Continue reading »]]>

• Signature based detection
• Checking for Suspicious Behavior

• As you have seen that normally the antivirus take the content or signature of a file or program to compare it with its database, now what if the database of an antivirus is not updated and if any new malware try to exploit your computer and your antivirus don’t identify it because it has no information about. So the new threat can easily bypass your antivirus and will cause a harm to your computer, this is called Zero-day threats.

• Awareness among the user(s) is/are very important rather than antivirus software’s, you should teach your self on how to be safe on the jungle of web where every day, is the day of new threat.
• You must be aware about the viruses and their effects and how they spread.
  • Malware: Virus
• Do not download and run the unknown programs from Internet.
• You should know how to secure yourself from malware.
  • Secure Your Self From Keylogger
• You must know about the latest antivirus software for your operating system.
  • 4 Antivirus For Android

So these are two main ways employed by the antivirus to detect the unwanted files. So now always when you run a scan you would know what is happening.

Continue reading »]]> Passwords are the first line of defence in warding off online criminals. As web security breaches become more common, your online safety is being put at risk if your password is weak.

Figures from GetSafeOnline.org, a joint initiative between the Government and the Serious Organised Crime Agency, showed that 15% of internet users fell victim to hackers in 2010. Managing director Tony Neate warned: “A strong password is as critical to online security as having anti-virus software. Most web users choose weak combinations that are easy to guess – such as their favourite football team – and then recycle them for numerous different websites.”

To protect yourself simply and effectively, here are six tips to outsmart hackers by creating stronger passwords.

1) Never use personal information

Setting personal information as your password means that you are giving hackers an easy ride by making it too obvious. Be aware of using easy-to-crack passwords, like your own name, birth date, a pet’s name, mother’s maiden name or your favourite football team. Every word in the dictionary, names, and dates are the first things hackers try when trying to break a password. If you find it difficult to remember passwords which don’t contain a phrase or word in that is memorable to you, use it as a base password instead. For example, if you wanted to use ‘Guns N’ Roses’ song, ‘Sweet Child of Mine’, your base password might be ‘SCOM’. Remembering the password is a matter of singing yourself the song. Add on a few numbers and symbols too for extra protection.

Try not to use a dictionary password. This will help reduce the threat of your password being found by ‘dictionary’ based tools which some attackers use.

2) Use different passwords for different accounts

The problem with using the same password for every site you use, whether it is for online banking or gaining access to a social network, is that if the password is compromised and someone finds out which websites you use the most, the rest of your identity is at risk.

It is advised to Internet users to use different passwords for websites, especially banking and financial ones. This reduces the threat of anyone using the same password to log into all of your services/accounts. According to Government statistics, 17% of people still use the same password for every site they access.

3) Use random number sequences

Passwords should ideally contain a random combination of numbers alongside your chosen base letters and special characters. Media firm, Gawker, whose million-strong member’s database was hacked into in December, revealed their user’s most careless password habits. Those who were the most at risk of falling victim to hackers stupidly used the combination ’123456′ as their password.

4) Use mixed character types

Always use upper and lower case letters, numbers, and special characters like exclamation marks, hashes and asterisks where possible. ‘Bloomberg Businessweek’ recently compiled data from a variety of cyber security experts, showing how long it takes for a hacker to randomly guess a password. The data found that any six character password consisting solely of letters can be cracked in just ten minutes but a nine character password complete with letters, uppercase, numbers and symbols will take 44,530 years to crack.

It also advised web users to substitute letters with numbers, e.g. ‘F1ow3r’ instead of ‘flower’.

5) Update your password regularly

IT research and advisory company, Gartner inc. recommends that a user should change their password every 90 days to keep hackers guessing. Some banking and online trading sites give their users the opportunity to change their password at regular intervals.

6) Use long passwords

The more characters in a password, the harder it is to crack. Your password should ideally be between eight and 16 characters in length. Having at least eight characters is a good compromise between safety and usability.

Continue reading »]]> By Xu Chi

2010-11-10

http://www.shanghaidaily.com/article/?id=454146&type=Metro

Shanghai – WATCH out! “Zombies” are attacking hundreds of thousands of mobile phones in the city.

The zombies are not the scary kind, but they do qualify as annoying as at least 300,000 local handset users are unwittingly sending spam messages with a virus to all contacts in their address books after their phones caught the Zombie virus, said NetQin Mobile Inc, a leading mobile phone security company.

The number accounted for 20 percent of the 1.5 million mobile phones across the country that have been infected by the virus so far, making Shanghai one of the hardest-hit areas, the Beijing-based company found.

A local lawyer, Liu Chunquan, said if the hackers who created the virus are caught they will be jailed for creating and spreading a virus and damaging computer systems.

According to the country’s criminal law, offenders can be jailed for more than five years if their crimes lead to severe consequences.

Anti-virus experts suggested that mobile phone users install anti-virus software and avoid clicking the links of spam messages, even those from friends or relatives.

Cell phones infected by the virus will be turned into another “zombie” phone, sending the phone user’s SIM card information to hackers, who then remotely control the phone to send links of the virus to others via spam text messages.

Users who receive the messages and click the links will also be infected while the infected phones keep sending spam messages. The virus has cost handset users a total of about 2 million yuan (US$300,000) per day.

“My friend complained that he constantly received ad messages from me, but I never sent him any,” said a local resident surnamed Zhang. “Then I realized that my phone was turned into a ‘zombie.’”

According to a NetQin official surnamed Dong, they have studied hundreds of thousands of complaints and emergency calls, the feedback of the security software installed on mobile phones, and the information they gathered from a massive database that users had joined voluntarily.

However, the number of victims may far exceed the figures given by the company as its statistics don’t cover all phone users.

The virus infected 1 million users during the first week of September, according to a previous report by the National Computer Network Emergency Response Technical Team Center.

“We noticed the virus in early August and our engineers started to fight back with anti-virus software,” said Dong. “It’s possible to stop it from spreading quickly.”

But she said they also needed government help to track down the hackers.

Also read -

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=228200648&cid=RSSfeed_IWK_Security

Continue reading »]]> 3 Sep 2010

http://www.pcpro.co.uk/news/security/360865/facebook-adds-hacker-tracker-tool

Facebook says it has improved its security with a remote log-in management tool that should help users tell if their accounts have been hacked.

The primary use for the new tool, currently being rolled out and available via the Account Security section of Account Settings, will be as a remote log-out facility for people that have forgotten to sign off when they have been using a public or friend’s computer.

However, Facebook said the tool would also be useful in monitoring accounts if they had been hacked and give users the option to kick the hackers out of their accounts and change the password.

“If someone accesses your account without your permission, you can shut down the unauthorised login before resetting your password and taking other steps to secure your account and computer,” the company said on the Facebook blog.

Within the tool, Facebook said, “you’ll see all of your active sessions along with information about each one. That information includes the log-in time, device name if you’ve previously named it through our log-in notifications feature, the approximate location of the log in based on IP address, and browser and operating system.”

Critics have claimed the new tool will only be used by the technically savvy, leaving the majority of users no better off.

Continue reading »]]> Looks like the dark times for RIM and BlackBerry are showing no signs of respite. The TRA (Telecommunications Regulatory Authority) of the UAE, which regulates the telecom industry in the country is contemplating a ban on the e-mail, web browsing and messaging services on BlackBerry smartphones starting October 2010.

The ban, according to officials from UAE, will be issued in public interest. According to them, the current security protocols used in BlackBerry services makes the users of such services to act without any legal accountability, causing judicial, social and national-security concerns .

If you were unaware, unlike most normal phones, any BlackBerry device encrypts data sent using it first through its servers in Canada before it ends up where you intend to send it. This basically means that UAE cannot monitor what is being sent via BlackBerry phones in the country unless Canada and RIM somehow allows access to its data center. RIM was reportedly offered an alternative to open its own server within the UAE which the company rejected. This is believed to be the reason behind the plans to ban the entire bunch of BlackBerry services in the country.

Incidentally, UAE is not the only country that is contemplating a ban or imposing similar measures on RIM. India and now, even Saudi Arabia are talking tough regarding BlackBerry and its servers.

Continue reading »]]> By generating an error message, the computer tries to convey that something is wrong. At least that is what an error message is supposed to do. But all that will change when you take a look at the following error messages. Please bear in mind that these are all real error messages.

No Keyboard Error

This is one of the first error messages I came across when I first bought my computer. The problem was that I had forgotten to plug in my keyboard. I found the error message to be hilarious because it asks you to press F1 or DEL when it knows that no keyboard is connected.

Unknown error?

This is one of the strangest error messages I have ever come across in Windows ME. Guys, what am I supposed to understand from this message?

No Error?

One of the weirdest error messages we have seen in Macromedia Dreamweaver is this one. It’s very clear that it is an error, but the text states otherwise. So who are we supposed to trust?

Money laundering?

This is a funny error in Microsoft Money 98 which doesn’t make any sense at all. We think Money 98 is trying to cover-up some misappropriation of funds in this way. What do you think?

Excel 97 doesn’t want to quit

Excel 97 gives this error if you press the F8 function key at the wrong time – it simply refuses to let you quit the application.

Error in the error report

What kind of an error report would be generated if an error creeps into the error report?

Security gone over the edge

The above error message was generated when Windows 2000 users logged into an MIT Kerberos realm and got a shock of their lives on attempting to change their password. They were given a seemingly impossible task of setting a password with 18,770 characters that was different from the last 30,689 passwords. Thankfully, this uncommon error was fixed with the release of SP3 for Windows 2000.

RSOD?

While BSODs or Blue Screen Of Death errors are commonplace with Windows users, the above Red Screen Of Death was encountered by a few Beta Testers of Windows Vista.

Please leave me alone!

Sometimes, Windows seems to be stuck in something for a seemingly endless amount of time and this is when you get such an error message. It is best to leave it alone then.

In error, yet successful

If it is an error, then it’s got to be unsuccessful, right? Not really if you take a look at the Windows error above.

So, what is an expected error?

Like most of us, Microsoft Data Link also does not expect any error to appear and when an error does appear, it has to be an unexpected one. You are even given a tip to investigate that error.

Is it 2012?

2012, touted as the year of global catastrophes, is fast approaching, but Windows Movie Maker has been having such catastrophic errors since day one.

I am bored. I’ve got nothing to do

This is an old error that used to occur in Windows 98 when you try to delete a folder with a name that includes an extension from inside a compressed folder.

I am not supposed to fail, do you hear me?

While it seems that failure is not really an option, yet when you fail, you get an error message as above.

And now the Task Manager stops responding

What do you do when an application stops responding in Windows? You quickly hit Ctrl+Alt+Del to open the Task Manager so that you can end that program. Now what will you do if the Task Manager itself stops responding? You got any idea?

To delete or not to delete?

This is the beginning of the end or the end of the beginning. It seems time-space continuum got disrupted when Windows gave this error, because according to this error, you need to free up space to be able to delete something and not the other way round.

What an irony!

It is a bit of an irony that an error is generated in Windows and it states that the OS type cannot be detected. The above error used to appear when anyone tried to uninstall Option Pack 4 from Windows NT Server 4.0.

Continue reading »]]>

Whenever there’s a new post about cleaning, maintenance, or tune-up apps on Download Squad, it seems like there’s always at least one commenter who proclaims their affinity for Advanced SystemCare. And with good reason: SystemCare does a good job of cleaning up temp files and browsing traces (including Flash cookies), tuning the Windows registry, and it can even clean up some basic spyware.

Advanced SystemCare does other neat things too: it bundles other useful little apps to handle other tasks like driver backup, drive space analysis, uninstalling programs, finding duplicate files, editing your context menu, managing startup items, fixing broken shortcuts, and optimizing and freeing RAM.

The pro version offers a few other improvements, like automated maintenance, deeper registry scanning, and smart disk defrag.

Better still, IObit is giving away Advanced SystemCare 3 Pro for (about) 360 hours to celebrate the program’s 5th birthday! All you have to do is visit the giveaway page, tick a radio button, and agree to the terms. You won’t be eligible for tech support, but that’s not really a major downside.

Two quick notes: the verification code is case-sensitive, and the installer will open two IObit web pages when complete. Other than that, the process is annoyance-free.

[via Softpedia]

Continue reading »]]> In their latest “Weekly Threat report”,VeriSign’s iDefense Intelligence Operations Team has profiled the underground market proposition of someone claiming to have 1.5 million compromised Facebook accounts available for sale.

The pricing method is based on the number of contacts per compromised account, presumably with the idea to allow easier spreading of related malicious content across Facebook.

Here’s an excerpt from the report, and a brief FAQ on the underground ad.

• “On Feb. 10, 2010, (cybercriminal) stated that he or she is selling 1.5 million compromised Facebook accounts, in bulk quantities, belonging to users in various countries. The price per 1,000 accounts varies based upon the number of friends and contacts that each account possesses. For a purchase of compromised accounts containing 10 contacts or fewer, a buyer must pay $25 per 1,000 accounts. A purchase of compromised accounts containing 10 or more contacts requires a buyer to pay $45 per 1,000 accounts. Accounts containing zero contacts are also available for bulk purchasing from (cybercriminal), at the cost of $15 per 1,000 accounts. The prices of these accounts are presumably in USD or the equivalent amount in some form of electronic currency.”

Sometimes, there’s no honor among cybercriminals (Phishers increasingly scamming other phishers), just like there isn’t among “real life” thieves.

From the distribution of backdoored web interfaces to web malware exploitation kits, to the actual “binding” of additional malware to the original release, sophisticated or at least cybercriminals with experience, have realized that there are thousands of potential cybercriminals that could unknowingly start working for them. The process of “cybercriminals attempting to scam novice cybercriminals” demonstrates just how vibrant the ecosystem has become these days.

With a huge percentage of the underground marketplace driven by reputation, this is exactly what this particular seller of Facebook data is missing. Moreover, with quality assurance now an inseparable part of the cybercrime ecosystem, the seller is not just skipping the time frame in between which the accounts were compromised, he is also not mentioning have many of them are actually verified as working.

These, and several other factors make me skeptical on the quality of this underground proposition.

If we consider that the cybercriminal’s claims to be true, how did he manage to obtain 1.5 million Facebook accounts?

The ad is clearly stating that they are accounts with contacts, meaning they’re compromised, and other which have zero contacts, meaning they’ve been automatically generated by outsourcing the CAPTCHA-solving process to international teams specializing in the process.

The compromised accounts could have been obtained through the emerging Cybercrime-as-a-Service (CaaS) market model. For instance, if he has paid $100 for 3GB of raw crimeware data, and the data mining allowed him to compile a list of 1.5m Facebook accounts, based on the current price, he’ll automatically break-even.

Phishing campaigns shouldn’t be excluded as a possibility, however, it remains unclear whether the seller has launched them personally, or managed to purchase the raw data from someone else.

What kind of a business model within the cybercrime ecosystem would allow him to sell the data so cheaply, and still make a profit?

It’s a business model with an ever-decreasing cost of supply, based on the currently active “malicious economies of scale” phrase. This efficiency-driven cybercrime model is in fact so successful, that whether consciously or subconsciously, cybercriminals are realizing the basics of market liquidity, and the time value of “underground goods”, in particular the decreasing future value of assets like the Facebook accounts — the value becomes zero when the affected user changes his password from a malware-free host.

Why would a cybercriminal want access to your Facebook account?

For a variety of fraudulent reasons, all of them exploiting the already established trust relationship between the compromised account’s holder and his network of friends.

From “money transfer schemes” where the fraudster is supposedly stuck somewhere and requires cash, to a malware campaign relying on nothing else but a status message leading to a client-side exploits serving site. Your network of friends, turns into his network for propagation of fraudulent/malicious schemes and campaigns.

VeriSign’s iDefense also makes an interesting observation.

With Facebook’s user base growing to 300 million people across the globe, this indispensable marketing platform can be easily integrated into the cybercriminal’s arsenal, with localized and targeted social engineering attacks relying on basic market segmentation, launched with the idea to achieve a higher conversion rate, compared to mass marketing approaches.

Fact or fiction, based on the ad’s content, this is perhaps the perfect time to change your Facebook password from a malware-free host, since a strong password is just as weak as the weak one in general if there’s malicious code present on the system.

Written By : Dancho Danchev

Continue reading »]]> 1. Alfa Romeo Pandion Concept

Alfa Romeo Pandion concept marks Berton’s sizzling come back to Geneva Motor Show 2010 after two years. The futuristic car is a facelift to typical Alfa Romeo family undisputed for its iconic car designs. Pandion is the first design by Mike Robinson in his new role as Design and Brand Director at Bertone. Inspired by the sea hawk known for its long wings, the Berton car owes its name to the creature. The Pandion will be a extreme and controversial sports car with high-flown features. The dream car is a perfect blend of ‘Skin and Frame’, drawing a distinct balance between technology and craftsmanship.

Alfa Romeo Pandion is a prototype of 2+2 coupe, Maserati GranTurismo powered by 4.7 litre, 450 CV 8-cylinder Alfa Romeo engine. With the sleekest look, Bertone’s concept car measures 4620 mm in length, 1971 mm wide, 1230 mm high, and flaunts about a 2850 mm wheelbase. Pandion bears an external dimension of compact sports car taking over the classic Alfa grille. The rear-end made up of hundreds of blades, seems to wrap up. Interiors of the Pandion offer a large sports car feeling.

2. Lamborghini Estoque Concept

Lamborghini Estoque concept unleashes the true DNA of Lamborghini offering unmatched versatility. Starting from the long wheelbase, the broad track, the mighty, the low profile, the clean surfaces, accentuated wheels, every aspect breaths the essence of Lamborghini brand.

Estoque features an evolutionary design influenced by Sant’ Agata design ethic – futuristic concept. Estoque is an exclusive sports sedan, first of its kind in the history of Automobili Lamborghini.

The concept of Lamborghini Estoque breeds a possibility for a third model series within the Lamborghini product line-up. A blend of dedicated sports car and a relaxed Gran Turismo, Estoque is a multi-faceted vehicle for multi-faceted lifestyles.

Lamborghini Estoque features an extremely low profile standing at a mere 1.35 meters (4.43 feet) high, but amazingly spacious. The secret lies in the long wheelbase with the rearwards positioning of the front mid-engine, enables a relaxed, sporty seating position. The secret lies in its very long wheelbase which, in spite of the rearwards positioning of the front mid-engine, enables a relaxed, sporty seating position. Entering and exiting is also pleasingly straightforward through the large, wide-opening doors.

Imitating all the recent contemporary Lamborghini models, Estoque features permanent all-wheel drive. With centrally powered engine powering all the four wheels, which makes for superior traction in all driving situations, and providing extra reserves for extremely sporty driving and for challenging weather conditions.

It’s equipped with the highly-acclaimed Lamborghini ten-cylinder from the Gallardo LP 560-4 – offering more torque and higher revving than virtually any other engine. There’s a range of drivelines that are conceivable for Estoque. It’s a contemporary alternative that could turbocharged eight-cylinder derived from the V10.

3. Cadillac CTS Coupe Concept

The CTS Coupe features Cadillac’s much-hyped Art and Science design language. The More expressive, more technical and very personal, the CTS Coupe extends the dramatic design of its sedan predecessor with all-new sculpted bodywork aft of the front fenders.

Among the CTS Coupe Concept’s signature design cues are a number of elements that suggest the look of a carefully cut diamond – particularly at the rear. These elements are seen in everything from the chrome header above the rear license plate holder to the indents that comprise the basic form of the rear fascia.

CTS Coupe extends the acclaimed capabilities of the sedan in terms of performance technology. The concept coupe includes the capability to support a broad engine range of gasoline and diesel. engines.

The CTS coupe ascertains that the sedan’s 3.6L V-6 engines include 304-horsepower Direct Injection power plant. The Coupe concept is also designed for a new 2.9L turbo-diesel that was developed in the international markets. The especially designed engine for CTS, will offer a 250 horsepower and 406 lb-ft torque.

The engine is backed by a six-speed manual transmission that produces a torque to an independent sprung rear axle. The CTS Coupe sport-tuned suspension that offers a slightly lower height than the production CTS. The look is further enhanced with rakish shape and large, 20-inch front and 21-inch rear wheels.

Behind the chrome, split-spoke aluminum alloy wheels is a set of high-performance brakes, with cross-drilled rotors. The CTS Coupe users have the elements along with other nods to classic Cadillac cues. It’s a forward looking design in every sense of the term.

4. BMW ActiveE concept

After 6 months of Mini E field test program, BMW finally stepped to the phase two of its electric vehicle development introducing its Concept ActiveE that brings electric drive to the Roundel.
ActiveE retains 1’s full four-seat configuration of the 1 by packaging a battery specifically designed for automotive applications.

The BMW ActiveE concept is totally electric. Build on the lines of Mini E electric car, the ActiveE is powered by a rear-mounted electric motor that stumps up 170 horsepower and 184 pound-feet of torque. It might be decent enough to lug the notoriously overweight 1 Series around town. The BMW can gear up 0-60 in less than nine seconds.

5. Rinspeed iChange Concept

Rinspeed “iChange” concept engineered by Esoro perfectly matches Esoros motto – What you dream is what you get. Rinspeed iChange stands for change, future-orientated technologies and great passion. It’s an extremely flexible vehicle. With little adjustments it can be transformed from streamlined one-seater sports car into a comfortable car with ample room for three.
The electric motor is powered by lithium-ion batteries that are available in two different stack configured for short- and long-distance driving. iChange’s electric motor produces 150kW, capable of propelling the car to a top speed of 220 km/h. The sprint from rest to 100 km/h takes just slightly over four seconds. With a six-speed pre-selector gearbox from the Subaru WRX car, “iChange” offers a blazing performance.

6. Audi RSQ Concept

The futuristic film concept car, Audi RSQ was especially designed for motion pictures. It is believed to be Audi’s most ambitious project ever. Audi RSQ Concept was hyped after it was unveiled in the motion picture „I, ROBOT“, Audi Design developed the spectacular vehicle, which helps leading actor Will Smith – to solve a mystery. It’s basically a mid-engined sports car with its two doors rear-hinged to the C-posts of the body and open according to the butterfly principle.
Audi RSQ Concept is a visionary interpretation of Audi’s typical automobile design. It is an important challenge offered to the designers – despite its extreme character, the car had to be recognised as an Audi. In order to address this demand, the engineers implemented a current Audi front-end design that includes the trapezoidal “Audi Single-Frame Grille”, the company’s trademark overlapping four rings, and the Multi Media Interface (MMI) driver-to-car control system.

7. Chevrolet Corvette Stingray Concept

Chevrolet’s blends the futuristic vision of design and technology to deliver the Corvette Stingray Concept. A version of the concept car featured as a Sideswipe in the Transformers: Revenge of the Fallen. Corvette Stingray Concept exhibits surprisingly high-tech features, modern materials, and an enticingly new appearance. The car is well-appointed with clamshell hood, scissor-style doors, ergonomic seats, rear-view camera with night vision enhancement, and a high performance hybrid drive.

The car is well-appointed with a clamshell hood, scissor-style doors, ergonomic seats, rear-view camera with night vision enhancement, and a high performance hybrid drive. The concept car has interactive touch controls that allow driver to customize the power and efficiency of his or her ride and share it with friends via the in-car camera system and advanced telemetrics.

8. GMC GRANITE CONCEPT

This is the newest coupe concept from GMC showcasing “urban-industrial design aesthetic” The exterior is streamlined to create an intricate intersecting planes and angles with GMC’s signature grille design. The Power for Granite concept is generated from 1.4-liter turbocharged engine, matched with 6-speed transmission. Granite features 4 doors hinged on each side to open like a set of French doors. It has no pillars between the front and rear doors which makes it easy to enter, exit and load with bulky items. Some of the exclusive functional elements included in the Granite concept are reconfigurable seats that can flip up and fold in toward the center console allowing a long, unobstructed storage space. When brought into the market, Granite will be the smallest GMC ever build having a full 2 feet shorter than the new Terrain compact crossover. The open interiors are designed to be spacious and flexible in order to meet the needs of active people.

9. 2009 Cadillac Converj Concept

The Converj sedan conceptualizes GM’s revolutionary electric propulsion technology – Voltec evolved to power a luxury coupe. Touting of a typically elegant Cadillac “no compromises” design, Converj Concept. Cadillac’s electric vehicle will allure the global luxury customers looking for a car with both a strong design and electric propulsion with a total range of hundreds of anxiety-free miles.

Latest in the extended-range of electric vehicle (E-REV) concept from Cadillac, the car features a voguish body style that reflects the brand’s traditional Art and Science design theme. Converj intends to be a Cadillac in substance with its premium materials, technology and driving dynamics, which are hallmark of the brand.

The sedan delivers 273 lb.-ft. (370 Nm) of instant torque, for a quick launch, and 120 kW of power. Cadilla’s top speed is 100 mph. It’s no compromise in vehicle performance in either mode of operation. In order to tout the ride comfort, Converj incorporates a GM’s Magnetic Ride Control and adds even greater efficiency, energy during braking and stored in the battery.

Features

• New, organic light-emitting diode technology used on reconfigurable instrument cluster * Touch-screen navigation, climate, center-stack controls and audio systems
• Adjustable, overhead white ambient lighting
• Unique power on sequence featuring blue-lit console graphics
• Screen displays for features including regenerative braking, battery charge level and power output
• No inside rearview or outside mirrors; cameras provide surrounding images on a screen placed high on the instrument panel for a full, panoramic view
• Push-button ignition and power-folding front seats General Motors Corp. (NYSE: GM), the world’s largest automaker, has been the annual global industry sales leader for 77 years.

10. HYUNDAI RED BULL GENESIS COUPE

Car-enthusiasts awaiting for upcoming launch of the 2010 Genesis Coupe will now have Hyundai unveiling a new concept teaming with Rhys Millen Racing and Red Bull Energy Drink to campaign the car in the high-energy sport of drift racing. The already light weight Genesis Coupe will be made even lighter by replicating the fenders, front fascia, hood, deck lid, roof, doors, and side skirts out of carbon fiber. The interior show custom-fabricated 8-point safety cage and firewall. The single Sparco racing seat further protects the driver in the overhauled cockpit. The concept coupe is powered by a Hyundai Lambda 3.8-liter V-6 engine, which is equipped with a Turbonetics turbocharger, mated to a HKS sequential transmission. As a result we have a Genesis Coupe that will produce 550 horsepower and 520 lb.-ft. of torque

Source:: http://gadgetophilia.com/top-10-concept-cars-you-never-dreamt-of/

Continue reading »]]> Mumbai-based subscribers of Vodafone India might just love this one! The company has announced the launch of its music download service in the city and guess what? Vodafone says you would be able to download an entire song for a paltry Re. 1.

Now, all you need to avail this feature is to have a GPRS enabled handset, a Vodafone connection and access to Vodafone live. Both prepaid and post-paid users can access this service. Accessing the stuff you need via GPRS is the fastest and the easiest way to go about this. However, that doesn’t mean there are other options. The user, for example, can also choose to SMS the name of a song to a toll free number (111) to access the service.

The customer can choose to access this service and is eligible to download 5 songs per day. The songs are saved to a personal playlist titled “My Songs” on the Vodafone Live portal. Customers can also download the selected songs again – without having to pay for them again.

If you are a Vodafone Mumbai user, you might want to check out this service and listen to a plethora of tracks through it.

Now for the flip side. Vodafone hasn’t clarified how you would be charged for the actual download of the song. The Re. 1 is just the price of the song – minus the data charges. A song which can range from 2 to 6MB in size even if downloaded at a rate of 10 paise per 10kb adds up to a not so comfortable rate of Rs. 10 per MB.

I will update this when I get more info about this, meanwhile if our readers know something, feel free to share..

Continue reading »]]> Cyber security researchers and analysts have uncovered the existence of a spy network based in China that was used to steal sensitive, classified government documents from India – as well data from the Dalai Lama’s office and the United Nations.

The “Shadow Network”, as this network is now known, has been traced to two people living in Chengdu, China.
China is largely believed to possess a Cyber Warfare Doctrine that is designed to achieve global “electronic dominance” by 2050. With a yearly budget of $55 million allotted for it and over 10,000 hackers working in tandem, China is second only to U.S. when it comes to cyber snooping prowess.

As more details emerge about the intentions of these hackers, it is clear that they had targeted the upcoming Commonwealth games in India. The idea was to make Commonwealth games an utter failure later this year. The plans included studying the network architecture of the entire Commonwealth games IT infrastructure. This includes ticket sales, online registration servers all of which would crash at the time of the inaugural ceremony. The hackers had also looked into tender documents for the Commonwealth games network infrastructure. Intelligence agencies feel this could be for studying vulnerabilities in the system for possible attacks.

As to how the latest attacks happened, the modus operandi was simple. Individuals in the ministries were sent emails from a genuine looking nic.in mail address. The email had a PDF attachment that was infected. Accounts on Twitter, Yahoo Mail, Google Groups, Blogspot and other social-networking sites were used to update compromised computers and to host malware, according to the report.

Isn’t it high time that we pull up our socks and deal with this grave security threat?

Continue reading »]]> Update: Trend Micro Researchers were alerted to the discovery of a malware that came preinstalled on a Vodafone mobile phone handset. Its memory card was also believed to carry malware in it. Vodafone has been taking the heat for packing malware straight out of the box on their HTC Magic Android smartphones.

The recipient of one of the malware-laden phones was an employee of the Spanish antivirus firm Panda Security. Plugging the phone in via USB into any PC quickly led to an infection by WORM_SILLY.QT. Vodafone has already released an official statement saying that the infected phone problem was an isolated one.

Vodafone Spain has revealed that at least 3,000 users may have been exposed to the Mariposa malware, which made its way into users’ computers via the cell phone’s storage. The carrier had shipped HTC Magic phones with infected MicroSD cards from where the malware spread to PCs.

Vodafone is now offering to replace the microSD cards for infected phones. The company maintains that the incident is just an isolated and local one. This is probably the first time a phone has been shipped with a virus inside. Vodafone’s idea to change the memory card isn’t much of a solution to the problem.

Even though the threat was neutralised back then and the perpetrators arrested, there are quite a few affected computers left in the world even now. This Mariposa laden microSD cards just gave the botnet another opportunity to infect computers. It was an employee of Panda Security who first discovered this problem earlier this month. It is currently estimated that up to 3,000 phones might have been affected by the bot. If you bought one of those Vodafone branded HTC Magics, you might want to scan your memory card once before using!

Continue reading »]]> Easter egg

For example, follow these instructions to see a list of people who worked on the User Assistance feature of Microsoft Word 2000:

1. Open Microsoft Word2000

2. Press F1 or click the “Office Assistant” button

3. Under the “What would you like to do?”, type “Cast” (No quotes)

4. Click SEARCH

5. Click the MICROSOFT OFFICE 2000 USER ASSISTANCE STAFF topic

6. Click the graphic in the Microsoft Word Help screen

Easter eggs in computer games are quite common and may be funny scenes, hidden levels, or other extras gamers can discover while playing. One of the most popular easter eggs to unlock in video games is the “Dopefish”. This fun, fictional fish first appeared in Commander Keen: Secret of the Oracle (1991). Since that time it has made an appearance as an easter egg in numerous games. In many games you need to unlock a special level or perform a sequence of actions to find the hidden easter egg.

Easter eggs may also be found in movies, music albums, videos and other types of media.

Continue reading »]]> By Sean Hollister

Mar 9th 2010

http://www.engadget.com/2010/03/09/1024-bit-rsa-encryption-cracked-by-carefully-starving-cpu-of-ele/

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device’s power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That’s why they’re presenting a paper at the Design, Automation and Test conference this week in Europe, and that’s why — until RSA hopefully fixes the flaw — you should keep a close eye on your server room’s power supply.

Continue reading »]]> March 2010

http://news.webindia123.com/news/articles/Science/20100314/1464200.html

Iran claimed to have busted a spy racket allegedly linked with the US intelligence agency CIA and arrested 30 people for operating an internet network to gather secret data related to Iran’s nuclear scientists.

The Judiciary said Saturday it has dismantled a US-backed cyber network, which was set up to gather information on Iran’s nuclear scientists and spread unrest after the presidential election.

The nexus was formed by anti-Iran groups, including the terrorist Mojahedin Khalq Organisation (MKO), the Judiciary said in a statement, adding that 30 suspects have been arrested.

According to Iranian authority, during former US President George W Bush’s regime, a new campaign in the intelligence front – the “cyber war” – was set up to engage Iran, with the help of the MKO, pro-monarchy groups and other anti-Iran cells.

“Iran proxy”, which was one of the main projects of the campaign, received $50 million from the CIA and the US State Department, the statement said.

The program, which allowed Iranians bypass the state’s filtering system and access the internet, was designed to “obtain personal and family information” of its users and pass them on to US spy agencies.

Another major project was a network of “human rights activists”, which was led by Keyvan Rafiei, Jamal Hosseini and Ahmad Batebi, it said.

The network was tasked with recruiting people and sending them to an MKO camp in Iraq and other countries, where they would receive training, the statement said.

It said the network was also in close cooperation with “Lawyers Committee” and “Harana News service”, Press TV reported.

The network, according to the confession of its arrested members, was also tasked with inviting people to attend rallies and riots after the presidential election in June.

The Judiciary said that the International Criminal Police Organisation (INTERPOL) has been briefed on the situation and about the key members of the group, who operate the racket from the US.

Continue reading »]]> 02 April 2010.

http://www.net-security.org/secworld.php?id=9096&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Google analyzes millions of pages per day when searching for phishing behavior. This kind of activity is, of course, not done by people but by computers.

The computers are programmed to look for certain things that will identify the page as a phishing site. Those things are actually the same things that users should check when evaluating if a page is legitimate or not.

According to a post on Google’s official online security blog, the first step is looking at the URL- Does it contain words like “login” or “banking” or trademarks of the phishing target? Does it use an IP address for its hostname? Does it have a large number of host components, making the address unusually long? If the answer is yes to all of these questions, the page could be a phishing one.

The second step consists of analyzing the page – Does it contain a password field? Does the majority of the links point to the phishing target so that the phishing pages functions as the legitimate one would? Google’s computers check also the terms most often used on the page, and a telling terms like “password” raises a red flag.

The third step consists of a look-up of the hosting information – does the institution claim to be based in one country but the webpage is hosted on servers in another country and on a local ISP’s network? If the answer is yes, chances are high it’s not a legal site.

Lastly, checking to see whether the page is popular and checking the spam reputation of the domain on which the page is hosted will give you another clue – phishing pages are usually hosted on domains that have a (bad) reputation when it comes to spam sending.

When all these clues are combined and indicate that the site is likely set up for phishing purposes, it is put on Google’s blacklist that is used by the browsers to warn the users that they have landed on a malicious page.

“False positives” do happen, but they happen once every 10,000 checked pages, and even then it is usually a site set up for some other malicious purpose. The basis on which the classifier is trained to recognize phishing pages is provided by a sample of around ten million analyzed URLs in the last three months and an addition of current features, and it is executed once a day.

Phishers may use a number of techniques to try and bypass this system, but they can’t escape forever. The more people come to their site, the likelihood of someone recognizing it for what it is and reporting it to Google rises, so it’s just a matter of time before it gets flagged.

Continue reading »]]> IANS / PTI

The Hindu

March 2010

http://beta.thehindu.com/business/article193044.ece

There have been attempts to hack into the government computer network, but till date there has been no loss of vital information, says Minister of State for Communication and Information Technology Sachin Pilot.

“Yes, there have been attempts but I can categorically say that not one attempt has been successful,” the minister said. “The government’s computer network system, maintained by the National Informatics Centre, is highly efficient,” Mr. Pilot told IANS in an interview.

Earlier this year, hackers tried to penetrate government computers in vital ministries including the office of the National Security Adviser (NSA). These attacks, officials said, originated in China.

According to the Computer Emergency Response Team, a cyber security advisory and referral agency of the Department of Information Technology, 570 Indian web sites were defaced by hackers during January this year, against 271 during the like month of last year.

During the whole of last year, a total of 6,023 cases of defacement were reported.

The agency also said that during January, out of 246 cyber-security incidents, as 63 percent related to spamming, 18 to phishing, 8 percent to malicious viruses, 76 percent to unauthorised scanning and the rest to other categories.

Former NSA M.K. Narayanan, who is currently West Bengal governor, had stated that his office and other government departments were targeted on the same date that U.S. Defence, Finance and Technology companies, including Google, reported cyber attacks from China.

The hackers had sent an e-mail with a PDF attachment containing a Trojan virus. But the virus, which allows hackers to download or delete files, was detected and officials were told not to log on until it was eliminated.

Mr. Pilot pointed out that such hackers were usually scanning the entire system to find weak spots. “But our people are very efficient and well trained. Safeguards have ensured that national security has not been breached.”

The Ministry of External Affairs and Indian embassies have instituted stringent protocol on the use of e-mails by serving officers, which includes frequently changing passwords and using e-mails only for routine communication.

Besides, the ministry has instituted a periodic security review of all computers to ward off cyber threats.

Continue reading »]]> William Maclean, Security Correspondent

Reuters

Feb 22, 2010

http://www.reuters.com/article/idUKTRE61L37B20100222

LONDON (Reuters) – The best weapon against the online thieves, spies and vandals who threaten global business and security would be international regulation of cyberspace.

Luckily for them, such cooperation does not yet exist.

Better still, from a hacker’s perspective, such a goal is not a top priority for the international community, despite an outcry over hacking and censorship and disputes over cyberspace pitting China and Iran against U.S. firm Google.

Nations are thinking too parochially about their online security to collaborate on crafting global cyber regulation, an EastWest Institute security conference heard last week.

Policy statements from governments around the world are dominated by the need to heighten national cyber defenses. As a result, too many cyber criminals are getting a free ride.

“Nations are in denial,” a cyber law expert told Reuters, saying national legislation was of limited use in protecting users of a borderless communications tool.

“It may take a big shock of an event to wake people out of their complacency, something equal to a 9/11 in cyberspace,” he said referring to the 2001 coordinated attacks on U.S. cities.

With a quarter of humanity connected to the Internet, cyber crime poses a growing danger to the global economy.

TARGET THE PERPETRATOR

The FBI tallied $264 million in losses from Internet crime reported by individuals in the United States in 2008 compared to $18 million of losses from 2001: These were probably a fraction of the losses caused to companies and government departments.

The menace extends to many sectors including control systems for manufacturing, utilities and oil refining, since many are now tied to the Internet for convenience and productivity.

A priority for regulators is to find ways of tracking down criminals across borders and ensuring they are punished, a tough task when criminals can use proxy servers to remain anonymous.

“We cannot postpone the debate until we are in the midst of a catastrophic cyber attack,” former U.S. Homeland Security Secretary Michael Chertoff told the conference.

“We must formulate an international strategy and response to cyber attacks that parallels the traditional laws governing the land, sea, and air.”

Security experts say the ability to conduct disastrous mass cyber attacks is the preserve of some governments, well beyond the capacity of militant guerrilla groups like al Qaeda.

But it cannot be assumed that international organized criminal networks, long practiced at mass online fraud and theft, are not developing an interest in gaining this ability.

“Cyber crime is a very sophisticated crime with very sophisticated players and it takes a multinational effort to make sure we can enforce the law,” Dell Services President Peter Altabef told Reuters.

“Once you have identified who is at fault you really want to make sure, as a deterrent, that you can go to those jurisdictions and enforce the laws on the books.”

James Stikeleather, Dell Services Chief Technology Officer, told Reuters that tracking own criminals across borders could pose legal issues for drafters of multilateral regulation.

Giving an example, he said the more companies added the technology needed to give investigators the ability to attribute a crime, the more users’ privacy and anonymity would be reduced.

“PLAYING WITH FIRE”

“Probably the sticking point among the governments will be ‘where is the appropriate level of attribution versus anonymity or privacy for what people are doing (online)’.”

Datuk Mohammed Noor Amin, chairman of the U.N.-affiliated International Multilateral Partnership Against Cyber Threats, said failure to regulate could perpetuate cyber “failed states.”

He cited impoverished countries where customers can purchase unregistered SIM cards with mobile Internet capability, giving them the ability to commit online crime such as identify theft against people in rich nations without fear of being traced.

He said it was in the interest of rich nations to help poorer countries develop the capacity to crack down on this kind of abuse, because their own citizens were being targeted.

“Governments tend to look at their self-interest. But it’s actually in their own interest to collaborate,” he said.

Altabef said the growing rate and scale of international cyber attacks threatened to undermine the trust between nations, businesses and individuals that was necessary for economies and societies to act on the basis of the common good.

Complacency was also a problem, delegates said. “Nations take for granted the Internet is going to be ‘on’ for the rest of our lives. It may not necessarily be so,”.

“Imagine the Internet being down for two to four weeks,” he said. This would “rain disaster” on online businesses as well as transport, industry and governmental surveillance systems.

“People have realize the Internet is an integral part of every country, politically, socially and business-wise.”

“Not to focus on cybersecurity is playing with fire.”

Continue reading »]]>

Are Tablets really the next big thing in computing? May be, may be not (need to wait for sales figures to answer this)! However, Apple’s iPad has surely created a buzz around Tablets. You have HP, Dell and all other PC vendors of every size and shape readying a Tablet PC.

In the content is a Desi Tablet too, Adam. Designed by an alumunus of National Institute of Design, Makarand Kulkarni, Nokion Ink’s Adam is being billed as an iPad killer. Here’s looking into what Apple’s iPad has that our Adam lacks and vice versa. And how the two compare on various specs like memory, display, connectivity, pricing and more.

Dimensions

Measuring 6.3 x 9.8 x 0.6 inches, Adam weighs around 770 gms. Adam has two versions, one is 12.9mm and the other is 11.4mm in thickness. Both versions are slimmer than iPad which is 13.4mm in thickness.

While Apple’s iPad measures 9.56 inches in height, 7.47 in width and 0.5 inch in depth. iPad weighs 1.5 lbs (0.68 kg), the 3G version is 0.1 pounds heavier.

Display

Adam boasts of a 10-inch Pixel Qi transflective display, a capacitive touchscreen capable of recognizing six simultaneous points of contact. Pixel Qi’s technology offers two different modes: full colour LCD for indoor use or in a low-power reflective mode that actually gets brighter when more direct sunlight falls upon it.

iPad has a 9.7-inch LCD colour screen. The device uses iPhone’s multi-touch technology, Apple’s Magic Mouse, and the company’s trackpad technology found in some of the company’s laptops.

Camera

Adam supports a 3 megapixel swivel auto focus camera. This implies that the device will support video calling.

However, Apple’s iPad lacks camera. Lack of camera being widely seen as a negative in iPad as the device is said to be placed somewhere between a smartphone and laptop.

Output

Adam has HDMI-out and 3 USB ports, and can output video at 1080p resolution.

However, there is no facility for HDMI output in iPad. This means users will not be able to view HD videos on a large TV screen even if they have downloaded the same from iTunes. The Apple device can playback at 720p HD video.

Processor

Adam is powered by Nvidia Tegra 2 chip which runs at 1GHz and acts as both a CPU and graphics card in one. It will run on Google’s Android OS.

iPad runs a version of the iPhone’s operating system. The iPad has a 1GHz chip that is custom designed by Apple.

Memory

Adam will come in 16GB or 32GB versions. Apple iPad will come in 16, 32 and 64GB versions.

Multitasking

According to Adam creator Notion Ink, the Tablet will support multitasking. This means the device will be able to run several applications in parallel.

However, there is no multitasking option in iPad’s OS. This means for example users can’t listen to FM while they surfing the Web, or switch back and forth between Facebook or Twitter, or write an email while talking on a VOIP call.

Flash

Adam offers support for Flash, video standard used for viewing websites. However, iPad doesn’t offer support for Flash.

This means users will encounter those `big, empty video boxes in the middle of a page’ while surfing on the pages which require Adobe Flash. Youtube will be supported just like in iPhone but no Flash games. In iPhone 3GS too when users browse through Web pages with Adobe Flash, it displays empty spaces with missing icons.

Connectivity

Adam packs WiFi, 3G, Bluetooth, a pile of sensors and accelerometers and GPS.

Apple iPad supports both WiFi and Bluetooth connectivity. The WiFi antenna supports 802.11 a/b/g/n. The device also packs GPS.

S D Card

Apple’s iPad doesn’t offer SD card slot which means users cannot expand their memory. However, Adam which comes in 16 and 32GB storage options offers SD card slot.

Battery

According to Notion Ink, Adam will be able to play music for up to 25 days, 16 hours of internet browsing and play high definition video for 8 hours. According to reports, Adam integrates two breakthrough power saving components that promises twice the battery life of Apple iPad.

iPad offers battery life of up to 10 hours. The standby time is approximately a month.

Apps

Notion Ink has planned an App competition offering $1,000,000 prize money for the best Adam-compatible app.

Apple’s iPad can use virtually all the over 140,000 apps currently available for the iPhone. However, iPad will let you download applications only from Apple’s AppStore. iPad doesn’t allow users to download any apps other than from the App Store.

PRICE

The Adam is expected to cost about $325.

iPad’s 16GB version of the basic Wi-Fi model will sell for $499. A 32GB version will cost $599, and a 64GB device will be $699. The 3G models won’t be available until April. Those will range in price from $629 to $829.

Continue reading »]]> BANGALORE: An IT security firm, Sophos, is warning that a major attack against Twitter users last weekend that was designed to steal passwords and use hijacked accounts to spread moneymaking spam campaigns.

The attack, which is ongoing, began on Saturday, as Twitter users found members of the micro-blogging network had posted messages disguised as humorous inks, but actually aimed to phish passwords credentials from unsuspecting users.

Messages, which began with phrases such as “Lol. this is me??”, “lol, this is funny.”, “Lol. this you?? ” and “ha ha, u look funny on here”, were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a Web site based in China.

Researchers discovered that although the main wave of poisoned messages has been via private direct messages between individual users on Twitter, dangerous links are also being posted in public feeds. This means that innocent users can stumble across the links even if they are not sent it directly, or even if they are not a signed-up user of Twitter.

“Thousands of users being put at risk of having their account broken into,” said Graham Cluley, senior technology consultant at Sophos.

“The cybercriminals behind the attack are creating a zombie network, or botnet, of hacked accounts that they can then abuse to spread spam, distribute malware and steal identities. There’s nothing funny about the LOL attack — you have to be on your guard against clicking on the dangerous messages. If you’ve fallen for it you must change your Twitter password immediately.”

The phishing campaign appears to be already bearing fruit for the hackers as they are now distributing spam selling herbal Viagra from the compromised accounts.

Continue reading »]]> DAILY NEWS

February 18th 2010

http://www.nydailynews.com/news/2010/02/18/2010-02-18_kneber_botnet_virus_attacks_75000_computers_worldwide_including_us_government_sy.html

A new computer virus has infected almost 75,000 computers worldwide – including 10 U.S. government agencies – collecting login credentials from online financial, social networking sites and email systems and reporting back to hackers.

The virus, dubbed the Kneber botnet, is thought to be the brainchild of an Eastern European criminal group that is likely selling the information on the black market, according to the Internet security firm NetWitness, which uncovered the attacks in January.

The attacks are continuing and corporate losses are still being compiled, said NetWitness chief technology officer Tim Belcher.

The FBI, Department of State and Department of Homeland Security have been notified, Belcher said.

The crime groups “running this activity are every bit as expert at compromising systems and siphoning off information as nation states,” according to Belcher.

“They’re well funded, motivated and successful.” Hackers using the new virus have infiltrated the computer networks of more than 2,400 companies in almost 200 countries over an 18-month period, the Herndon, Va.-based computer security firm reported.

Further investigation revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.

Infiltrated companies include pharmaceutical giant Merck & Co., Cardinal Health Inc., software firm Juniper Networks and Paramount Pictures, the Wall Street Journal reported Thursday.

Hackers reportedly used the virus to break into computers at 10 U.S. government agencies and in one case obtained the user name and password for a soldier’s military e-mail account.

Companies in Egypt, Mexico, Saudi Arabia, Turkey and the U.S. are the most frequently targeted in the attack, according to a research paper released by NetWitness.

The attack uses a piece of software called ZeuS, designed in Eastern Europe, that takes control of large numbers of computers.

ZeuS is among the top five most reported computer infections, according to the Department of Homeland Security.

“These large-scale compromises of enterprise networks have reached epidemic levels,” said Amit Yoran, CEO of NetWitness and former Director of the National Cyber Security Division.

“Cyber criminal elements like the Kneber crew quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

Yoran said that conventional intrusion detection systems are “inadequate for addressing Kneber or most other advanced threats.”

Continue reading »]]> ‘Kill Zeus’ removes rival software from PCs, giving Spy Eye access to usernames, passwords

By Robert McMillan

IDG News Service

February 9, 2010

http://www.computerworld.com/s/article/9154618/New_Russian_botnet_tries_to_kill_rival

IDG News Service – An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.

Security researchers say that the relatively unknown [Spy Eye toolkit] added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus.

The feature, called “Kill Zeus,” apparently removes the Zeus software from the victim’s PC, giving Spy Eye exclusive access to usernames and passwords.

Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own “botnet” networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses.

Trojans such as Zeus and Spy Eye steal online banking credentials. This information is then used to empty bank accounts by transferring funds to so-called money mules — U.S. residents with bank accounts — who then move the cash out of the country.

Sensing an opportunity, a number of similar Trojans have emerged recently, including Filon, Clod and [Bugat], which was discovered just last month.

Spy Eye popped up in Russian cybercrime forums in December, according to Symantec Senior Research Manager Ben Greenbaum.

With its “Kill Zeus” option, Spy Eye is the most aggressive crimeware, however. The software can also steal data as it is transferred back to a Zeus command-and-control server, said Kevin Stevens, a researcher with SecureWorks. “This author knows that Zeus has a pretty good market, and he’s looking to cut in,” he said.

Turf wars are nothing new to cybercriminals. Two years ago a malicious program called Storm Worm began attacking servers controlled by a rival known as Srizbi. And a few years before that, the authors of the Netsky worm programmed their software to remove rival programs Bagle and MyDoom.

Spy Eye sells for about $500 on the black market, about one-fifth the price of premium versions of Zeus. To date, it has not been spotted on many PCs, however.

Still, the Trojan is being developed quickly and has a growing list of features, Greenbaum said. It can, for example, steal cached password information that is automatically filled in by the browser, and back itself up via e-mail. “This is interesting in its potential, but it’s not currently a widespread threat at all,” he said.

Continue reading »]]> Over a billion people visited social networking sites such as Facebook and Twitter last month so it’s not surprising that hackers have these sites in their cross-hairs.

The attacks come in many forms: spreading Trojan viruses including key loggers, phishing for passwords and sniffing out packets of sensitive information.

In fact, according to recent research from Breach Security Labs, social networks were the most targeted category in 2009, accounting for 19% of all malicious attacks last year.

The media reports evidence of these attacks seemingly every day.

For instance, in late January Twitter announced that they had once again fallen victim to hackers who were using torrent-based phishing attacks to steal usernames and passwords and hack into user accounts.

This is not the first time the popular social network has been hacked.

In late 2009, some Twitter users fell victim to a phishing attack when they received email notifications from their “new followers,” with a link that lead them to a fake Twitter site where they were prompted to enter their usernames and passwords.

Facebook has had its share of malicious attacks as well.

Most recently, in January there were widespread reports of users receiving direct messages from their “friends” within the network that included a link to a website that was suspected to infect the user’s computer with spyware.

Other widely reported incidents involve offers for a free iPod touch or gift cards, when in fact the only gift these unsuspecting users received was to have their usernames and passwords sold as part of a phishing list readily available for would-be cyber criminals to purchase online.

It’s no shock that these sites are being targeted considering that the time American’s spent on social networks increased 82% in 2009 from the previous year, accounting for over 17% of the total time spent online. *

Many of the more prominent networks have taken measures to increase security and privacy settings.

For example, Facebook has begun to closely monitor the number of postings from each account to detect abnormal behavior that can indicate an account has been compromised.

If a user who normally posts once or twice a day begins to send out hundreds of messages, the account is flagged within the system and attempts are made to contact the user and alert them to change their password and advise friends not click though on links from their recent postings.

In addition to setting robust social network passwords, setting personal reminders to change your passwords monthly and taking advantage of the privacy settings afforded by each individual network, consumers can also take advantage of simple and cost effective data encryption solutions designed to lock down your personal info and passwords.

The more advanced encryption software solutions available today enable the user to securely log into websites by using specialized tools like password managers that retain all of the data regarding each account in an encrypted vault or folder.

The data entered into password managers is encrypted in case of theft or loss of the computer or USB flash drive it is stored on.

These types of password protection features are also capable of creating, storing and managing strong secure passwords so you can maintain unique IDs for each website, without having to remember them each time you log on to do online banking, surf social networks or check your email.

By utilizing tools like password managers, users eliminate the risk of exposing themselves when using computers that they do not own.

Finally, there is another very simple tool that needs to be used when on any type of social networking site: common sense.

Only put info on your walls, blogs, tweets or posts that you would feel comfortable with strangers knowing. For example, you may not want everyone to know when you will be out for the night.

This opens a door for someone to be watching and break into your home knowing you are not around.

Exercising some simple common sense in terms of what information is made public could have prevented many of the social network related horror stories we hear about every week.

With the rapid growth in social networking and the increasing instances cyber criminals targeting these online destinations, it’s imperative that we all understand the potential threats of identity theft and harm to our personal reputations.

By using simple data encryption and password protection tools, you can ensure that your personal information and online identities remain secure and private.

Nielson Research Study

Continue reading »]]> By Ellen Messmer

Network World

February 3, 2010

http://www.computerworld.com/s/article/9151979/How_Wi_Fi_attackers_are_poisoning_Web_browsers?source=CTWNLE_nlt_security_2010-02-04

Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to “poison” users’ browser caches in order to present fake Web pages or even steal data at a later time.That’s  according to security researcher Mike Kershaw, developer of the Kismet wireless network detector and intrusion-detection system, who spoke at the Black Hat conference.

He said it’s simple for an attacker over an 802.11 wireless network to take control of a Web browser cache by hijacking a common JavaScript file, for example.

“Once you’ve left Starbucks, you’re owned. I own your cache-control header,” he said. “You’re still loading the cache JavaScript when you go back to work.

“Open networks have no client protection,” said Kershaw, who also uses the handle Dragorn. “Nothing stops us from spoofing the [wireless access point] and talking directly to the client,” the user’s Wi-Fi-enabled device.

Knowledge gained from researchers over the past year, he said, is showing that browser-cache poisoning over Wi-Fi can be kept in a persistent state unless the user knows how to effectively empty the cache.

“Once the cache is poisoned, it’s going to stay there,” Kershaw said. This means that an attacker can intercede to “poison the URL” of the victim so that he will see a fake Web page when they try to visit a specific Web site or try to insert a “shim” that could “ship your internal pages off to a remote server once you’re in a VPN.”

The few defenses Kershaw suggested were continuously manually clearing the cache, or using private-browser mode. “Who knows how to clear the browser cache in an iPhone?” he asked.

Kershaw acknowledged he doesn’t know how widely attacks based on poisoning the browser cache via 802.11 actually are. But the potential for trouble is so evident he said he’d advise corporate security professionals to try to “forbid users from taking laptops onto open networks,” though he admitted, “Your users may lynch you.” He said some vendors, including Verizon, are looking at solving this problem with a custom client that is tied to specific operating systems.

Continue reading »]]> ATTACKED : CIA, PayPal under bizarre SSL assault

Plus hundreds of others

By Dan Goodin in San Francisco

29 January 2010

http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/

The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that’s bombarding their websites with millions of compute-intensive requests.

The “massive” flood of requests is made over the websites’ SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo.

“What do I mean by massive? I mean you are likely seeing an unexpected increase in traffic by several million hits spread out across several hundred thousand IP addresses,” Shadowserver’ Steven Adair wrote. “This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth.”

Shadowserver has identified 315 websites that are the recipients of the SSL assault. In addition to cia.gov and paypal.com, other sites include yahoo.com, americanexpress.com, and sans.org.

It’s not clear why Pushdo has unleashed the torrent. Infected PCs appear to initiate the SSL connections, along with a bit of junk, disconnect and then repeat the cycle. They don’t request any resources from the website or do anything else.

“We find it hard to believe this much activity would be used to make the bots blend in with normal traffic, but at the same time it doesn’t quite look like a DDoS either,” Adair wrote.

Continue reading »]]> COPYCAT : China Hacks Inspire Copycats

Jaikumar Vijayan,

Computerworld

Jan 24, 2010

http://www.pcworld.com/article/187534/china_hacks_inspire_copycats.html?

Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today.

The company reported spoofed e-mails purporting to contain details on the alleged Chinese attacks that contain a PDF attachment. When opened, it installs and runs the Acrobat.exe backdoor on the user’s machine.

A screen shot posted on F-Secure’s Web site showed an e-mail designed to look like it came from George Washington University. The e-mail, with the subject header ‘Chinese cyberattack,’ offered the target a review of an article on the recent attacks that the purported author had just written for the Far Eastern Economic Review.

When the attached PDF is opened in Acrobat Reader, it exploits a known vulnerability in the doc.media.newPlayer function of the reader to install a back door on the user’s system, F-Secure said. The flaw was patched by Adobe last week.

F-Secure reported seeing targeted attacks using similarly poisoned PDF files being directed at U.S. military contractors earlier this week. In that case, the e-mails were designed to appear as if they were from the U.S. Air Force and purported to contain information on an actual Department of Defense event scheduled for later this year.

F-Secure also said it has learned of a similar e-mail targeting the “intelligence sector,” but offered no further details.

Attacks that attempt to take advantage of popular news events or stories to fool users into clicking on malicious attachments or browsing to malicious sites have become common in recent years. What’s different now is that such attacks are being directed at specific individuals and are increasingly tailored to appear as if they are from a trusted source. Many of the so-called Advanced Persistent Threats (APT) faced by large companies such as Google rely heavily on social-engineering tricks to get targeted individuals to open infected e-mails or download malicious files.

Continue reading »]]> There is a new facebook application doing the rounds by the name of Photas, it will say that a frnd of urs commented on a photo of you, and when u try to check the photo, it will take u to this page: http://www.facebook.com/apps/application.php?id=448829670716 , goign there will send this trojan to all your friends and thus spread exponentially.
Do not fall for this.

In General, dont take everything for granted on sites like facebook etc, look before you add apps, u may never know what you might give away.

Forward this to your friends so that they also dont fall for this.

Continue reading »]]> CRACK : Hackers crack airport access

By Matthias Kremp

14/01/2010

http://www.spiegel.de/netzwelt/netzpolitik/0,1518,671980,00.html (Translated from German by Google)

http://translate.google.com/translate?u=http%3A%2F%2Fwww.spiegel.de%2Fnetzwelt%2Fnetzpolitik%2F0%2C1518%2C671980%2C00.html&sl=de&tl=en&hl=&ie=UTF-8

Alarming vulnerability to major German airports: With a simple 200-euro device can outsmart the security barriers. Hackers of the CCC led to ARD reporters can be scanned as easily access cards, and then electronically simulated – the police union is appalled.

After the foiled bomb attack in Detroit, the security agencies and airports have reacted quickly and sharply, before the inspection are always long queues, because the checks have been stepped up. Each piece of hand baggage is searched, each fluid control, many passengers two or three times chased through the metal detector.

It is an easy way to circumvent the controls – the ARD-Magazin “Contrasts” is now demonstrating that it appears in many German airports are a vulnerability that can be exploited by simple means.

The allegations are directed against several German airports used to access security system of the Swiss agent LEGIC It should be easy to crack – how easy to have hackers from the Chaos Computer Club (CCC reporters) presented.

The operating principle of the system is simple: Each employee receives an ID card with built-in microchip. To get into airport security areas, the card is tilted close to a reader. This takes over the air on contact with the chip that reads the data and opens the door, where the institution of the chip is identified as being authorized to access.

But with a relatively simple device can be cut short this seemingly secure protection mechanism. Namely, with a “programmable RFID reader, which can both pretend to be a reader – and can pretend to be a map,” said Karsten Nohl, CCC member of the “contrast” searchers. Assemble the apparatus, therefore, will cost less than $ 200.

With this device you can first read an access card – and then switch it so that it emulates the card, then electronically replicates. In the end, can be with the RFID reader to open those doors, which also include the original would have been granted access.

15 centimeters range approximation

In an interview with SPIEGEL ONLINE, the manufacturer Legic confirmed “that members of the Chaos Computer Club has been able to evaluate by reverse engineering the algorithm of Prime and disclose.

Nohl and other CCC members were “simply shocked to even find any hurdles that we would have to overcome.” Only the limited range of the used RFID reader and emulation device using brakes. With a suitably powerful power supply can be ideally bridging distances of about 70 centimeters. If one wishes to remain anonymous and do not bulky power apparatuses attention to themselves, reduces the distance to up to 15 centimeters. But it was no real obstacle, “said ARD editor Matthias Deiss

To read out a map of it ultimately matter if you stands on an escalator next to an airport employee. Because the ID cards bear the usually either on a long ribbon around the neck or with a short bunch of keys on his belt.

The Swiss compromised by the hackers access system is used in Germany at the airports of Hamburg, Berlin-Tegel, Stuttgart, Dresden and Hanover – and marketed internationally. How far with the stunt is in doubt, was an employee of the Hamburg airport the “contrasts” reporters clear. He had his access card entry to the security area and could thus “on access gates, roads, terminals and gates directly via the apron and of course get on an airplane.” With the RFID reader, the same should be possible.

The system is outdated

The Hamburg Airport recognizes the vulnerability. However, it is pointed out that the access is not the only security mechanism of the airport. With other systems would ensure that no unauthorized persons enter the premises. The nature of these systems has been, “contrasts” but not answered. An exchange of more than 15,000 access cards and readers can not get around 500 for cost reasons.

If you read the product description, the Legic published on his website, anyway, the question arises, why use airports specifically chosen this system to protect access. Accordingly, were key to the development of the system presented at the 1992 Cebit, the simplification and comfort in mind. It is also designed for controlling access to “large-scale projects in the leisure industry”, say for example in holiday resorts. According to the data sheet a “basic security with a focus on organization and convenience” is one of the main features of the system.

Legic told SPIEGEL ONLINE with the Prime System Chriffrierverfahren use a firm that meets the technical possibilities of 1992. The company has argued that such procedures are based essentially on the secrecy of the algorithms used. Compared with today’s methods “have these older methods, a lower safety level than modern systems”, which gives the manufacturer openly. He recommends that its customers, the technology “reassess and, where necessary, replace it with modern security systems.” However, even today is still guaranteed the security – if one Legic Prime with additional measures such as a pin number, a video surveillance or simply supplement an usher. But because it costs, just as a replacement of the entire system.

Interior Ministry and police union response

According to a spokesman for the Federal Interior Ministry is on the airport operators to review the security controls already been suggested. Rainer Wendt, chairman of the German police union, which is too little – he asks to replace the cracked security system immediately and put on the cutting edge of technology.

For the omissions of the operators, he shows no sympathy. He proposes to put the security operation now under the supervision of the federal police to: “so that the airport can be more sloppy as they want.”

Continue reading »]]> We’ll ignore this window if you close it

By Cade Metz in San Francisco

Posted in Security, 27th January 2010 00:28 GMT

http://www.theregister.co.uk/2010/01/27/google_toolbar_caught_transmitting_data_when_disabled/

Google has updated its browser toolbar after the application was caught tracking urls even when specifically “disabled” by the user.

In a Monday blog post, Harvard professor and noted Google critic Ben Edelmen provided video evidence* of the Google toolbar transmitting data back to the Mountain View Chocolate Factory after he chose to disable the application in the browser window he was currently using.

The Google toolbar offers two disable options: one is meant to disable the toolbar “permanently,” and the other is meant to disable the app “only for this window.”

In a statement passed to The Reg, Google has acknowledged the bug. According to the statement, the bug affects Google Toolbar versions 6.3.911.1819 through 6.4.1311.42 for Internet Explorer. An update that fixes the bug is now available here, and the company intends to automatically update users’ toolbars sometime today.

The statement also says that the bug does not occur if you open a new tab after disabling the toolbar for a particular window. In the statement, Google goes on to say that the bug disappears if you restart your browser, but this doesn’t quite make sense. If you’re interested in disabling Google toolbar for a particular window, you aren’t going to close that window.

“For that option to work as its name promises, Google Toolbar must cease transmissions immediately,” Edelman says. “Fact is, the ‘Disable Google Toolbar only for this window’ option doesn’t work at all: It does not actually disable Google Toolbar for the specified window.”

It would appear that in saying the bug is fixed when the browser relaunches, Google is referring to a second bug Edelman uncovered. The Harvard prof also found that the toolbar continued to transmit data when he attempted to disable it through Internet Explorer’s “Manage Add-ons” window.

With the Google toolbar, certain “enhanced features” require the transmission of data back to Google servers. These features include the ability to view a website’s Google PageRank, essentially a measure of its importance on the web at large, and the new Sidewiki, a means of adding meta-comments to webpages. Using a network monitor, Edelman confirmed that if “enhanced features” are activated, Google collects domain names and associated directories, filenames, URL parameters, and search terms.

The user chooses whether to turn on “enhanced features,” but Edelman argues that it’s much too easy for a user to do so without completely realizing the consequences. The toolbar’s standard installation routine launches a “bubble message” that pushes readers to turn on the features, he says, and it’s less than clear about what data is being transmitted.

“The feature is described as ‘enhanced’ and ‘helpful,’ and Google chooses to tout it with a prominence that indicates Google views the feature as important,” Edelman writes. “Moreover, the accept button features bold type plus a jumbo size (more than twice as large as the button to decline). And the accept button has the focus – so merely pressing Space or Enter (easy to do accidentally) serves to activate Enhanced Features without any further confirmation.”

Yes, he continues, the message points out that the toolbar “tells us what site you’re visiting by sending Google the url.” But he argues this stops short of explaining that it collects everything from directories, filenames, and URL parameters to search keywords.

What’s more, Edelman says, turning off “enhanced features” is more difficult than turning them on – especially for the average Joe. It appears that the features can’t be turned off unless you uninstall the entire toolbar. Or “disable” it. But that doesn’t always work. Or at least it didn’t until Edelman noticed it didn’t.

* Video evidence at

(http://www.benedelman.org/spyware/images/googletoolbar-jan10/disablex-video-012110.html)

Continue reading »]]>

You can do lot of interesting stuff with Google Talk like get alert notifications, save bookmarks to delicious, manage web calendars, set reminders, write blogs, and so much more.

Such features can be easily integrated into Google Talk through ‘bots’ which, in simple English, are like virtual friends who are online 24×7 and will always respond with a smile to your questions or requests.

Here are the eleven most useful ‘bots’ that transform Google Talk into a more useful program:

1. imfeeds@gmail.com – Add this IM Feeds bot as your Google Talk buddy and you’ll be able to read any blog or website that syndicates content via RSS feeds.

To subscribe to a website in GTalk, simply send a new IM message that says “sub labnol.org” where labnol.org is the site address that you want to read inside Google Talk.

2. friendfeed@bot.im – This secret bot lets you post to FriendFeed from Google Talk. You may submit either hyperlinks or text messages.

3. imified@imified.com – This imified bot turns Google Talk into a real powerhouse.

You can post bookmarks to delicious, send messages to Twitter, submit blog entries to WordPress, Tumblr or Blogger, manage events in Google Calendar, shorten long URLs, run whois and so on.

4. inezhabot@gmail.com – Like IM Feeds, iNezha bot helps you read feeds inside Google Talk but this is slightly more versatile. For instance, you can simply say “digg” and it will show a list of all feeds that match that search term so you don’t have to type (or copy-paste) feed addresses.

5. Translation – This is a free service from Google that helps you translate words from a foreign language into your native language. Just add the relevant bot (e.g. hi2en@bot.talk.google.com for Hindi to English or en2hi@bot.talk.google.com for English to Hindi) as your buddy, send him a message and it will get translated instantly.

6. Use Google Talk with Twitter – Invite twitter@twitter.com to become your friend in Google Talk and verify your account. Now whenever you IM this new friend, the message will automatically publish on your twitter account.

7. Set Task Reminders – If you need to remember something important, Google Talk can send you reminders for that event.

Just add timer to your Twitter friend’s list and then add twitter@twitter.com to your buddy list in Gtalk. Now if you want to get a reminder after 50 minutes, send a direct message to twitter  like “d timer 50 pick kids from school” and a reminder will automatically pop up in your Google Talk after 50 minutes.

8. Transliteration – If you want to chat in your mother tongue (like Hindi or Tamil) but feel more comfortable using the English keyboard, Google Transliteration bot will come in handy.

For instance, add en2hi.translit@bot.talk.google.com to you friend’s list in GTalk and all messages you type in English will get transliterated in the language of your choice.  Available only for a few Indian languages.

9. Xpenser – With xpenser, you can record travel expenses via email, SMS or even Google talk. Add xpenserbot@gmail.com as your buddy and send a message like “lunch 33.2 with Bill Gates” and that will be added as an expense to your online spreadsheet that can be accessed from anywhere.

10. Ping.fm – Like Imified, ping.fm is one of the most useful Google bots out there especially if you are a social networking or micro-blogging addict.

Add pingdotfm@gmail.com to Gtalk and you can communicate with twitter, jaiku, wordpress, identi.ca, facebook, myspace, bebo, friendfeed, linkedin, tumblr, plaxo, friendster, delicious and more.

11. Meshly – Add meshly@gmail.com as your friend and you’ll be able to post web link to your Meshly account via Google Talk. You can also add tags, categories and description to your hyperlink via Gtalk itself.

Continue reading »]]> Mobilewitch Bluetooth Remote Control is a free of charge program that can be used to control your computer from distance. The main purpose of this software is to turn your mobile phone into a universal PC remote control.

The application is perfect for business as well as for your own enjoyment. Now you can easily remote control your PowerPoint presentations, Mouse Cursor or simply explore the content of your computer directly from your mobile phone.

Tones of handy features will be available after installing the software. You will be able to change the tracks and videos played on Media Player or Winamp, browse for artists, albums or adjust the volume. The application will also give you remote access to programs such as Windows Explorer, Internet Explorer or Firefox. In the same time you will be able to Run commands on your computer or send text messages to your desktop.

The program consists of two parts – the client and the server (both being written in Java). The former is located into a J2ME capable mobile phone with Bluetooth capabilities while the latter is placed in the computer you wish to remotely control.

So, all you need for this software to run is a mobile phone with Bluetooth™ support and a Bluetooth dongle installed on your computer.

In order to start using the Mobilewitch Bluetooth Remote Control you first need to download and install both Mobile Application and PC Server. In case of Nokia mobile phones, the Nokia PC Suite will automatically recognize and prompt you to install the application on your handset.

After the installation is complete, please use the following steps:

Step 1

Start the PC Server application first

Step 2

Start the Mobile Application. On Nokia phones the shortcut is located in Menu/Applications/Collection. The phone will automatically start searching for active devices.

Once both devices are connected you will be able to access the Mobilewitch Bluetooth Remote Control Menu from your phone.

From this menu you will be able to control your mouse cursor, keyboard and the following programs, if installed on your computer: Windows Explorer, Firefox, Window Media Player, Internet Explorer, Winamp and Powerpoint. Please note that each application you would like to control has to be first started from the computer and needs to be Always On Top of your desktop.

Features

- Remotely control Mouse, Keyboard, PowerPoint, Winamp, Windows Media Player and much more
- Get access to your desktop from your phone
- Bluetooth setup free! Simply connect from your phone
- Customize your applications through Keymaps or VB and JScripts
- Supports all PC Bluetooth solutions Toshiba, Windows, BlueSoleil and Widcomm/Broadcom

Continue reading »]]>

Continue reading »]]> All credit goes to Pagal Patrakar from The Faking News

New Delhi. “Have you ever farted loudly in public?” was the question that popped up on his computer screen when Ankit Agarwal was taking CAT 2009 online at the Delhi Business School center here. A shocked and upset Ankit looked around to find equally dumbfounded faces of fellow test takers at the center. A few minutes passed when all of them realized that CAT servers had been hacked.

“I found all the students straining their eyes and looking around with puzzling looks at each other, and I sensed that something was wrong. But I still answered the fart question by choosing the option (b), which was in affirmative, assuming IIMs wanted to test us on some abstruse parameter as MBAs are often accused of creating fart. And to my horror, the next thing on screen was a middle finger, telling me I was a loser. I immediately knew that the servers were hacked.” Ankit recounted his harrowing experience.

Students were shocked to see such images on their computer screen as they took CAT 2009 online

Several centers around the country reported the same problem with the students asked absolutely ridiculous and offensive questions such as “have you ever slept with a potato in your underwear?” and “will you mop up the poop of pet dog of your boss to get promotion?”, all of them ending with a middle finger on the screen when students cared to choose an available option. It was the first day of online CAT (Common Admission Test) for admission to the six (as of today) IIMs and many other well known and lesser known MBA institutes.

“IIMs are known to change the pattern of CAT quite often, therefore many students thought that maybe these questions had some hidden meanings. But we felt like losers once that middle finger appeared on the screen. I talked to many of my friends and all of them feel the same. The questions appeared to have been taken straight out of a show of Sach Ka Saamna.” Chetan Pandit, another CAT test taker shared his experience.

IIMs have called for an emergency meeting this evening to discuss the problem and to nail down the hacker, but the event has already caused huge embarrassment to them. Many students, who otherwise had bunked the online CAT to see movies, were seen demonstrating in front of the centers asking IIMs to go back to paper-and-pen tests. Samajwadi Party activists too joined the protests and broke computers as a symbol of protest.

This unfortunate incident has also caused many test conducting agencies and internet security agencies to pitch for their services to IIMs and ask them to outsource CAT to them. These agencies have also approached Ministry of Human Resource Development with what they termed as ‘lucrative’ proposals.

Meanwhile the students are fuming over the possibility that they will have to take the test again, which is often touted as their ticket to a better life. Most of the students believe, and more importantly want their parents to believe, that they were performing exceptionally well at the test before the hackers struck and denied them an opportunity to change their lives.

Continue reading »]]> CRPCC Team

30 Nov 2009

The Common Admission Test (CAT) examination, administrated for admission to seven prestigious Indian Institutes of Management (IIMs) and 150 more management institute has been affected by virus attack, as per the contractor and IIMB director, which continued for the third day today.

This year for the first time, CAT is being conducted online throughout India at 104 centers for about 2,41,000 aspirants for about 2500 seats at seven IIMs. The exam was spread over 10 day from 28 November to 07 December 2009. The trouble started at the start of exam on day 1 and continued for the third day today.

First it was stated as server crash, but later the blame was put on a virus. But the details of virus are not disclosed. This give rise to speculation that the virus may be only an excuse.

The so-called virus has affected only at 24 centers distressing about 15% of candidates. Neither IIM directors nor CAT committee nor the contractor Prometric, an US based company and it’s Indian associate NIIT are disclosing any further details.

“This shows the total unprofessional approach by all concerned, where there is either no or not adequate planning, execution, dry run, mock test, stress testing, back-up plan existed”, said Rakesh Goyal, Director General of CRPCC and MD of Sysman Computers Private Limited, a leading IT Security firm.

The launch of the online CAT meant delivery of exams at more than 360 testing laboratories in 104 centres. “It is an ambitious project, but well within the means and experience of Prometric,” Prometric said.

The laboratories closed on Sunday include 11 in Bangalore, eight in Bhopal, six each in Lucknow and Mumbai, five in Delhi, four in Ghaziabad, two each in Varanasi and Hyderabad and one each in Bhubaneswar, Chandigarh, Nagpur, Kolkata and Coimbatore.

Agitated students and their parents are concerned about their future and the mental agony bourn by them.

Continue reading »]]> Fraudsters collaborating on software to steal bank details

By Nick Heath

18 September 2009

http://software.silicon.com/security/0,39024655,39525925,00.htm

Malware developers are going open source in an effort to make their malicious software more useful to fraudsters.

By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans.

According to Candid Wüest, threat researcher with security firm Symantec, around 10 per cent of the Trojan market is now open source.

The move to an open source business model is allowing criminals to add extra features to their malware.

“The advantages are that you have more people involved in developing it, so someone who is into cryptography could add a cryptographic plug-in or somebody who does video streaming could add remote streaming of the desktop,” Wüest said.

Releasing Trojans as open source dates back to 1999, when the Cult of the Dead Cow group released the source code for its Trojan called Back Orifice.

More recently, the developers of the Limbo Trojan published its source code in an effort to boost take-up following a slump in its use by fraudsters.

Following its release in 2007, the Limbo Trojan became the most widely used Trojan in the world but fell from favour in 2008 after the more sophisticated Zeus Trojan was released, according to security company RSA.

There is a big cash incentive to be the dominant Trojan, with infected machines and the financial and personal details they capture worth millions of dollars on the black market. The Limbo Trojan kit was previously sold to fraudsters for $350 per time before it went open source, while the Zeus Trojan today sells for between $1,000 to $3,000.

However, head of new technologies at RSA Uri Rivner said the move to become open source had not reversed Limbo’s decline in fortunes.

“It is a move to the same business model as that behind any open source project – to give away a basic version and sell more advanced versions, professional services or customisations.

“At the beginning of it going open source it was big news but people have since stopped investing in it.

“It is not the best Trojan any more but because it’s open source you can try it as your first Trojan and it is still used in some places,” he said.

Limbo’s popularity continues to slump, despite numerous features in the basic version that allow criminals to add extra fields for PIN numbers into fake banking websites and capture the keystrokes and the files saved on an infected computer.

And while open source may not have boosted Limbo’s fortunes, it also brings with it separate problems for the fraudsters: open sourcing code also places it in the hands of security professionals.

“If you make [the Trojan] open source that means that a security company can find the source code and it is easier to make a general heuristic detection for it, as they know what could be in it,” Symantec’s Wüest said.

The majority of Trojan infections occur via driv- by downloads, where the malware is automatically downloaded after browsing an infected website, or messages sent via social networking sites that encourage people to download a Trojan masquerading as a legitimate security update, according to RSA’s Rivner.

These infection methods are proving far more effective at getting Trojans onto machines than earlier techniques such as sending an email with a link to an infected file or attachment.

RSA analysts say these new methods have fuelled an exponential growth in the rate of infection, with the security firm detecting 613 Trojan infections in August 2008 compared to 19,102 in August 2009.

Continue reading »]]> Conficker worm could be ‘weaponized,’ web security researcher warns

November 2, 2009

http://www.mxlogic.com/securitynews/viruses-worms/conficker-worm-could-be-weaponized-web-security-researcher-warns574.cfm

In the year since the inception of the Conficker worm, a malicious strain of virus that has infected computers all over the globe, security researchers have tracked its spread to as many as 7 million machines.

Although internet security researchers at the Conficker Working Group advise that it is impossible to track the exact number of PCs infected by Conficker, the latest estimates put the worm’s spread at around the 7 million mark, a milestone in the making of a huge botnet, according to Computerworld.

Botnets are controlled by hackers, cyber criminals or sometimes governments for the purpose of launching spam, malware and distributed denial-of-service attacks (DDOS), which can overpower website servers with malicious traffic that slows or crashes websites.

As an element of cyber war, DDOS attacks require a large enough botnet to overpower defenses, according to security experts. Andre DiMino, co-founder of The Shadowserver Foundation, said a botnet the size of Conficker could be “weaponized” in a cyber attack.

“This is certainly a botnet that could be weaponized,” DeMino said, according to Computerworld. “When you have a net of this magnitude, the sky’s the limit in terms of what could be done.”

DDOS attacks launched last July shut down government, banking and commercial sites in the U.S. and South Korea. Smaller attacks have hit sites like Twitter, Facebook and news websites.

Continue reading »]]> CRPCC TEAM with inputs from PIB and PTI

October 27, 2009

The Information Technology (Amendment) Act 2008 comes into force from 27 October 2009. The amended act provides for tightening procedures and safeguards for monitoring and interception of data to prevent computer and cyber crimes.

“The IT (Amendment) Act 2008 came into force today,” an official statement said.

Besides monitoring and interception, the amended Act also makes Indian Computer Emergency Response Team (CERT-In), a body created as per the act of parliament. CENRT-In has been provided with wider powers and responsibilities to deals with computer security and various situations arising from cyber attacks.

The IT (Amendment) Act 2008 was passed by both the houses of Parliament on December 22 and 23, 2008. The Act was notified after the assent of President on February 5, 2009.

The amendment and notified rules pertaining to various sections of the act, dealing with Procedure and Safeguards for Interception, Monitoring and Decryption of Information, Blocking Access of Information by Public and Monitoring and Collecting Traffic Data.

The Information Technology Act was enacted in 2000 with a view to provide legal recognition to e-commerce and e-transactions, to facilitate e-governance and prevent computer-based crimes.

However, the rapid increase in the use of internet has led to a spate in crime like child pornography, cyber terrorism, publishing sexually explicit content in electronic form and video voyeurism. So, penal provisions were required to be included in the Information Technology Act, 2000.

For more details – http://pib.nic.in/release/release.asp?relid=53617

Continue reading »]]> There are chances of somebody access to your Gmail or Google Account without prior notice sent to acknowledge you.

If you’ve recently login Gmail with a public computer at cyber cafe or a Internet-enabled system that is not administrated by you (e.g. office Desktop/Laptop that you don’t have root access privilege), remember to keep an eye at your Gmail account activities.

It doesn’t matter you’re login Gmail with HTTPS connection or Remote Desktopback to your secured system at home/office, a software keylogger running as service or hardware keylogger chip seated inside Desktop keyboard can easily recording all keystrokes pressed or capturing screen when you about to copy and paste the password in login form.

After your Google Account is hacked by keylogger, they are not likely to change your password for fun. Instead, the hackers will like to access your Gmail silently for other activities that interest them, e.g. confidential emails, social networks, accounting related login such as online banking, PayPal, eBay auction, etc.

So, how could you tell if someone has accessed your Gmail recently?

Login to your Gmail and look at the bottom of page. There you read a statement similar to this

Last account activity: 48 minutes ago on this computer. Details
(as shown in the screenshot below; highlighted in white):

After your Google Account is hacked by keylogger, they are not likely to change your password for fun. Instead, the hackers will like to access your Gmail silently for other activities that interest them, e.g. confidential emails, social networks, accounting related login such as online banking, PayPal, eBay auction, etc.

^{Gmail account activity may able to tell if you Google Account has been hacked by a keylogger.}

Click the Details hyperlink, a pop-up page will shows you the table of Google Account login details – Access Type, IP Address, and Date/Time when those login took place.

At the bottom of Detail page, there is your current computer IP address that you can take note for next login audit (keep a habit of conducting login audit whenever you login to Gmail):

This computer is using IP address 89.211.85.96.

The IP Address of computer that you normally use to access Gmail is not likely changes (frequently). If it’s an office computer that access to Internet via proxy server, that WAN IP is rather f

Continue reading »]]> There are several occasions when we need to protect some data by making apassword protected, locked and secure folder. But by default, Windows XP allows users to hide their folder by selecting “Hidden Folder” option. Do note that anyone can easily see the hidden folders by unlocking them from Windows XP menu, so if you need to keep a folder really secure by locking it with a strong password, then you should use a freeware called Free Hide Folder.

Free Hide Folder works like a computer security software that can lock and hide your important files and no one will be able to access them. Using this tool you can add password to selected files and folders and make them unreachable from everyone. Now if you don’t want to share any file or folder with anyone, simply lock the folder using Free Hide Folder.

Key Features of Free Hide Folder

1. Hides folder completely with strong password
2. Password protection to access locked folder
3. Lock as many folders as you want, no limit!
4. Simple and easy-to-use user interface
5. Supports Windows 9x/Me/NT/2000/XP/2003/Vista

Continue reading »]]> by Elinor Mills

October 20, 2009

http://news.cnet.com/8301-27080_3-10379115-245.html

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device’s power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy, and counterfeiting.

An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so that the spikes and bumps correlate to specific activity around the cryptography, he said.

An oscilloscope and simple antenna can capture electromagnetic emissions from mobile devices. The large spikes correspond to secret keys used during cryptographic activity.

(Credit: Cryptography Research)

“While the chip performs cryptography it is massaging the secret key around in various ways. This processing causes information about the key to leak through the power consumption itself,” said Jun.

For instance, someone with the proper equipment could steal the cryptographic key from a device three feet away in a cafe in as short a time as a few minutes, he said. An attacker could replicate the key with the information and use it to read a victim’s e-mail or pretend to be the user in sensitive online transactions.

Smartphones and PDAs have been found to leak data unless they have countermeasures in place to protect against it, which Cryptography Research offers, according to Jun.

He would not say exactly which devices could be snooped on in this manner and said he did not know of any attacks in the wild using this method.

“I think we’re about to start seeing it on smartphones,” he said. “These attacks are not theoretical.”

This type of attack first surfaced about 10 years ago on cash register terminals and postage meters. Similar data leakage was found with smartIDs, secure USB tokens, smart cards, and cable boxes, he said.

Countermeasures can involve randomizing to throw noise into the measurements or changing the way the computation is done, Jun said.

Asked to comment on how threatening this type of attack could be, cryptography expert Bruce Schneier said the basic question is who stands to lose?

“Honestly, I don’t care if someone hacks a cable box–it’s not my money. Similarly, I don’t care how often a bank gets robbed as long as the bank doesn’t deduct the losses out of my personal account,” he said in an e-mail. “But if someone hacks my phone and either steals service that I am charged for, or causes me enough hassle to change my phone number, that’s bad.”

Continue reading »]]> http://business.maktoob.com/20090000386986/Saudi_under_attack_from_cyber_criminals/Article.htm

DUBAI – Saudi Arabia tops all Gulf countries in attacks by Internet hackers, UAE daily Emirates Business reported on Thursday, citing software firm Trend Micro.

Of all the recorded cyber attacks in the first nine months of this year in the Gulf, 64 percent were directed at Saudi Arabia and 20 percent at the UAE.

There were 769,698 cases of “compromised systems breakdown” in Saudi Arabia and 248,034 in the UAE, according to Trend Micro data.

Kuwait recorded 94,910, followed by Bahrain at 60,440 and Oman with 37,105 cyber attacks.

Due to high concentration of wealth, Internet security experts put the Gulf at high-risk of cyber threats as criminals try to steal vital data from the public, including information such as bank details and credit card information.

Continue reading »]]> Short for Payment Card Industry (PCI) Data Security Standard (DSS), PCI DSS is a standard that all organizations, including online retailers, must follow when storing, processing and transmitting their customer’s credit card data. The Data Security Standard (DSS) was developed and the standard is maintained by the Payment Card Industry Security Standards Council (PCI SSC).  To be PCI complaint companies must use a firewall between wireless network and their cardholder data environment, use the latest security and authentication such as WPA/WPA2 and also change default settings for wired privacy keys, and use a network intrusion detection system.

The PCI DSS standard, as of September 2009 (DSS v 1.2), includes the following 12 requirements for best security practices:

Build and Maintain a Secure Network

1. Install and maintain a firewall configuration to protect cardholder data

2. Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

3. Protect stored cardholder data

4. Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

5. Use and regularly update anti-virus software

6. Develop and maintain secure systems and applications

Implement Strong Access Control Measures

7. Restrict access to cardholder data by business need-to-know

8. Assign a unique ID to each person with computer access

9. Restrict physical access to cardholder data

Regularly Monitor and Test Networks

10. Track and monitor all access to network resources and cardholder data

11. Regularly test security systems and processes

Maintain an Information Security Policy

12. Maintain a policy that addresses information security

The PCI DSS may also be called PCI compliance or PCI requirements.

Continue reading »]]> With botnets everywhere, DDoS attacks get cheaper

By Robert McMillan ,

IDG News Service,

October 15, 2009

http://www.networkworld.com/news/2009/101509-with-botnets-everywhere-ddos-attacks.html?hpg1=bn

Cyber-crime just doesn’t pay like it used to.

Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics. “The barriers to entry in that marketplace are so low you have people basically flooding the market,” said Jose Nazario, a security researcher with Arbor Networks. “The way you differentiate yourself is on price.”

Criminals have gotten better at hacking into unsuspecting computers and linking them together into so-called botnet networks, which can then be centrally controlled. Botnets are used to send spam, steal passwords, and sometimes to launch DDoS attacks, which flood victims’ servers with unwanted information. Often these networks are rented out as a kind of criminal software-as-a-service to third parties, who are typically recruited in online discussion boards.

DDoS attacks have been used to censor critics, take down rivals, wipe out online competitors and even extort money from legitimate businesses. Earlier this year a highly publicized DDoS attack targeted U.S. and South Korean servers, knocking a number of Web sites offline.

Are botnet operators having to cut costs like other businesses in these troubled economic times? Security researchers don’t know if that’s been a factor, but they do say that the supply of infected machines has been growing. In 2008, Symantec’s Internet sensors counted an average of 75,158 active bot-infected computers per day, a 31 percent jump from the previous year.

DDoS attacks may have cost hundreds or even thousands of dollars per day a few years ago, but in recent months researchers have seen them going for bargain-basement prices.

Nazario has seen DDoS attacks offered in the US$100-per-day range, but according to SecureWorks Security Researcher Kevin Stevens, prices have dropped to $30 to $50 on some Russian forums.

And DDoS attacks aren’t the only thing getting cheaper. Stevens says the cost of stolen credit card numbers and other kinds of identity information has dropped too. “Prices are dropping on almost everything,” he said.

While $100 per day might cover a garden-variety 100MB/second to 400MB/second attack, it might also procure something much weaker, depending on the seller. “There’s a lot of crap out there where you don’t really know what you’re getting,” said Zulfikar Ramzan, a technical director with Symantec Security Response. “Even though we are seeing some lower prices, it doesn’t mean that you’re going to get the same quality of goods.”

In general, prices for access to botnet computers have dropped dramatically since 2007, he said. But with the influx of generic and often untrustworthy services, players at the high end can now charge more, Ramzan said.

Continue reading »]]> This post is one of a series devoted to online security.

Millions of people have gotten “urgent” emails asking them to take immediate action to prevent some impending disaster. “Our bank has a new security system. Update your information now or you won’t be able to access your account,” or “We couldn’t verify your information; click here to update your account.” Sometimes the email claims that something awful will happen to the sender (or a third party), as in “The sum of $30,000,000 is going to go to the Government unless you help me transfer it to your bank account.”

People who click on the links in these emails may see a web page that looks like a legitimate site they’ve visited before. Because the page looks familiar, these people enter their username, password, or other private information on the site. What they’ve actually done is given an unknown third party all the information needed to hijack their account, steal their money, or open up new lines of credit in their name. They just fell for a phishing attack.

The concept behind such an attack is pretty simple: Someone masquerades as someone else in an effort to fool you into sharing personal or other sensitive information with them. Phishers can masquerade as just about anyone, including banks, email and application providers, online merchants, online payment services, and even governments. And while some of these attacks are crude and easy to spot, many of them are sophisticated and well constructed. That fake email from “your bank” can look very real; the bogus “login page” you’re redirected to can seem completely legitimate.

The good news is there are things you can do to steer clear of phishing attacks:

• Be careful about responding to emails that ask you for sensitive information.You should be wary of clicking on links in emails or responding to emails that are asking for things like account numbers, user names and passwords, or other personal information such as social security numbers. Most legitimate businesses will never ask for this information via email. Google doesn’t.

• Go to the site yourself, rather than clicking on links in suspicious emails. If you receive a communication asking for sensitive information but think it could be legitimate, open a new browser window and go to the organization’s website as you normally would (for instance, by using a bookmark or by typing out the address of the organization’s website). This will improve the chances that you’re dealing with the organization’s website rather than with a phisher’s website, and if there’s actually something you need to do, there will usually be a notification on the site. Also, if you’re not sure about a request you’ve received, don’t be afraid to contact the organization directly to ask. It takes just a few minutes to go to the organization’s website, find an email address or phone number for customer support, and reach out to confirm whether the request is legitimate.

• If you’re on a site that’s asking you to enter sensitive information, check for signs of anything suspicious. If you’re on a site that’s asking for sensitive information — no matter how you got there — check for the signs that it’s really the official website for the organization. For example, check the URL to make sure the page is actually part of the organization’s website, and not a fraudulent page on a different domain (such as mybankk.com or g00gle.com.) If you’re on a page that should be secured (like one asking you to enter in your credit card information) look for “https” at the beginning of the URL and the padlock icon in the browser. (In Firefox and Internet Explorer 6, the padlock appears in the bottom right-hand corner, while in Internet Explorer 7 the padlock appears on the right-hand side of the address bar.) These signs aren’t infallible, but they’re a good place to start.

• Be wary of the “fabulous offers” and “fantastic prizes” that you’ll sometimes come across on the web. If something seems too good to be true, it probably is, and it could be a phisher trying to steal your information. Whenever you come across an offer online that requires you to share personal or other sensitive information to take advantage of it, be sure to ask lots of questions and check the site asking for your information for signs of anything suspicious.

• Use a browser that has a phishing filter. The latest versions of most browsers — including Firefox, Internet Explorer, and Opera — include phishing filters that can help you spot potential phishing attacks.

All fairly simple, right? What it all comes down to is if someone asks you to share personal or other sensitive information online, take a moment to think through the request carefully. Doing so will help you stay safe online, and help us all put phishers out of business.

Continue reading »]]> Phishing, a topic that’s been in the news, is unfortunately a common way for hackers to trick you into sharing personal information like your account password. If you suspect you’ve been a victim of a phishing attack, we recommend you immediately change your password, update the security question and secondary address on your account, and make sure you’re using a modern browser with anti-phishing protection turned on.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can’t keep you from being scammed, but setting one that’s memorable for you and that’s hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we’ve seen in the past and suggestions for making your passwords stronger.

Problem 1: Re-using passwords across websites
With a constantly growing list of services that require a password (email, online banking, social networking, and shopping websites — just to name a few), it’s no wonder that many people simply use the same password across a variety of accounts. This is risky: if someone figures out your password for one service, that person could potentially gain access to your private email, address information, and even your money.

Solution 1: Use unique passwords
It’s a good idea to use unique passwords for your accounts, expecially important accounts like email and online banking. When you create a password for a site, you might think of a phrase you associate with the site and use an abbreviation or variation of that phrase as your password — just don’t use the actual words of the site. If it’s a long phrase, you can take the first letter of each word. To make this word or phrase more secure, try making some letters uppercase, and swap out some letters with numbers or symbols. As an example, the phrase for your banking website could be “How much money do I have?” and the password could be “#m$d1H4ve?” (Note: since we’re using them here, please don’t adopt any of the example passwords in this post for yourself.)

Problem 2: Using common passwords or words found in the dictionary
Common passwords include simple words or phrases like “password” or “letmein,” keyboard patterns such as “qwerty” or “qazwsx,” or sequential patterns such as “abcd1234.” Using a simple password or any word you can find in the dictionary makes it easier for a would-be hijacker to gain access to your personal information.

Solution 2: Use a password with a mix of letters, numbers, and symbols
There are only 26^8 possible permutations for an 8-character password that uses just lowercase letters, while there are 94^8 possible permutations for an 8-character password that uses a combination of mixed-case letters, numbers, and symbols. That’s over 6 quadrillion more possible variations for a mixed password, which makes it that much harder for anyone to guess or crack.

Solution 3: Create a password that’s hard for others to guess
Choose a combination of letters, numbers, or symbols to create a unique password that’s unrelated to your personal information. Or, select a random word or phrase, and insert letters and numbers into the beginning, middle, and end to make it extra difficult to guess (such as “sPo0kyh@ll0w3En”).

Problem 4: Writing down your password and storing it in an unsecured place
Some of us have enough online accounts that we may need to write our passwords down somewhere, at least until we’ve learned them well.

Solution 4: Keep your password reminders in a secret place that isn’t easily visible
Don’t leave notes with your passwords to various sites on your computer or desk. People who walk by can easily steal this information and use it to compromise your account. Also, if you decide to save your passwords in a file on your computer, create a unique name for the file so people don’t know what’s inside. Avoid naming the file “my passwords” or something else obvious.

Problem 5: Recalling your password
When choosing smart passwords like these, it can often be more difficult to remember your password when you try to sign in to a site you haven’t visited in a while. To get around this problem, many websites will offer you the option to either send a password-reset link to your email address or answer a security question.

Solution 5: Make sure your password recovery options are up-to-date and secure
You should always make sure you have an up-to-date email address on file for each account you have, so that if you need to send a password reset email it goes to the right place.

Many websites will ask you to choose a question to verify your identity if you ever forget your password. If you’re able to create your own question, try to come up with a question that has an answer only you would know. The answer shouldn’t be something that someone can guess by scanning information you’ve posted online in social networking profiles, blogs, and other places.

If you’re asked to choose a question from a list of options, such as the city where you were born, you should be aware that these questions are likely to be less secure. Try to find a way to make your answer unique — you can do this by using some of the tips above, or by creating a convention where you always add a symbol after the 2nd character in the answer (e.g. in@dianapolis) — so that even if someone guesses the answer, they won’t know how to enter it properly.

Continue reading »]]> http://www.computerweekly.com/Articles/2009/09/18/237757/behind-the-times-it-managers-leave-systems-dangerously.htm

IT departments are fighting the security battles of five or 10 years ago, unaware that their IT systems are dangerously exposed to computer hackers.

That was the message from a study published this week by the US security education and research body the Sans Institute and security suppliers Tippingpoint and Qualys.

The study is the first to analyse systemically how cybercriminals are breaking into corporate IT systems. It draws on attack patterns recorded by intrusion detection systems in 6,000 organisations and software vulnerabilities detected in a further 9,000 firms.

Its findings will lead to a widespread reassessment of how companies spend their IT security budget, says Allen Paller, director of research at the Sans Institute.

Fundamental error

The study shows that chief security officers are spending most of their budgets ensuring that the operating systems of their PCs and servers are patched. But many hackers are directing their attacks against vulnerabilities in web applications and common desktop software, bypassing the operating system entirely.

Vulnerabilities in commonly used desktop software programs, including Adobe PDF, QuickTime, Adobe Flash and Microsoft Office, and in web applications accounted for 60% of hacking attacks recorded over the past five months.

“IT departments are still celebrating their success at patching operating systems. They think they are doing great, but they are using the wrong metrics,” says Rob Lee, faculty leader in forensics at the Sans Institute.

The greatest risk to corporate IT systems, comes form hackers exploiting vulnerabilities in popular websites to plant and spread malicious code on a huge scale.

Employees feel safe visiting trusted sites from their work places, but they are easily fooled into opening documents, music and video files that contain malicious code.

Once downloaded, the code exploits vulnerabilities in unpatched applications on their desktops, allowing hackers to plant backdoors that can provide them access to corporate networks.

Spear phishing

Hackers are using another technique known as spear phishing – targeted e-mails containing malware – to exploit the same application vulnerabilities.

Over the past year, the Sans team has responded to 40 major security incidents in businesses and government departments. Two-thirds have been spear phishing attacks.

“We have recently seen financial attackers using spear phishing campaigns against chief financial officers to get them to click on a link. They install a key logger. Once an individual logs into the bank account, the hackers get in and start moving funds,” says Lee.

There are some straightforward measures that business can take to protect themselves, says the Sans Institute.

Small businesses can deploy a separate hardened PC for staff to use for financial transactions online. And for all companies, deploying a web application firewall will help to protect web applications from malicious attacks.

“For the client side, get code patched and get it patched more quickly. The idea that you can patch operating systems in a week is great news. But that is focusing on the attacks of a couple of years ago,” says Ed Skoudis, security consultant at the Internet Storm Centre, which monitors hacking activity.

The other point, he says, is that companies should redouble their efforts to make sure users do not log into their machines with administrator privileges. “That way, if there is some sort of exploit, and the bad guys get a toe hold, it is only with limited privileges,” he says.

SQL injection attacks

SQL injection is the most common technique used by hackers to compromise web applications. The technique can be blocked by careful coding, but the Sans Institute warns that some programmers are creating applications that use SQL injection, leaving their networks open to attack from hackers.

“People writing these applications do not realise that they have put SQL injection in code as a feature. We find a lot of these applications in company networks. Things that people have put together quickly,” says Rohit Dhamankar director of security research at Tippingpoint.

Continue reading »]]> http://www.net-security.org/malware_news.php?id=1108

Websense revealed the findings from its bi-annual research report. Its security labs identified a 233 percent growth in the number of malicious sites in the last six months and 671 percent growth in the number of malicious sites during the last year.

In the first half of 2009, 77 percent of Web sites with malicious code are legitimate sites that have been compromised. This high percentage was maintained over the past six months due in part to widespread attacks including Gumblar, Beladen and Nine Ball which aimed to compromise trusted and known Web properties with massive injection campaigns.

Efforts to self police Web 2.0 properties have been largely ineffective. Websense research shows that community-driven security tools used on sites like YouTube and BlogSpot are 65 percent to 75 percent ineffective in protecting Web users from objectionable content and security risks.

The “dirty” Web is getting dirtier: 69 percent of all Web pages with content classified as objectionable also had at least one malicious link. This is becoming even more pervasive, as 78 percent of new Web pages discovered in the first half of 2009 with objectionable content had at least one malicious link.

The Web continues to be the most popular vector for data-stealing attacks. In the first half of 2009, 57 percent of data-stealing attacks are conducted over the Web. 37 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.

The convergence of blended Web and email threats continues to increase. Websense reports that 85.6 percent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious Web sites. In June alone, the total number of emails detected as containing viruses increased 600 percent over the previous month.

Continue reading »]]> We all have lots of Internet passwords and about half of them are not difficult to guess. Just take a look at the “500 worst passwords of all time.”

A strong password should be two things: easily recalled by its owner and difficult to guess by someone who doesn’t know it. So even non-hackers can guess a few on the worst list.

“123456? is number one followed by you guessed it, “password.” Some on the list are intriguing. Number 496 is a “mistress” although I don’t know if the owners lean toward kept women or men who wished they had one. Many are profane with a hint of anger and impulsiveness suggesting people don’t want to bother with passwords. Some are plays on words like “letmein.” Number 486 is a seemingly cryptic letter string “abgrtyu” and still made the list.

The list comes from the book “Perfect Password: Selecttion, Protection, Authentication” published in 2005. While the list would appear outdated, it still gets considerable attention because it’s unique.

One out of nine passwords used is on the list and about 50% of passwords are “based on names of a family member, spouse, partner, or a pet,” according to the book’s teaser on Amazon. Just ask Sarah Palin whose email was hacked last September by someone who reset her password using her zipcode, birthdate and where she met her spouse. When asked where she went to high school, the hacker entered  “Wasilla High” and was right. Such is the price of celebrity and people knowing a lot about you.

Passwords are a challenge. Like you, I often want quick access to a site and view the password as an obstacle deserving little attention. However, I can proudly say no password I have ever used is on the worst list.

In a recent discussion with fellow bloggers, one said he keeps passwords only in his head. He never writes them down ANYWHERE. I have far too many for that and lack the photographic mind he must have. He also avoids passwords hints such as a boyhood dog or mother’s maiden name given what happened to Palin.

Another swears by password manager Roboform which can be downloaded for $35. I may try this given good reviews and because I don’t feel secure with my current password strategy if you can call it that. I am constantly looking them up and must have about 30 of them. I also have used meebowith some success as a single logon/password to multiple instant messaging accounts. I tried something called a secure login named vidoop, but it was too good: it didn’t let me into anything.

There’s plenty of advice on how to create a good password such as Microsoft’s six-steps to creating “a strong, memorable password. Some of the advice is obvious, but worth repeating.

– Use a mix of symbols, characters and numbers. Use spaces if allowed.

– If you can’t use symbols, double the number of characters.

– Think of a memorable sentence and take the first letter of each word and combine into a password.

– Use a password checker to test its strength.

Continue reading »]]> SYDNEY: Who says you can’t buy friends? An Australian online marketing company is selling friends and fans to Facebook members after offering a
similar service to Twitter users.

Advertising, marketing and promoting company uSocial (usocial.net) said it was targeting social networking sites because of their huge advertising potential.

“Facebook is an extremely effective marketing tool,” Leon Hill, uSocial CEO, said in a statement.

“The simple fact is that with a large following on Facebook, you have an instant and targeted group of people you can contact and promote whatever it is you want to promote,” he added.

“The only problem is that it can be extremely difficult to achieve such a following, which is where we come in.

The company offers packages for Facebook, the world’s number one social networking site, that start at 1,000 friends up to 10,000 friends at costs ranging from $177 to $1,167.

Facebook is now the world’s fourth-most visited website.

The company, which counts venture capitalist Peter Thiel, Accel Partners, Microsoft Corp and Russian Internet investment firm Digital Sky Technologies among its investors, has more than 250 million registered users.

But uSocial’s packages are not without controversy. According to some Australian websites, Twitter tried to shut uSocial down, accusing it of spamming members, while the Los Angeles Times reported that Digg.com, a website where people vote for their top news stories or websites, has also tried to shut down uSocial because it sells votes.

Continue reading »]]> According to German media reports, a popular computer magazine is on sale in the country containing a copy of the W32/Induc-A Delphi virus on its free cover CD ROM.

According to German media reports, a popular computer magazine is on sale in the country containing a copy of the W32/Induc-A Delphi virus on its free cover CD ROM.

The 18/2009 edition of ComputerBild, one of Germany’s biggest computer magazines with an estimated readership of over 4 million people, carries an infected copy of TidyFavorites 4.1, a tool used to help you organise your browser’s list of favourite websites, on its cover CD.

Springer-Verlag, the publishers of ComputerBild, have reportedly contacted independent experts at AV-Test.org who have confirmed the infection.

ComputerBild has published a statement to its readers (in German), warning of the infection and providing a link to a clean, uninfected version of the program.

The good news is that W32/Induc-A appears to be a proof-of-concept virus and has no malicious payload other than spreading – nevertheless, no-one wants unauthorised hacker’s code running on their computer.

Continue reading »]]> Indian Space Research Organisation (ISRO) has launched Bhuvan, an Indian equivalent of Google Earth on August 12.‘Bhuvan’ means ‘Earth’ in Sanskrit. The launch of Bhuvan coincides with the 90th birth day of Vikram Ambalal Sarabhai, the great visionary of Indian space program. The beta version of Bhuvan was launched by Minister for Science and Technology and Earth Sciences, Shri Prithviraj Chavan in New Delhi at a function organized by Astronautical Society of India.
Some interesting features of Bhuvan are:

• A free web based geoportal with medium to high resolution Indian Remote Sensing (IRS) satellite imagery superimposed over entire India on 3D globe.
• Bhuvan Plug-in is needed to use the application and the same can be downloaded from the Bhuvan website.
• Bandwidth-friendly.
• Following data is available on Bhuvan.
  • Satellite imagery (LISS III , LISS IV along with metadata and Multi- temporal Data from OCM & AWiFS).
  • Value added information (NADAMS – National Agricultural Drought Monitoring System), Output of flood studies for certain areas.
  • Thematic information (Wastelands,Soils,watershed,water resources related maps).
  • Base layers (administrative boundaries,transport layers,water bodies, etc).
  • Census information.
  • Metadata.
• Limitations:
  • To download plug in, registration is necessary.
  • Does not display data in real-time.
  • In the current version, adding personalized data is not possible.
  • Runs only on windows system and is optimized for IE 6 or higher.

View an interesting video clip: ISRO launches ‘Bhuvan’ desi version of Google Earth

Read more from Press Information Bureau.

For more details, log on to Bhuvan.

Continue reading »]]> I did not want to send emails from another address using GMail as it always goes to the other person saying “on behalf of”. I am pretty sure you might had the same problem. Most of the cases you do not want to give out all your email addresses to everyone. For example why should you give your personal email for work related problem.

Continue reading »]]> BlackBerry customers revolt after spyware scandal

If your customers think that you tried to spy on them, that’s not going to be good for business.

23 July 2009

http://www.sophos.com/blogs/gc/g/2009/07/23/blackberry-customers-revolt-after-spyware-scandal/

That’s the message that’s presumably being heard loud-and-clear by telecoms company Etisalat, which has found itself in the middle of a storm of negative headlines after it was revealed that an update it sent to BlackBerry users in the United Arab Emirates, which claimed to improve performance of the mobile device, was actually spying on them.

RIM, makers of the Blackberry smartphone beloved by businesspeople around the world, say that the spyware update sent out by Etisalat actually worsened battery life and reception, and (most worryingly) was designed to “to send received messages back to a central server.”

Potentially, the patch gave Etisalat the ability to read any emails and text messages sent from their customers’ BlackBerry devices.

Now, an online survey conducted by the Arabian Business website reveals that more than 50% of Etisalat’s BlackBerry customers are planning to ditch the UAE telecoms provider in the wake of the spyware. It’s hard not to feel sympathetic with those aggrieved customers. After all, as Erin Andrews just demonstrated, no-one likes to be watched without their knowledge.

Curiously, the offending patch appears to have been written by a US-based company called SS8, who develop electronic surveillance solutions for intelligence agencies.

Quite why Etisalat may have wanted to distribute a spyware update to monitor its customers is still unclear. So far they have declined to comment on the claims of spyware, restricting their public comment on the matter to the following statement:

Etisalat today confirmed that a conflict in the settings in some BlackBerry devices has led to a slight technical fault while upgrading the software of these devices.

This has resulted in reduced battery life in a very limited number of devices. Etisalat has received approximately 300 complaints to date, out of its total customer base which exceeds 145,000.

These upgrades were required for service enhancements particularly for issues identified related to the handover between 2G to 3G network coverage areas.

Customers who have been affected are advised to call 101 where they will be given instructions on how to restore their handset to its original state. This will resolve the issue completely.

RIM has published an update which removes the application from affected BlackBerry smartphones.

Continue reading »]]> A conference presentation would have exposed flaws in some cash machines.

By Robert Lemos

July 08, 2009

http://www.technologyreview.com/computing/22966/

Barnaby Jack, a security researcher at the computer networking giant Juniper, had planned to hack into an automatic teller machine (ATM) live onstage at the Black Hat Security Conference in Las Vegas later this month. But his presentation, designed to demonstrate the insecurity of various ATMs, attracted the attention of the financial industry as well as security professionals, and under pressure from ATM manufacturers, Juniper canceled the presentation last week, citing concerns that the vulnerabilities involved had still not been fixed.

“The vulnerability Barnaby was to discuss has far reaching consequences, not only to the affected ATM vendor, but to other ATM vendors and–ultimately–the public,” wrote Brendan Lewis, director of corporate social media relations for Juniper in a statement posted to the company’s official blog last week. “To publicly disclose the research findings before the affected vendor could properly mitigate the exposure would have potentially placed their customers at risk. That is something we don’t want to see happen.”

The presentation would have focused on exploiting vulnerabilities in devices running the Windows CE operating system, including some ATMs, according to a source familiar with the details. While the presentation was canceled to allow manufacturers more time to fix the vulnerabilities, Juniper had originally notified the company almost eight months ago, says the source, who asked not to be named.

Other security experts are not surprised that the vulnerabilities are there to find. Significant flaws in cash machines and ATM networks are plentiful, says Nicholas Percoco, senior vice president of TrustWave, an information security and compliance firm that has assessed the security of point-of-sale terminals, kiosks, and ATM networks. “It is very, very rare that a device comes to our labs–in fact, I don’t think that it has happened–that we don’t find a vulnerability,” Percoco says.

Continue reading »]]> After months of speculation, Airtel brings to India an Android-based phone, the HTC Magic. The phone is among the 3 Android-based to be launched this year. HTC Magic was first showcased at the Mobile World Congress in February this year.

About Android Platform

Android is the Open Handset Alliance’s mobile software platform. The Android platform opens up the opportunity for customers to customize their device with multiple mobile applications.

HTC Magic

The HTC Magic offers a 3.2-inch TFT-LCD flat touch-sensitive screen with a 3.2 mega-pixel camera, Trackball with Enter button. It comes with a Smart Dialler and a an on-screen keyboard.

The phone weighs 116 grams and measures 4.45 x 2.19 x 0.54 inches.

What’s Airtel Offering with HTC Magic

- Utility based applications such as Portfolio Manager, Hello Tune Manager, Weather Channel, Mobshare, In-mobile search and City Search

- Airtel customers to get free data download of 100 MB per month for 6 months

Continue reading »]]> Q: How do you make the world stop buying so many netbooks?

A: Stop calling them netbooks.

That’s the bizarre advice from Microsoft, suggested by one corporate overlord at this week’s Computex trade show in Taipei.

His beef? The term “netbook” implies a notebook that is useful only for surfing the net, but since today’s mini-notebooks do so much more than just that, the term should be retired.

His suggestion for replacing the term? The exquisitely Microsoftian “low cost small notebook PC.”

Semantics in this space are getting increasingly complicated, though whether you call them netbooks, mini-notebooks, smartbooks, or, ahem, low cost small notebook PC, most of these machines do pretty much the same stuff. (The only real difference in this group is the smartbook, a term which is now being used to describe a notebook-type machine that runs a smart phone operating system like Android or, someday, the iPhone OS.)

But Microsoft is doing everything in its power to move the market away from $400 netbooks and toward $1000-plus traditional laptops. Windows 7 Starter Edition, the egregiously stripped-down version of the company’s upcoming OS, will be so severely hamstrung that Microsoft has offered the stated goal of encouraging users to upgrade to a more premium version of Windows 7.

The etymological approach is another step in that direction, I suppose, a subtle jab that your computer isn’t powerful enough. The term “netbook” sounds kinda cool. “Low cost small notebook PC” sounds like something designed for a child.

As with many of Microsoft’s great ideas, my hunch is that manufacturers will nod enthusiastically at the suggestion… and summarily ignore it.

Viva la netbook!

Continue reading »]]> Being part of a botnet is no fun. Your computer becomes your worst enemy, watching everything you do, collecting all of your secrets, and then delivering all that data to the bot-herder; the person who originated the network. But what does it really mean to be part of a botnet, and is there anything that can you do about it?

According to a report from The Associated Press, Internet security company Prevx recently discovered a Web site that was being used as a storage facility for data stolen from 160K infected computers, and the discovery offers an interesting case study.

The storage site was hosted in the Ukraine and its contents showed that the botnet was harvesting data. Information found included passwords, social security numbers, credit card numbers, addresses, telephone numbers and other personal information; quite a treasure chest if you’re into identity theft.

“One Southern California 22-year-old could be seen registering a domain name with 
GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals’ hands, though it’s unclear what, if anything, criminals have done with the information yet,” the AP notes.

But it wasn’t just individuals that were targeted. According to the article, both government and bank sites had also been compromised. The Associated Press contacted one bank customer whose Social Security number and other personal details were compromised during the attack, only to learn that he hadn’t been notified by the bank.

Continue reading »]]> Nowadays, there is a new problem that is cropping up in almost all schools,colleges, hostels etc. where the malicious Autorun Virus is Creating Havoc by spreading to Laptops and PC through USB Drives etc.

How to Stop the Autorun PC Virus Infection ?

The free Panda USB Vaccine allows users to vaccinate their PCs in order to disable Autorun completely so that no program from any USB/CD/DVD drive (regardless of whether they have been previously vaccinated or not) can auto-execute. This is a really helpful feature as there is no user friendly and easy way of completely disabling Autorun on a Windows PC.

Panda USB Vaccine is a 100% free utility. Its tested under Windows 2000 SP4, Windows XP SP1-SP3, and Windows Vista SP0 and SP1.

Download

Continue reading »]]> Wolfram Alpha, a new “Computational Knowledge Engine” developed by British physicist Stephen Wolfram, is all set to revolutionize search with its amazing/innovative ability to give answers to your questions directly – instead of directing you to sources where you “might” get the required information.

The software is still in its initial days of existence and will be available for use later this month. Already touted to be a Google Killer – which most probably it won’t be, the Wolfram Alpha has managed to rake up considerable storm even before its launch. It was showcased earlier this week at Harvard University. Many experts consider this to become the “Internet’s Holy Grail” once fully operational. It will be able to understand and respond to ordinary queries and give answers to queries in ordinary language, similar to how a person would respond when queries. To give you an idea of what this is capable of, let us take a few examples. Suppose you want to compare the height of the Empire State Building with the length of the Golden Gate Bridge, all you need to do is to type in your query and wait for the software to calculate your results derived from various sources. Once the search is over, you will not only get a detailed answer to your query but also a lot of other related information that might be of interest to you.

Many experts believe this to be a part of the natural evolution of the internet. Additionally, the results that you receive are assessed by experts and are made available only after a thorough verification. This is unlike Wikipedia, which thrives on user-generated content. Wolfram Alpha is incidentally based on Stephen Wolfram’s Mathematica software, a standard tool for scientists, engineers and academics for crunching complex maths. 

You can learn more about Wolfram Alpha here.

Continue reading »]]> Amazing image quality and superb features will keep shutterbugs happy

Camera phones have come a long way since their inception. What once were devices meant to take candid pictures without much thought given to their quality, have now turned into serious tools for photography. We now have mobile phones with advanced technologies like autofocus, optical zoom, face detection, smile detection and, of late, some camera phones have even had blink detection. Even video recording standards have gone up and we now have mobile phones that can record videos in HD resolution.

Now that summer is here and many of us are planning to take a vacation, we would need something that is small enough to be carried around everywhere without compromising on picture quality. You can buy one of those compact digital cameras but why carry two devices when you can have both in one?

 So here’s a compilation of the top camera phones that you can buy. These are camera phones we have tested and know that they would provide you with the best picture quality in that price range. So when you come back from your vacation, you can have high quality photos that you could cherish forever.

Sony Ericsson K810i

 
 Easily one of the best camera phones that the Swedish company made; the K810i still rocks even after two years of being in existence. The K810 has wonderful picture quality, which is complemented by the awesome xenon flash that makes it a great tool for photographing in the dark. Colors are natural and exact, which will definitely please the purists. Macros, which have always been a forte of Sony Ericsson phones, are delivered with aplomb.

 The 3.2 megapixel resolution might not seem much, but for all practical purposes it is more than enough for a mobile phone. You also get a convenient lens cover, which will start the camera when slid open and protect the lens when closed. Only major flaw that I can point out is the low resolution video recording. But apart from that this phone lives up to the Cyber-shot brand name, and at Rs. 10,000, you cannot get a better camera phone.

Motorola ZINE ZN5

 Motorola shied away from camera phones for a long time, conveniently ignoring it and equipping its phones with the same old boring 2 Megapixel camera. But then they finally thought enough was enough and decided to make an entry into the camera phone market. And what a device they chose to make that entry! The picture quality rocked and even taught long time camera phone makers Sony Ericsson and Nokia a thing or two about making camera phones. Motorola partnered with Kodak for the software part but the hardware is their own.

The 5 megapixel sensor captures superb details, but what really impresses are the lush warm colors that bring the images to life. At night the brilliant xenon flash comes to the rescue and the lens cover protects the lens from scratches and dust. Video recording, however, is once again a weak point for the ZN5. Priced at Rs. 15,800 the ZN5 is terrific value for money and a superb camera phone.

Nokia N82

 Nokia’s best camera phone; the N82 has almost everything that a camera phone should have. A 5 megapixel sensor, renowned Carl Zeiss optics, autofocus, xenon flash and a lens cover. All you could have wished for is optical zoom. The N82 produces some fantastic pictures that will at times make you wonder whether it really came out of a mobile phone. Little wonder that it is the most popular camera phone today and the Internet is littered with pictures by N82 photographers.

But what really seals the deal in N82′s favor is the superb 640 x 480 (VGA) resolution video recording at 30 FPS. The videos not only look great on the phone but also on the PC screen. What’s more, the phone can also use the built-in GPS receiver to Geo-tag the images, so you know exactly where you have taken them. Priced at Rs. 18,800, the N82 is the best camera phone that you can find under Rs. 25,000.

Sony Ericsson C905

We often stress that camera resolution isn’t everything when it comes to digital cameras and that the final picture quality depends on a lot more factors other than the megapixels that it has. Having said that, a higher megapixel count also translates into a more detailed image, so it is always better to have as many megapixels as you can afford.

 The highest resolution that you can have in a mobile phone camera today is 8 megapixels. Sony Ericsson was the first to bring out an 8 megapixel camera phone; the C905. Along with an 8 MP sensor, they have also armed the phone with autofocus and xenon flash along with a nifty LED flash. This works as focus assist as well as a lamp that constantly stays on for video recording in the dark. A well-designed lens cover mechanism protects the lens from damage.

 The quality of the images is really good. The high resolution sensor works its magic in capturing even minute details of the subject. In low-light conditions, the powerful xenon flash can make your images turn out great. The C905 can also Geo-tag its images with the help of the built-in GPS. The only area where you wish its performance was better is video recording, as the C905 still captures videos in QVGA resolution at 30 FPS.

Having said that it would be hard to find a phone with better picture quality, and at Rs. 26,000 the C905 is the pick of the lot.

Samsung INNOV8

Samsung was the first one to actually tease everyone with its absurdly high resolution cameras in mobile phones, long before anyone else did. But those were all prototypes that never saw the light of day, except for the Samsung INNOV8.

 In a bid to have everything but the kitchen sink, Samsung included a superb 8 megapixel camera in the INNOV8. The INNOV8 might lose out to the C905 when it comes to having a xenon flash on board, but it more than makes up by having better picture quality during daytime with more details and warmer colors.

 What’s more, the INNOV8 is also capable of recording videos in VGA resolution at 30 FPS, something the C905 cannot do. It also has a massive 16 GB built-in memory with option to expand it further, so you’ll never have to worry about running out of space for your favorite photos and videos. Priced at Rs. 37,000, the INNOV8 is a bit too expensive, but that’s more because of the overall package that it offers than just camera performance. Along with the C905, it is one of the best camera phones that you can buy.

Continue reading »]]>

HCL Notebook with 8GB RAM, 500GB Hard Drive

 

The newly launched HCL Leaptop Z39

 

For those who cannot afford an Apple MacBook Pro, and its substitute is an option, India-based HCL has a solution. The company has launched a powerful notebook, the HCL Leaptop Z39.

If a powerful notebook is what you’re looking for, Z39′s configuration should get your attention. The notebook comes with a 14.1-inch screen, packs an Intel Core 2 Duo processor, 8GB RAM, 500GB of hard disk space, and a battery backup of about 4 hours.

 

Further, the company says that it has built this machine keeping Indian conditions in mind. The Z39 features a technology called the Advanced Thermal Engineering (ATE) which helps maintain the temperature of the notebook. At any point of time while using this notebook, ATE ensures that the surface temperature on the keyboard and the left and right palm does not exceed more than 6 degrees than the ambience temperature.

The HCL Leaptop is available for Rs. 59, 990. It comes with a lifetime 24×7 telephonic support in 11, regional languages across India

Continue reading »]]>

3M has thrown its hat (albeit a little late) into the mobile projector ring with the likes of Texas Instruments and Microvision with a new ultra-compact, LED-illuminated projection engine that can project a 40-inch or larger image at VGA resolution. The device is intended to be integrated into a wide array of mobile technologies—and cellphones are undoubtedly at the top of that list. Fortunately, we won’t have to wait too long for the technology to arrive. The device is already available and 3M is planning on partnering with various electronics manufacturers to release products in early 2008.-GIZMODO [Press Release]

Wow, I believe this would be the smallest projector

Continue reading »]]>  

Data Hand Keyboard

If you feel pain while typing with the traditional keyboard, try this keyboard. Well, I am having pain in my brain thinking this one as a keyboard. I doubt how many of you will be brave enough to get hands on this keyboard.

Flexible Keyboard

This is the coolest keyboard in this list. If you think that this keyboard is only for show, I am apologizing to correct you, this one is a totally functional QWERTY keyboard. When you’re done with it, just fold or roll up and store it to use later.

Customizable Keyboard

If you don’t like the QWERTY keyboards and felt that your own set of keys would be the best option, here is a chance for you. This keyboard is a fully customizable one. Place the keys where you want and this DX1 system will set it for you.
Source

Virtual Laser Keyboard

This is a device which will make anything a keyboard. Confused? Actually, this small cellphone shaped device will project a keyboard layout in your preferred area such as your desktop using laser and as you type on the virtual keyboard, it will sense your fingers motion and send data accordingly. I feel that those gesture directed computer as seen in Minority Report is not very far away.
Source

Safe Type Ergonomics Keyboard

They say that this keyboard is very comfortable and smooth but I think this is some kind of a challenge to type using this keyboard.

Maltron 3D Ergonomics Keyboard

It fits the shape of your hands and reduces movement and tension for strain-less typing. However, it may be comfortable but has the looks of those Charles Babbage Computer.

Kinesis Advantage Keyboard

Another freaky design concept Keyboard. The creators spent years perfecting the design and tested it with programmers and medical transcriptionists who use their keyboard a lot more than others.

Goldtouch Adjustable Keyboard

If you ask me, I will say it looks crazy but many hardcore PC users have reported that the split style keyboard which can be tilted to any ideal angle is very much suitable for faster and comfortable typing.

Steampunk keyboard from Germany