Best IT SECURITY INFO & NEWS SItes

1.         IT Security enthusiasts guys/girls always keep looking forwards to discovering new sites that keep them enriched with latest happenings in the buzzing IT SECURITY world...I am listing out a list of sites that I keep abuzz with.These are not necessarily in the order of my preference or have any kind of ratings or ranking....but a whole lot of enriching info is available for every cyber security guy!!!

http://www.schneier.com/

http://thehackernews.com/

https://www.privacyrights.org/

https://www.owasp.org is specific to web application security subjects

http://www.itsecurity.com/

http://technet.microsoft.com has more of MS related aspects

http://csrc.nist.gov/

http://www.sans.org/

http://www.securityfocus.com/ : by Symantec

http://www.cert.org/

http://www.scmagazine.com/

http://www.securityweek.com/

http://nakedsecurity.sophos.com/

http://www.darkreading.com/

....surf few of them and enrich your self!!!!all the best

DAEDALUS : Monitor Cyber-Attacks Realtime 3D way

1.    Whether it is the Die Hard ver 4.0 movie scene or Mission impossible recent one or any hi tech cyber movie....we have have all seen the mega sized dark halls equipped with gigantic screen displaying all sorts of real time ridiculous hacker related information and monitoring tracks of the enemy or the protagonist....so how good or effective or even real are these in the real sense....can some thing like these seen and shown over years on the silver screen be REAL....yesss...first watch this video and then read few points as bought out below :

2.   A company in Japan named NICT just unveiled a system dubbed Daedalus that will revolutionize the way companies and even countries can monitor cyber-attacks in full real time 3D representation.The key features about this is bought out as below :

- Daedalus is not only a way to monitor cyber-attacks from outside, but also what’s going on inside it. 

- So if someone receives an email with a virus for example, the system can quickly identify the IP address that is currently spreading it and shut it down immediately.

- The NICT recently gave a demonstration and tracked 190,000 IP addresses in real-time  

- Daedalus can monitor multiple entities at once and get notified, once again, via 3D graphical representation when a cyber-attack occurs. 

- This is not only when it happens, but instantly where it happens and who the attacker is.

3.      So when the objective is envisaged on a higher scale....ie the complete global internet monitoring.....will this be the start to control spam(90% of mails exchanged on the web is spam)....or will this be able to control cyber attacks across.....well not a bad start to a start whose objective is MISSION IMPOSSIBLE type...another thing that may have come to your mind is about the name...of all what does Daedalus mean?...well in Greek mythology, Daedalus means "Clever Worker"

4.  Debriefed from http://www.bitrebels.com/technology/daedalus-3d-cyber-attack-alert-system/ and http://www.nict.go.jp/

Security Design @ WebHosting

1.  At a time today when new websites are being hosted at quite a pace,proportional is the pace of hacking and defacing of these websites.Today you have a website maker in the market who may simply demand some Rs 500/ per page design and few more hundreds for hosting it...and we all are ready to do pay him....but at what price....is it simply the final handing over taking over of the password that closes the deal between you and the designer/hoster?....NO....I rate it equivalent to the toss....thereon the match begins.....just a matter of time depending on what all security parameters/variables/factors you took into consideration while designing it?

2.  Specially concerned with web sites who have E-Commerce and transactions or who deal with handling database of huge sizes which can be critical later on, if compromised any time.The following factors should be noted down and infact dealt with seriously to be kept on high priority while designing and final hosting :

- Password /Data Protection : You must have a sound password and methods to protect all the DATA in place.

- OS/Server hardening : You use a windows or a linux....rest assured you must always used a hardened OS/Server.

- OS Selection : Create and design on any OS...today you can launch it on web.A more vulnerable OS which has had a history of hacks and known exploits should be avoided.

- DDoS Protection : Shared hosting servers are vulnerable to attacks by hackers who carry out their work by uploading malware or otherwise malicious sites or code onto a server. These malware programs be introduced to a server through security vulnerabilities in a legitimate client’s site, and the malware is used for anything from stealing credit card data to launching a DDoS, or Distributed Denial of Service attack.So think before you fire up your site.

- Spam filters : No explanations

- Firewalls : Must...so many types in market : Decide like what you r going to select a HARDWARE FIREWALL or a SOFTWARE FIREWALL.The selection is of crucial significance in deciding the overall security rating!!!

- BACKUP : You must have a way to keep backing up all your data.Some ploicy should be designed of what happens if owing to some kind of reason you loose all ur data....mirror or offline backup!!!!anything...but keep in mind.

- SSL enabled server : MUST

- SFTP: Though FTP is not that bad....but when SFTP is there....y bank on a relatively lower secured protocol......

ANDROID APPLICATIONS CLONED : Developers make it spam

1.    The latest to add on to the growing web of spams is repackaged android applications.....though till now most of the descried repackaged applications are not reported to have any malicious code in them and also like the genuine ones they are also made available for free. These effected applications have the same module as the original, but include an advertisement module ,thus developers of these apps try making money off the clicks on the advertisements.

2.   The thing is easy on part of the developers since it is easier on thier part to just fiddle with original Android apps which are written in Java and are, therefore, easily cloned.....

3.   Thanks www.f-secure.com

SYMANTEC SPOTS ONE INTERESTING E-MAIL CAMPAIGN

1. A fresh spam outbreak has been detected online that's drawing attention widely and effects users with e-mails laced with malicious software. Reportedly, there's one web-link embedded in the spam messages supposedly providing details, while the same messages try to pull down a .zip file attachment.The interesting aspect regarding the new spam mail relates to the inclusion of a password that the recipient earlier used.Now if I see a passowrd which at one point of my cyber surfing I had used it is bound to stirr up doubts of it being actually genuine.Once i donwload this zip file ,the eventual aim is achieved ie downloading the inevitably malware.

2. Reportedly, the malware as mentioned above has been identified as Trojan.Zbot or Zeus a Trojan which tries to grab secret data after compromising an end-user's PC. Further, it may take down updates and configuration files online, according to Symantec.

3. Additionally the e-mail ids and their corresponding passwords within the above unsolicited electronic mails, arrive from one prominent social gaming website, known internationally and currently being most widespread inside Asia.

4. Hence, Symantec advises all those who think they've fallen prey to compromised accounts to scan their PCs with an AV program followed with resetting all vital passwords, particularly online banking passwords. Additionally, they must also keep a watch over their accounts should they suspect any fraudulent operation.

5. Thanks http://www.spamfighter.com

Operation Pay Back & LOIC

A good one to read about the link between Mega D Botnet,Operation Pay Back with the aid of LOIC @ here

Is ur Account Hacked ?- Common ways u get compromised.

1.    There is no doubt on the fact that Google users are growing phenomenally.....and with this growing rise also comes the phenomenal rise and ways to get compromised or become a botnet.Thus a Google Account is also valuable for spammers and other unknown citizenry looking to impair you with ur personal info and data on ur pc and account inbox. It’s not so much about your account, but rather the fact that your circle of relatives and friends see your Google Account and mails from it as reliable.

2.   Nothing new about this but the most common ways hackers can login to your Google password are:

• Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.

• Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.

• Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.

• Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“ujjwal3008”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “dosa” for “What is your favorite food?”

3.   Another common error that we all unknowingly is that we keep the password same for multiple accounts on yahoo,gmail,blumail and so on.......put on ur thinking caps......if one account linked to other user name is compromised ....then in a way all are....

SPAM UNSUBSCRIBED IS SPAM SUBSCRIBED

I am sure you would all have recieved all types of spam mails at one time or the other on daily,weekly or on some periodic basis.Now there is an interesting thing about these spam mails.When you recieve a mail and you declare it as spam,it goes to your spam box which you keep clearing every now and then.Any time you try reading any such mails you would often come across “TO UNSUBSRIBE CLICK HERE”.Here is the trick of the spam generator.Any time you click this you confirm to the spammer that this is an active e-mail id.This way though you may unsubscribe the spam from that particular spammer but the spammer gets to know that yours is an active email id and he sells…..i REPEAT….he sells your email id to another spammer with the guarantee that yours is an active email id or a genuine email id.Most of the spammers…i mean the originators send the spam mails to randomly computer software generated email id’s and of these all when u click from your particular id to unsubscribe they get to know that one of these email id’s is genuine and active.Hence the more you unsubscribe the more you get subscribed to.So friends….dont unsubscribe….!!!!!!