Social Icons

Showing posts with label twitter. Show all posts
Showing posts with label twitter. Show all posts

Friday, July 12, 2013

Hacked PC : I Don't Care attitude!!!!

If you feel that you are safe even with a hacked PC at home or office... because you think you don't have any thing to loose from your PC...or you feel that u simply share unclassified info on your PC..so even if it is lost there is nothing to worry.....please see this brief presentation....

Sunday, May 12, 2013

DATA CENTER's : THE INDIAN SCENE

1.   The phenomenal growth of data in India is rapidly evolving but where is all that data being stored?.....not a big deal to find out that all your FB profiles,your friends list, Google hangout circle of friends and all the enumerable social networking sites on the web stores your data across the globe but not in India....yes that's the truth...every bit of data that your profile holds is actually residing off shores ...what India might be holding is just logs of transaction via various monitoring eyes like CMS as discussed in last post!!!


2.   But actually what debar's any big company with a global presence to set up a data center in apna India...recently there have a explosion of many posts across the web o sphere citing the query of why is it so?...the reasons cited culminate on one reason and that's known as SECURITY....the non existence of "DATA PRIVACY LAWs" in India.....more over the fact that there is presently no existence of GIS routing of laid OFCs and cables maps though there are always plans and proposals for the future. The problem of underground OFC in and around NCR is such that companies are afraid to commit 100% availability of up time because your OFC can get damaged any time owing to so many under construction sites in NCR with dozers digging out OFC like Hollywood monsters.And these diggings are ever to continue coz still there are no laid down GIS mappings that can accurately predict the route and depth of laid out OFCs....and the most important I feel is the promise of state ELECTRIC POWER supply which is surely unreliable during any season....it is indeed surprising that power is still an issue in NCR towns!!!

3.   The future will always remains bright because we always have plans to remove all these problem areas but how and when remains a futuristic answer.GIS routing of cables is an imminent need and so are the data protection laws.By default as on date most of the data centres are coming up in Singapore.

"Singapore offers an ideal combination of reliable infrastructure, a skilled workforce and a commitment to transparent and business-friendly regulations" is how Google explains its choice of the city. Oracle cites "excellent telecommunications infrastructure and efficient, well-qualified manpower".

Much like India set up software technology parks to nurture its IT services and BPO industry, Singapore is setting up a 13-hectare Data Center Park and inviting companies from across the world. It already has some 20 data centre hubs and offers tax and other incentives.

Source here

Sunday, March 24, 2013

Twitter Session Cookie Vulnerability

1.    This one is pretty easy to show and understand..but the only thing not understandable is the fact that it actually exists even today.....so this one is about Twitter Session Cookie Vulnerability.I got to know of this at Null's delhi meet where Rishi Narang (http://www.wtfuzz.com/ )gave this demonstration of which I made a video cast subsequently and uploaded it here at your tube.


2.    In brief it goes like this...u login into your twitter account,an auth_token cookie is generated in the crowd  of various other cookies.Now this cookie only will be able to log you in your twitter account from anywhere across the web....simply watch how to exploit!!!!

3.   Thanks Rishi Narang @ http://www.wtfuzz.com/

Saturday, January 12, 2013

Malicious Shortened URLs : Rising Threat

1.     Internet today is all but a minefield of boogies,traps and malware.....every day so many threats are born....though most of them die but still a huge percent of them survive the security walls and become stronger by time as they are able to remain live and acvtive.In recent times shortened URLs have become popular amongst users (including me...:-) to conserve the typing space like in microblogging sites viz twitter etc.So typically a naive(???),prone user who submits his long URL to a site to get a shortened URL receives a second,specially coded shortened URL that redirects to the original URL.So here lies the weak hole that is most of the times exploitable by the attacker...because the actual destination URL is hidden in it....so going by the looks...there is nothing to worry...but it is the redirection that is a cause of worry...it may be right or may be redirecting to a malicious link....!!!!so when some one uses a free URL shortener ,he does not have control over that shortened link. And, should something happen to the provider of that URL shortener, then he risks redirecting ALL of shortened links elsewhere!!!

2.  We all know that clicking links is pretty tempting....so it is just a matter of one redirected malicious link click that makes the difference....so whats the solution????...actually companies like Facebook,Gmail, SBI, Paypal ,twitter etc are offering users the option of persistent SSL encryption and authentication across all the pages of their services including the login and all accessible pages.....but this does not stand good for all...for these sites also..it is optional to vide the settings for accessing....

Wednesday, December 26, 2012

DREAM JOB : Cyber Special Agent@FBI

1.    Came across this dream job kind job for a guy like me :-)......i got this from twitter handle @CcureIT

2.   Now this job is meant for US Citizens only...and any Cyber Security guy enthu about being savvy about making a career in cyber security should at least go through what they demand and what they offer....it's worth value addition to self in at least knowing what the best organisations demand in terms of QR for getting a job like this.All the details available at https://www.usajobs.gov/GetJob/ViewDetails/332166500?utm_source=dlvr.it&utm_medium=twitter#TopofPage


Thursday, December 20, 2012

TrueCaller : Is it Stealing your Info?

1.    TrueCaller is one famous application doing the rounds on Twitter Google+ Facebook Android Phones.The claim by the application goes like you login from either of the applications and you would be able to know the name of the mobile phone number owner by name.The claim actually stands right in over 90 % of the cases that I tried.This made me wonder how?...i thought like all those free forms that we keep regularly filling on the internet or some grocery shop for some free bundles or if TrueCaller has tied up with the mobile phone service providers?But then something happened that made me a little suspicious about this app.It so happened that I tried my mom's number on the application and so came the answer like "TIWARI MAM"....this made me think of how would the application know that my mom is a teacher...

2.   So I wondered if the application after installation on your mobile device actually makes all the contacts phone number available on the site with the name that I have typed against that number!!!So I tried mine which was not available, by the name "anupam CCCSP"



3.  Though it did not show promptly but after a day after I typed my phone number it came to be seen as "anupam CCCSP".So this actually means that the application is actually stealing and making my contacts info on my phone public!!!!...but then I also realized that it was me only who agreed to the terms and conditions while installing the app on my phone which most of us including me never read.

4.   So it comes actually to the naiveness of the common user who invariably without reading any of the terms and conditions agrees to install.....:-) 

Saturday, December 03, 2011

"LIKE" Button in Facebook : Tracks u!!!


1.   Internet users tap Facebook Inc.'s "Like" and Twitter Inc.'s "Tweet" buttons to share content with friends. But these tools also let their makers collect data about the websites people are visiting.

2.   These so-called social widgets, which appear atop stories on news sites or alongside products on retail sites, notify Facebook and Twitter that a person visited those sites even when users don't click on the buttons, according to a study done for The Wall Street Journal.Few things about these widgets :

- Prolific widgets

- Already added to millions of web pages in the past year. 

- The widgets, which were created to make it easy to share content with friends and to help websites attract visitors, are a potentially powerful way to track Internet users. 

- They could link users browsing habits to their social-networking profile.

- For example, Facebook or Twitter know when one of their members reads an article about filing for bankruptcy on MSNBC.com or goes to a blog about depression called Fighting the Darkness, even if the user doesn't click the "Like" or "Tweet" buttons on those sites.

- A person only needs to log into Facebook or Twitter once in the past month. The sites will continue to collect browsing data, even if the person closes their browser or turns off their computers, until that person explicitly logs out of their Facebook or Twitter accounts.

- Facebook places a cookie on the computer of anyone who visits the Facebook.com home page, even if the user isn't a member. 

Monday, April 04, 2011

Revenge : YouTube Style

1. Now this one is really good....we already know that IT has revolutionized our lives in so many aspects...all aspects like banking,office work,exchanging mails,,,blogging.....making a social networking identity....keeping updates etc etc...but how many thought out the way to take REVENGE in such a effective manner that the culprit bows down...and pleads GUILTY....GUILTY..... 

2. An original lift from http://www.securitynewsdaily.com is putup below for details.....


“A computer thief in Boston learnt the hard way that performing an embarrassing victory dance is not the best way to celebrate your crime.
After his MacBook Air laptop was stolen two months ago, Bentley University freshman Mark Bao took digital revenge, accessing a cloud server on which his computer’s data was stored to identify the culprit who’d taken his computer, Gawker reported.
According to messages posted on Bao’s Twitter account, Bao used the backup server Backblaze to download the thief’s Safari Web browsing history and Facebook profile.
The sweet revenge, however, came when Bao found a video the thief had made of himself dancing to the Travis Porter song “Make it Rain.” Bao uploaded the video to YouTube with the title “Don’t steal computers belonging to people who know how to use computers.”
The video, posted on March 19, quickly became a viral hit, and has been viewed more than 376,000 times. “Come on, if you’re about to record a video of yourself dancing on a stolen laptop, at least be good at dancing!” Bao wrote on Twitter on March 19.
From here, the story of savvy techie versus celebrating crook takes an unexpected turn. Embarrassed that his dancing routine was made public and open to ridicule, the thief returned Bao’s laptop to the police and wrote an email to Bao expressing his regret and asking for the video to be taken down.
In an email the thief wrote to Bao, which Bao then posted on Reddit.com, the crook said, “I know I am in no position for asking you for favors but Can [sic] you please put down the videos that you have put up of me. I know what I did was wrong and if I was a different person fine leave it up but I do have two Professional jobs that iif [sic] something like that gets leak I can get in more [sic] trouble and be more embarrass [sic] as well.”


3. So what does the episode mean…we should all start taking backups in cloud…or do we start using Backblaze or….or….or what?....the best way to keep out from this …is to KEEP A CLOSE TAG OF YOU LAPTOP……    Thanks http://www.securitynewsdaily.com

Sunday, February 06, 2011

Win32.Hlux : January 2011 " King of worms"


1.   Email-Worm.Win32.Hlux was talk of the E-town in January across the webosphere. This mail worm spreads via emails containing malicious links that prompt users to install a bogus Flash Player, supposedly to view an e-card. The link leads to a dialog window that asks if the user agrees to download a file. Irrespective of the response, the worm sets about to penetrate the system. In addition to propagating via email, Hlux also has bot functionality and adds infected computers to a botnet before connecting to its command center and executing its commands, which are primarily directed at sending pharmaceutical spam.

2.   Kaspersky Lab also detected a Trojan dropper masquerading as a key generator for the company's products. The old adage "There's no such thing as a free lunch" is particularly fitting here as the dropper goes on to install and launch two malicious programs. One of them steals program registration data and passwords for online games. The second is a backdoor that also has keylogger functionality.

3.   Kaspersky Lab also found the mass distribution of malicious short links on Twitter. After a number of redirects, the attention-grabbing links led users to a page promoting a rogue AV program.

4.   Apart from these two hardworkers(?????..i mean mal hardworkers) in january,the other shining star in the E-crime world is AdWare.Win32.WhiteSmoke.a which if clicked, will download a program that demands payment to rectify errors it supposedly detects on the system.

5.   More detailed report on http://www.kaspersky.com

Monday, February 15, 2010

WEB 2.0 SUICIDE MACHINE

1. An unheard term till now....WEB SUICIDE...what does it connote?


2. We all r slowly becoming addicted to internet for some use or the other...~85% of internet surfing being used for social networking..can u believe that!!!a number of identities on various social networking sites..orkut..facebook..twitter ,myspace,linkedin and the list is getting endless....and most of us are getting into habit of remaining online 24 hours...checking e-mails every 10-15 minutes or even less..frequently scraping to all friends....uploading pics on sites....and some one has realized that by doing so we all are missing on real people....parents,kids,wife and neighbours etc etc...thus has originated the concept of WEB SUICIDE......simply register with this site and u will kill,remove traces of each and every footprint u ever had on these sites....the name of the site is http://www.suicidemachine.org/

3. Extract from site

"Liberate your newbie friends with a Web2.0 suicide! This machine lets you delete all your energy sucking social-networking profiles, kill your fake virtual friends, and completely do away with your Web2.0 alterego. The machine is just a metaphor for the website which moddr_ is hosting; the belly of the beast where the web2.0 suicide scripts are maintained. Our service currently runs with Facebook, Myspace, Twitter and LinkedIn! Commit NOW!"

4. Well to some extent the intent is correct that we r slowly loosing on realizing the importance of physical world,but removing urselg from web.....hmmm!!!!!i m still a long way...how abt you?
Powered By Blogger