Disqus for Cyber Fort

Showing posts with label internet stuff. Show all posts
Showing posts with label internet stuff. Show all posts

Sunday 27 October 2013

Some of Internet Ethics which Govern the Internet Usage

Be The First To Comment
Some of the internet ethics which govern the internet usage and you should always follow are:



1. You should never use bad language on the internet while using any service like email, chatting, blogging or anything else like this.

2. Email and instant messaging is meant to chat and talk with the friend and relatives. It is not meant to talk with strangers. You should avoid talking with strangers as it can be a great risk. Avoid forwarding emails to unknown persons.

3. You should not try to be someone else or we can say that you should not try to take someone else’s identity as it can be a crime. Do not try to fool others by giving a wrong identity. You should not break copyrights. You can listen or watch songs, can watch movies etc on the internet but do not download them.

4. Do not steal anyone’s information. It is a crime under cyber laws. Do not hack anyone else’s account.

5. It can lead to the loss of important information to the user of the account and the second thing is that it is a crime too.

6. You should respect copyright laws and all the other cyber laws. Keeping all that in mind, you should use internet and computer. If you need to gain access to a file which is not your own, then first seek permission from the owner of that file and only after that make use of that file.

7. You should avoid displaying pornography on the internet. This is the major and the biggest concern today. You should avoid being obscene on the internet.

8. You should respect obscenity laws. Avoid sending viruses and spam emails to the people. This is also one of the major concerns for the people using internet today.

9. All the above mentioned norms should be strictly followed. Respect the cyber laws and keep them in mind.

10. Respect privacy of others and as you want others to respect yours. Internet is an open medium of knowledge for the people. Use it properly and in a healthy way.

Read More

Saturday 26 October 2013

Top 10 Technology In This Months

Be The First To Comment
Science-fiction technology often seems too fantastical to be real, like gadgets from a future so distant we will never see them fully realized. With tech advancing faster than ever before, the distance between the fictional future and the present is growing smaller. In some ways, the future is already here with these latest inventions that seem to be pulled out from the pages of a sci-fi novel.
The U.S. Army is building its own Iron Man suit to protect soldiers in the field. While it won't have the flight and weapon capabilities of the fictional armor, the Tactical Assault Light Operator Suit (TALOS) will be bullet-proof and have hydraulic limbs to aid in the soldier's speed and movement. Find out more about how TALOS can heighten its wearer's sense of sight and measure important vital signs.
Read More

The NSA’s Website (NSA.gov) Is Down

Be The First To Comment
The National Security Agency’s website has been down for at least 30 minutes. Officials have acknowledged the outage, but won’t say if it was hacked. At least a few Twitter accounts that sound like the elite hacktivist contingent, Anonymous, are taking credit.
Official Anonymous channels are just making fun of the outage:
To be sure, The NSA’s website has been hacked before. But, we won’t speculate, for fear of perpetuating the kinds of rumors implied by this delightful XKCD comic:














While we’re all waiting to figure out what went wrong, feel free to add your own Healthcare.gov jokes in the comments.
Update: LOLZ

Read More

10 Useful Google Tools

Be The First To Comment

Some days it seems like Google is working hard at achieving its goal of organizing the world's information, making it easier for us to find what we need. Other days it seems like the company plans to take over the entire world. And with a code of conduct that includes the direction of "don't be evil," maybe that's not necessarily a bad thing [source:Google Investor Relations].
There's no denying it -- Google is an Internet powerhouse. It's such an influential presence on the Web that when Yahoo! partnered with Google to put Google Ads on Yahoo! search results pages, people began to worry that Google would monopolize the search engine advertising business. Even the U.S. Congress began to question the allegiance [source: Hart]. Google has certainly come a long way -- the company grew from a haphazard collection of computers networked together in a garage to a global corporation worth billions of dollars.

1.Google E-mail 

In 2004, a Google press release revealed that the company wasn't satisfied with dominating Internet searches -- the second-most popular online activity. Google wanted to tackle the biggest online service on the Internet: e-mail. To that end, Google announced it would allow a select number of people to test a Web-hosted e-mail service called Gmail [source: Google].
Gmail started out as Google's internal e-mail service. When Google decided to make Gmail available to people outside of the company, it chose to take a gradual approach. At first, the only way to get a Gmail account was to receive an invitation from someone else. Nearly three years after announcing Gmail, Google opened up access to the public at large. Now anyone can create a Gmail account.
Gmail organizes messages into "conversations." If someone sends you a message and you respond, Gmail will present the two messages together in a stack. The original e-mail will be on top and your reply will appear beneath it. Future messages will appear under the originals, which Gmail collapses so that they don't take up too much space on your screen. By grouping messages and responses together, Gmail makes it easier for users to keep track of several discussions at once.
2.G Talk


Just when you thought the Internet had its fill of instant messagingclients, along came Google Talk. Introduced in 2005, Google Talk is an application that lets users send messages to each other. Unlike Gmail, the Google Talk client isn't entirely Web-based. Users must first download an application to their own computers in order to access its full set of features.

Those features go beyond simple messages. You can send unlimited files -- of unlimited size -- to other users. Just remember that if you choose to send someone a big file, it's going to take a while to transfer to the other user, especially over slower connections. Also, if you have a cap on how much data you can transfer over your network, you might face some hefty fees from your Internet Service Provider (ISP).
Google Talk is also a voice over Internet protocol (VOIP) client. That means you can make PC-to-PC calls to other Google Talk users. You and your contact will both need microphones and speakers, but Google Talk handles the rest. Real-time voice transmission can take up a lot of bandwidth. Just like file transfers, you might risk going over your data cap with your ISP if you use this feature a lot.

3.Google Checkout

Many people use the Internet to shop. One of the drawbacks of online shopping involves transmitting your personal information over the Internet. If you want to purchase items at different Web sites, you have to enter all your information multiple times. Google saw the opportunity to create a tool that would allow merchants and users to take advantage of a universal checkout system.
Here's how it works: first you create a Google account. If you already have a Google account, you'll need to enhance it by providing a credit card number, billing address, shipping address and a phone number. Once you complete this step, you can go shopping.
All you have to do is log in to your Google account and look for Web sites that subscribe to Google Checkout. When you see the checkout symbol listed next to an entry on a search results page, you know that you can purchase items from that site using your Google account. You'll be prompted to provide your Google Checkout password, but you won't have to enter your credit card number or personal information again. You make your selections and Google handles the rest of the transaction. The merchant never even sees your credit card number.
4.Google Calendar



In April 2006, Google released a free online calendar application called Google Calendar. If you have a Google account, you can create a Google Calendar. If you don't have one, you can register for a free account.
You can use Google Calendar to schedule events and invite people to participate. By sharing folders, you can compare your schedule with other users. If everyone keeps his or her calendar up to date, it's easy to avoid conflicts. A single user can open multiple calendars and view all the scheduled events in a single window. Since this can get confusing,Google displays each calendar's events in a different color.
Google includes its search feature within the Google Calendar system. You can search for specific calendars. Calendar owners can choose to keep a calendar private or share it openly with everyone. It's also possible to create multiple calendars with one account. That can come in handy for organizations that have multiple customer bases. For example, a theatre might have one calendar for the general public that shows the times of performances and a second calendar for actors to let them know about auditions and rehearsal schedules.
5.Google Docs



The Google Docs suite marks Google's attempt at getting into the online productivity software game. The free suite includes a word processor, a spreadsheet editor and a presentation application. In short, it has the basic software applications many businesses need. Instead of saving all your data to your computer's hard drive, you save your Google Docs files to a remote Google file system. Because the files are hosted on the Web, you can access them from any computer connected to the Internet. Your documents aren't tied to a specific device.
Another feature of Google Docs is the ability to share documents and editing capabilities with other Google users. Multiple people can make edits to the same document at the same time. With traditional desktop applications, a project manager might have to handle multiple copies of the same file as various collaborators make edits and additions to the document. With Google Docs, everyone can make his or her changes directly to the file saved on Google's servers. Google Docs also keeps track of earlier versions of the document -- project managers don't have to worry about someone accidentally deleting an entire section.
6.Google Map



Google launched its online map feature in 2005, nearly 10 years after MapQuest's online debut. Like its competitor, Google Maps lets users view maps of specific regions and get directions from one location to another. Google Maps allows users to view street maps, topographical terrain maps or even satellite views. For some areas, Google also has a traffic map feature that can alert you to any snarls or bottlenecks.
The Google Maps feature relies on digital map images from NAVTEQ. NAVTEQ provides map data to many different clients, including in-vehicle navigation systems. A company called deCarta -- formerly Telcontar -- provides the applications that power the mapping features. Google employees create the applications that combine the images from NAVTEQ and the mapping capabilities provided by deCarta to create the features you see in Google Maps.
7.Google Earth Maps



Google is always looking at new ways to organize and present information. One of those ways is togeotag data. Geotagging is a way of linking information to a real-world location. You view geotagged information on a map. While Google Maps could serve as a way to provide geotagged information to users, Google decided to go with an alternative. Google chose a digital globe and called it Google Earth.
Google acquired a company called Keyhole in 2005. Keyhole built the foundation for Google Earth, a digital globe that gave users the ability to zoom in and out of views ranging from a few dozen feet from the surface of the Earth to the equivalent of orbiting the planet. Google Earth gives the user dozens of choices, from viewing satellite images of the planet to overlaying maps, three dimensional terrain features and even fully-rendered cityscapes.Google Earth also allows developers to create applications to link information to specific locations on the globe. Users can elect to view geotagged information ranging from general news reports to customized data. Google Earth makes it possible to illustrate news stories in a new way. For example, a news agency could illustrate a story about wildfires by plotting out the damage on Google Earth.
8.Google Desktop




Have you ever had to search for a particular file on your computer? How about an e-mail that's somewhere in the middle of a folder that has thousands of messages in it? The experience can be frustrating, and those of us who are organizationally challenged can endure a lot of stress while trying to dig up a particular piece of information.
That's where Google Desktop can come in handy. It's a downloadable application Google offers free of charge. Once a user downloads and installs the application on a computer, Google Desktop goes to work. It searches and indexes the files on the user's computer. It does all this during the idle time when the computer isn't working on other things.
It doesn't just index the name of a file -- it searches the contents as well. Maybe you don't remember the subject of a particular e-mail, but you remember it mentioned something about a new sushi restaurant in town. You can search for the term "sushi" using Google Desktop and it will return results relevant to that term. The results look a lot like the search engine results pages Google generates for Web searches. One of those results should be the e-mail you need to retrieve.
9.iGoogle


You probably have a small number of Web sites or applications that you use more than others. What if you had a way to collect those Web sites so that you could go to a single location on the Web to access all of them at once? That's the concept behind iGoogle, a freeaggregator or portal Web service.
The iGoogle service allows users to select multiple applications and news feeds from across the Internet. Each user can customize his or her own iGoogle page. For example, sports fans can add applications that grab the latest scores and statistics of their favorite teams from the Internet and display them in a dedicated window on the iGoogle page.
10.Google Health


Changing doctors isn't always a smooth experience. On top of all the normal stress of dealing with unfamiliar people, you also have to find a way to get your medical information from your previous doctor to your new one. That usually means you have to rely on other people and hope that they respond. Transferring your medical data is important because the more information your doctor has about your medical history, the more effectively he or she will be able to diagnose and treat you when you need it.
Google's solution to this issue is to create an electronic, centralized location for your medical files called Google Health. Your doctors would transfer your files to Google's databases. Instead of having to track down the physical location of a paper file, your doctor would be able to log in to a computer and pull up your entire medical history. You don't have to worry about remembering which doctor has your file.
Read More

How to Protect yourself from keyloggers

4 Comments

Protect yourself from keyloggers 



This tool is a powerful, easy to use anti-spy software tool that prohibits operation of keyloggers, known or unknown, professional or custom made. Once installed, Anti Keylogger Shield will run silently in your System Tray, it will block the system mechanisms that are exploited by keyloggers, and will immediately start protecting your privacy. With Anti Key logger shield you can hide and protect your keystrokes from prying eyes.

I haven't create this one but i though it might be useful to post it here.

Here is what the description says:

Quote: Keyloggers are small spy programs, that record everything you type on the computer, including documents, emails, user names and passwords, and then either stores this information in a hidden place on your computer or sends it over the Internet to the person who infiltrated it.

Keyloggers can come in many forms, as emails, viruses, Trojan horses; from people who might try to invade your privacy and see what you are typing, or remote hackers, who might want to steel user names and passwords as you type them.

Unlike similar programs, Anti Keylogger Shield does not use a signature database, and it will not try to detect keyloggers. Anti Keylogger Shield will simply block the very mechanisms that are used by keyloggers, and they will not be able to record your information anymore.

Read More

Friday 25 October 2013

Top 50 Amazing Google Facts and Figures

Be The First To Comment
Google was founded in 1997 by two Stanford University PhD students Larry Page and Sergey Brin whose initial company mission statement was

“To organize the world’s information and make it universally accessible and useful

Which they seem to have made a good dent in achieving since they started the company.
Technology is enhancing us as human beings and the integrating of artificial intelligence is slowly being weaved and embedded into our activities and habits almost without us noticing. This reliance that is permeating our day to day existence even extends to a reported 60% plus of all buying decisions now starting with a Google search as we start our research online rather than walk the shop aisles and asking sales attendants questions.
It’s been barely 13 years since conception but the search company whose slogan is 
Don’t be evil”  (reputed to have been coined by the Google engineer Paul Buchheit in 2006 ) has now struck out into other technology areas beyond their core search business such as. 

amazing facts of google

1. The original nickname was BackRub due to the backlink technology used to determine site
importance but eventually changed the name to Google originating from the misspelling of the word
“Googol (the mathematician’s term for the number one followed byone hundred zeros) to signify
the large quantities of information for people that it would provide.

2. Google began as a research project in 1996

3. Google.com domain went online in 1997

4. The first funding of $100,000 for Google was provided by Andy Bechtolsheim the co- founder of Sun
Microsystems

5. The CEO for ‘Excite’ George Bell rejected to buy Google when it was offered to him for $1 million
when Brin and Page were finding the search engine taking up to much time from their research in 1999

6. The first round of venture capital of $25 million was provided in 1999 by Kleiner Perkins and Sequoia
Capital 5 years before it floated.

7. Google incorporated in1998

8. 30 million pages indexed in 1998

9. 1 billion pages indexed in 2000

10. Eric Schmidt named CEO in in 2001

11. Acquired Blogger in 2003

12. Adsense launched in 2003

13. Gmail launched in 2004

14. Google IPO in 2004

15. 8 billion pages indexed in in 2004

16. Acquired YouTube in2006 for $1.65 billion

17. 1 Trillion pages indexed in in 2008

18. Android announced in 2007

19. Chrome launched in 2008

20. 1.8 million shares given to Stanford University for its PageRank Patent sold by Stanford in 2005 for $336 million

21. It currently runs over 1 million computer servers in data centers around the world

22. Google search handles over 1 billion searches per day

23. 7.2 billion daily page views.

24. 87.8 billion monthly worldwide searches conducted on Google sites

25. Google’s global search market share is 85%

26. Daily visitors to Google is 620 million

27. Google.com’s worldwide ranking is number 1

28. Revenue in 2000 was $19 million

29. Profit in 2000 was a loss of $14 million

30. In 2009 Google’s revenue was nearly $23 billion

31. In 2009 Google’s profit was $6.5 billion

32. 97% is the percentage of revenue from advertising

33. Stock price at its IPO in 2004 was $85

34. Stock price in 2010 was $535

35. Over 19,000 employees

36. 37% are research staff

37. 37% are sales staff

38. A ‘Noogler’ is a new person at Google

39. 45% of Google’s products are currently in Beta

40. YouTube market share is 39.4%

41. 270,000 words a minute are written on Blogger

42. 146 million Gmail users

43. Google analytics is used on 57% of the top 10,000 websites

44. 400,000 new Android devices are activated every day

45. 100 million activated Android devices

46. 200,000 Apps available for the Android

47. 4.5 billion Apps have been installed from the Android Market

48. Google’s Android mobile operating system is the world’s leading smart phone platform surpassing Nokia
and Apple with a 33% share

49. 33 million Android operating systems were shipped in the the fourth quarter of 2010

50. The Google Driverless car named the ‘Stanley’ won the DARPA Grand challenge and the $2 million
in prize money from the US Department of Defense in 2005

Read More

Sunday 20 October 2013

Download Youtube Videos Without Any Software

Be The First To Comment









Youtube is the world's largest video sharing site where millions of videos
uploaded daily for that some video we like most and desire that to have it own mobile or laptop.

for the case if you want to that video than you have to download that and the problem is that youtube doesn't provide that the downloading facility to the anyone.. but the alternative to download the video from software.
like :- YTD or IDM

Todays I am sharing the best and easy alternative by which u can download your video in your computer or mobile both only in 4 steps...so please follow the steps carefully

click here

Download YOUTUBE videos on your Computer or Mobile without any Software
Follow this Very simple steps:

1. Go to YouTube, Open the video that you want to download

2. Now you have to make a small change in video link, replace "www." or "m." with "ss"
           
           [For example "www,youtube.com/­watch?v=EWnNyT3QTSQ"  with     "ssyoutube.com/watch?v=EWnNyT3QTSQ"]

3. After it will redirect to a new site "en.savefrom.net/"

4. Now you have to choose the format of the video like mp4,3gp,flv and also shows the video quality like 240p,360p,720p,1080p

5.THEN HIT LIKE BELOW FOR THIS USEFUL TRICK
 
Read More

Friday 18 October 2013

What is Honeypot ?

Be The First To Comment

shubucyber


The first step to understanding honeypots is defining what a honeypot is. This can be harder then it sounds. Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem. Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud. Its is this flexibility that gives honeypots their true power. It is also this flexibility that can make them challenging to define and understand. As such, I use the following definition to define what a honeypot is.

shubucyber


A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.

This is a general defintion covering all the different manifistations of honeypots. We will be discussing in this paper different examples of honeypots and their value to security. All will fall under the definition we use above, their value lies in the bad guys interacting with them. Conceptually almost all honeypots work they same. They are a resource that has no authorized activity, they do not have any production value. Theoreticlly, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. While this concept sounds very simple (and it is), it is this very simplicity that give honeypots their tremendous advantages (and disadvantages). I highlight these below.


Advantages :-  Honeypots are a tremendously simply concept, which gives them some very powerful strengths.

☺ Small data sets of high value: Honeypots collect small amounts of information. Instead of logging a one GB of data a day, they can log only one MB of data a day. Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day. Remember, honeypots only capture bad activity, any interaction with a honeypot is most likely unauthorized or malicious activity. As such, honeypots reduce 'noise' by collectin only small data sets, but information of high value, as it is only the bad guys. This means its much easier (and cheaper) to analyze the data a honeypot collects and derive value from it.

☺ New tools and tactics: Honeypots are designed to capture anything thrown at them, including tools or tactics never seen before.

☺ Minimal resources: Honeypots require minimal resources, they only capture bad activity. This means an old Pentium computer with 128MB of RAM can easily handle an entire class B network sitting off an OC-12 network.

☺ Encryption or IPv6: Unlike most security technologies (such as IDS systems) honeypots work fine in encrypted or IPv6 environments. It does not matter what the bad guys throw at a honeypot, the honeypot will detect and capture it.

☺ Information: Honeypots can collect in-depth information that few, if any other technologies can match.

☺ Simplicty: Finally, honeypots are conceptually very simple. There are no fancy algorithms to develop, state tables to maintain, or signatures to update. The simpler a technology, the less likely there will be mistakes or misconfigurations.


Disadvantages :-  Like any technology, honeypots also have their weaknesses. It is because of this they do not replace any current technology, but work with existing technologies.

☻ Limited view: Honeypots can only track and capture activity that directly interacts with them. Honeypots will not capture attacks against other systems, unless the attacker or threat interacts with the honeypots also.

☻ Risk: All security technologies have risk. Firewalls have risk of being penetrated, encryption has the risk of being broken, IDS sensors have the risk of failing to detect attacks. Honeypots are no different, they have risk also. Specifically, honeypots have the risk of being taken over by the bad guy and being used to harm other systems. This risk various for different honeypots. Depending on the type of honeypot, it can have no more risk then an IDS sensor, while some honeypots have a great deal of risk. We identify which honeypots have what levels of risk later in the paper.


Value of Honeypots :-

Now that we have understanding of two general categories of honepyots, we can focus on their value. Specifically, how we can use honeypots. Once again, we have two general categories, honeypots can be used for production purposes or research. When used for production purposes, honeypots are protecting an organization. This would include preventing, detecting, or helping organizations respond to an attack. When used for research purposes, honeypots are being used to collect information. This information has different value to different organizations. Some may want to be studying trends in attacker activity, while others are interested in early warning and prediction, or law enforcement. In general, low-interaction honeypots are often used for production purposes, while high-interaction honeypots are used for research purposes. However, either type of honeypot can be used for either purpose. When used for production purposes, honeypots can protect organizations in one of three ways; prevention, detection, and response. We will take a more in-depth look at how a honeypot can work in all three.

Honeypots can help prevent attacks in several ways. The first is against automated attacks, such as worms or auto-rooters. These attacks are based on tools that randomly scan entire networks looking for vulnerable systems. If vulnerable systems are found, these automated tools will then attack and take over the system (with worms self-replicating, copying themselves to the victim). One way that honeypots can help defend against such attacks is slowing their scanning down, potentially even stopping them. Called sticky honeypots, these solutions monitor unused IP space. When probed by such scanning activity, these honeypots interact with and slow the attacker down. They do this using a variety of TCP tricks, such as a Windows size of zero, putting the attacker into a holding pattern. This is excellent for slowing down or preventing the spread of a worm that has penetrated your internal organization. One such example of a sticky honeypot is LaBrea Tarpit. Sticky honeypots are most often low-interaction solutions (you can almost call them 'no-interaction solutions', as they slow the attacker down to a crawl :). Honeypots can also be protect your organization from human attackers. The concept is deception or deterrence. The idea is to confuse an attacker, to make him waste his time and resources interacting with honeypots. Meanwhile, your organization has detected the attacker's activity and have the time to respond and stop the attacker. This can be even taken one step farther. If an attacker knows your organization is using honeypots, but does not know which systems are honeypots and which systems are legitimate computers, they may be concerned about being caught by honeypots and decided not to attack your organizations. Thus the honeypot deters the attacker. An example of a honeypot designed to do this is Deception Toolkit, a low-interaction honeypot.

The second way honeypots can help protect an organization is through detection. Detection is critical, its purpose is to identify a failure or breakdown in prevention. Regardless of how secure an organization is, there will always be failures, if for no other reasons then humans are involved in the process. By detecting an attacker, you can quickly react to them, stopping or mitigating the damage they do. Tradtionally, detection has proven extremely difficult to do. Technologies such as IDS sensors and systems logs haven proven ineffective for several reasons. They generate far too much data, large percentage of false positives, inability to detect new attacks, and the inability to work in encrypted or IPv6 environments. Honeypots excel at detection, addressing many of these problems of traditional detection. Honeypots reduce false positives by capturing small data sets of high value, capture unknown attacks such as new exploits or polymorphic shellcode, and work in encrypted and IPv6 environments. You can learn more about this in the paper Honeypots: Simple, Cost Effective Detection. In general, low-interaction honeypots make the best solutions for detection. They are easier to deploy and maintain then high-interaction honeypots and have reduced risk.

The third and final way a honeypot can help protect an organization is in reponse. Once an organization has detected a failure, how do they respond? This can often be one of the greatest challenges an organization faces. There is often little information on who the attacker is, how they got in, or how much damage they have done. In these situations detailed information on the attacker's activity are critical. There are two problems compounding incidence response. First, often the very systems compromised cannot be taken offline to analyze. Production systems, such as an organization's mail server, are so critical that even though its been hacked, security professionals may not be able to take the system down and do a proper forensic analysis. Instead, they are limited to analyze the live system while still providing production services. This cripiles the ability to analyze what happend, how much damage the attacker has done, and even if the attacker has broken into other systems. The other problem is even if the system is pulled offline, there is so much data pollution it can be very difficult to determine what the bad guy did. By data pollution, I mean there has been so much activity (user's logging in, mail accounts read, files written to databases, etc) it can be difficult to determine what is normal day-to-day activity, and what is the attacker. Honeypots can help address both problems. Honeypots make an excellent incident resonse tool, as they can quickly and easily be taken offline for a full forensic analysis, without impacting day-to-day business operations. Also, the only activity a honeypot captures is unauthorized or malicious activity. This makes hacked honeypots much easier to analyze then hacked production systems, as any data you retrieve from a honeypot is most likely related to the attacker. The value honeypots provide here is quickly giving organizations the in-depth information they need to rapidly and effectively respond to an incident. In general, high-interaction honeypots make the best solution for response. To respond to an intruder, you need in-depth knowledge on what they did, how they broke in, and the tools they used. For that type of data you most likely need the capabilities of a high-interaction honeypot.


Up to this point we have been talking about how honeypots can be used to protect an organization. We will now talk about a different use for honeypots, research. Honeypots are extremely powerful, not only can they be used to protect your organization, but they can be used to gain extensive information on threats, information few other technologies are capable of gathering. One of the greatest problems security professionals face is a lack of information or intelligence on cyber threats. How can we defend against an enemy when we don't even know who that enemy is? For centuries military organizations have depended on information to better understand who their enemy is and how to defend against them. Why should information security be any different? Research honeypots address this by collecting information on threats. This information can then be used for a variety of purposes, including trend analysis, identifying new tools or methods, identifying attackers and their communities, early warning and prediction, or motivations. One of the most well known examples of using honeypots for research is the work done by the Honeynet Project, an all volunteer, non-profit security research organization. All of the data they collect is with Honeynet distributed around the world. As threats are constantly changing, this information is proving more and more critical.

 
Read More

Sunday 13 October 2013

How To System Intrusion In 15 Seconds Only

Be The First To Comment


System intrusion in 15 seconds, that’s right it can be done. If you possess certain security flaws your system can be broken into in less that 15 seconds.
To begin this article I’d like you to do the following. Connect to the Internet using your dial up account if you are on dial up. If you are on dedicated service like High Speed connections. 
ie, Cable and DSL then just proceed with the steps below...

• Click Start

• Go to Run

• Click Run (It’s a step by step manual)

• Type Winipcfg

• Hit the Enter Key

This should bring up a window that looks like the following


* For editorial reason the above info has been omitted *
What you should see under IP address is a number that looks something like this. 207.175.1.1 
(The number will be different.)
If you use Dial Up Internet Access then you will find your IP
address under PPP adapter. If you have dedicated access you
will find your IP address under another adapter name like (PCI
Busmaster, SMC Adapter, etc.) You can see a list by clicking

on the down arrow.



Once you have the IP address write it down, then close that window by clicking (OK) and do the following.

• Click Start

• Go to Run (Click on Run)

• Type command then Click OK

At this point you should see a screen that looks like this.


(Please note that you must type the A in capitol letters.)

This will give you a read out that looks like this NetBIOS Remote Machine Name Table
____________________________________
Name Type Status
-------------------------------------------
J-1 <00> UNIQUE Registered
WORK <00> GROUP Registered
J-1 <03> UNIQUE Registered
J-1 <20> UNIQUE Registered
WORK <1E> GROUP Registered
WORK <1D> UNIQUE Registered
__MSBROWSE__.<01>GROUP Registered

(Again info has been omitted due to privacy reasons)

The numbers in the <> are hex code values. What we are interested in is the                             “Hex Code” number of <20>. 
If you do not see a hex code of <20> in the list that’s a good thing. If you do
have a hex code <20> then you may have cause for concern. Now you’re probably confused about this so I’ll explain. A hex code of <20> means you have file and printer sharing turned on. This is how a “hacker” would check to see if you have “file and printer sharing” turned on. If he/she becomes
aware of the fact that you do have “file and printer sharing”
turned on then they would proceed to attempt to gain access to
your system.
(Note: To exit out of the DOS prompt Window, Type Exit
and hit Enter)
10
I’ll show you now how that information can be used to gain
access to your system.
A potential hacker would do a scan on a range of IP address for
systems with “File and Printer Sharing” turned on. Once they
have encountered a system with sharing turned on the next step
would be to find out what is being shared.
This is how:
Net view \\<insert ip_address here>
Our potential hacker would then get a response that looks
something like this.
Shared resources at \\ip_address
Sharename Type Comment
MY DOCUMENTS Disk
TEMP Disk
The command was completed successfully.
This shows the hacker that his potential victim has their My
Documents Folder shared and their Temp directory shared. For
the hacker to then get access to those folders his next command
will be.
Net use x: \\<insert IP address here>\temp
If all goes well for the hacker, he/she will then get a response of
(The command was completed successfully.)
At this point the hacker now has access to the TEMP directory of
his victim.
Q. The approximate time it takes for the average hacker to do
this attack?
R. 15 seconds or less.
11
Not a lot of time to gain access to your machine is it? How many
of you had “File and Printer Sharing” turned on?
Ladies and Gentlemen: This is called a Netbios attack. If you are
running a home network then the chances are you have file and
printer sharing turned on. This may not be the case for all of you
but I’m sure there is quite a number of you who probably do. If
you are sharing resources please password protect the
directories.
Any shared directory you have on your system within your
network will have a hand holding the folder. Which looks like
this.
You can check to find which folders are shared through Windows
Explorer.

• Click On Start

• Scroll Up to Programs files

At this point you will see a listing of all the different programs on your system
Find Windows Explorer and look for any folders that look like the above picture.Once you have found those folders password protect them. Don’t
worry I’ll show you how to accomplish this in Chapter 8 in a visual step by step instruction format.

Netbios is one of the older forms of system attacks that occur. It is usually overlooked because most systems are protected against it. Recently there has been an increase of Netbios Attacks.
Further on in this manual we shall cover some prevention methods. For now I wish only to show you the potential security flaws.

Read More