Saturday, 17 October 2015

Internet Company Continue to Oppose Cybersecurity Bill

 Government can ask for any personal info about any INTERNET user from INTERNET company in exchange of the breath for that respective company.


Here is another attack on netizens privacy world wide, this can be most dangerous attack on privacy of internet users after the Patriot Act.

The largest tech giants, including T-Mobile, Google, eBay, RedHat, Yahoo and Facebook have once again expressed their concern about a controversial cybersecurity bill, claiming that it fails to protect users’ privacy.

6100.th.jpg

The Computer and Communications Industry Association (CCIA), representing a number of major tech firms, published an open letter criticizing the Cybersecurity Information Sharing Act, also known as CISA. The latter would allow companies to share users’ personal details with the American government in exchange for immunity from regulators and the Freedom of Information Act. The bill is to pass through Senate later in October.

The tech firms point out that the mechanism for sharing of cyber threat information as described in the bill fails to sufficiently protect users’ privacy or limit the permissible uses of data shared with the authorities. Another cause for concern is that CISA authorizes entities to employ network defense measures that might cause collateral harm to innocent 3rd parties.

The legislation was initially meant to allow tech firms to share “anonymized” user data with the Department of Homeland Security, but the latter has itself come out against the bill, because in this case it would be compelled to share the data on to other entities. The cybersecurity bill has raised concerns about surveillance among many industry experts that simply gathering multiple corporate information sets in one place could be exploited to create profiles with personally identifying information.

The mater is that elaborate user data is organized – mostly by advertisers – in such a way that users are split up into several categories. For example, you may end up in a group scheduled to show adverts for cat lovers, a group likely to change shampoo brands, and a group of Toyota owners. At the same time, the companies are trying to make sure they don’t accidentally create individual digital dossiers. The problem is that with such legislation in place, one bad actor can reverse the process and gain unprecedented access to personal details.

On the other hand, some companies that would be eligible to participate decided to support the bill – for example, Experian, the data broker that was recently hacked and lost 15m sets of T-Mobile customer data, claimed that it supported legislation that would facilitate greater sharing of cyber threat information.


 Its time for an global awareness program for the people to spread the message that what are the bad effects of the government policy.



source- sam

Sunday, 27 September 2015

Facebook Accused of Spying on Belgian Users

The Belgian privacy commission (BPC) accused Facebook of acting like the NSA by spying on European users. The Belgian data protection body referred to Snowden’s revelations about surreptitious mass surveillance by the spy agency.

Its is official that the agency launched a lawsuit against the social networking site after accusing it of violating Belgian and European privacy law. The BPC accused Facebook of a number of breaches, including the tracking of non-users and logged-out Facebook users for advertising purposes, and is currently threatening the company with fine of €250,000 per day if it doesn’t stop which is equal to -
250000 Euro equals = 279862.50 US Dollar

In respond to this incident, Facebook has repeatedly denied the all claims, explaining that the data and conclusions of the Belgian agency are false. The company is going to demonstrate to the court how its technology protects people from spam, malware, and other attacks. Facebook also insists that its practices are consistent with European law and with the rules of the most popular Belgian online services.

The social network facebook also explained that its European operations and practices are governed by the Irish data protection agency, because its EU headquarters are located in Dublin. In the meantime, the case is being watched by the rest of the countries in the region, where data protection regulators also started to question Facebook’s privacy practices throughly.

Facebook announced immediately that the company has repeatedly offered to help resolve the Belgian agency’s concerns, but the BPC(
Belgian privacy commission) instead took the tech giant to court and seems to be trying to stop Facebook from using security technology because they misunderstand it.

The Belgian commission believes that Facebook is treating users’ private lives “without respect”, while Facebook offers to discuss these issues directly with Belgian Data Protection Authority rather than going through unnecessary litigation.


this is the beginning we don't know that where else such spying and pointed surveillance is being conducted.
Lets wait and watch.


Tuesday, 15 September 2015

What is Surveillance and What it should be!

My main motive for this article is to try to understand that what is surveillance is and what it has become. The surveillance meaning and what it is being actually implied nowadays.


Surveillance is a act of watching over a asset without there permission aiming to fetch the information in form of data. The huge majority of computer surveillance involves the monitoring of data and traffic on the Internet.
You can check the Wikipedia article surveillance for more info.
here is the link




Surveillance is very good fighting against terrorism, Cyber War, cyber terrorism etc etc... but when it comes to the right of spoof free Internet no one else is monitoring your connection then it becomes a human right. I believe every human on planet earth should have equal right of accessing Internet freely without any hesitation that his connection and his access point over the network is being monitored which later on can be aimed to any direction while any investigation done by any Federal Agencies for any other issue.


 Mass surveillance is being done all across the world is devastated it is clear now that most of the Agencies which are working on the ground are not taking user privacy seriously.
When this happened busy people coming out of their own organizations and making the confidential documents public which type thing should be know by all citizens, an act of doing so is called whistle-blowing.

Surveillance policy should be drafted in a way that every Surveillance request must be approved by some kind of jury before implementation.Surveillance without permission is like setting a wild horse free it can hurt somebody.

Example Edward Snowden one of the most famous whistle-blower he uncover the truth about the secret government mass surveillance program called prism.  and several other which were quality user privacy all across the world not only in United States.
Edward Snowden highlighted the key element facts that he disclosed and this segment of Ted Talk.


TED talk of Edward Snowden  here

Director of National Security Agency responded to the Ted Talk of Edward Snowden in this way you can see in this following video

NSA response to the TED talk with Edwards Snowden. here

We need to take back control over the Internet as we speak we cannot let anybody violate our privacy.

Here are things which we can do to fight against this kind of surveillance or Internet monitoring.


1- Every website and web service should implement SSL connection it is kind of Web encryption between the website and the user this connection is secure via public key the SSL is very very hard to break it will take millions of years for a normal computer to decode a message if he tries around 10,000 combinations of keys per second.

2- The second thing we can do we can use of VPN virtual private network for our Internet connection this is a secure tunnel for a secure channel between your computer and the  and the Internet server
This provider encrypted session between server and your system has no one can spoof hijack in between.
checkout torproject.org

3- Keep your operating system up to date for the latest security patch available.


4- Install the advanced antivirus and anti Malware softwares for example-Kaspersky, AVS.
     ( you don't need anti-virus no linux but still might need anti-malware.

5- Do not use torrent website over VPN because that disclose your real IP.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Note- All the ideas and information is generally available on web, this article about is collection of my own ideas and views and thought about surveillance. I do not represent any party.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Wednesday, 3 June 2015

Removing Ransomware



Over the past time several online ransomware incidents has took the sleep away of many users and security researcher in many organisations and industries.

But finally we have some good amo against this kind of problem that is ransomware removal kit
 
Several Security firm and FBI itself has released some ransomware removal kit that are free to download from there respective website.


 Just imagine a moment when all your important files are locked up by some strange program and asking you to pay to unlock the data that is already your.


                         "You should never pay to the Ransomware
                                because it make such attacks more
                                       stronger for further attacks"



The Ransomware Removal Kit includes abilities of the following ransomware removal tools:

  • CoinVault: CoinVault ransomware removal tools--link 
  • CryptoLocker: CryptoLocker removal tools and Threat Mitigation --link
  • CryptoLockerDecrypt: FireEye Tool to decrypt files encrypted by the CryptoLocker ransomware
  • FBIRansomWare: FBIRansomWare Removal ToolsTeslaCrypt: Tool for removing this variant of CryptoLocker ransomwareTrendMicro_Ransomware_RemovalTool: General ransomware removal   tool from TrendMicro

Here what you need to do in case your system get infected with any kind of ransomware:-
The first response to a ransomware infection consists in the disconnection of the machine from the internal network to prevent the diffusion of the malicious agent. Be sure to create a copy of the disk that could be restored in case of problems with the ransomware removal kit.

The second step is the identification of the strain of malware that caused the infection( it can be any file/program/even a fake anti-virus program), then the user can try to decrypt files and remove the malicious agent.

How to prevent yourself from such attacks
>Do not download any file from untrusted source.
>Do not download email attachment from strangers.
>Do not use thumb drive without scanning from up to date virus definition anti-virus security product(my recommendation is Kashpersky)

this article is inspired from research of famous security researcher of UK Pierluigi Paganini
thank you for your contribution.

Sunday, 19 April 2015

How to Secure Web Servers


Securing Web Server seems to be a difficult task for most of the web administrators but i can make it easy for you, In today digital age everything is at risk of cyber attack and your web servers are the most intimating target for Bad guys(Blackhat Hackers).

So you want to stop them from bringing harm to your network-
Follow the following steps to ensure that your web server have what you deploy on it not what bad guys want

Install a firewall and/or login failure tracker


You should always run a firewall allowing traffic only on ports that you use, i.e. HTTP, SMTP, IMAP/POP3. It is also good to run a daemon that keeps track of failed login attempts, and blocks these IP addresses at the firewall. ConfigServer Security & Firewall is an excellent piece of software that does both, and is free for personal use-

http://configserver.com/cp/csf.html



MySQL


You should disable the local in file function, which will help to prevent against unauthorised reading from local files. This matters especially when new SQL Injection vulnerabilities in PHP applications are found. Add the following line to your /etc/my.cnf file under the [mysqld] section, and restart MySQL-

local-infile = 0



PHP



Enable only the PHP modules that your sites require
Disable risky PHP functions in php.ini, via a line such as “disable_functions=show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, ini_set”
Use a PHP security module such as suhosin or mod_security
SSH

Disable SSH logins as root user
Allow only publickey logins for root or all SSH users (no password authentication)
Change the port on which SSH runs on by editing /etc/ssh/sshd_config and restarting the SSH service. This will thrwart automated dictionary attacks on the standard port 22
Only allow SSH protocol 2, 1 is outdated and insecure
http://wiki.centos.org/HowTos/Network/SecuringSSH
http://centoshelp.org/security/securing-sshd/


Apache


Use Apache 2.2 or later
older versions of Apache are very vulnerable to serveral vulnerabilities so upgrade it.
Run PHP as suPHP. This setting makes PHP run as the user that is using it. This makes abuse easier to track, and prevents a malicious script from affecting other user’s accounts
Set Server Signature to “Product Only”. This way the server will not divulge the specific version of Apache it is running in error message or HTTP headers (WHM –> Apache Configuration)
Only use Apache modules that your website or users need
Passwords

Do not use simply passwords, such as words you can find in a dictionary, or passwords less than 8 characters long. Try to include a mix of upper and lower case letters, as well as numbers in your password. Do not use the same password you use for your primary e-mail account as other services
Make a password rotation schedule, such as every two weeks, monthly, etc, and stick to it
Set the minimum password strength option in WHM to a value of at least 50 to keep users from setting easily crackable passwords
WHM/cPanel

Disable “Compiler Access” in “Security Center”
Enable “Shell Fork Bomb Protection” in “Security Center”
Set “Password Strength” in “Security Center” to a value of at least 50


PHP Software


Always follow the security recommendations for hardening your installation when installing any PHP software
ALWAYS check at least once a week to make sure you are running the latest version of any mainstream PHP software. Outdated versions tend to have security vulnerabilities that WILL get exploited eventually, resulting in lost data, defaced websites, SPAM being sent from accounts, service suspension, and malware warnings in browsers when people visit your site (which are a pain to get rid of)
Set file permissions securely
All directories should be 755 or 750.
All files should be 644 or 640. Exception: configuration files (wp-config.php, configuration.php, config.php) should be 600 or stricter to prevent other users on the server from reading it.
No directories should ever be given 777, even upload directories
The above are the #1 reasons customer’s websites get hacked
Supplemental Information:http://codex.wordpress.org/Updating_WordPress
http://codex.wordpress.org/Hardening_WordPress

http://docs.joomla.org/Upgrade_Instructions

http://docs.joomla.org/Security



Antivirus/Malware Scan



There are numerous software packages available to scan and monitor your server and accounts for malicious content
ClamAV
AVG for Linux
RKHunter
ChkRootKit


Backups, backups, backups



Make backups, and make them often. Your web host is not repsonsible for backing up your information unless it is specifically included in your plan, or you pay for the service
There are backup features standard in cPanel servers. You can make the download and store it on your home computer or workstation
Make a backup right now, while we’re on the subject
Seriously, do it

SPAM Prevention

If you have a contact form, make sure it isn’t easily exploited by bots. Use a captcha if possible
Set an hourly e-mail limit per account in WHM/Tweak Settings. 500 should be more than sufficient for most accounts
Use strong passwords for e-mail accounts
Check your mail statistics once in awhile to see who is sending the most mail, and at what volume


>>Unnecessary Services


Some Linux installations include services which are rarely if EVER used in web hosting environments, and just add another layer of possible security holes
These include cups, xfs, bluetooth, nfs, rpcidmapd, etc.
Stop and disable these if you do not need them.
these extra services not only increase load on your server in serveral case it has been found that unnecessary services and opened port result in huge security breach in network.

Saturday, 4 April 2015

India :- A soft target in event of cyberwar


According to wikipedia
Cyberwarfare is politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare.

India a country with all most half of the population in 125 crores people have access to Internet resources. From Banks to Corporates and from factories to large industries are depending on Internet for daily work
Yes India is a one of the countries who have largest Anti-virus market sale but it does not over cyberspace is safe to use.
Government efforts to secure our cyberspace on paper.
In today world when countries like usa and china have capabilities of defending and counter defensive. India has no such facility for sake of our national security.
Government is sitting quite in this major field of Cyber-security, In pmo office there is no designation of any cyber command division, hence there is no briefing about countries Cyber-security status to Honorable Prime Minister.
Evening the secret service of India there is no sub division took after any event of cyber terrorism or cyber attack on the critical infrastructure of India and also on the different government and private organization the present to handle such situations.

Recently China admitted that it has its own cyber army
check here- http://thehackernews.com/2015/03/china-cyber-army.html

which was a big surprise to whole world because it was a first
official confirmation from China.
The security experts worldwide has already agreed and alerted that next world war will not be fought with nuclear weapons rather it will a online cyber war where countries will bring harm to each others critical infrastructure and public services.
Imagine a day when all share market crashes and banks dont work, all communication medium start failing landline, cellphone, even satellite will also be useless.

A high-profile cyber attack on 12 July 2012 breached the email accounts of about 12,000 people, including those of officials from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP).[42] A government-private sector plan being overseen by National Security Advisor (NSA) Shivshankar Menon began in October 2012, and intends to beef up India's cyber security capabilities in the light of a group of experts findings that India faces a 470,000 shortfall of such experts despite the country's reputation of being an IT and software powerhouse

We need to act know because we never wants 1963 history to repeat itself when China attacked India but this no bullets will be fired instead a series of sequenced attack will be conducted on critical infrastructure of our country.
"Believe it or not we live in a technology dominant era and who can control can do what he wants"

Monday, 23 February 2015

After Open Source Software it's time for Open Source Hardware


These day we are seeing tremendous increase in revealing of several malware attacks are embedded in our hardware by different secret services, I think its time for a new revolution as per today's need and its the Open source Hardware.
In 1994 Richard Stallman and Linus Torvalds started a revolution by giving this world Open Source and soon the most secure, trust able, customisable operating system Linux was introduced. It was important because market was dominated by Microsoft for our need of operating system people had no option rather than to use windows.
 Well this is the time where we need another revolution by the name of open hardware because now we can not trust our regular manufacturers of IT equipments because they get involve in dirty work of violating people life's privacy by creating and embedding security holes in the firmware of there hardware products.
This needs to be stopped

wikipedia definition of open source hardware
Open-source hardware (OSH) consists of physical artifacts of technology designed and offered by the open designmovement. Both free and open-source software (FOSS) as well as open-source hardware is created by this open-source culture movement and applies a like concept to a variety of components. It is sometimes, thus, referred to as FOSH (free and open source hardware).

why?

what reason can be given after this year since the 2013 Snowden leaks, Russian security firm Kaspersky has presented a report that the National Security Agency (NSA), the snooping agency for the United States has been involved in a globally-organised hacking campaign aimed at the firmware of hard drives.

Kaspersky report says that NSA implemented a backdoor in the firmware of hard drives, this backdoor is a complex algorithm that can give direct access to all data stored in drive to any remote user, not only this this algorithm can even produce a small malware from itself that system thread level that can do lot more then just access file it can send them and more.Hard drives manufactured by as many as 12 major HD manufacturers are currently infected. The operation has been dubbed as “Equation Group” by researchers of Kaspersky Lab and took help of hackers to secretly intercept a package in transit, booby-trapped its contents, and sent it to its intended destination. Kaspersky had dubbed the group as Equation Group because it is apparent use of heavy encryption tools and algorithm's, obfuscation methods and advanced delivery mechanism of the communication.

Kaspersky report notes that somewhere in mid 2002 or 2003, Equation Group members used the Oracle database installation CD to infect multiple targets with malware from the group’s extensive library.

As per Kaspersky the number of victims of this cyber snooping operating can range in ‘tens of thousands of victims’ in over 42 countries spread around the world.  NSA apparently used this method to infect PCs primarily in Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali at the top of the list.

The NSA victims centred in critical fields including aerospace, nuclear research, government, telecommunications, Islamic activists, energy, and industries, financial concerns, encryption technologies and infrastructure supply chains. Kaspersky researchers say it is difficult to arrive at a absolute number of infections done by the Equation Group because of a self-destruct mechanism built into the malware. so if anyone tries to fetch it out of drives for reverse engineering or other purpose it destroyes itself completely.

After all these events open hardware will help people to trust there system and be tension free that no one has private access to our data 

there many more such hardware backhood implanted by NSA if you want a list visit this wiki page

So who is manufacoring opensource hardware well here is a small list but this not all this industry needs a initiative in open hardware along with innovations to boost up the current senarios of sales and prooducts.

Computer open source hardware list

If this violation of users privacy continues then may be people will loose faith in all the USA based hardware manufacturer so they better audit there products before that happen.

ITS TIME FOR ANOTHER REVOLUTION "THE OPEN SOURCE HARDWARE" TO PROTECT OUT RIGHT OF INTELLECTUAL PRIVACY AND SECURITY
i think its time when Richard Stallman might need to change his phrase's about open source its not just about software anymore

As the advocates of open source draw new users into our community, we free software activists must shoulder the task of bringing the issue of freedom to their attention. We have to say, “It's free software and it gives you freedom!”—more and louder than ever. Every time you say “free software” rather than “open source,” you help our cause.

LOVE PEACE OPENSOURCE 

Friday, 6 February 2015

Check and Patch GHOST Vulnerability CVE-2015-0235 in Linux

Ghost vulnerability is haunting out secure linux system these days. we linux user speaks with huge proud that linux never get infected with viruses and worms but instead we have some vulnerabilities in our system that can be exploited to cause some serious damage if not stopped earlier.

All the system no matter if its a Desktop or Server are at risk due to this new vulnerability.

A buffer overflow vulnerability has been discovered that can allow an attacker to remotely execute code on a Linux computer. It was found in the GNU C Library (glibc)__nss_hostname_digits_dots() function, which is accessible from gethostbyname*() functions. The function can overflow sizeof(*char) bytes 4 or 8 for 32-bit or 64-bit architectures, respectively. -cyberoam.com

 A list of affected Linux distros:-


  • RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
  • CentOS Linux version 5.x, 6.x & 7.x
  • Ubuntu Linux version 10.04, 12.04 LTS
  • Debian Linux version 7.x
  • Linux Mint version 13.0
  • Fedora Linux version 19 or older
  • SUSE Linux Enterprise 11 and older (also OpenSuse Linux 11 or older versions).
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Server 11 SP1 LTSS/ SP2 LTSS/SP3/SP3 for VMware
  • SUSE Linux Enterprise Server 10 SP4 LTSS
  • SUSE Linux Enterprise Desktop 11 SP3
  • Arch Linux glibc version <= 2.18-1  
Well this vulnerability is caused by a simple buffer overflow in glib library of linux system





You can test or reproduce the bug using the following C code:
/* Credit: http://www.openwall.com/lists/oss-security/2015/01/27/9 */
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY "in_the_coal_mine"

struct {
  char buffer[1024];
  char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };

int main(void) {
  struct hostent resbuf;
  struct hostent *result;
  int herrno;
  int retval;

  /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
  size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
  char name[sizeof(temp.buffer)];
  memset(name, '0', len);
  name[len] = '\0';

  retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);

  if (strcmp(temp.canary, CANARY) != 0) {
    puts("vulnerable");
    exit(EXIT_SUCCESS);
  }
  if (retval == ERANGE) {
    puts("not vulnerable");
    exit(EXIT_SUCCESS);
  }
  puts("should not happen");
  exit(EXIT_FAILURE);
}

Proper way to install nvidia 390 fix error

Proper way to install nvidia 390 if you see any error in the process look below; command  sudo apt purge --autoremove '*nvidia*...