Level: InfoSec - Information Security

Schools Kill Creativity

2011-11-09T03:44:00.000+05:00

Fake login

2011-07-20T14:23:00.000+05:00

Dear Reader Please be aware!!!
Today i received a mail which is pasted below.... Dont click Secure Login it will redirect to fake page.
------

ALERT < noreply-85949345d1@googlhelp.com>

THIS IS A WARNING MESSAGE ONLY

Dear gmail user

We detected an unsuccessful login attempt from an unfamiliar location. For the security of your account Kindly re-login below

Secure Login:
http://fberror.comli.com/mail/mail.html

The Gooogle Team

-----

Regards

Hassan Ijaz
IS analyst
Secure People

Setup for Python development in Windows

2011-02-04T19:05:00.001+05:00

Resources for compiling and executing .py files (listed in order of installation) :

python setup: http://www.python.org/download/
pyhook: http://sourceforge.net/projects/pyhook/files/
pywin32: http://sourceforge.net/projects/pywin32/
py2exe: http://sourceforge.net/projects/py2exe/

Python provides the quickest way to develop a key monitoring and logging utility for security applications. It should be kept in mind that in windows such a utility has some dependencies too which need to be installed first.

Android x86 1.6 and 2.2 on AMD K6-2 CPU

2011-02-02T01:31:00.002+05:00

Just tried running the Android x86 ISO obtained from www.android-x86.org after putting it on a USB.

It appears that the AMD K6-2 does not meet the requirements of the android kernel.

On loading there is an error mentioning something like this: Obtain a kernel appropriate for your CPU :(

On enabling the Debug option while loading it from the Live USB it further shows: cmov instruction unavailable.

Basics of Digital Forensics for Popular chat clients (software)

2011-01-26T01:26:00.007+05:00

SKYPE
User Contacts Storage Location:

(Can be accessed without logging in)

There is a config.xml file stored at the location X:\Documents and Settings\windows_user_name\Application Data\Skype\skype-login_name\

I found my config.xml on Windows 7 in the following path:

C:\Users\<user name>\AppData\Roaming\Skype\<skype ID>\

There is an xml tag for each contact the user has and also a 4 byte ID is stored inside the tag.

For example the data of 2 contacts abc and xyz will be stored like this:

<CentralStorage>
<SyncSet>
<u>
        <abc>ab1122aa:2</abc>
        <xyz>aabb1122:2</xyz>
    </u>
</SyncSet>
</CentralStorage>

In newer versions of Skype the contact list is also stored on a central server.

GOOGLE TALK

User Contacts and History Storage Location:

(Can be accessed without logging in)

On Windows 7 the contacts can be easily found in the file called “vcards” located here:

C:\Users\AppData\Local\Google\Google Talk

Along with emails this file also contains their nick names and id of their selected avatars along with information when it was last updated.

All this is stored in vcard compatible format.

The chat logs can be found here:

C:\Users\AppData\Local\Google\Google Talk\chat logs

YAHOO MESSENGER

Chat History Message Archive Storage Path:

If the user has enabled this feature in options then it can be found here:

C:\Program Files \ Yahoo \ Messenger \ Profiles \log

On default it is the following option:

Yes, save all of my messages, but clear them each time I sign out (this is the Default Setting)

But these are in a encoded format (.dat file). Users can see the names of contacts who chatted but the actual contents are not properly visible.

Different free decoders and recovery software are available that can help in viewing the file details without logging in to yahoo messenger.

EKIGA

Local Contact Storage:
(Available without logging in)

On windows 7 I found “ekiga.conf” stored at the following path:

C:\Users\AppData\Roaming

Specifically here:

<schema>
<applyto>/apps/ekiga/protocols/accounts_list</applyto>
<type>list</type>
<default>(I found my account name and password here in clear text without logging in)
</schema>

WINDOWS LIVE MESSENGER

Contact List and User data Storage:

(Can be viewed without signing in but contacts are encrypted)

A complete Communication events log was found here, although communication content was not present:

C:\Users\AppData\Local\Microsoft\Messenger\ContactsLog.txt (On Windows 7)

Contacts Storage Path:

By default on windows 7 Live messenger contacts are stored in encrypted format “contacts.edb” at this path:

C:\Users\<user name>\AppData\Local\Microsoft\Windows Live Contacts\{aaaaa…..some long number….}\DBStore

AES 128 bit encryption is used is used on these contacts

3D CAPTCHA - The Future of CAPTCHA

2011-01-04T00:45:00.001+05:00

I was searching for CAPTCHA that is very hard to break. While searching I came across the following sites which shows a very nice way to evade attacks:
One of those was the one by OCR Research Team
Link: http://ocr-research.org.ua/teabag.html

I also found an open source project on google code that still seems to be in initial development though its first version is available for download at: http://code.google.com/p/3dcaptcha/

Another very different technique was also found. It is claimed that this technique is very resistant to automatic decryption.
Link: http://spamfizzle.com/CAPTCHA.aspx

A Guide to Understanding Flowcharts

2011-01-01T14:30:00.004+05:00

(Source: InfoCaris)

Information Security by Artificial Intelligence (AI)

2010-07-31T01:32:00.000+05:00

Some thoughts about Information Security through Artificial Intelligence.

The system should be capable of making a wise decision even if directly coded instructions are not available pertaining to the situation at hand.
The Artificially Intelligent system must have some means to actually enforce the decision.
Its decisions should take into account time constraints and disturbances in its environment.
Should be capable of applying all possible prevention, detection and recovery mechanisms.
One higher level objective should be hard coded other than protecting data such as, giving human safety the highest priority.
There should be a hidden and distributed way to override its decision in case of malfunctioning.

Skyfire 2.0 only for Android for now, where to get it for windows mobile and symbian?

2010-07-21T21:59:00.002+05:00

Important Note: Even though you will be able to download and install Skyfire in any region but to make it work you need to have an IP of a region where it is still supported on your mobile device. For this you can use a proxy service or setup a VPN on your Internet/WiFi Access Point which may be a computer.

Skyfire, my favorite and in my opinion the best mobile/PDA browser is now at its version 2.0 but sadly this new version is only available for Android users.

Windows Mobile and Symbian users have the option to download Skyfire 1.5

If you are at a place outside America and Western Europe then you may have noticed the following note being shown instead of the download link for Symbian and Windows Mobile:

Skyfire 1.x is not available in your country

This is because Skyfire 1.X is no longer supported outside of North America and Western Europe effective July 1st, 2010.

So if you want to download Skyfire for your Symbian and Windows Mobile from a location outside then here is the link to Softpedia page containing direct links to the installer files:

http://handheld.softpedia.com/progDownload/Skyfire-Download-71164.html

Open Security Architecture (OSA)

2010-07-20T02:56:00.000+05:00

Have you heard of OSA?
Its the Open Source alternative to architectures that lead you to developing secure systems.

The architecture proves its value by providing all in one control catalog, visual patterns to be used in combination with control catalog and best of all its open source.

All of these resources can easily be found at http://www.opensecurityarchitecture.org

How To Access Internet in BackTrack 4 OR How To Setup Network in Backtrack 4

2010-07-17T19:31:00.005+05:00

Having problem accessing the internet from backtrack? Well, its not that difficult. Here I mention some easy ways:

Access Internet Using WiFi:

Just after you enter the command startx you should start the terminal and enter /etc/init.d wicd start to start the Wicd daemon.
Now you can just access Wicd Manager from BackTrack> Internet menu. This manager is an easy to use GUI so I suppose you will figure out what to do next.

You may also try the command dhclient to auto assign names and addresses using DHCP

Using Ethernet:

First of all try to enter this /etc/init.d networking start in terminal

After that if you have a DHCP server running then you can just enter dhclient and all will be done.

Otherwise if you want to setup ethernet (I assume eth0) manually you may follow this:

ifconfig eth0 up

ifconfig eth0 up ( to see its current address status)

ifconfig eth0 [your ip] netmask [subnet mask] ( to set your IP and subnet mask manually For example, ifconfig eth0 192.168.1.10 netmask 255.255.255.0)

route add default gw [gateway ip address] eth0 (to manually configure default gateway. For example, route add default gw 192.168.0.1 eth0)

echo nameserver [DNS server IP address] (to manually adding DNS server. For example, echo nameserver 192.168.0.1)

Congratulations on completing the first step because accessing internet is just the start in BackTrack :)

Start Learning Pentesting and Ethical Hacking

2010-07-17T18:17:00.001+05:00

Hi,
If someone wants to educate him or herself in the field of Pentesting and Ethical Hacking then I suggest the book, "Hacking Exposed: Network Security Secrets & Solutions" as a good starting point to get the technical know-how and idea of evolution of these techniques.

I myself also used its 5th edition to research and prepare presentation on Remote Connectivity and VOIP Hacking as a part of my studies in the subject of Network Security

Hacking Exposed: Network Security Secrets & Solutions 6th Edition: http://amzn.com/0071613749

RSA Animate - Drive: The surprising truth about what motivates us

2010-06-30T15:41:00.000+05:00

A very nice video clip on youtube shared with me by my friend.

This video really takes us through an investigative but fruitful journey about what actually motivates us to achieve us either in a routine job or a contest or any other event in our life.

It also illustrates the force behind OpenSource development

It also demonstrates giving a free hand occasionally generates big creative ideas and employees should not be worried in any way about getting paid to be most productive.

Feel free to comment out your thoughts :)

Google PowerMeter

2010-06-26T18:30:00.000+05:00

Google PowerMeter uses AuthSub tokens to handle uploading data from a device to Google. It is expected that there is a 1:1 relationship between a device and its AuthSub token. A device with multiple variables of data would still have a single AuthSub token.

An AuthSub token allows the holder of the token to impersonate a specific user but only for specific operations on specific URI paths (or path prefixes) which are defined at the time the token is created. For PowerMeter, the token will be based on the PowerMeter id of the user who is signing up for the service and the URI path prefix for access will be based on the parameters passed to google during device activation.

For example, the URI that google creates could be something along the lines of:

https://www.google.com/path/to/variable/stuff.suffix

where:

https://www.google.com/path/to/variable/stuff is the URI prefix for storing the user's data for this device
.suffix is unique for each variable that was created for the device. All devices must have at least one variable and the name corresponds to the type of the variable requested, e.g. "c1" for the first cumulative variable.

The AuthSub token validates the URI up to (but not including) the .suffix portion, which is why every device must have its own token and why a single device can have multiple variables.

Pranav Mistry: The thrilling potential of SixthSense technology

2010-06-09T18:40:00.000+05:00

Pranav Mistry: The thrilling potential of SixthSense technology

Physical Security presentation from SlideShare

2010-02-03T01:52:00.001+05:00

Found this on Slideshare and wanted to share.

Physical Security Domain

View more presentations from amiable_indian.

MIND MAPS

2009-10-28T00:36:00.001+06:00

Browsing through CCCURE's website a few days back, expecting to find some new questions for quiz I came across this very interesting Mind Mapping website:
http://www.mindcert.com

This website has mind maps for ISC2, Cisco, Ethical Hacking and many other mind maps for certifications.

Mind maps for many domains of CISSP are accessible via this page:
http://www.mindcert.com/category/mind-maps/cissp/

These may help you organize what you have learned so far.

What is a Mind Map?
A mind map is a diagram used to represent words, ideas, tasks or other items linked to and arranged radially around a central key word or idea. It is used to generate, visualize, structure and classify ideas, and as an aid in study, organization, problem solving, and decision making.

Welcome

2009-10-24T14:05:00.000+06:00

Welcome to my new Information Security blog.
Enjoy!