After What's APP : Now WeChat threat!!!!

1.  Few backs earlier I wrote a post about Security Issues in Whatsapp here. Now exactly on the same lines there is a proven issue on Wechat....

2.  WeChat gained an immediate success the moment it was launched few months back in India.Every one was so happy to adopt it in their respective androids but it seems that the application is not so secure as hackers have been able to bypass the security mechanism to decrypt the messages sent using the app and China could be potentially spying on Indian citizens...
 

3.   Rest ditto from Parity news at http://www.paritynews.com/2013/08/26/2487/wechat-is-a-threat-to-national-security-claim-researchers/

According to a couple of young researchers, Jiten Jain and Abhay Agarwal, the free messaging app doesn’t employ the best of encryption and security technologies, which leaves personal information of its users vulnerable to theft. To prove their point the researchers went onto demonstrate the ease with which the messages sent using WeChat can be decrypted, indirectly indicating that foreign governments could be doing the same thing for spying and surveillance purposes.

The researchers were discussing the potential risks to privacy of users because of surveillance techniques employed by service provides across the globe at The Hackers Conference in New Delhi India on August 25. The researcher duo claimed that app from Chinese Internet Giant Tencent is threat to national security.

Jain and Agarwal claimed that not only can the Chinese government access the chat logs, but they can also access each and every detail about users stored in their smartphones – ranging from contact lists, messages, calls, geographic locations, etc.

One of other points raised at the conference was that the Indian Government is not able to successfully utilize the vast potential of security researchers in India. The Government has failed to secure its websites never mind the security of the whole nation. Researchers present at the conference stressed for the need of raising awareness about security within government establishments and masses in general.

Researches urged the government to strengthen the security of its websites as well as digital data by grooming in-house security experts as well as by availing help from industry experts present in India.

4.   In fact the duo did not hold back to say that it is a severe national threat...and I agree to their view...but who cares!!!!elections are coming...we are not even bothered about so many internal threats...external is out of purview!!!!!SAD.

Finding Maximum frame size on the Network : PING makes it easy

1.   We know how to get the IP address of any website...we simply need to ping it.For example if we need to know the IP address of a website ie www.somesite****.com...then we only need to ping it....like shown in the screen shot below :

2.   So we get the IP address of the web site at www.somesite****.com as *.*.*.*....But if we need to know the maximum frame size that this can handle...what's the way out ?...ping will be able to assist us here too...we need to add some switches to it...so the next command goes like :

ping www.somesite****.com -f -l 1500 and we get this as the output :

3.   The display Packet needs to be fragmented but DF set means that the frame is too large to be on the network and needs to be fragmented.Since the -f switch is used,the packet was not sent and the ping command returned with this error.

4.   Now instead of 1500...type the same command with the attrib as 1300 like ping www.somesite****.com -f -l 1300

5.   So here we have got a bracket of size ie the maximum packet size is more than 1300 and less then 1500 bytes...so keep trying with values between 1300 and 1500 till ur reach the exact breaking point wherein the message in the ping display changes...so here the border line at which the message changes is shown in the screen shots below :

6.   So for the given www.somesite****.com ,the maximum frame size on the machine network is 1472 bytes....

7.  If you wanna try this in your network,then the 1300-1500 set that I have used may be different...so first you need to figure out those boundaries yourself!!!!!

Wanna sync Two Harddisks / Two Folders : GRSYNC is there for you!!!!

1.   I have two harddisks of 500 gb and I have loads of data in both...but i could never find out time to set my data at one place and then make a clone kindda or a bakup of the other...it is a herculean task if you keep updating your one harddisk regulary...so the crude rule says that you must copy the updated folder to the backup drive and then keep replacing the older one's....but if the data is too much and the files are in thousands and you have lesser time wouldn't you like to simply click one button and auto syn the complete folder or the harddrive at one go!!!!!What if you have the following GUI that give a whole lot of options to play around...like in the screen shot below :

 

 

2.  Isn't this simple and great...no need to bug yourself trying to find what was old and what is newer...what to keep and what not to keep... you simply see the options above and you will be able to figure out how helpful this utility can be if u have not been suing this till date....The best part is that it is very simple to use.

3.   Grsync is a Graphical User Interface (GUI) for the rsync synchronization tool under Linux / Unix System. There are also ports of Grsync on Windows and OS X platforms. Grsync is released under the terms of the GNU General Public License (GPL), so it is free software, and makes use of the GTK+ UI toolkit. In addition, it has support for the Unity user interface. It can be effectively used to synchronize local directories and supports remote targets (although in a limited way).

How do u install this in FEDORA ?

 4.   A simple type yum install grsync with root privileges will do the needful.....

Reduce Tracking/Increase Privacy : Start Mozilla in PRIVATE MODE by default

1.   Earlier in one of my posts I had shown on how to start chrome in "INCOGNITO" mode to avoid any cache storing and also at the same time remove cookies at the end of the session....the following steps make way to start the mozilla browser by default in a private mode.

2.   As shown in the screen shot below...go to the Edit drop down menu and select preferences and then go to the privacy tab and select NEVER REMEMBER HISTORY

(Click on the image to enlarge)

(Click on the image to enlarge)

(Click on the image to enlarge)

 3.     The video cast below :

If u r Google Service User : Don't EXPECT any Privacy@MISINTERPRETED!!!!!

1.    For about last 4-5 years ,we have come across many debates about how so many companies are minting our private data and associating that with third parties to create a profile based marketing environment in and around the naive user....and except for the few white papers about the technicalities involved in doing this ...max of the companies had denied mincing with privacy..but actually they were just mincing with words to have their way inside the privacy den of each user!!!!and now the big revelation from Google comes as part of small news...and that says 

"Google Tells Court You Cannot Expect Privacy When Sending Messages to Gmail -- People Who Care About Privacy Should Not Use Service"

But it seems that the meaning has been mis interpreted....

The complete extract available here at http://www.consumerwatchdog.org/resources/googlemotion061313.pdf

2.      Isn't it a big news otherwise!!!!but the news has been put across the web as just a small snippet news....

"Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979). In particular, the Court noted that persons communicating through a service provided by an intermediary (in the Smith case, a telephone call routed through a telephone company) must necessarily expect that the communication will be subject to the intermediary’s systems. For example, the Court explained that in using the telephone, a person “voluntarily convey[s] numerical information to the telephone company and ‘expose[s]’ that information to its equipment in the ordinary course of business.” 

 3.      Now this declaration by Google has two connotations : one from point of view of a user who is only concerned about his private life,his social exchanges with friends,relative and office staff...and then the other point of view has a deeper meaning to it.The line highlighted above has been widely misinterpreted to make it seem like Google is saying Gmail users have no expectation of privacy when they use Gmail. To clarify and paint a better picture,Google's argument is about non-Gmail users who haven't signed Google's terms of service. It's right there in black and white — the heading for the section literally starts with the words "The Non-Gmail Plaintiffs."

 4.     But that does not mean the gmail users can take a back seat and relax about being safe again...the issue is too complex to have a clear cut YES...OR NO....the surfing goes on.....

Being CEH : Certified Ethical Hacker V8

1.    After CCCSP,,my efforts to clear a EC-Council exam finally paid off....and today I passed my CEH V8 exam....the feeling of being a CEH is yet to set in...but yess!!!it feels good to clear a exam which has good repu in the security world....one thing I would like to share is that though the exam covers nearly all domains and spheres of security and hacking but still ,end of course does not mean that a guy can hack into any site and create havoc...but yess it does make you understand the nuts and bolts of how one can do it...and more importantly from a CEH point of view...what and where are the vulnerabilities?

2.  CEH is all about offensive hacking.The amount of tools that are available today in the open source world is mind boggling...and the best part is the course ware that the student gets...its great!!!!I can just say that...it all comes with a set of 6 CDs which have thousands of PDFs and tools.If one starts doing each and every practical aspect of this course-ware it will take more than a year to assimilate and do it on a VM platform...so that is definitely going to keep me busy.The best part is that all this is explained with screen shots and step by step instructions.

3.   As i keep doing these practicals on my VM...will try certainly uploading and sharing with you guys!!!!will get my hard copy of the certificate in a few weeks from now...anxiously waiting!!!!

Lure of a FREE PEN DRIVE : MALWARE'd

1.   If you are one of those guys who are regular to attend workshops, seminars, product launches , lectures...you must have got varying opportunities of getting hold of freebies in form of bags,brochures and PEN DRIVES....yess m sure the last one is a pure lure and most of the times everi one of us falls for it...be it a small capacity or a large capacity...the hand does not think twice before picking it up....but does any one of us realise that it may be these pen drives who become the first source of uploading some malware or a virus in your PC or laptop...the moment it is plugged in .....the machine is compromised.....unless the autorun is disabled...which in most of the cases is not.....

2.  The concept of zero day exploits has made it more dangerous....coz even if the user decides to run a antivirus scan...it will be shown free of any kind of virus or malware...the result is a silent compromise of the machine...however updated it remains in respect of OS or browsers or any application....the silent action in the background defies every lock of the user.Now all this is not based on some kind of imagination...there have been real life cases of which the one which made lots of noise is the IBM-AusCERT conference on the Gold Coast, Queensland, in which the free pendrives were infected by not one, but two pieces of malware.The details available at this link http://nakedsecurity.sophos.com/2010/05/21/ibm-distributes-usb-malware-cocktail-auscert-security-conference/

(CLICK ON THE IMAGE TO ENLARGE)

3.   In what must have been a highly embarrassing admission, IBM Australia sent an email to all AusCERT attendees warning them of the security screw-up...as shown in the screen shot above...besides this the famous stuxnet example was via pendrives lure....so if this is happening at such high levels of interactions,can the workshops u and me attend be left behind!!!!no way....so whats the way out?....best way is to buy one from a genuine store...(not sure how clean will that be?)...or still better refrain your self from picking one free pendrive.

Pirate Bay Web browser : Yess!!! it's here....

1.   This is another tool to make you access that you cannot.Majorly known for allowing movie downloads,the pirate bay has launched this browser to celebrate its 10th anniversary....PirateBrowser is a bundle package of the Tor client (Vidalia), FireFox Portable browser (with foxyproxy addon) and some custom configs that allows you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The Netherlands, Belgium, Finland, Denmark, Italy and Ireland impose onto their citizens...

The website at http://piratebrowser.com/ says "PirateBrowser - No more censorship!"

2.  We all have heard of TOR...so you configure that TOR more tightly and should be able to access what is not allowed....while it uses Tor network, which is designed for anonymous surfing, this browser is intended just to circumvent censorship — to remove limits on accessing websites your government doesn't want you to know about....

3.   But except for few of security guys and some extended circle of those guys...the general crowd would still keep using the chrome and Internet browser.....because most of them do not understand the long term effects of invasion of privacy and neither anyone is interested!!!!

CARRY ON....SURFING!!!!!!more at http://piratebrowser.com/

ARACHNI Web Scanner

1.    When we start finding vulnerabilities in a web application,either we have a option to do it manually by putting in hours of patience and grilling or we generally hear the commonly used tools like Acunetix and few other online scanners...or for may be afford a luxury like IBM - Proventia Network Enterprise Scanner ..but there is an open source tool option to Acunetix. Takes lil bit of time but the amount of options that it offers are huge...and gives a great report that is exhaustive.

2. Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

3.   Arachni is a fully automated system which tries to enforce the fire and forget principle. As soon as a scan is started it will not bother you for anything nor require further user interaction.Upon completion, you will be able to export the scan results to several different formats (HTML, Plain Text, XML, etc.).Few useful pointers about details of this good scanner : 

Download from         -  http://www.arachni-scanner.com/download/

Homepage                 - http://arachni-scanner.com

Blog                          - http://arachni-scanner.com/blog

Documentation          - https://github.com/Arachni/arachni/wiki

Support                     - http://support.arachni-scanner.com

GitHub page              - http://github.com/Arachni/arachni

Code Documentation - http://rubydoc.info/github/Arachni/arachni

Author                     - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)

Twitter                    - http://twitter.com/ArachniScanner

4.    To use Arachni run the executables under "bin/".

To launch the Web interface:

   cd bin

   ./arachni_web in a separate terminal

and ./arachni_rpcd in a separate terminal

Default account details:

    Administrator:

        E-mail address: admin@admin.admin

        Password:       administrator

    User:

        E-mail address: user@user.user

        Password:       regular_user

5.    For a quick scan: via the command-line interface:

    bin/arachni http://test.com

6.     For detailed documentation see:        http://arachni-scanner.com/wiki/User-guide

Creating ISO images in Linux : FEDORA 19

1.  Few useful commands to create ISO images in linux :

First install mkisofs from root by typing :

yum install mkisofs

In most of the recent linux distros...this would invariably be pre-installed...the above command will work for yum installations

If u require to create an iso file from a directory containing other files and sub-directories via the terminal, you can use the following command:

mkisofs -o image.iso -R /path/to/folder/

An example is shown below : here YOURFILE is the name of the ISO image that will be created and then is the route where the data is stored.

mkisofs -o YOURFILE.iso -R /run/media/kurta/CEH\ Tools\ Vol-1/

Making GOOGLE search safe for Kids : Two steps

1.    Invariably in most of the homes barring few...the desktop or the laptop is shared by all...including your enthu and school going kid.Today Google has become part of our lives...be it office or home or school lessons..it is always there.But at times it may become embarrassing when some inappropriate content is shown in presence of your kid while searching for something that your search may not be connected with at all.At these times there are basically two steps to more safe surfing.Google has given this in settings, but by default they are off.Though Google does not promise that after configuring in the way presented below,the content flashed is guaranteed to be safe but yess...it will be much filtered and safer...

First Google search configure :

Goto http://www.google.com/preferences

and check the option to Turn on SafeSearch to filter sexually explicit content from your search results as shown in the screen shot below :

CLICK ON IMAGE TO ENLARGE

Second step is to configure your youtube settings.

Goto http://www.youtube.com/

and move to the bottom of the screen and check the option to Turn on safety mode to hide videos that may contain inappropriate content flagged by users and other signals.

CLICK ON IMAGE TO ENLARGE

Zoomed portion shown below :

CLICK ON IMAGE TO ENLARGE

A video screen cast of both the settings shown below vide youtube :

DON'T FORGET TO CLICK THE SAVE OPTION AFTER CHECKING THE OPTION

Fedora Security Labs

1.   The Fedora Security Lab provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.

2.    The spin is maintained by a community of security testers and developers. It comes with the clean and fast LXDE Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system. The Live image has been crafted to make it possible to install software while running, and if you are running it from a USB stick created with LiveUSB Creator using the overlay feature, you can install and update software and save your test results permanently.

3.    Download the .iso file from http://spins.fedoraproject.org/security/#downloads

Here in the video below,basic running of the lab along with inside features available inside are shown...

4.    More at http://spins.fedoraproject.org/security/#home

Your ANDROID APPLICATIONS : Mining your profile

1.    It is common for us to hear a company promoting its phone or tablet showcasing that lakhs of android applications are available for free...and the poor(???) customer generally falls for it...so he buys the device and immediately starts exploiting the world of millions of applications on the net and the Google play store...now off course Google just does not upload a application for download once the up loader does his part of the formalities and registration...it checks under its set of QRs if the application is ok from the point of being malicious in nature or not but that does not always works....so many times android applications even in the Google play-store have been found to be suspected...now lets keep suspected apart...does the typical user even checks the terms and conditions of any application before installing?...the blind rule is JUST ACCEPT IT!!!and this goes against the user...this allows invasion to privacy...why should a company ask to access your phone contacts..your location..your system settings...your configuration settings before it allows to install it application on your device...BUT NO ONE THINKS ABOUT THIS!!!!

Back in February of this year, Google announced it was hardening its stance on Android security, unveiling an app-scanner (codenamed Bouncer) to weed out malware uploaded to Android Market (now Google Play) through automatic scanning. Since then, Google has taken more steps to protect Android users: it acquired VirusTotal back in September and in Android 4.2 Jelly Bean introduced an optional app verification feature that enables users to identify dangerous and potentially-dangerous apps on their devices, even if they downloaded them from the Web or got them from an app store other than Google Play.

How have Google’s efforts to combat Android malware been working out? Perhaps not so well. Security researchers were quickly able to analyze how Bouncer operated and find easy ways to circumvent Google Play’s automated scanning — techniques publicly available now to malware authors if they hadn’t managed to think of them on their own. Further, Xuxian Jiang of North Carolina State University has published an assessment of Jelly Bean’s app verification capability. The results? Google’s app verification service identified just over 15 percent of malware samples thrown at it from the Android Malware Genome Project

Source : http://www.digitaltrends.com/mobile/who-can-fight-android-malware-not-google/

2.     Mobile malware is lately becoming a organised crime with complex sophistication in terms of tracking back....and this makes the attack surface for the hacker and the black hats more big and the user more vulnerable at the same time....The most common victim is the one who looks for free applications in various heads of education...technology and not to forget the games section which is a big hit among-st all...the users love the games for which he has to pay nothing and the attacker gets a lot of attack surface to play around...and then the DO IT YOUR SELF TOOLS again add to the attack surface.

WHAT CAN YOU DO TO AVOID THIS?

- Keep your android updated: Now in this case most of the devices till 4.2.1 may not support upgrades..but then you have to keep your fingers crossed!!!

- Refrain from android applications other then google play store.STill you have to be careful...wherever possible read the Terms and Conditions before installing

-  Avoid public open wifi connections

-  Limit your greed to free applications.You may google about the application on google before you install it on your device.

Fedora 19 USB automount doesn't work : SOLVED

Having installed Fedora 19 Schrodinger's Cat recently, a problem came up that the USB that used to get auto detected in earlier versions stopped working......and could not be seen anywhere in the file manager...and the disk showed the following screen which has no USB disk.

(CLICK ON THE IMAGE TO ENLARGE)

But the good thing is that on doing LSUSB at the terminal it was being shown as follows :

Bus 001 Device 002: ID 4033:0042 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 4051:0030 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 3d4b:0008 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1f6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0f6d:081b Logitech, Inc. Webcam C310
Bus 001 Device 004: ID 0c61:4d0f Primax Electronics, Ltd HP Optical Mouse
Bus 002 Device 005: ID 03f0:5201 Sandisk 

so mounted it the terminal way..

make a directory in home by the name of usb

mkdir usb

and

at the terminal type lsblk that will give you where to mount.In my case it is sdc1. My output comes as follows :

NAME            MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda               8:0    0 931.5G  0 disk 
├─sda1            8:1    0 488.3G  0 part 
└─sda2            8:2    0 443.2G  0 part 
sdb               8:16   0 465.8G  0 disk 
├─sdb1            8:17   0   100M  0 part 
├─sdb2            8:18   0   500M  0 part /boot
└─sdb3            8:19   0 465.2G  0 part 
  ├─fedora-swap 253:0    0   5.8G  0 lvm  [SWAP]
  ├─fedora-root 253:1    0    50G  0 lvm  /
  └─fedora-home 253:2    0 409.4G  0 lvm  /home
sdc               8:32   1    30G  0 disk 
└─sdc1            8:33   1    30G  0 part /home/kalama/usb
sr0              11:0    1  1024M  0 rom 

now at the terminal simply type

mount -t vfat /dev/sdc1 /home/kalama/usb/


thats it ..now it will start showing when you do df -h as shown below :

[root@localhost ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/fedora-root   50G  4.8G   42G  11% /
devtmpfs                 2.9G     0  2.9G   0% /dev
tmpfs                    2.9G  664K  2.9G   1% /dev/shm
tmpfs                    2.9G  968K  2.9G   1% /run
tmpfs                    2.9G     0  2.9G   0% /sys/fs/cgroup
tmpfs                    2.9G   36K  2.9G   1% /tmp
/dev/sdb2                477M  117M  331M  27% /boot
/dev/mapper/fedora-home  403G  173M  383G   1% /home
/dev/sdc1                 30G   16G   15G  53% /home/kalama/usb

Is PORT SCANNING legal in INDIA?

1.   The IT security guys have so much to experiment and learn vide unending open source information and tools available on the net.Be it BACKTRACK or Wireshark or Nmap or nessus or Canvas(not opensource) or a web scanner like Acunetix or Arachini and the list is unending....there is lots to do...but do we actually know that simply running a port scan on the internet is a crime in other parts of the world?

2.   In countries like Australia,UK , port scanning is recognized as a "potential attempt" to infringe on a system and that's a simple truth....no body would run such tools openly available without intent. Yess!!!...the intent can be educating self but the other side can be bad intent and no one can prove whats the intent inside the person's mind.It may change the moment he realizes he/she is caught.In the United States there is no need to prove intent and port scanning is considered illegal.So even installation of such tools is a crime.So if a naive script kiddie from India goes with his laptop to US with a virtual box machine holding a OS with a port scanner...he is a cyber criminal the moment he lands in the US.

3.   Today we in India do not have straight and clear laws defining whether running such tools or installation is a crime or not coz the whole thing is COMPLEX.The compliance laws across countries vary and that too drastically...it may be acceptable in a country like India and it may be serious offence in US.So seeing from the current state of affairs in India,it does not look like if a day will be near when such stringent guidelines exist in India to restrict all these uses and installations...or let it be restricted to professionals only.....but then who will define a Cyber Security Professional....CDAC or CEH or some other such agency....these institutes can be a critical node in identifying and certifying cyber security professionals to measure and endorse the intent...but at the end of the day we all are humans...and we know that "too err is human"....so a agency certified person finally has himself to decide whether he uses a black hat or a white hat!!!! :-)

4.   Meanwhile students and IT security enthusiasts should take care of running such tools on the internet coz these are serious tools who can break into some one's privacy...and if the victim gets serious after you...things will be bad enough to land you behind bars...so the best place to experiment with such tools is a virtual environment that can be available vide Virtual box or vmware etc....Security guys and enthus should be familiar with the excellent Open Source Security Testing Methodology Manual (OSSTMM), which provides best practices for these situations.

PLEASE TAKE CARE TO RUN THE CYBER SECURITY TOOLS BEFORE THE LAW STARTS RUNNING AFTER YOU