Hi Everybody !

I hope you all had found my previous post worth reading… ! Well… This time I’m here with a new topic…. Its called Self Replicating Programs… Or in simple words, what we use to call them — Computer Virus !!

Before I proceed, let me just brief you about what exactly a virus is ! A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The history of computer viruses dates back to 1949, when theories for self replicating programs were first developed. First “on the wild” virus came into existence in 1981. These viruses, named Apple Viruses 1,2 and 3 were found on Apple II operating system. Since then, viruses are evolving with time getting new enhancements each time. For a complete list of virus timeline, I suggest you to visit this site.

Read more »

I was true to think that the first thing that will pop-up in ur security cum sci-fi brains would be high funda, flashy, out of the box scenes from Smith’s movie (Men In Black), but hey guys, hold on to ur horsy brains, its Management Information Base, n yes its not directly related to IS. But says who that security is all abt security devices n not abt the devices that we secure through our best practices.

So coming back to the purpose for why i m posting this post, MIB AKA Management Information Base…. 

Read more »

This June 12, a murder case in Pune, Maharashtra was solved using brain scan reports as a proof that the verdict was a murderer sentencing her to life imprisonment according to New York Times. The technique used in India makes the verdict to sit silently with eyes closed. Two electrodes are placed on both sides of the head (EEG like module used to measure brain electric waves). Then the investigator reads aloud the details of the crime as per prosecutors and then the suspect tries to visualize it. This creates some patterns of eletrical signals from brain which is then processed by software developed by a Bengaluru firm.

This experiment was first started by US to help counter-terrrorist activities. But this didnt go far as expected. The results are acceptable. But India started using this technique to map suspects brain to crime.

Read more »

The most awaiting and the biggest experiment so far has been brought down for minimum 2 months due to some technical faults according to zdnet. Reports are that due to large helium leakage caused by meltdown of some mechanical part , experiments have been brought down temporarily for minimum two months for the repair work. Prior this, the experiment had faced a breakdown due to transformer faults. These are all pre-actual tests failures. What if the tunnel melts down during the real experiment or some other damage is caused due to unseen reason? Will this end up in creating some black hole which will eventually end up sucking us all in it? Or will it give birth to a baby earth or a baby star? Lets keep our fingers crossed and wait till THE DAY arrives.

Hi !

Today I’m going to discuss about MD5 Collision Attack. But before proceeding, I’ll just give a brief on the HAsh function. A “hash” (also called a “digest”, and informally a “checksum”) is a kind of “signature” for a stream of data that represents the contents. The closest real-life analog we can think is “a tamper-evident seal on a software package”: if you open the box (change the file), it’s detected.

So what is an MD5 Collision Attack and how is it constructed ?? Before going at this stage, let me first explain what hashing really means ! The very first point here is, to understand that hashing is NOT encryption. This is a common confusion, especially because all these words are in the category of “cryptography”, but it’s important to understand the difference. “Encryption” transforms data from a cleartext to ciphertext and back (given the right keys). Thus we see that “Encryption” is a two-way operation. Hashes, on the other hand, are stream of data into small digest, and it’s strictly a one way operation. All hashes of the same type – (this example shows the “MD5″ variety) – have the same size no matter how big the inputs are.

Read more »

What’s the big deal about DLP? Guys this is the next big happening thing in security. A new report by analyst Thomas Raschke at the Forrester Research Security Conference 2008 answers some of the FAQs about emerging DLP technology. Raschke notes that DLP, which is designed to prevent insiders from accidentally exposing sensitive data, has four basic functions. First, it provides a means to identify and classify sensitive data. Second, it provides the means to apply policies for handling different kinds of data, based on its content and context. Third, a DLP solution provides a way to monitor data as it travels around the business. Lastly, it provides a way to audit and report on the status of sensitive data, and documents any incidents in which the data was threatened

read more : http://www.darkreading.com/document.asp?doc_id=163021&WT.svl=news1_1

Using only fresh air instead of air-conditioners in datacenter environment seems to a good idea in terms of amount of money saved. ACs consume huge amount of energy in Datacenter environment. Instead piping in fresh air from outside and expelling out hot air can maintain the Intel servers’ temperature between threshold temperatures and thus make drastic savings. Intel carried out this experiment in its datacenter for around 10 months and the failure rates of the Intel servers even didnt affect much. But will the co-orporates take risk and plan to adopt to this new technique for Intel servers? Small datacenters can go ahead and try adopting to this technique where-in big giants can leap in later after the market feedback.

More @ Free Cooling for Data Centers – video and whitepaper Read more »

I came across this interesting blog by guya. He has also provided working PoC alongwith. A nice explanation of this attack vector.

w0lf

nice piece of cartoon…

Frustrated with phishing attack, we may try bursting back at phisher on the fake login page by inputting bad words in the input fields. (And I guess we have already done it many times ) This has now hurt the emotions of attackers (after all they are also humans ). Now a new twist in phishing trend is that they use Neosploit to attack those user’s unpatched systems who swear back at them or if few other conditions are met. But they will not attack if we fill all the details honestly.

Details can be found here