R I P Orkut

Orkut....a first in social networking site
Orkut.....a networking site with a difference
Orkut......a networks for true friendship
Orkut.....an invitation only networking group.
These were the features given by Google when launching Orkut in early 2000. Though this network grew with gr8 speed, it failed to sustain his membership. After several attempts of revival, finally it toll the final bell for Orkut.
Come September, Orkut will be laid to rest. Long live Orkut.

What the F##k is Cyber security.

1. Now a days its a buzz word. Everyone who has to do something or nothing with electronics, yes u read it correctly, is just blabbering about a deamon known as " We are vulnerable in cyber space"
2. Well let me tell you, even though evrything they say may not make a sense, its a serious threat to your PRIVACY.
3. Well the first doubt that comes to your mind is

" What the #### is it and why should I care about it?
Second thought that crossed ones mind is " I dont have to worry about it. Its not going to effect me. "
4. Its a flawed thought process. Though you may not be a direct victim of cyber attack, but you could be accomplice in a crime. WHAT?
HOW? is the natural reaction.
Here are the details of modus-operandi.
5. A #hacker gains access to your PC, Laptop or smartphone by installing #malacious softwares also know as #malware, called #trojans. This way your computer becomes a,member of a worlwide network called in short as #botnet. As and when a hacker deseeies he carries out an attack using your computer ie #bot. The attack can be #DDoS abbreviatiin for Distributed Denial of Service attack and being down the victim. This way unknowingly, you have become an accomplice in #cyber #crime.
6. How do I come to know about it?
First sign is that your system becomes slow, the CPU shows unusual activity.
7.How to mitigate the risk?
Just follow three simple steps.
* Install an effective #antivirus that incl
scanning your mobile also.
* # Update all softwares and operating sust from known and reliable sources.
* Do not leave your internet connection and computer on when you are not using it.
Happy Hunting.
 

Bitly Compromised

• Bitly... a URL shortening site that helped many bloggers shorten the URL, hide their paths and post them through microbloggng sites and other social networking sites HAVE been hacked.
• Their CEO Mark Josephson has blogged in his post.
• He blogged that 

"We have reason to believe that Bitly account credentials have been compromised; specifically, users' email addresses, encrypted passwords, API keys and OAuth tokens," 

• The  registered users of Bitly has been advised to
• Log into Bitly account from Twitter or Facebook
• Reset Legacy API keys
• Copy and replace this key in all your profiles.
• Then reset all your passwords.
• Bitly has invalidated all Twitter and Facebook credentials, meaning that a user will not be able to use Bitly from these social networking sites till he resets the options given above.
• So Beware...Be Aware and keep urself safe
• Happy Hunting
• Sourcehttp://www.pcmag.com/article2/0,2817,2457837,00.asp?mailingID=F1BEF928D79843FDAF41D5B2084CF083

10 Worst Password Mistakes That We Make Often

10 Biggest Password Mistakes People Make

Posted by ketty rose in Not the Top Lists | 0 comments

Jan 4, 2014

• Tweet

I do keep my all precious things and hard copies in lockers as all people do but when we talk about online security, one of the coolest techniques to have your online security conceded and offer yourself to ferocity by a hacker is to have a bad password. All of us should know the dense passwords that entire stand between us and a possible security instance. Still, a part of that many people end up influenced with a virus or with an immense credit card notice because they decayed to track the ABCs of password safety. For a brief consideration, here are the 10 biggest password mistakes people make:

10. Applying an observable password

A number of people use some obvious passwords e.g. ‘1234567’, Imissu’ and ‘princess’. Hence your individual name is also a mutual optimal and off course anybody annoying to hack your account will check for these easy-going choices.

9. Practicing the same password everywhere

People reuse their same password for many accounts.  Though this habit is suitable for the user, it likewise means that one account breach interprets into several account openings. Therefore, if you use a similar password for your Gmail, online bank account and eBay as well, you are alluring hackers to comfort themselves to your personal life.

8. Not consuming extra safety features

One of the mostly avoided mistakes is that many people don’t use the additional safety services while many services offer two-factor verification, where as well as demanding a fixed password, you also need additional one-time password, which can be referred via text message or bred via a hardware security nominal. Google bids that option when signing into your account. In this way, even if somebody discerns your main password, they quiet won’t be able to admittance the service.

7. Having a too short password

Sometimes people create a short password to keep it in their minds every time but they forget that a lengthier password is more secure as compare to a short one as every additional character makes the password tougher to blemish. A password containing 20 characters might be inflexible to remember, but 12 characters are certainly feasible.

6. Sharing passwords with others

I have many friends and all of them are trustworthy. We share almost our all belongings with each other but I never share my password with any as it seems to share your too personal locker-keys. But I have observed many fellows who trusted their buddies in the matter of password sharing and the conclusion was lose, fake and prangs as well.

5. Not using safe browsing terms

Whenever people become online on open networks and don’t use HTTPS, it’s riskily cool for those with criminal committed to snip their passwords. So, always check out the HTTPS Everywhere extension to exploit security.

4. Using “secret” queries that many people already identifies

The “secret questions” are the interrogations that sites ask you when you sign up for a check in situation your password is ever lost or you want to alternate your account info. There are many renowned examples of accounts that have been hacked for the “hackers” have security inquiries that are very easy to reply simply by observing their social media accounts.

3. Not keeping machine up when others use it

It happens for several times that someone asks if he can hurriedly use your machine to become online, and your answer is “yeah! Why not”. I congratulate your friendliness, but make sure you defend your secrecy as your friend or asking fellow might establish something you’d slightly they didn’t.

2. Not varying passwords habitually

Sometimes a number of people don’t change their passwords regularly whether frequently changing passwords guarantees that you’re fewer helpless. So, set manually a calendar appointment to appraise your passwords and keep it up.

1. Not to apply a password administrator

The prime mistake ranking here 1st as is not to use aPassword Manager. Using a password supervision system confirms that you can attain most of the other objectives on this list effortlessly. There are many password managing systems out there; find one you’re contented with and practice it. Likely writing passwords in any file document or an account could be also dangerous as anyone can have access with an ease. Any information that is easy to find, such as your birthday, as part of your password is conveniently reachable. Hope this list of 10 biggest password mistakes people make will help you all while applying passwords or sitting online at any strange network.

Public Wi-Fi also a spying tool, Snowden documents show in new Canada scandal

1. Here’s a new and potentially explosive twist to our ongoing surveillance saga: according to CBC News, documents obtained by NSA leaker Edward Snowden show that the Canadian signals intelligence agency has been using public Wi-Fi, such as that found in some Canadian airports, to spy on travelers.
2. This is big because the Communications Security Establishment Canada (CSEC) is not supposed to spy on Canadians, just like its partners in the other “Five Eyes” espionage ring – the U.S., U.K., Australia and New Zealand – aren’t supposed to spy on their citizens.

Read full article at http://gigaom.com/2014/01/31/airport-wi-fi-also-a-spying-tool-snowden-documents-show-in-new-canada-scandal/

Webmail Forensics – Digging deeper into Browsers and Mobile Applications

1. Almost everyone who uses the Internet has a web-based email account. Many people have two or more, so the likelihood of a forensic investigator coming across a case involving webmail communication is very high. While law enforcement examiners can ask service providers for the email contents through a court order, corporate and non-government examiners have to rely on what evidence is left on the computer or mobile device.
2. The three largest webmail providers are Google’s Gmail, Microsoft’s Hotmail/Outlook.com, and Yahoo Mail. Together they account for well over one billion users. Each provider offers some unique features but they’re generally all quite similar in implementation from a forensics standpoint. This article will discuss how webmail artifacts are stored and investigated on a PC or laptop, mobile devices, and other applications that support and store webmail evidence.

Internet Explorer

Since Internet Explorer (IE) is installed by default on most Windows installations, it’s likely the most commonly used and should always be searched when looking for webmail—or any browsing artifacts for that matter. Depending on the version of Windows and IE installed, the evidence will be stored in different locations. The locations are listed below:

• WinXP – %root%/Documents and Settings/%userprofile%/Local Settings/Temporary Internet Files/Content.IE5
• Win Vista/7 – %root%/Users/%userprofile%/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5
• Win Vista/7 – %root%/Users/%userprofile%/AppData/Local/Microsoft/Windows/Temporary Internet
• Files/Low/Content.IE5
• Win8/IE10 – %root%/Users/%userprofile%/AppData/Local/Microsoft/Windows/History

Note: Internet Explorer 10 is available on Windows 7 as well. If IE9 was installed and then upgraded to IE10, there will be two sources of evidence (the index.dat file from IE9 and the database within the webcache folder for IE10).

Mozilla Firefox

Firefox is a very popular browser and also stores its cache data in various locations based on the operating system installed. It’s installed as the default browser on many Linux distributions and is available for MacOS-X as well.

• WinXP – %root%/Documents and Settings/%userprofile%/Local Settings/Application Data/Mozilla/Firefox/Profiles/*.default/Cache
• Win7/8– %root%/Users/%userprofile%/AppData/Local/Mozilla/Firefox/Profiles/*.default/Cache
• Linux – /home/%userprofile%/.mozilla/firefox/$PROFILE.default/Cache
• MacOS-X – /Users/%userprofile%/Library/Caches/Firefox/Profiles/$PROFILE.default/Cache/

Google Chrome

Google Chrome is also one of the top 3 browsers used today. It is available for Windows, Linux, and MacOS-X. Google also makes the Chromium open source project available to Linux users and runs very similar to the regular Chrome package with some minor differences .

• WinXP – %root%/Documents and Settings/%userprofile%/Local Settings/Application Data/Google/Chrome/User Data/Default/Cache
• Win7/8 – %root%/Users/%userprofile%/AppData/Local/Google/Chrome/User Data/Default/Cache
• Linux – /home/%userprofile%/.config/google-chrome/Default/Application Cache/Cache/
• MacOS-X – /Users/%userprofile%/Caches/Google/Chrome/Default/Cache/

Check out full article at  http://articles.forensicfocus.com/2014/02/01/webmail-forensics-digging-deeper-into-browsers-and-mobile-applications/

Operation Endeavour: The Tip of the Iceberg?

In mid January 2014, reports began emerging of a cybersex ring that had recently been under investigation in the Philippines. Crime agencies across the UK, USA, Australia and the Philippines themselves have been working together since 2012 on a case codenamed Operation Endeavour, and recently results have started to be published in the media.

To date, the operation has seen twenty-nine arrests across twelve countries, with fifteen children identified as targets. The case is still ongoing, and more arrests are expected in the coming weeks. In the midst of a series of recent stories about child abuse both on the internet and offline, including the arrest of Lostprophets’ lead singer Ian Watkins, it may seem reasonable to conclude that the sharing of indecent content depicting children is at an all-time high. But is this true? Have the international legal authorities been seeing more crimes against children than ever before? And what challenges do they face when investigating such cases?

Police get tool for patrolling social media

1. Criminals are not always the smartest people. Most don’t tip off the police by bragging about a bank robbery on YouTube, but criminals do use social media to communicate, and police are paying attention.
2. In a move that law enforcement officers might “like,” LexisNexis Risk Solutions’ Social Media Monitor will allow police to watch all social media channels to look for signs of criminal activity. As a new feature of the larger LexisNexis Accurint for Law Enforcement platform, Social Media Monitor lets law enforcement agencies discover risks and threats by leveraging social media. The system can target critical incidents such as gang violence, drug dealing, crimes against children and human trafficking.
3. The program is already being beta tested at several agencies and local police forces across the county.
4. According to LexisNexis, the impetus to create the program was a survey of 1,200 law enforcement officers that showed that four out of five of them research social media when pursuing cases. And when challenged, the use of social media sites as evidence for search warrants held up in court 87 percent of the time. But without a dedicated social media tool, officers are on their own when conducting investigations.
5. Social Media Monitor can alert officers to potential areas of concern and help them identify posts or tweets within specific geographic locations. By entering a few search terms, law enforcement personnel are provided with a social canvas within minutes, adding a virtual dimension to traditional public records data. In a recent demonstration, LexisNexis officials showed how monitoring the Twitter feeds of gang members could help them learn code words, drug drops, meeting locations and criminal trends within cities or even larger demographic areas.
6. Social Media Monitor is a Web-based platform with no software to install. It can work within specific geographical or jurisdictional areas and comes with a dashboard that allows officers to filter search results as needed.
7. The program looks to be an elegant way of searching the huge ocean of social media and could empower individual officers as well as whole groups and departments. I plan to follow-up with a full report on how the program is working once local officers have some more time with this fascinating piece of emerging technology. They may have a few success stories to share as well.
8. Read More at http://goo.gl/b1qTU4

Digital forensic tools dig up hidden evidence faster

nShare

Digital forensic tools dig up hidden evidence faster

• By GCN Staff ,Jan 15, 2014

Government investigators and law enforcement officials filtering and searching for forensic evidence on computers can be overwhelmed by the frequency and complexity of digital investigations.
AccessData, a developer of stand-alone and enterprise-class digital investigation tools, has added features to its Forensic Toolkit that offer greater visibility into digital elements and artifacts left on computers to help ensure evidence is not missed.
Forensic Toolkit (FTK) version 5.1 now includes native support for Microsoft’s Volume Shadow Copy (VSC), a technology that allows taking manual or automatic backup copies or snapshots of data at a specific point in time over regular intervals. 
Now investigators can “easily identify and quickly examine ‘digital artifacts’ across different points in time, while leveraging all of the advanced features of FTK,” said Brian Karney, AccessData’s COO and president.

Full article at http://goo.gl/P3xjUB

Cops: Stamford Man Busted with Over 500 Child Porn Images on Computer

1. Stamford Police announced late Thursday the arrest of a 43-year-old man on charges that he was in possession of more than 500 images of child pornography on his computer.  
2. According to Lt. Diedrich Hohn, the Stamford Police Department's Digital Forensics Unit (DFU), in collaboration with the States Attorney's Office, conducted an investigation into Efrain Martinez-Guiterrez after the DFU received information in October 2013 that hundreds of images of child pornography were being downloaded at his 31 Stephen Street address. 
3. On January 9, 2014, DFU executed a search warrant at the location and discovered numerous computers that could have been responsible for the downloads, Hohn said. The computers were seized, along with phones and thumb drives that belonged to multiple residents of a basement apartment there. It was then extensively analyzed, Hohn said. 
4. Hohn said it was determined the computer belonging to Martinez-Gutierrez contained over 500 images of child pornography on his hard drive. An arrest warrant was applied for and the suspect was located and arrested on January 16, 2014. 
5. Martinez-Gutierrez was charged with first-degree possession of child pornography, importing child pornography and obscenity. He was held in lieu of a $75,000 bond. 
6. Hohn acknowledged the work of Officers Kevin McKay and Mark Sinise for their "diligent work on this sensitive investigation."

details of more than 18,000 members of the ‘Verified' Eastern European cyber crime forum were leaked by a rival gang.

18,000 suspected cyber criminals 'shopped' by rival gang

18,000 suspected cyber criminals 'shopped' by rival gang

A major breakthrough in the fight against global cyber crime has come after details of more than 18,000 members of the ‘Verified' Eastern European cyber crime forum were leaked by a rival gang.

The information, held on a stolen database uploaded to Sendspace, includes the identities, passwords and IP addresses of 18,894 suspected criminals, as well as their private messages discussing crimes, which supposedly include online fraud attacks against British, American and Australian banks.

Experts say this is the first time such a goldmine of information has come into the hands of police and intelligence agencies, giving them the chance to catch some of the world's most notorious cyber criminals. It also could allow them to infiltrate other cyber crime forums by using shared passwords.

Read full report at http://www.scmagazineuk.com/18000-suspected-cyber-criminals-shopped-by-rival-gang/article/328803/

"In our high school, almost everyone in the 11th and 12th grade did it"

1. It's easy to tell which kids in this town have helped to make it a global center for criminal hacking and Internet scams.
2. They're the pupils who come to school wearing the best clothes and gold jewelry in a region of Romania where chickens are raised in yards and roads are full of potholes.
3. This is how the Romanians have expressed their hacking operations carried out of US firms.

read full story at http://goo.gl/mAlrHl

Craziest Linux Distributions

1. Ubuntu Satanic Edition: To be honest, this OS doesn’t really fit the name. Based on the Ubuntu 10.10 platform, this one seems more to be a dark themed distribution. But, it shows that there is at least one Ubuntu distro for everyone. You can download a live CD (called the ‘undead CD’) for this one if you want to try it. It was discouraged by many Linux users and many protested and complained against it.
2. Hannah Montana Linux: Sometimes go your own way results in an excessively pink desktop background. Based on popular children’s character Hannah Montana, this OS was created to attract young users. It is a derivative of the Kubuntu OS, which changes the KDE menu to the Hannah Montana Menu. In addition, it doesn’t have applications like GIMP, LibreOffice or KOffice, which many who downloaded this OS complained against.
3. Red Star OS: From Satanists and Hannah Montana fans to politicians. Red Star was the first ever politics themed Linux-based distribution created. It came up in North Korea back in 2002 in an effort made to replace Microsoft’s Windows as the primary OS of choice. It is available only in the Korean language and hosts a customised version of Mozilla Firefox, which is known as Naenara. It uses KDE 3.
4. Apartheid Linux: This is perhaps the most offensive Linux-based distribution ever created. As the name suggests, Apartheid Linux is a racially charged operating system. It is based on the PCLinuxOS and comes with wallpapers of the swastika etc. 

 Source http://goo.gl/Lbb6hj

World's first insured bitcoin vault opens in UK

1. The new bitcoin storage service offering insurance in UK, named Elliptic Vault, uses "deep cold storage" techniques to secure the digital currency.
2. bitcoin keys are encrypted and stored offline. There are multiple copies, protected by layers of cryptographic and physical security.
3. The copies are accessible only via a quorum of Elliptic's directors.

Cards Stolen in Target Breach Flood Underground Markets

Credit and debit card accounts stolen in a recent data breach at retail giant Target have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card, KrebsOnSecurity has learned.

See more at http://goo.gl/AQX8mk

More Well-known US Retailers Victims of Cyber Attacks

Target Corp and Neiman Marcus are not the only U.S. retailers whose networks were breached over the holiday shopping season last year, according to sources familiar with attacks on other merchants that have yet to be publicly disclosed.

 

Smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target, according to the people familiar with the attacks. Those breaches have yet to come to light. Also, similar breaches may have occurred earlier last year.

http://goo.gl/otwMQx

Spotting the latest email hoaxes may be easier than you think!

1. Spotting the latest email hoaxes may be easier than you think!
2. There are thousands of email hoaxes moving around the Internet at any given time. Some may be the latest email hoaxes around. Others may be mutated versions of hoax messages that have travelled the Internet for years. These email hoaxes cover a range of subject matter, including:

• Supposedly free giveaways in exchange for forwarding emails.
• Bogus virus alerts.
• False appeals to help sick children.
• Pointless petitions that lead nowhere and accomplish nothing.
• Dire, and completely fictional, warnings about products, companies, government policies or coming events.

Source of information thanks to hoax slayer.read more at http://goo.gl/eDNIWZ

Introduction to Penetration Testing

1. What is penetration testing? Penetration testing, often called “pentesting”,“pen testing”, or “security testing”, is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or pentester.
2. You can become a penetration tester at home by testing your own server and later make a career out of it.

https://community.rapid7.com/docs/DOC-2248

Ten torrents sites to be aware of

01. extratorrent.com

02. bitenova.nl

03. fenopy.com

04. torrentat.org

05. fulldls.com

06. spynova.org

07. 2torrents.com

08. scrapetorrent.com

09. litebay.org

10. torrents.to

Cyber Psycho-analysis: A new buzz word

Soft-skills might become more important in the cyber war as criminals are expected to employ new strategies focusing not solely on the technology but on the user and his or her psychology. The tactics may include more convincing phishing emails and leveraging pop culture to trick the users.

'Syrian Electronic Army' hacks Skype's accounts in social networks

1. Hackers from the so-called “Syrian Electronic Army” have got access to the blog and the official accounts in social networks that are hosted by Skype. The intruders used the hacked facilities for placing messages criticizing NSA's programs of mass surveillance, the TechCrunch edition writes.
2.  One of the messages that the hackers placed in Twitter calls on Web users not to use post services run by Microsoft, such as Hotmail or Outlook. The hackers are claiming that these services are surveying their clients' accounts and selling information to the governments.
3.  At present, the hackers' messages at the Skype's blog and page in Facebook have already been removed, while the messages in Skype's microblog in Twitter are still there.
4. Read more: http://voiceofrussia.com/news/2014_01_08/Sweden-fell-victim-of-foreign-hackers-intelligence-0261/

 

Sweden fell victim of foreign hackers - intelligence

1. Hacking attacks last yer targeting a number of Swedish state institutions, companies and colleges were masterminded by foreign intelligence services, the country: Local news agency has cited a source in Swedish intelligence.
   Read more: http://voiceofrussia.com/news/2014_01_08/Sweden-fell-victim-of-foreign-hackers-intelligence-0261/

 

Digital Forensics Framework

1. DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).
2. It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.
3.   

   Preserve digital chain of custody

   Software write blocker, cryptographic hash calculation
   

   Access to local and remote devices

   Disk drives, removable devices, remote file systems
   

   Read standard digital forensics file formats

   Raw, Encase EWF, AFF 3 file formats
   

   Virtual machine disk reconstruction

   VmWare (VMDK) compatible
   

   Windows and Linux OS forensics

   Registry, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems
   

   Quickly triage and search for (meta-)data

   Regular expressions, dictionaries, content search, tags, time-line
   

   Recover hidden and deleted artifacts

   Deleted files / folders, unallocated spaces, carving
   

   Volatile memory forensics

   Processes, local files, binary extraction, network connections
4. Read more at http://goo.gl/XIyxiq

FireEye Buys Mandiant for Nearly $1 Billion to Stamp Out Cyber Attacks

CHECK OUT MORE AT

http://www.computerworld.in/news/fireeye-buys-mandiant-for-nearly-$1-billion-to-stamp-out-cyber-attacks

FireEye Buys Mandiant for Nearly $1 Billion to Stamp Out Cyber Attacks - See more at: http://www.computerworld.in/news/fireeye-buys-mandiant-for-nearly-$1-billion-to-stamp-out-cyber-attacks#sthash.rV1pmBBK.dpuf

ireEye, a major enterprise security company, is hoping to better shield its customers from cyberattacks through its acquisition of privately held Mandiant for nearly US$1 billion. - See more at: http://www.computerworld.in/news/fireeye-buys-mandiant-for-nearly-$1-billion-to-stamp-out-cyber-attacks#sthash.rV1pmBBK.dpufireEye, a major enterprise security company, is hoping to better shield its customers from cyberattacks through its acquisition of privately held Mandiant for nearly US$1 billion. - See more at: http://www.computerworld.in/news/fireeye-buys-mandiant-for-nearly-$1-billion-to-stamp-out-cyber-attacks#sthash.rV1pmBBK.dpuf

Now Bitcoin Malwares Target Personal Computers

New Delhi: Bitcoin craze is turning into a fertile ground for cyber fraudsters as thousands of computers, including in India, are being infected with malwares related to the virtual currency. The findings of a survey, that has pegged the count of computers infected with bitcoin related malware at least 12,000, comes at a time when regulators worldwide have flagged money laundering concerns about this popular virtual currency.


Chech more at http://goo.gl/Sxj3vv