Friday, 12 August 2011

Anonymous Logo 150

Can Anonymous Really 'Kill' Facebook?

Why You Can't DDoS a Facebook
"Whether [Operation Facebook] is even a credible threat is one question," Wisniewski said. "The other question is, if it is a credible threat, do they have the resources to take down a Facebook? And the answer to that, certainly through DDoS, is that it's very unlikely. Amazon, Microsoft, Google, Facebook, these guys have globally distributed, massively redundant resources available to them."
Such websites "will either have that spare capacity themselves" to handle even a massive DDoS attack without going offline, he added, "or have relationships with the back haul carriers to get it if they need it."
One intriguing development, however, is Anonymous' recent announcement that the collective plans to retire its "Low Orbit Ion Cannon" DDoS tool in favor of a new, more sophisticated tool called RefRef that supposedly uses an SQL exploit to conduct website take-downs.
The Low Orbit Ion Cannon, or LOIC, is essentially a voluntary botnet that leverages the power of a large amount of "infected" PCs belonging to Anonymous members to launch massive DDoS attacks against targeted sites.
The LOIC's replacement could "have an enormous impact," according to Wisniewski, "if they're not full of crap."
"To begin with, LOIC is the least sophisticated possible thing you can do," the Sophos security adviser said. "Without taking [RefRef] apart, it's really difficult to know what it does. But what they're saying [with the new tool] is that there is a weakness or a flaw in a lot of websites that, by sending a specially crafted Web request, you can cache some Java Script on the Web server itself, and get the Web server to do the DoS'ing [of its own website] for you."
Another security firm, Imperva, may well have identified the RefRef tool in an analysis of the methods used by LulzSec to pull of their nearly two-month spree of high-profile Internet attacks.
Imperva found that the group turned a relatively little known intrusion tool called an RFI attack into a new way to conduct a DDoS attack.
"In other words, LulzSec used an often overlooked vulnerability to help ambush their targets," Imperva director of security strategy Rob Rachwald told PCMag in June. "An RFI attack inserts some nasty code into a Web application server. What does the code do? Usually, RFI is used to take over the Web application and steal data. In the case of LulzSec, they used it to conduct DDoS attacks."
But even if RefRef turns out to be a better tool than the LOIC, it's not likely to work with Facebook, Wisniewski said.
"From the standpoint of Facebook, a RefRef attack shouldn't be possible as very little SQL is in use at Facebook and what is in use is heavily abstracted from the internet."
Another possibility, of course, is that the Anons running Operation Facebook aren't planning a DDoS attack at all. In addition to website shutdowns, the hacking collective has also pulled off or had a hand in network intrusions, some showcasing fairly clever attack vectors, according to Imperva.
Perhaps Operation Facebook has less to do with simply taking the site offline than everybody thinks.

Thursday, 11 August 2011

Era of the PC 'coming to a close'

IBM 5150, IBM The IBM 5150 set the standard and the basic look of the personal computer

Related Stories

PCs are going the way of typewriters, vinyl records and vacuum tubes, one of the engineers who worked on the original machine has said.
The claim was made in a blog post commemorating 30 years since the launch of the first IBM personal computer.
No longer, said Dr Mark Dean, are PCs the leading edge of computing.
No single device has taken the PC's place, he said, instead it has been replaced by the socially-mediated innovation it has fostered.
While IBM was not the first to produce a personal computer, the launch of the 5150 on 12 August 1981 established standards and a design around which many desktop machines have since been built.
'Powerful impact' "When I helped design the PC, I didn't think I'd live long enough to witness its decline," wrote Dr Dean, an IBM engineer who worked on the development of the 5150 and owns three of the nine patents for it.
He revealed that he had already moved into the post-PC era as his primary computer was now a tablet.
Dr Dean does not deny that PCs will still be "much used" in the future but are no longer the force for innovation they once were.
Instead, he said, it was the interaction they enable that was driving efficiencies in the workplace and changes in society.
"It's becoming clear that innovation flourishes best not on devices but in the social spaces between them, where people and ideas meet and interact," he wrote.
He added: "It is there that computing can have the most powerful impact on economy, society and people's lives."
Microsoft also marked the anniversary of the unveiling of the 5150 with a blog considering the changes it had brought about.
Instead of talking about a post-PC era, Microsoft's Frank Shaw said the near future should be regarded as a PC-plus era given that more than 400 million personal computers are set to be sold in 2011.
Personal use of computers had spread beyond a desktop machine to game consoles, mobiles and on screens all around us, said Mr Shaw.
The future will see billions more going online and reaping the benefits of closer contact with computers, he said.
The changes initiated by the PC was "just getting started," he added.

Wednesday, 10 August 2011

How to Spot an Android Trojan

A recent report warns that Android malware is twice as common as it was six months ago. Here's how you can separate the bad apps from the good.
Android trojoan Malware that targets Android phones is on the rise. According to a recent report from mobile security specialists at Lookout, Android users are more than twice as likely to encounter nefarious software today than they were six months ago. When did downloading apps become a contact sport?
The open nature of the platform and the ease with which developers can upload apps in Google’s official Android Market are partially to blame. The same accessibility that makes Android attractive to phone manufacturers and developers has attracted the attention of mischief-makers and malware creators out to make a quick buck.
Fortunately, mobile devices have some inherent protections that don’t exist on traditional PCs. For any malware to infect your phone, you need to take some kind of action for it to happen—usually downloading and installing an app. That’s the good news. The bad news is that there are hundreds of thousands of Android apps, spread over several app stores. No cell phone is an island—you’ve got to download something at some point.
If you’re an Android user, there are a number of precautions you can take to better protect yourself (first thing: use a lock code on your phone). Downloading from only “trusted” sources is always good advice, but how do you know who to trust? Lots of great apps come from little developers and small businesses that most people wouldn’t recognize. How can you tell the difference between them and the bad guys?
There are a number of warning signs to help you spot evildoing Android apps, and we’ve compiled them below. But the main ingredient in protecting yourself is always vigilance. Read before you download—and after. Don’t blindly click on things (like permissions agreements) with wild abandon. All the rules below are essentially extensions of the golden rule of all security: stay on guard.
1. Look Up the Developer
When DroidDream, the first trojan to appear in the official Android Market, was discovered, th apps that contained the malware were from developers with names like Kingmall2010 and we20090202. Likewise, they hadn’t even replaced the default Android icon on the apps’ description pages. If there’s no real logo, and you haven't heard of the developer, at least Google the developer's name to see if it's legit.
2. Be Wary of Knock-Off Games
Games are trap of choice among many malware creators. Casual gaming on phones has been skyrocketing in recent years—no surprise when many apps cost just a buck or two. If it’s free, even better, right? Wrong. Some trojans disguise themselves as free versions of paid games, just with malware. Late last year a trojan dubbed “Gemini,” which recruited infected phones into a botnet, was found in various pirated versions of Android games, including President vs. Aliens and Baseball Superstars. If you think you're getting something for free that you would otherwise have to pay for, consider that you may be paying in another way: with your security.
2. Examine App Permissions
Every app in the Android Market has a page that explains what permissions you need to grant it for it to work properly. However, if that app actually ends up trying to grab more permissions than listed, that’s a huge red flag. Be sure to read any permissions requests carefully—why is a game asking to see your contact list, for instance? If you suspect any Android app of being malware, go to Manage Applications in your phone settings to check what items it has access to.
4. Negative Reviews
It’s fairly obvious, though it bears pointing out: If an app has several user reviews condemning it as malware, it’s probably malware. But even if an infected app’s nefarious payload hasn’t been discovered, its doubtful the creator hasn’t taken pains to make the app any good, and the reviews will probably reflect that. Bad reviews aren’t often a smoking gun, though: malware apps usually aren’t in app stores long enough for these to be a real guide, but that leads to another tip: if the app is brand new, and it’s not from a brand you know, wait a few days before you download.
5. Location Matters
Unlike other mobile platforms, Android has several third-party app stores, of varying quality and legitimacy. On top of that, the official Android Market is not available in some countries. China is the most notable notable one, and it’s no coincidence that the majority of Android trojans appear to originate from there. Most foreign Trojan developers don't invest in high-quality English-language marketing materials. Things like broken English, some details left blank, and incomprehensible strings of characters should all have you running away fast.

Tuesday, 9 August 2011

How USB Sticks Cause Data Breach, Malware Woes

Half of businesses have lost sensitive or confidential information due to USB memory sticks, with many incidents involving those infected with malware.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
In the past two years, 70% of businesses have traced the loss of sensitive or confidential information to USB flash memory sticks. While such losses can obviously occur when the devices get lost or stolen, 55% of those incidents are likely related to malware-infected devices that introduced malicious code onto corporate networks. Those findings come from a new survey of 743 IT and information security professionals, conducted by Ponemon Institute in July, and sponsored by flash memory manufacturer Kingston Digital.

More Storage Insights

White Papers



There are plenty of cloud services, but many rely on virtual processes running on shared systems. Stratascale's Ironscale lets you provision bare metal services. Mike Fratto provides a hands-on review of how it works and what you can do with it.Our hands-on evaluation of Sychron's virtual desktop management  revealed a product that is adept at automating the rapid provisioning and the ongoing management of VMWare ESC and Microsoft Hyper-V environments.In the fourth installment of our Fibre Channel over Ethernet Tutorial series, George Crump, lead analyst for Storage Switzerland walks us through the various scenarios that compel organizations to implement FCoE.
There are plenty of cloud services, but many rely on virtual processes running on shared systems. Stratascale's Ironscale lets you provision bare metal services. Mike Fratto provides a hands-on review of how it works and what you can do with it.
Seemingly mindful of the information security and intellectual property risks, not all organizations permit the use of USB drives. Indeed, 36% of the survey respondents--who include employees at government agencies--said their approach to USB drives was "total lockdown through the use of a software solution to block the usage of USB ports."
But for most organizations, the study found, the use of USB drives is widespread. In addition, about half of surveyed organizations have policies that detail how employees can use USB drives to store sensitive or confidential information. But only half of those organizations actually enforce the policies. Meanwhile, only 21% of organizations with USB device security policies on the books use data loss prevention tools, and only 13% use network analysis technology to spot inappropriate use of USB drives.
On a related note, according to the study, 75% of respondents said they wouldn't pay a premium to ensure that USB drives are safe and secure. Unsurprisingly, 74% said they didn't use data loss prevention software to detect when confidential or sensitive information was being copied to the devices, or to monitor USB drives for viruses or malware. Nearly as many also don't have policies governing how USB drives are used, and don't see protecting information on USB drives as a top priority.
As with any storage device, data loss via USB thumb drives isn't new, and many survey respondents suspect that such losses often don't get reported. So far this year, according to the Identity Theft Resource Center, only five USB-related breaches have come to light, one of which included the theft of an unencrypted USB drive from the Family Planning Council in Philadelphia, which contained 70,000 records, in late 2010.
USB drives that are used as an attack mechanism also aren't new. Indeed, some experts have surmised, based on the pattern by which Stuxnet spread, that it initially infected only a handful of computers--and likely via a USB thumb drive.
Part of the difficulty in securing USB drives, perhaps, is that they're so common as to be unremarkable. In one test conducted earlier this year, for example, Department of Homeland Security staff scattered USB keys, some with the department's logo, around government and private contractor parking lots. Of the people who picked them up, according to Bloomberg, 60% later plugged the devices into their computer, although 90% of people who'd picked up a USB key with an official DHS logo plugged them in.
The study was cited as a failure of people to properly assess the threat posed by USB drives of unknown origin. But Bruce Schneier, chief security technology officer of BT, said the real issue involves operating systems. "The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good," he said in a blog post. "The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that it isn't safe to plug a USB stick into a computer."
When might operating systems catch up? Sixty percent of organizations, according to the Ponemon survey, take a hands-off approach to USB drives because they don't want to hamper workers' productivity. Accordingly, any approach to encrypting such devices arguably needs to be seamless.
Already, removable storage devices can be encrypted in Windows 7, using BitLocker, on a per-device basis. In addition, commercial and open source software add-ons will automatically encrypt removable devices.
Meanwhile, the latest version of Apple's operation system, OS X 10.7, aka Lion, includes a feature called FileVault2, which will fully encrypt--using XTS-AES 128 encryption--not just hard drives, but also USB storage devices. There's no default option, however, for requiring a drive to be encrypted. As with Windows 7 BitLocker, each external storage device must be encrypted on a per-item basis, using Apple's Disk Utility software. When so formatted, the drive requires a password when it's first connected to a Mac, or disconnected and reconnected, or else it can't be accessed.
In other words, the latest versions of Windows and Mac OS X enable users to encrypt their USB drives. But until they view USB drive encryption as a priority, will they encrypt, and should they have to bother?
The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)

Saturday, 6 August 2011

PCLinuxOS 2011 - Linux Distro Reviews

       Recently a friend from the USA urged me to try this latest Pclos distro, i did it thinking that i probably wouldnt have been impressed and would have uninstalled it after a week or two, how wrong i was. Ive been using windows since the days of windows95 , so had quite a good grip on how to keep a windows OS stable (although it has gotten easier to do) and running fast enough for my needs,  so of course i was a bit hesitant about switching to linux and learning konsole commands ect, hence the reason i thought it would only remain on my PC for a short time.  After install then installing a few packages from synaptic i started using Pclos for my day to day web browsing , which like a lot of users is looking at webpages and streaming video content, Pclos did this very well, each day i was liking it more and more , i have yet to find something that I could do on windows7 and am unable to on Pclos & i still cant, there seems to be software and apps in synaptic repo for everything i did on a windows platform. Not to mention the fact that it uses way less resources than windows, i would recommend this distro to anyone who is thinking about trying linux for the first time. Before i installed this i had only ever used Ubuntu for 1 week then my old laptop passed away, so i was/am a complete noob to linux and as i enjoy learning new things about computers i am enjoying learning about linux and how it works, it is now my  default OS. In hindsight it really wasnt such a sharp learning curve if u wanna check it out go here for the KDE desktop & here for the LXDE version. i hope this post may encourage someone whose a noob to linux to try it out.
   regards   cirrus

Friday, 5 August 2011

Windows XP Pro SP3 July 11 (SATA) •BOOTABLE ISO•

PostWindows XP Pro SP3 July 11 (SATA) •BOOTABLE ISO• (609.9 Mb)


Windows XP Professional SP3 Integrated (with SATA Drivers) July 2011
32 bit windows with SATA....100% clean, original ISO & updated till July 2011

How To:
1. Burn this ISO Image (use low writing speed) to CD/DVD (via ImgBurn or Nero)
2. Boot from CD/DVD
3. Install
--==== NO Serial and activation needed ====--
Download (609.9Mb) 

Enjoy! Wink

Thursday, 4 August 2011

Winamp Pro 5.621 Build 3133 Full Final

Winamp Pro 5.621 Build 3133 Full FinalWinamp is a skinnable, multi-format media player.

Winamp supports a wide variety of contemporary and specialized music file formats, including MIDI, MOD, MPEG-1 audio layers 1 and 2, AAC, M4A, FLAC, WAV, OGG Vorbis, and Windows Media Audio. It supports gapless playback for MP3 and AAC, and Replay Gain for volume leveling across tracks. In addition, Winamp can play and import music from audio CDs, optionally with CD-Text, and can also burn music to CDs. Winamp supports playback of Windows Media Video and Nullsoft Streaming Video, as well as most of the video formats supported by Windows Media Player. 5.1 Surround sound is supported where formats and decoders allow.

Winamp supports many types of streaming media: Internet radio, Internet telelvision, XM Satellite Radio, AOL video, Singingfish content, podcasts, and RSS media feeds. It also has extendable support for portable media players, and users can access their media libraries anywhere via internet connections.

You can extend Winamp's functionality through the use of plug-ins, which are available on the Winamp site.

get it here

Wednesday, 3 August 2011

Treesize Pro 4.3

  • Efficient Disk Space Management from all perspectives

    • See the size of all folders including their subfolders and break it down to the file level
    • Visually track down disk usage in the pie or bar chart
    • Tree map visualizes hierarchy and sizes of subfolders in the selected directory
    • Details view with single files and additional information (e.g. date of last access)
    • Statistics about file types and file owners for every branch
    • Filter the file system tree on the left by a certain user or file type
    • List of the 100 biggest files
    • Distribution of occupied disk space by file age
  • Customized Analyses & Views

    • Visible columns can be configured separately for the details view, Excel export, text file and printed reports
    • Include and exclude certain files or folders in your scans
  • Full NTFS Support

    • Unicode file and folder names
    • File based NTFS compression
    • Hardlinks and Alternate Data Streams (ADS)
    • File paths longer than 255 characters can be found and processed correctly
  • Perfect Integration with the Windows Explorer

    • Explorer context menu supported inside the TreeSize window
    • TreeSize Professional can be started from within the Windows Explorer
    • A Shell extension for Windows XP/2003 adds an new TreeSize column to the Windows Explorer showing the size not only for files but also for folders
  • Full Network Support

    • TreeSize Professional has full support for network drives and scans UNC paths like \\Server\share                   

      Supported Operating Systems

      • Windows 7
        (32 Bit / 64 Bit)
      • Windows Vista
        (32 Bit / 64 Bit)
      • Windows XP
        (32 Bit / 64 Bit)
      • Windows Server 2008 R2
        (64 Bit)
      • Windows Server 2008
        (32 Bit / 64 Bit)
      • Windows Server 2003
        (32 Bit / 64 Bit)
      Buy license from $ 52.95
      • Homepage  Here
      • Download Full Version Free Here
      • All Files are malware Free