Quantifying your WEB SECURITY

This small presentation will sail through a set of questions for any web/Internet user and will mark for every question as the user decides to answer.The safety score as it ends up lets the user know of where he stands in terms of IT SECURITY on the web!!!!

Making GOOGLE search safe for Kids : Two steps

1.    Invariably in most of the homes barring few...the desktop or the laptop is shared by all...including your enthu and school going kid.Today Google has become part of our lives...be it office or home or school lessons..it is always there.But at times it may become embarrassing when some inappropriate content is shown in presence of your kid while searching for something that your search may not be connected with at all.At these times there are basically two steps to more safe surfing.Google has given this in settings, but by default they are off.Though Google does not promise that after configuring in the way presented below,the content flashed is guaranteed to be safe but yess...it will be much filtered and safer...

First Google search configure :

Goto http://www.google.com/preferences

and check the option to Turn on SafeSearch to filter sexually explicit content from your search results as shown in the screen shot below :

CLICK ON IMAGE TO ENLARGE

Second step is to configure your youtube settings.

Goto http://www.youtube.com/

and move to the bottom of the screen and check the option to Turn on safety mode to hide videos that may contain inappropriate content flagged by users and other signals.

CLICK ON IMAGE TO ENLARGE

Zoomed portion shown below :

CLICK ON IMAGE TO ENLARGE

A video screen cast of both the settings shown below vide youtube :

DON'T FORGET TO CLICK THE SAVE OPTION AFTER CHECKING THE OPTION

Browser fight continues : CHROME continues topping too!!!

1.    Not long back we all have seen or might have experienced when violent and pornographic images were fed across facebook profiles of FB friends without the knowledge of the online FB user when he used to simply click on a tempting link!!!!All that happened owing to so many malwares but the exact launching vulnerability was indeed in the BROWSER!!!!!

2.    The openweb is full of options for seemingly good browsers viz Mozilla Firefox, Google Chrome, and Microsoft’s Internet Explorer. But who is the best?.....though when u google u find so may individual claims but third party tests are always welcome on such issues...specially when they have huge evidence to support....like few years back I posted on ACID3 test for the browsers...this one comes from Accuvant...and its actually huge in terms of a conclusive report that's 139 pages in toto......:-)

3.   The full report can be accessed by clicking here...so the Accuvant study revealed that Chrome ranks as the most secure web browser when compared to Internet Explorer and Firefox. Interestingly, German government named Chrome the most secure browser, perhaps lending weight to the study. 

4.   The criteria to test these browsers included factors like ASLR,GS,Sandboxing,JIT Security etc as shown below :

(CLICK ON THE IMAGE TO ENLARGE)

5.   Please google if you wish to know the criteria factors mentioned above in the image.Thanks http://www.accuvant.com/

The Lightest Browser : BROWZAR

1.  In the world of browsers when we have chrome...mozilla...safari...opera..and many others.fight it out at ACID3 benchmarking levels...we have a small browser here....thats only in KBs....by the name of BROWZAR.Few good things and features are mentioned below :

-  Takes seconds to download

-  No installation

-  No registration

-  One of the smallest, fastest browsers in the world

-   Just download and go

-   Doesn't save Cookies, History, Temp files, Passwords, Cache

-   Secure delete

-   Great for Banking and Cloud applications

-   Carry it with you on a USB stick

-   Great for shared computers

-   Use it on a friend's PC, Internet Cafe, Work PC, on Holiday

-   Automatically cleans up when you've finished

-   Only 222Kb...u read that right!!!only 222Kb

2.   Test and Download at http://www.browzar.com/.

Snake oil Cryptography

1.     While reading a post about unhackable codes here , I came across a interesting term know as SNAKE OIL CRYPTOGRAPHY......as Alex Gostev, chief security expert at Kaspersky Labs, dismissed ENIGMA-DS "snake-oil cryptography,"....so found out in brief from wiki...where else!!!

In cryptography, snake oil is a term used to describe commercial cryptographic methods and products which are considered bogus or fraudulent. The name derives from snake oil, one type of quack medicine widely available in 19th century United States.Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user. 

2.  Thanks WIKI

LogMeIn HAMACHI

1.   The law of market keep seeing fights to be at par with each other ie DEMAND & SUPPLY.Today when security in IT is a burning issue,we have so many utilities floating that there is no way one can be trusted blind foldly.Here come another security utility that actually stands out to work in a direction not taken up by so many prominent software security utillities in market.This is HAMACHI

2.   Hamachi is a nice ,free 2 try,tool that connects two computers via the internet by creating a virtual private network (VPN) and protecting it with proven industry-standard encryption algorithms.This will ensure that all communications between the two PCs at a time are safe from the spying eyes.It easily sets up in 10 minutes, and enables secure remote access to network, anywhere there's an Internet connection.The basic advantage that immidiately stand out are :

-   LAN over the Internet - Arrange multiple computers into their own secure network, just as if they were connected by a physical cable.

-   Files and Network Drives - Access critical files and network drives.

-   Zero-configuration - Works without having to adjust a firewall or router.

-   Security - Industry leading encryption and authentication.

-   Cost Effective - Free for non-commercial use.

3.   It features a simple interface that enables to create personal safe networks in just a couple of steps. Also the connection is conveniently protected by an AES-256 algorithm.The problem lies that it supports only chat....and not yet what we desire most ie "FILE SHARING".A new,nice attempt to take on security but still a long way to go....

4.   Thanks https://secure.logmein.com

nVidia GeForce GPU cracks six character password in four seconds

1.  An nVidia GeForce GT220 graphics card, which costs about £30, is capable of cracking strong passwords in a matter of hours. Security experts were able to crack a  6 character password in 4 seconds, a 7 character password in less than 5 minutes, and 8 character password in four hours.So guys ...have mentioned it so many times earlier...even a password upto 14 character in length has been shown easy to crack when i discussed at a post here about one year back....so better take care of ur passwords...small case with few caps and special characters with numbers upto a length of 10-15 should do it for the time being....things r getting nasty in the hacking world.....take care....

2.  more about this at...here...here...here....here...

MAKE incognito YOUR DEFAULT SETTING

1.    We all know how to browse hidden ie Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Commonly it is known as "incognito" or "privacy browsing".......an avid user of chrome ....I always had to open the browser and then select "New Incognito Window" to work...but not till today....a simple amendment in the target setting of properties of chrome shortcut will always make you open the incognito window......simply append "--incognito" at the end of the link address as shown below : 

C:\Users\???????\AppData\Local\Google\Chrome\Application\chrome.exe --incognito

2.    More clearly ...right click on the chrome shortcut on the task bar or on the desk top and click properties.In the target text box append "--incognito" to what is already there defining the location of the chrome browser....

3.     Thats it......

Here comes Trojan-PWS-Nslogm to steal Passwords and credentials from Mozilla

1. I am sure we all endeavor to keep the antivirus updated,keep the OS patch updated,keep cleaning registries,keep cleaning browser history at regular intervals,keep ensuring regular complete scan of the precious PC Machine that we own....we all do this to ensure that we r safe while we browse...now read further to find out how it all goes in vain even with the best and leading browser company......

2. Antivirus company Webroot have identified an information extracting trojan, which alters a Firefox file, so that the browser stores passwords automatically.The trojan is named as Trojan-PWS-Nslogm and is capable of stealing usernames and passwords stored by both Internet Explorer and Firefox browsers.By default, whenever Firefox detects that login credentials are submitted through a Web form, it offers to remember them for future use.When this happens, the user is presented with several options which include "Remember", "Never for This Site" or "Not Now". If they choose remember, the browser stores the username and password in a local database.Since it's easier to steal credentials from this database instead of injecting the browser process and grabbing them as they are submitted, the author of this trojan thought it would make more sense to have Firefox remember all passwords without asking users for confirmation.To achieve this, he created a routine to patch the nsLoginManagerPrompter.js file in the Firefox installation by adding new code and commenting out some already existent lines."The Trojan then scrapes information from the registry, from the so-called Protected Storage area used by IE to store passwords, and from Firefox’s own password storage, and tries to pass the stolen information onward, once per minute," Andrew Brandt, a malware researcher at Webroot, explains.

3. The password stealer installs itself in the c:\windows\system32 folder as a file called Kernel.exe. The captured data is send to a command and control server via a deprecated ActiveX control called msinet.ocx.

4. So kya solution hai?...whats the solution to this?...simply stop using internet....just joking...solution being worked out still at FIREFOX labs.Thanks http://news.softpedia.com