

3.  That's it.Actually the feature sends the mail about 5 seconds late so just in case u immediately realize that u send it too early or should have sent it later.....u still have control over it.So when u click send a small link appears that says "UNDO"...click on it and that action will not conclude...ur email remains safe with you.... 

POWERFUL THAN ADMINISTRATOR ACCOUNT : SYSTEM LOGIN

1.  So here is something unheard to those who thought that ADMINISTRATOR was the king of the respective PC account.So for those who think so...ever thought why r u unable to fiddle with system files when u r the owner... that's because there is a SYSTEM account over and above the administrator who can delete the administrator account!!!!yes u read it right....so how do u get to the system account.I am giving it a step by step attempt here with screen shots!!

2.  Firstly...get to your desktop and see ur user name...mine is windowsxp ie a user account with admin priveleges as shown below :

3.    Secondly,get to the command prompt and create a schedule to run cmd.exe as follows :

at 14:51 /interactive “cmd.exe”

*** The time mentioned here can be a minute or two ahead of whats the time u doing this action.

 4.   You can check schedule by typing “at“ and hitting enter after the above step.

5.    Now Wait for the time you set for the schedule and u see that cmd.exe would be launched at the specified time and a subsequent command prompt windows will open automatically.

6.    Now go to ur desktop without closing any window and reach the task manager and kill the explorer.exe file under the process tab.

7.    Close the first cmd window and not the second one.

8.    Reach the root directory by pressing cd\

9.    Type start explorer...thats it...now u logged in as the System.....as shown:

 10.   Point to note :

- This is only for educational and info pupose.
- Never attempt it on a live system.
- Always do it on a virtualbox or Virtual machine or virtual PC.

11.   Thanks http://alieneyes.wordpress.com

Single malicious document can expose your whole LAN via ur trusted MFD

1.   "Imagination is the key to Success" in the world of IT....specially applicable to the world of cyber crime....this one i read at one of my fav news feed destinations at http://thehackernews.com...now when we keep covering up the PCs with ideas like antivirus/anti-malware and all sorts of anti's and virus'cides....this thing has come up fresh.....attack the LAN after altering the firmware of the masoom MFD ie multifunction device.Sequence of the main article at http://thehackernews.com is produced below :

- At Chaos Communications Congress (28C3) 

- Ang Cui presents Print Me If You Dare

- He explained how he reverse-engineered the firmware-update process for HPs hundreds of millions of printers

- He showed how he could load arbitrary software into any printer by embedding it in a malicious document or by connecting to the printer online. 

- Performed two demonstrations 

- In the first, he sent a document to a printer that contained a malicious version of the OS that caused it to copy the documents it printed and post them to an IP address on the Internet.

- In the second, he took over a remote printer with a malicious document, caused that printer to scan the LAN for vulnerable PCs, compromise a PC, and turn it into a proxy that gave him access through the firewall.

- Actually found a method to exploit the firmware update capability of certain Xerox MFPs to upload his crafted PostScript code. 

- Was able to run code to dump memory from the printer. This could allow an attacker to grab passwords for the administration interface or access or print PIN-protected documents.

2.  So now start taking care of your firmware updates of your MFDs......

3.  More at http://thehackernews.com.

CHROME INSTALLATION ISSUES IN UBUNTU : SOLVED

1. Recently tried installing Chrome browser in Ubuntu 11.10....so I downloaded the .deb file and tried installing it from the terminal via this command

sudo dpkg -i './Downloads/google-chrome-stable_current_i386.deb'

...which showed some error in between installation and came out on the terminal prompt....

2. So googled and found this solution that involves prior installing of few library files as follows :

sudo apt-get install libnspr4-0d libnss3-1d libxss1 libcurl3

this command will install the missing lib files and then on it is the repeat of the earlier command ie

sudo dpkg -i './Downloads/google-chrome-stable_current_i386.deb'

3.   Should solve...let me know if u have any thing unsolved!!!

AVOID OPENING MULTITABS IN BROWSERs

1.  Has it ever happened that you get a mail in one your various Email IDs from Facebook or some other site that you never linked up with....?I am sure if you are a regular browser on social networking sites,this must have happened once...and it must have kept you thinking...HOW ??

2.   This happens when you have that email id open in some other tab and your Facebook account open in other...typically in a multitab session wherein you have opened many sites under one browser in various tabs..... that's when info gathering sites get your email id and things related to their interest.....TAKE CARE