2013-08-19

Zmap the fast scanner

ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet.

Update 15-Sep-13:
Another nice tool to scan the internet. Claims to scan the internet in under 3 mins.

2013-08-16

Gmail says users have no right to privacy

This is plain ridiculous.
Google said that "just as a sender of a letter to a business colleague cannot be surprised that the recipient's assistant opens the letter, people who use Web-based e-mail today cannot be surprised if their communications are processed by the recipient's ECS provider in the course of delivery." 

2013-08-14

Economics of CyberCrime

Update 03-May-2012:
Microsoft Researchers say cybercrime loss estimates are a bunch of bunk. In "Sex, Lies and Cybercrime Surveys", the Microsoft Researchers wrote, "Cyber-crime, like sexual behavior, defies large-scale direct observation and the estimates we have of it are derived almost exclusively from surveys." The research paper concludes. 
Pretty Interesting

Update 08-Oct-2012:
As per, "The 2012 Cost of Cyber Crime Report", some highlights:
  • The frequency of successful cyber attacks has more than doubled over the last three years
  • The annual cost to organizations has slowed dramatically in the last two years
  • The average time to resolve a successful attack has grown from 14 days in 2010, through 18 days in 2011, to 24 days in 2012
  • Most costly cyber crimes are those caused by malicious insiders, denial of services, and malicious code

Update 14-Aug-2013:
Another good post on a similar subject of - CyberCrime as a service.

Update 01-Sep-2013:
A report based on "The econimic impact of cybercrime and cyber espionage", dated July-2013

2013-08-11

How To Use Tor?

I thought it would be good to read about how to use Tor correctly. It's important to note, that by itself Tor is an extremely good project to protect privacy. It is not perfect, and has some potential loopholes. Usually, the issue lies with the applications users try to run on top of Tor. Intentionally or unintentionally they end up giving away the privacy.

However, till the time there is a 'better' solution made available, let's say this is the best we have!!

0/  Download Tor Browser Bundle, which comes with Tor and a customized Firefox browser
1/  Chrome:  Use these instructions to setup Chrome to use Tor. Another method is here
2/  uTorrent:  This is not recommended by Tor, but some settings are here

The ideal way to use tor, by setting up a proxy, and a client can only and only connect to it.

Can you break Tor, Russia has $100K as an award for you. Well at least that is publicized, maybe FBI has a bigger one to offer, under the covers.

PirateBrowser

PirateBay launches PirateBrowser (a customized version of Firefox) to circumvent censorship, and improve anonymity!

2013-08-09

Google Chrome's Password Storage

Stop storing passwords on Chrome. Looks like the passwords are not encrypted with a master password, and hence visible to anyone with physical access to your system.

2013-08-08

Commercial Malware For Linux - Hand of Thief

Hand of Thief Banking Trojan -  Takes Aim at 'Secure' Linux OS



FBI vs TOR

FBI's compromising TOR!
This is going to be a story which has created some commotion in the e-world. Major blow to the anonymity and privacy activists in the internet world!!

So, how does it unravel?

1/  FBI arrests the operator of a Tor-based internet host 'Freedom Hosting', for child porn.
2/  They  inject some javascript in its webpages, to compromise the identities of the users, by sending user's IP, hostname, MAC address to a server in Virginia, USA. Some technical details.
3/  Similarly TorMail and Tor Browser Bundles are compromised
4/  TorProject.org was quick to announce that they are no way related to Freedom Hosting (which of course is true for any open source, volunteer organization)
5/  It is 'suspected' that FBI also runs numerous TOR nodes, which helps them break its anonymity.

An interesting article by Bruce Schneier around Government, security and privacy.

Also must read - How to use Tor

2013-08-05

Stealing Google Authentication

Single sign on is a boom - even for the hackers. A hacker shows how to steal authentication token

2013-08-04

SSL Broken in 30 Seconds

Some new hotshot presentation at Blackhat. Introducing Breach

Update 28-Nov-14:
A paper on why and how HTTPS has collapsed.

Incident Reporting and Sharing Portal

Verizon launches VERIS
and FBI decides to launch their own

2013-08-03

Windows 8 Secure Boot Bypassed!

Not surprisingly there are security flaws in the Windows 8, around the implementation of Secure Boot by a few vendors.