Ajit Gaddam: TechNews and Security

The White House released (at 9 AM Tuesday, March 20) a directive to all Federal CIOs, requiring that all new IT system acquisitions, beginning June 30, 2007, use a common secure configuration and, even more importantly, requiring information technology providers (integrators and software vendors) to certify that the products they deliver operate effectively using these secure configurations.

This initiative builds on the pioneering “comply or don’t connect” program of the US Air Force; it applies to both XP and Vista, and comes just in time to impact application developers building applications for Windows Vista, but impacts XP applications as well.  No VISTA application will be able to be sold to federal agencies if the application does not run on the secure version (SSLF) of Vista.  XP application vendors will also be required to certify that their applications run on the secure configuration of Windows XP.

The benefits of this move are enormous: common, secure configurations can help slow bot-net spreading, can radically reduce delays in patching, can stop many attacks directly, and organizations that have made the move report that it actually saves money rather than costs money.

The initiative leverages the $65 billion in federal IT spending to make systems safer for every user inside government but will quickly be adopted by organizations outside government. It makes security patching much more effective and IT user support much less expensive. It reflects heroic leadership in starting to fight back against cyber crime. Clay Johnson and Karen Evans in the White House both deserve kudos from everyone who cares about improving cyber security now.

Courtesy [SANS Flash News. SANS hasn't issued a FLASH announcement in more than two years]

This article is part # 4 in this series of penetration and security testing of a corporate network. Previously I talked about some dirty tactics which penetration testers might have to use. I also started this series by talking in general about Penetration and security testing and also some important computer security keywords and terminologies.

In this article, I will introduce you to some well known tools which security analysts use, to know more about the layout of the network they are trying to test and also gather intelligence about that company,  which we will use later on to conduct further tests and poke it for its weak points. The more information we can obtain, the more we can advice our client company of any potential problem areas. This whole process is called footprinting.

Footprinting Definition from Wikipedia)

Footprinting is the technique of gathering information about computer systems and the entities they belong to. This is done by employing various computer security techniques, as Ping Sweeps, TCP Scans, UDP Scans, OS Identification, Network Enumeration, Registrar Queries, Organizational Queries, Domain Queries, Network Queries, POC Queries and DNS Interrogation

When used in the computer security lexicon, “footprinting” generally refers to one of the pre-attack phases; tasks performed prior to doing the actual attack. Some of the tools used for footprinting are samspade, nslookup, traceroute and neotrace.

I will not be revealing what kind of Business my client does, but a lot of corporations out there perform most of their business online, through the web. Each of these companies would have a web site which should be the first place we use to gather intelligence about the company.

==================TOOL # 1: PAROS (http://www.parosproxy.org)

Paros is a Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.

Paros requires that you have Java J2SE installed which you can download from Sun here. Paros is also available in both Unix and Windows platforms. You can download Parox Proxy here.

1. After you download Paros, you need to configure your browser’s Internet options. Set your HTTP proxy and Secure proxy addresses to “localhost” with port “8080″ as shown below

2. Launch Paros. In this example, we will use mit.edu as our target Internet location. Type in http://www.mit.edu. If you go back to Paros, you will see a screen that looks something like this

Read the rest of this entry »

I was writing an article on how to use HTTP to view web banner information. My first choice was to use the big G, Google.com. However, when I used the command nc google.com 80 and used OPTIONS / HTTP/1.1, Google generated this error message.

It is also interesting to observe how Google generates its logo using the color codes.

Read the rest of this entry »

Okay, this email is rather funny. A spammer who knows his spam email might be blocked informs me that since this particular email has passed through my spam filters, I now have an opportunity to know about his great services and products. Apparantly the spammer focuses on customer service and support too …

If you are one of those poeple using a Digital camera to capture pictures, when you import your pictures to your computer, chances are that you have a wierd naming scheme such as DSC001021 something etc. Using this tip, you would be able to rename many pictures all at once.

1. Open the folder where you have saved your pictures. Select the batch of pictures you wish to rename. You can select multiple pictures by pressing <Ctrl> key plus the picture. Do not let go of the <Ctrl> key when you select a different picture.
2. Right-click the first picture selected and then click Rename.
3. Rename the first picture to whatever you like (for example, Vint Cerf Google Speaker Series), then click any empty space within the window to deselect the pictures.

Your pictures automatically rename themselves (“Vint Cerf Google Speaker Series (1),” “Vint Cerf Google Speaker Series (2),” etc.). This tip also works to rename any collection of files.

Xbox Live has recently hit 6 million users and on this occasion, Microsoft has released some stats. Following is the full press release from Microsoft letting us know of the various stats and numbers

Xbox 360 | Momentum Fact Sheet

• More than 10 million Xbox 360s have hit store shelves since launch in November 2005, and more than 160 high definition games are now available, including Viva Piñata, Gears of War and Crackdown.

• Xbox 360 is available in 37 countries.

• The overall software attach rate for Xbox 360 is 4.6 titles per console in the United States with a record-breaking accessory attach rate of 2.9 units per console.

Xbox LIVE Connectivity & Usage:

• More than 6 million people are now members of Xbox LIVE.

• Following the launch of the Xbox LIVE online gaming network in November 2002, gamers have spent over 2.3 billion hours on the network playing games online with their friends around the world. This is equal to 95 million days of gaming or over 260,000 years. With our top title, Halo 2, which is being played on both the Xbox and Xbox 360, gamers have spent over 710 million hours playing online with over a half a billion games played.

• In fact, online gaming through Xbox LIVE is now a proven form of mainstream entertainment. The 18-34 male audience is comparable in size to the same audience tuning in to see the most popular network TV shows like CSI or The Office.

• Xbox LIVE on Xbox 360 continues to grow as a social community; we are seeing an average of over 2,000,000 text and voice messages sent every day between members on the service.

• The average Xbox LIVE Gold subscriber has 22 friends on their Xbox LIVE friends list.

• To date, Xbox 360 owners have unlocked nearly 300 million Achievements. All of those unlocked Achievements have created a total combined Gamerscore of nearly 7.5 billion.

• Top WW Xbox LIVE Titles on Xbox 360 to date:

1 Halo 2
2 Gears of War
3 Hexic HD
4 Call of Duty 2
5 Ghost Recon 3
6 Call Of Duty 3
7 Oblivion
8 PGR3
9 Tom Clancy’s Rainbow Six® Vegas
10 Perfect Dark Zero

(Based on the number of unique users)

Xbox LIVE Marketplace:

• Consumers have quickly jumped to the Xbox LIVE Marketplace as their one-stop download center. More than 70 percent Xbox LIVE members are downloading content from Marketplace, driving more than 135 million downloads since the launch of Xbox 360.

• Xbox LIVE Marketplace is home to more than 7,000 pieces of individual gaming and entertainment content, downloadable at the click of a button.

• Gamers have also quickly adopted the new Microsoft Points stored value system, with more than 5 Billion points activated on Marketplace to date.

• Online entertainment through Xbox LIVE is not just limited to games. Xbox 360 is the only console offering movie and TV downloads, and the new Xbox LIVE Video Marketplace (available in the US only) is packed with HD content from top partners such as Paramount, MTV Networks and CBS. As a result, nearly 50% of Xbox LIVE members in the U.S. log into Xbox LIVE Marketplace every time they turn on their console.

Xbox LIVE Arcade:

• Xbox LIVE Arcade has been an instant hit on the Xbox 360, with nearly 70% of all connected consoles already downloading and playing Xbox LIVE Arcade titles.

• Xbox LIVE Arcade has now surpassed 25 million downloads from its diverse library of original development and classic titles from the world’s best independent and established developers and publishers.

• Top worldwide Xbox LIVE Arcade titles on Xbox 360 to date (based on total number of full game downloads):
1. Street Fighter II’ Hyper Fighting
2. Bankshot Billiards 2
3. Marble Blast
4. UNO
5. DOOM

Beginning in 2007, daylight saving time (DST) will be extended in the United States. DST will start on March 11, 2007, which is three weeks earlier than usual, and it will end on November 4, 2007, which is one week later than usual. This results in a new DST period that is four weeks longer than in previous years.

Unless certain updates are applied to your computer, the time zone settings for your computer’s system clock may be incorrect during this four-week period. In particular, you must make sure that both your Windows operating system and your calendar programs are updated.

Microsoft has provided a nice tool which lets you verify if your computer is upto date with Daylight savings time implemented. You need not worry if you have Windows Vista Operating System or if you have Automatic Updates turned on.

To determine which operating system you have, follow these steps for any operating system other than Windows Vista:

1. Click Start, and then click Run.
2. In the Open box, type sysdm.cpl, and then click OK.
3. Click the General tab. The name of the current version of your Windows software is displayed on this tab.

To verify if you computer has been updated with the correct daylight savings time beginning March 11, follow this link from Microsoft

Microsoft Daylight Savings Time

Many spam-filtering techniques work by searching for patterns in the headers or bodies of messages. For instance, a user may decide that all e-mail they receive with the word “Viagra” in the subject line is spam, and instruct their mail program to automatically delete all such messages. To defeat such filters, the spammer may intentionally misspell commonly-filtered words or insert other characters, as in the following email example

 

The principle of this method is to leave the word readable to humans (who can easily recognize the intended word for such misspellings), but not likely to be recognized by a literal computer program. This is only somewhat effective, because modern filter patterns have been designed to recognize blacklisted terms in the various iterations of misspelling. Other filters target the actual obfuscation methods; such as the non-standard use of punctuation or numerals into unusual places, for example: within in a word.

(Note: Using most common variations, it is possible to spell “Viagra” in over 1.3 * 1045 ways.[29])

So, how do we get around such Spam techniques?

Most of the spam that sneaks into my inbox past SpamAssassin and my Bayesian spam filter gets there because almost every word in the message is intentionally misspelled. By not giving the filter recognizable content, the messages get past. So how about a spam filter that works by spell check? If more than 50% of the words are misspelled, there’s a good bet that the message is spam or in a language I can’t read anyway.

Microsoft has some charity initiatives going on right now. One of them is using Microsoft Windows Live Search for the purpose of charity. This charity initiative is titled “Searching for a way to help. You have found it.”

There are over nine million refugee children worldwide. The United Nations Refugee Agency aims to help and focus on these children. You can help them learn, help them play. Stability comes from community. Education is the right of every child — UNHCR(United Nations Refugee Agency).

Help raise awareness and funds for refugee youth with just a click! Every time you search from the below link or on the image below, Microsoft will make a donation to ninemillion.org, a UN agency-led campaign providing education programs for the nine million refugee children around the world. This is a very noble initiative on behalf of Microsoft which seems to be following its founder Bill Gates direction who is giving away most of his fortune to charity.

For every search performed from this page between January 17 and March 31, 2007, Microsoft will make a contribution to ninemillion.org, a UN agency-led campaign providing education and sports programs for the nine million refugee youth around the world.. All contributions will benefit ninemillion.org to support educational programs for refugee youth.

On March 2, beta service for most Windows Live OneCare customers will be discontinued. You would need to make alternate arrangements before that date to ensure that you have full protection and PC care.

To continue using Windows Live OneCare service, you can subscribe to it by following these steps:

1. Uninstall the OneCare beta.

• On the Start menu, click Control Panel.
• Double-click Add or Remove Programs.
• Under Currently installed programs, click , Windows Live OneCare and then click Change/Remove.
• In the Uninstall Windows Live OneCare dialog, click Uninstall.
• Follow the directions to uninstall OneCare and restart your computer.

Read the rest of this entry »