Pages

Sunday, September 05, 2010

INFECTED BY VIRUS?

If you leave your antivirus software down--or even if you didn't left it--it is very hard to tell that your computer is not infected by viruses. If you have left your software running and your computer is infected, then you must be shocked or you think of changing the software or any other thing.

If you have this problem? You must need to keep your software up to date if not then your pc wii get infected, you will loose yous data, and even your pc can get crashed. And in last you unknowingly curse your software but in fact that happened because of your carelessness.


I should not say that every system failure is due to virus or worms or trojans. If your system is slowing, hardisk filling rapidly, programs crashing. This can be due to your operating systems or badly written programs which have many security vulnerabilities rather than viruses.


Do not open any suspicious emails and other things while surfing the net which can make you virusfree.

If any tools like gpedit.msc, taskmanager, regedit won't run in your computer then your pc can be infected.


You can find many things which indicate that your pc is infected. If you are not using your internet and still there is a a lot of network activity it is a very good proof that you have been infected. You can have a good firewall which will ask you before letting anything leave your pc. Windows firewall lacks in this capacity.


You can also use windows task manager which shows various processes running in your computer. If you find any process suspicious just close it or use google to find what is it. You can also find it in services.msc which shows every services running in your computer.


You can change the programs which loads in startup. If you reduce the number of programs in start up your pc will load faster then with those and if those are viruses they will not load.


Once you are sure that your computer is infected don't bother. There are some steps which can minimize the damage depending the level of protection.


I will say “Shame on you” if you do not have antivirus program. If your using linux distribution i can't say that cause there are very less no of viruses as compared to windows. If you have antivirus software and if it had stopped working then update it while surfing net or have free online scan from different websites.

Have a good firewall and antivirus software. If you don't want to waste money on these then go for AVG free antivirus. And be sure that your antivirus software is up to date.



Posted by at No comments:

Friday, September 03, 2010

CHECK YOUR ANTIVIRUS SOFTWARE

After installing Antivirus software, you may not know whether it is working or not? If that's the problem then your answer is to test the antivirus software. You can test your antivirus software by just giving some time for it.

To test your installation, copy the following line into its own file, then save the file. More detailed instructions are found below.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

The file size will be 68 or 70 bytes.

If VirusScan is running and configured correctly, when you try to save the file, VirusScan will detect the virus. If VirusScan is not running, start it and scan the directory that contains that file. When your software scans this file, it will report finding the test file.

Note that this file is NOT A VIRUS. Delete the file when you have finished testing just delete the file.
Posted by at No comments:

Tuesday, May 04, 2010

Cracking Zip Password Files

Cracking Zip Password Files

What is FZC? FZC is a program that cracks zip files (zip is a method of compressing multiple files into one smaller file) that are password-protected (which means you're gonna need a password to open the zip file and extract files out of it). You can get it anywhere - just use a search engine such as altavista.com.
FZC uses multiple methods of cracking - bruteforce (guessing passwords systematically until the program gets it) or wordlist attacks (otherwise known as dictionary attacks. Instead of just guessing passwords systematically, the program takes passwords out of a "wordlist", which is a text file that contains possible passwords. You can get lots of wordlists at www.theargon.com.).
FZC can be used in order to achieve two different goals: you can either use it to recover a lost zip password which you used to remember but somehow forgot, or to crack zip passwords which you're not supposed to have. So like every tool, this one can be used for good and for evil.
The first thing I want to say is that reading this tutorial... is the easy way to learn how to use this program, but after reading this part of how to use the FZC you should go and check the texts that come with that program and read them all. You are also going to see the phrase "check name.txt" often in this text. These files should be in FZC's directory. They contain more information about FZC.
FZC is a good password recovery tool, because it's very fast and also support resuming so you don't have to keep the computer turned on until you get the password, like it used to be some years ago with older cracking programs. You would probably always get the password unless the password is longer than 32 chars (a char is a character, which can be anything - a number, a lowercase or undercase letter or a symbol such as ! or &) because 32 chars is the maximum value that FZC will accept, but it doesn't really matter, because in order to bruteforce a password with 32 chars you'll need to be at least immortal..heehhe.. to see the time that FZC takes with bruteforce just open the Bforce.txt file, which contains such information.
FZC supports brute-force attacks, as well as wordlist attacks. While brute-force attacks don't require you to have anything, wordlist attacks require you to have wordlists, which you can get from www.theargon.com. There are wordlists in various languages, various topics or just miscellaneous wordlists. The bigger the wordlist is, the more chances you have to crack the password.
Now that you have a good wordlist, just get FZC working on the locked zip file, grab a drink, lie down and wait... and wait... and wait...and have good thoughts like "In wordlist mode I'm gonna get the password in minutes" or something like this... you start doing all this and remember "Hey this guy started with all this bullshit and didn't say how I can start a wordlist attack!..." So please wait just a little more, read this tutorial 'till the end and you can do all this "bullshit".

We need to keep in mind that are some people might choose some really weird passwords (for example: 'e8t7@$^%*gfh), which are harder to crack and are certainly impossible to crack (unless you have some weird wordlist). If you have a bad luck and you got such a file, having a 200MB list won't help you anymore. Instead, you'll have to use a different type of attack. If you are a person that gives up at the first sign of failure, stop being like that or you won't get anywhere. What you need to do in such a situation is to put aside your sweet xxx MB's list and start using the Brute Force attack.
If you have some sort of a really fast and new computer and you're afraid that you won't be able to use your computer's power to the fullest because the zip cracker doesn't support this kind of technology, it's your lucky day! FZC has multiple settings for all sorts of hardware, and will automatically select the best method.

Now that we've gone through all the theoretical stuff, let's get to the actual commands.


--------------------------------------------------------------------------------
Bruteforce
--------------------------------------------------------------------------------


The command line you'll need to use for using brute force is:

fzc -mb -nzFile.zip -lChr Lenght -cType of chars

Now if you read the bforce.txt that comes with fzc you'll find the description of how works Chr Lenght and the Type of chars, but hey, I'm gonna explain this too. Why not, right?... (but remember look at the bforce.txt too)

For Chr Lenght you can use 4 kind of switches...

-> You can use range -> 4-6 :it would brute force from 4 Chr passwors to 6 chr passwords
-> You can use just one lenght -> 5 :it would just brute force using passwords with 5 chars
-> You can use also the all number -> 0 :it would start brute forcing from passwords with lenght 0 to lenght 32, even if you are crazy i don't think that you would do this.... if you are thinking in doing this get a live...
-> You can use the + sign with a number -> 3+ :in this case it would brute force from passwords with lenght 3 to passwords with 32 chars of lenght, almost like the last option...

For the Type of chars we have 5 switches they are:

-> a for using lowercase letters
-> A for using uppercase letters
-> ! for using simbols (check the Bforce.txt if you want to see what simbols)
-> s for using space
-> 1 for using numbers


Example:
If you want to find a password with lowercase and numbers by brute force you would just do something like:

fzc -mb -nzTest.zip -l4-7 -ca1

This would try all combinations from passwords with 4 chars of lenght till 7 chars, but just using numbers and lowercase.

*****
hint
*****

You should never start the first brute force attack to a file using all the chars switches, first just try lowercase, then uppercase, then uppercase with number then lowercase with numbers, just do like this because you can get lucky and find the password much faster, if this doesn't work just prepare your brain and start with a brute force that would take a lot of time. With a combination like lowercase, uppercase, special chars and numbers.


--------------------------------------------------------------------------------
Wordlis
--------------------------------------------------------------------------------

Like I said in the bottom and like you should be thinking now, the wordlist is the most powerfull mode in this program. Using this mode, you can choose between 3 modes, where each one do some changes to the text that is in the wordlist, I'm not going to say what each mode does to the words, for knowing that just check the file wlist.txt, the only thing I'm going to tell you is that the best mode to get passwords is mode 3, but it takes longer time too.
To start a wordlist attak you'll do something like.

fzc -mwMode number -nzFile.zip -nwWordlist

Where:

Mode number is 1, 2 or 3 just check wlist.txt to see the changes in each mode.
File.zip is the filename and Wordlist is the name of the wordlist that you want to use. Remember that if the file or the wordlist isn't in the same directory of FZC you'll need to give the all path.

You can add other switches to that line like -fLine where you define in which line will FZC start reading, and the -lChar Length where it will just be read the words in that char length, the switche works like in bruteforce mode.
So if you something like

fzc -mw1 -nztest.zip -nwMywordlist.txt -f50 -l9+

FZC would just start reading at line 50 and would just read with length >= to 9.

Example:

If you want to crack a file called myfile.zip using the "theargonlistserver1.txt" wordlist, selecting mode 3, and you wanted FZC to start reading at line 50 you would do:

fzc -mw3 -nzmyfile.zip -nwtheargonlistserver1.txt -f50





--------------------------------------------------------------------------------
Resuming
--------------------------------------------------------------------------------

Other good feature in FZC is that FZC supports resuming. If you need to shutdown your computer and FZC is running you just need to press the ESC key, and fzc will stop. Now if you are using a brute force attack the current status will be saved in a file called resume.fzc but if you are using a wordlist it will say to you in what line it ended (you can find the line in the file fzc.log too).
To resume the bruteforce attack you just need to do:

fzc -mr

And the bruteforce attack will start from the place where it stopped when you pressed the ESC key.
But if you want to resume a wordlist attack you'll need to start a new wordlist attack, saying where it's gonna start. So if you ended the attack to the file.zip in line 100 using wordlist.txt in mode 3 to resume you'll type

fzc -mw3 -nzfile.zip -nwwordlist.txt -f100

Doing this FZC would start in line 100, since the others 99 lines where already checked in an earlier FZC session.


Well, it looks like I covered most of what you need to know. I certainly hope it helped you... don't forget to read the files that come with the program
Posted by at No comments:

CHOOSING A GOOD DOMAIN NAME

Choosing a domain name for your site is one of the most important steps towards creating the perfect internet presence. If you run an on-line business, picking a name that will be marketable and achieve success in search engine placement is paramount. Many factors must be considered when choosing a good domain name. This article summarizes all the different things to consider before making that final registration step!


Short and Sweet

Domain names can be really long or really short (1 - 67 characters). In general, it is far better to choose a domain name that is short in length. The shorter your domain name, the easier it will be for people remember. Remembering a domain name is very important from a marketability perspective. As visitors reach your site and enjoy using it, they will likely tell people about it. And those people may tell others, etc. As with any business, word of mouth is the most powerful marketing tool to drive traffic to your site (and it's free too!). If your site is long and difficult to pronounce, people will not remember the name of the site and unless they bookmark the link, they may never return.


Consider Alternatives

Unless a visitor reaches your site through a bookmark or a link from another site, they have typed in your domain name. Most people on the internet are terrible typists and misspell words constantly. If your domain name is easy to misspell, you should think about alternate domain names to purchase. For example, if your site will be called "MikesTools.com", you should also consider buying "MikeTools.com" and "MikeTool.com". You should also secure the different top level domain names besides the one you will use for marketing purposes ("MikesTools.net", "MikesTools.org", etc.) You should also check to see if there are existing sites based on the misspelled version of the domain name you are considering. "MikesTools.com" may be available, but "MikesTool.com" may be home to a graphic pornography site. You would hate for a visitor to walk away thinking you were hosting something they did not expect.

Also consider domain names that may not include the name of your company, but rather what your company provides. For example, if the name of your company is Mike's Tools, you may want to consider domain names that target what you sell. For example: "buyhammers.com" or "hammer-and-nail.com". Even though these example alternative domain names do not include the name of your company, it provides an avenue for visitors from your target markets. Remember that you can own multiple domain names, all of which can point to a single domain. For example, you could register "buyhammers.com", "hammer-and-nail.com", and "mikestools.com" and have "buyhammers.com" and "hammer-and-nail.com" point to "mikestools.com".


Hyphens: Your Friend and Enemy

Domain name availability has become more and more scant over the years. Many single word domain names have been scooped up which it makes it more and more difficult to find a domain name that you like and is available. When selecting a domain name, you have the option of including hyphens as part of the name. Hyphens help because it allows you to clearly separate multiple words in a domain name, making it less likely that a person will accidentally misspell the name. For example, people are more likely to misspell "domainnamecenter.com" than they are "domain-name-center.com". Having words crunched together makes it hard on the eyes, increasing the likelihood of a misspelling. On the other hand, hyphens make your domain name longer. The longer the domain name, the easier it is for people to forget it altogether. Also, if someone recommends a site to someone else, they may forget to mention that each word in the domain name is separated by a hyphen. If do you choose to leverage hyphens, limit the number of words between the hyphens to three. Another advantage to using hyphens is that search engines are able to pick up each unique word in the domain name as key words, thus helping to make your site more visible in search engine results.


Dot What?

There are many top level domain names available today including .com, .net, .org, and .biz. In most cases, the more unusual the top level domain, the more available domain names are available. However, the .com top level domain is far and away the most commonly used domain on the internet, driven by the fact that it was the first domain extension put to use commercially and has received incredible media attention. If you cannot lay your hands on a .com domain name, look for a .net domain name, which is the second most commercially popular domain name extension.


Long Arm of the Law

Be very careful not to register domain names that include trademarked names. Although internet domain name law disputes are tricky and have few cases in existence, the risk of a legal battle is not a risk worth taking. Even if you believe your domain name is untouchable by a business that has trademarked a name, do not take the chance: the cost of litigation is extremely high and unless you have deep pockets you will not likely have the resources to defend yourself in a court of law. Even stay away from domain names in which part of the name is trademarked: the risks are the same.


Search Engines and Directories

All search engines and directories are different. Each has a unique process for being part of the results or directory listing and each has a different way of sorting and listing domain names. Search engines and directories are the most important on-line marketing channel, so consider how your domain name choice affects site placement before you register the domain. Most directories simply list links to home pages in alphabetical order. If possible, choose a domain name with a letter of the alphabet near the beginning ("a" or "b"). For example, "aardvark-pest-control.com" will come way above "joes-pest-control.com". However, check the directories before you choose a domain name. You may find that the directories you would like be in are already cluttered with domain names beginning with the letter "a". Search engines scan websites and sort results based on key words. Key words are words that a person visiting a search engine actually search on. Having key words as part of your domain name can help you get better results.
Posted by at No comments:

Anonymity of Proxy

The exchange of information in Internet is made by the "client - server" model. A client sends a request (what files he needs) and a server sends a reply (required files). For close cooperation (full understanding) between a client and a server the client sends additional information about itself: a version and a name of an operating system, configuration of a browser (including its name and version) etc. This information can be necessary for the server in order to know which web-page should be given (open) to the client. There are different variants of web-pages for different configurations of browsers. However, as long as web-pages do not usually depend on browsers, it makes sense to hide this information from the web-server.

What your browser transmits to a web-server:
a name and a version of an operating system
a name and a version of a browser
configuration of a browser (display resolution, color depth, java / javascript support, ...)
IP-address of a client
Other information

The most important part of such information (and absolutely needless for a web-server) is information about IP-address. Using your IP it is possible to know about you the following:
a country where you are from
a city
your provider?s name and e-mail
your physical address

Information, transmitted by a client to a server is available (accessible) for a server as environment variables. Every information unit is a value of some variable. If any information unit is not transmitted, then corresponding variable will be empty (its value will be undetermined).

These are some environment variables:

REMOTE_ADDR ? IP address of a client

HTTP_VIA ? if it is not empty, then a proxy is used. Value is an address (or several addresses) of a proxy server, this variable is added by a proxy server itself if you use one.

HTTP_X_FORWARDED_FOR ? if it is not empty, then a proxy is used. Value is a real IP address of a client (your IP), this variable is also added by a proxy server if you use one.

HTTP_ACCEPT_LANGUAGE ? what language is used in browser (what language a page should be displayed in)

HTTP_USER_AGENT ? so called "a user?s agent". For all browsers this is Mozilla. Furthermore, browser?s name and version (e.g. MSIE 5.5) and an operating system (e.g. Windows 98) is also mentioned here.

HTTP_HOST ? is a web server?s name

This is a small part of environment variables. In fact there are much more of them (DOCUMENT_ROOT, HTTP_ACCEPT_ENCODING, HTTP_CACHE_CONTROL, HTTP_CONNECTION, SERVER_ADDR, SERVER_SOFTWARE, SERVER_PROTOCOL, ...). Their quantity can depend on settings of both a server and a client.

These are examples of variable values:

REMOTE_ADDR = 194.85.1.1
HTTP_ACCEPT_LANGUAGE = ru
HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
HTTP_HOST = www.webserver.ru
HTTP_VIA = 194.85.1.1 (Squid/2.4.STABLE7)
HTTP_X_FORWARDED_FOR = 194.115.5.5

Anonymity at work in Internet is determined by what environment variables "hide" from a web-server.

If a proxy server is not used, then environment variables look in the following way:

REMOTE_ADDR = your IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

According to how environment variables "hided" by proxy servers, there are several types of proxies
Transparent Proxies

They do not hide information about your IP address:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = your IP

The function of such proxy servers is not the improvement of your anonymity in Internet. Their purpose is information cashing, organization of joint access to Internet of several computers, etc.
Anonymous Proxies

All proxy servers, that hide a client?s IP address in any way are called anonymous proxies

Simple Anonymous Proxies

These proxy servers do not hide a fact that a proxy is used, however they replace your IP with its own:
REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = proxy IP

These proxies are the most widespread among other anonymous proxy servers.

Distorting Proxies

As well as simple anonymous proxy servers these proxies do not hide the fact that a proxy server is used. However a client?s IP address (your IP address) is replaced with another (arbitrary, random) IP:

REMOTE_ADDR = proxy IP
HTTP_VIA = proxy IP
HTTP_X_FORWARDED_FOR = random IP address
High Anonymity Proxies

These proxy servers are also called "high anonymity proxy". In contrast to other types of anonymity proxy servers they hide a fact of using a proxy:

REMOTE_ADDR = proxy IP
HTTP_VIA = not determined
HTTP_X_FORWARDED_FOR = not determined

That means that values of variables are the same as if proxy is not used, with the exception of one very important thing ? proxy IP is used instead of your IP address.
Summary

Depending on purposes there are transparent and anonymity proxies. However, remember, using proxy servers you hide only your IP from a web-server, but other information (about browser configuration) is accessible!

Posted by at No comments:

Sunday, May 02, 2010

Artificial Intelligence Systems

An alternative approach for using software and hardware to solve problems is through the use of artificial intelligence systems. These systems attempt to mimic the workings of the human mind. Two types of artificial intelligence systems are covered in this section:

  • Expert systems
  • Neural networks

Expert Systems

An expert system exhibits reasoning similar to that of a human expert to solve a problem. It accomplishes this reasoning by building a knowledge base of thedomain to be addressed in the form of rules and an inferencing mechanism to determine whether the rules have been satisfied by the system input.

Computer programs are usually defined as:

  • algorithm + data structures = program

In an expert system, the relationship is:

  • inference engine + knowledge base = expert system

The knowledge base contains facts and the rules concerning the domain of the problem in the form of if-then statements. The inference engine compares information it has acquired in memory to the if portion of the rules in the knowledge base to see whether there is a match. If there is a match, the rule is ready to “fire” and is placed in a list for execution. Certain rules may have a higher priority or salience, and the system will fire these rules before others that have a lower salience.

The expert system operates in either a forward-chaining or backward-chaining mode. In a forward-chaining mode, the expert system acquires information and comes to a conclusion based on that information. Forward chaining is the reasoning approach that can be used when there are a small number of solutions relative to the number of inputs. In a backward-chaining mode, the expert system backtracks to determine whether a given hypothesis is valid. Backward chaining is generally used when there are a large number of possible solutions relative to the number of inputs.

Another type of expert system is the blackboard. A blackboard is an expert system–reasoning methodology in which a solution is generated by the use of a virtual “blackboard,” on which information or potential solutions are placed by a plurality of individuals or expert knowledge sources. As more information is placed on the blackboard in an iterative process, a solution is generated.

As with human reasoning, there is a degree of uncertainty in the conclusions of the expert system. This uncertainty can be handled through a number of approaches, such as Bayesian networks, certainty factors, or fuzzy logic.

Bayesian networks are based on Bayes’ theorem:

P{H|E} = P{E|H}*P(H)/ P(E)

that gives the probability of an event H given that an event E has occurred.

Certainty factors are easy to develop and use. These factors are the probability that a belief is true. For example, a probability of 85 percent can be assigned to Object A occurring under certain conditions.

Fuzzy logic is used to address situations where there are degrees of uncertainty concerning whether something is true or false. This situation is often the case in real-world situations. A fuzzy expert system incorporates fuzzy functions to develop conclusions. The inference engine steps in fuzzy logic are as follows:

  • Fuzzification. The membership functions defined on the input variables are applied to their actual values to determine the degree of truth for each rule premise.
  • Inference. The truth-value for the premise of each rule is computed and applied to the conclusion part of each rule. This results in one fuzzy subset to be assigned to each output variable for each rule.
  • Composition. All the fuzzy subsets assigned to each output variable are combined together to form a single fuzzy subset for each output variable.
  • Defuzzification. Used when it is useful to convert the fuzzy output set to a quantitative number. One approach to defuzzification is the centroidmethod. With this method, a value of the output variable is computed by finding the variable value of the center of gravity of the membership function for the fuzzy output value.

The Spiral model can be used to build an expert system. The following are the common steps when building a Spiral model:

  • Analysis
  • Specification
  • Development
  • Deployment

A key element in this process is the acquisition of knowledge. This activity involves interviewing experts in the domain field and obtaining data from other expert sources. Knowledge acquisition begins in the specification phase and runs into the development phase.

Verification and validation of an expert system are concerned with inconsistencies inherent in conflicting rules, redundant rules, circular chains of rules, and unreferenced values along with incompleteness resulting from unreferenced or unallowable data values.

Neural Networks

Posted by at No comments:

Saturday, April 24, 2010

WEB SECURITY

With the transformation of the Internet from a network used primarily by universities and research laboratories to a worldwide communications medium, attacks on the World Wide Web and Internet can have serious consequences. These attacks can involve nuisance attacks, phishing, criminal exploits, and, in information warfare, incapacitation of a nation’s critical infrastructure. Thus, there is a need for protecting nodes on the Internet and for providing for the confidentiality, integrity, and availability of information utilizing these networks.

Phishing

Phishing is a term that refers to a large groups of exploits using the Internet to commit identity theft. Simply, phishing is the automated stealing of personal information for financial gain. Phishers use a variety of means to accomplish this, including:

  • Social engineering through e-mail and brand spoofing
  • Infected Web sites and cookies
  • Trojan horses and spyware
  • Browser hijacking and redirection
  • Keyloggers and spybots

Spyware and Trojans, in addition to viruses, are commonly distributed via phishing exploits also, although some of these aren’t specifically designed to perpetrate identity theft or financial loss.

Browser Hijacking

Browser hijackers change Web browser settings to switch home pages or hijack search functions. A browser hijacker is a type of malware program that alters your computer’s browser settings so that you are redirected to Web sites that you had no intention of visiting.

REDIRECTION

Redirection is a technique for moving visitors to a different site when its address has been changed and visitors are familiar with the old address. Redirection is used legitimately when users visit the Web site of a company whose name has changed or that has been acquired by another company. In either case, the website probably includes a new domain name and has a new Uniform Resource Locator (URL).

Redirection is often combined with browser hijackers to surreptitiously change the user’s browser settings and direct users to an inappropriate site.

For example, browser hijackers can set browser home pages and search settings to point to pornographic sites or generate pornographic pop-up windows faster than the user can shut them. Some browser hijackers have a financial incentive, altering default home pages and search pages to those of their customers, who pay for that service per referral or click-through. More virulent versions may redirect users to sites that install spyware.

Browser hijackers can create incidental problems because of the nature of the material they download, such as leaving pornography or other inappropriate material on the hard drive. Poorly coded browser hijackers may severely impact infected computer’s performance. Software may freeze and cause the computer to crash or reboot.

SSL/TLS

The Secure Sockets Layer (SSL) Protocol was developed by Netscape in 1994 to protect the confidentiality of information transmitted between two applications, to verify the integrity of the communications, and to provide an authentication means in both directions. SSL implements these functions using public- and private-key encryption and a message authentication code (MAC).

Microsoft has developed a newer version of SSL, Transport Layer Security (TLS). As with SSL, TLS implements confidentiality, integrity, and authentication above the Transport Layer and is application independent. Because SSL and TLS ride on the Transport Layer protocol, they are independent of the application. Thus, SSL and TLS can be used with applications such as Telnet, FTP, HTTP, and e-mail protocols.

Both SSL and TLS use certificates for public-key verification that are based on the X.509 standard.

SSL 3.0

The design goals of SSL 3.0 were to provide:

  • Cryptographic security - protection of the confidentiality of transmitted messages
  • Interoperability - applications should be able to be developed using SSL 3.0 by groups of individuals without knowledge of each other’s code
  • Extensibility - the ability to incorporate different encryption algorithms into SSL 3.0 without major changes to SSL 3.0
  • Relative efficiency - efficient utilization of computing and network resources

Session keys generated during SSL private-key cryptography transactions are either 40 bits or 128 bits in length. Newer browsers support 128-bit encryption.

The SSL Protocol comprises two layers: the SSL Record Protocol and the SSL Handshake Protocol. The SSL Record Protocol is layered above a transport protocol, such as TCP. This Record Protocol is used for encapsulation of higher-level protocols, such as the SSL Handshake Protocol. The latter protocol is used for client/server mutual authentication, negotiation of a cryptographic algorithm, and exchange of cryptographic keys.

Thus, through these mechanisms, SSL provides:

  • Mutual authentication using public-key cryptography based on algorithms such as the Digital Signature Standard (DSS) and RSA
  • Encryption of messages using private-key cryptography based on algorithms such as IDEA, 3DES, and RC4
  • Integrity verification of the message using a keyed message authentication code (MAC) based on hash functions such as MD5 and SHA.

TLS 1.0

Similar to SSL, the TLS Protocol comprises the TLS Record and Handshake Protocols. The TLS Record Protocol is layered on top of a transport protocol such as TCP and provides privacy and reliability to the communications. The privacy is implemented by encryption using symmetric-key cryptography such as DES or RC4. The secret key is generated anew for each connection; however, the Record Protocol can be used without encryption. Integrity is provided through the use of a keyed Message Authentication Code (MAC) using hash algorithms such as SHA or MD5.

The TLS Record Protocol is also used to encapsulate a higher-level protocol such as the TLS Handshake Protocol. The server and client use this Handshake Protocol to authenticate each other. The authentication can be accomplished using asymmetric-key cryptography such as RSA or DSS. The Handshake Protocol also sets up the encryption algorithm and cryptographic keys to enable the application protocol to transmit and receive information.

HTTP/S

URLs of Web pages using the SSL Protocol start with HTTPs, denoting the Hypertext Transfer Protocol with SSL.

Since TLS is based on SSL, they have similar functionality and goals; however, SSL and TLS have enough differences that they cannot interoperate. In order to address this situation, TLS has a built-in mechanism that can be used to make TLS compatible with SSL 3.0.

S-HTTP

Secure HTTP (S-HTTP) is a communications protocol designed to provide secure messaging over HTTP. S-HTTP provides equal and symmetric capabilities to both client and server, but one entity that is S-HTTP-enabled can communicate with another entity that is not S-HTTP capable. In that instance, the security features would not be operable. S-HTTP implements secure, end-to-end transactions.

S-HTTP supports a symmetric-key encryption-only mode and, therefore, does not require public-key encryption for key exchanges. It is flexible, however, and permits the clients and servers to use different forms of transactions related to the signing of messages, encryption of messages, algorithms used, and types of certificates.

In summary, S-HTTP is a protocol that supports:

  • Option negotiations for defining the type of transactions desired
  • A variety of key management approaches
  • Different trust models
  • Multiple cryptographic algorithms
  • Multiple operation modes
  • Different encapsulation formats

Posted by at No comments:

Friday, April 23, 2010

F8 - NEXT VERSION OF FACEBOOK PLATFORM

Facebook announced the next version of facebook platform that puts user at the center of the web. As part of that you have more personalized experience on other websites using the new tool called facebook plugin. You all have known about facebook like button. You can like your friend’s photo, status and links by clicking. Every user of facebook clicks this button 9 times a month. Now you can see this button in many popular websites. You can like the contents of these websites. Some of the websites are NYTimes.com, IMDb, CNN.com, TIME.com, LIFE.com, Fandango, NHL.com, USA Networks, Levis.com, Univision and ABC.com. Facebook is already working with more than 75 websites to make the web faster and simpler.

Posted by at No comments:

INSTANT MESSAGING SECURITY

Instant messaging supports the real-time exchange of messages between two parties using the Internet. In order to use this service, the user has to have instant messaging client software on his or her computer. The client software then communicates with an instant messaging server. The user provides the server with a contact or “buddy” list of people with which he or she desires to set up instant messaging.

To use instant messaging, the user logs on to the instant messaging server with the user’s ID and password. The server authenticates the user. Then the client sends to the server the user’s IP address and the port number on the user’s computer that is being used by the instant messaging client. The server stores this information as well as identical information from any other individuals on the user’s contact list that are logged in at that time. An important point to note is that once an individual, A, is logged on to the server, the server sends the IP addresses and port numbers of all the others logged on to the server at that time to A’s client software. Thus, all people on the contact list who are logged on to the instant messaging server at that time are notified of the online presence and contact information of the others who are also logged on.

A user can send a message to another individual on the contact list who is logged on, and that message will instantly appear on the screen of the receiving individual. Because a user’s client knows the IP address and port number of the receiving individual, the user’s message is sent directly to the intended recipient and does not have to go through the instant messaging server.

With instant messaging, communication takes place between only two individuals. If the situation requires instant conferencing among more than two individuals, a chat room can be set up. A chat room is similar to instant messaging, but everyone logged on to the “room” can see a message that is sent by any individual.

When an individual, A, wants to terminate the instant messaging session, A closes his or her message window and exits the instant messaging client. The client then sends a message to the instant messaging server indicating that A has logged off. The server, in turn, sends a message to all the active participants of the contact list that A has exited the session. The members of the contact list still logged on will see the status of A on their windows change from “online” to “offline.”

Instant messaging software packages also offer other services, including chat room setup, image and sound transmission, voice communication, and streaming content.

Some of the more popular instant messaging utilities are the freeware ICQ (for “I seek you” at www.icq.com), AIM (America Online’s Instant Messenger), Microsoft’s instant messaging utility in MSN Explorer, and Yahoo Instant Messenger.

One problem with instant messaging is the lack of interoperability. An individual with an instant messaging utility from one source or vendor may not be able to communicate with a person using a different instant messaging package. In order to address this situation, the Internet Engineering Task Force (IETF) has developed a standard protocol for instant messaging - the Instant Messaging Presence Protocol (RFC2779).

IM Vulnerabilities

IM brings with it a variety of security risks by providing a fertile ground for developing smarter worms, sophisticated enough to deliver Trojan horses or even chat with you in your native language. IDC Research estimates that the nearly 12 billion IMs sent every day offer a potent malware transmission vector, with IM Trojans and worms increasing from 21 in 2004 to over 300 in 2005.

Messages sent by means of instant messaging are not inherently secure and safe from prying eyes. The instant messaging server is particularly vulnerable because it contains both the messages and the connection information of the participants.

Corporate users have often installed IM clients without the IT departments’ authority on their companies’ computers, thereby opening their corporate infrastructure to a myriad of security threats, such as:

  • Privacy issues - IP address exposure, loss of confidentiality, and eavesdropping
  • Authentication issues - identity impersonation
  • Malware - worms, viruses, Trojan horses
  • Client bugs - buffer overflows enabling denial-of-service and other types of attacks

Since consumer IM clients bypass corporate security defenses, they don’t provide encryption or message auditing, logging, and archiving, functions an organization requires to maintain its security posture. IM worms can hijack buddy lists, spread much more rapidly than e-mail-borne viruses or worms, and are similar to phishing because they appear to be coming from a trusted source (social engineering). Some examples of recent IM worms are:

  • Kelvir-A - A worm that spreads through Windows Messenger and instructs recipients to visit a Web site to download a file called patch.exe
  • Opanki.A - A worm that spreads using AOL Instant Messaging and infects PCs with the worm
  • Sdbot-AAH - A worm that spreads via MSN Messenger, IRC, and Windows Messenger and installs poker3.exe, a file that permits hackers to steal passwords and upload files to an infected PC

Some of the older IM worms that are still circulating are:

  • W32.Goner. A@mm
  • W95.SoFunny.Worm@m
  • W32.Led@mm
  • W32.Seesix.Worm
  • W32.Choke

IM Solutions

All of this can add up to enormous potential for organizational liability. When determining the impact IM use may have on an organization, it’s important to consider:

  • Level of access - What level of employees can have IM access
  • Access authorization - How IM access should be authorized by the appropriate level of management
  • Type of access - Whether employees are allowed to use IM services for personal use or company business only
  • Means of access - Whether IM will be installed on networked workstations, laptops, or wireless appliances
  • Record keeping - What the IM session logging and records retention policies should be

If it’s determined that the organization absolutely needs IM, Information Systems Security Officers (ISSO) or other corporate security personnel should take definite steps:

  • Creating security policies specifiying IM usage restrictions
  • Implementing integrated antivirus products on all workstations
  • Hardening company firewalls to block IM traffic
  • Upgrading existing IM software to more secure versions

Also, if the organization decides that the IM risk is not very high, third-party instant messaging software utilities may provide adequate additional security features, including:

  • Encryption, integrity, and authentication services using SSL
  • Authentication against propriety databases, domains, or LDAP
  • Secure file transfer guarantee
  • Web-based tools for administration of the instant messaging network on the instant messaging server, including tools for user account administration, logging of critical data, and analysis of log information

Posted by at No comments:
Subscribe to: Posts (Atom)