Information Security Help!!!

Protecting your Linux box
securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Post by securitykid »

Hi Guys,

Take a look to this: see how much our security on stake

http://review.zdnet.com/4520-6033_16-4206694.html

Now comes to the solution:

http://www.qfxsoftware.com/

I would recommend everyone to use key scrambler personal at least

and My favorite is Korean Product name Hauri Live Call (not free)

http://www.globalhauri.com/product/viru ... tures.html

Companies are developing a keyboard and a monitor to prevent against keylogger and screen capture unknown Trojans. lets hope for the best

Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

securitykid wrote:Now comes to the solution:

http://www.qfxsoftware.com/

I would recommend everyone to use key scrambler personal at least
does it...work on linux?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
securitykid
Naik
Posts: 70
Joined: Sat Oct 20, 2007 5:18 am

Post by securitykid »

Unfortunately,

They are not, but Hauri is developing one, should be released soon

Thannks
SecurityKID-ITdotCOM
Security Every Where! BUT where? :)
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

Take a look to this: see how much our security on stake

http://review.zdnet.com/4520-6033_16-4206694.html
Knowing this since last year when my friend from CIA USA let me know this fact about keylogger and even anti viruses will detect it. This is simply..... :oops: ..
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
sameer666
Naik
Posts: 82
Joined: Tue Nov 06, 2007 5:31 am

Post by sameer666 »

keyloggers are good, but rootkits are much better way of logging. as rootkits are installed in ring zero.

in my humble opinion, basic knowledge of attacks should be discussed first, before digging into further.
Novice at heart
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

sameer666 wrote:keyloggers are good, but rootkits are much better way of logging. as rootkits are installed in ring zero.

in my humble opinion, basic knowledge of attacks should be discussed first, before digging into further.
Agree with you! like we say a good hacker can be a good defender of attacks!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
sameer666
Naik
Posts: 82
Joined: Tue Nov 06, 2007 5:31 am

Post by sameer666 »

x2oxen wrote:
sameer666 wrote:keyloggers are good, but rootkits are much better way of logging. as rootkits are installed in ring zero.

in my humble opinion, basic knowledge of attacks should be discussed first, before digging into further.
Agree with you! like we say a good hacker can be a good defender of attacks!
yea that is true.
Novice at heart
blackdaemon
Naik
Posts: 53
Joined: Wed Jan 04, 2006 3:51 pm
Location: Quetta, Pakistan
Contact:

GMAIL PRIVACY ISSUES

Post by blackdaemon »

Hello folks,

Its been a while i posted on LP but this thread got me motivated in posting something i have been silently observing & i believe this is a good platform to discuss and get to know how many others have observed or are victim to it.

Almost all of us have free email accounts hotmail, yahoo gmail yep we know em all very well. These services are free, but freedom at a cost of collecting our data trends and providing them to their sponsor marketing people is a high cost 8) dont you think so?

Well using my gmail I mailed one of my university friends who told me something about him getting an HEC scholarship & while i was reading i looked up just above the mail main menu and there it was "Do you want UK scholarships/student visa?" this must be coincidence so i returned back to my mail box and now "For all scholarships in UK xxxx consultants" :shock:

Next in another mail a friend sent me his pub key and just as i opened it I see on top "www.cryptostudio openPGP solutions" I return to my inbox and another PGP add 8)

Question: Which email should the community use? One which is free but at a strangely high privacy cost? or maybe this is pointing to project where we should all chipinn to create a service for ourselves to atleast mail with true FREEDOM & true PRIVACY as webster dictionary defines the word PRIVACY
8)

Chao!
I think, therefore i am!
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

Hmm very Good and informative pin point i never think of that ever befor :S:S:S
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: GMAIL PRIVACY ISSUES

Post by lambda »

blackdaemon wrote:These services are free, but freedom at a cost of collecting our data trends and providing them to their sponsor marketing people is a high cost 8) dont you think so?
i don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.
Well using my gmail I mailed one of my university friends who told me something about him getting an HEC scholarship & while i was reading i looked up just above the mail main menu and there it was "Do you want UK scholarships/student visa?" this must be coincidence so i returned back to my mail box and now "For all scholarships in UK xxxx consultants" :shock:
it shouldn't be shocking. google even tells us what they do to get the ads on your pages: they have software to scan your email for ads. it's no different from the software they use to put ads on your pages if you use google adsense.
Question: Which email should the community use? One which is free but at a strangely high privacy cost? or maybe this is pointing to project where we should all chipinn to create a service for ourselves to atleast mail with true FREEDOM & true PRIVACY as webster dictionary defines the word PRIVACY
8)
what you want can't exist as a service. the main reason for that is governments all over the world have laws regarding the wiretapping of communication links (phone, fax, email, whatever). even if you were to provide a secure service, the minute someone using your system breaks the law, some police/government agency will come by and demand access to the email messages. in some cases, they'll just take your server(s) away -- and then they'll be able to read everyone's email.

you could be clever and set up something that automatically encrypts email and everything else on the server (see this book) -- but that won't help you when you actually send or receive email: a lot of mail servers out there do not use tls over smtp, or ssl'd pop3/imap. the authorities can just put a traffic sniffer between your servers and the internet; there goes your security!

so, what do i think is the solution here? don't use email. use some sort of peer-to-peer system for communication that encrypts all links. it will need a storage network to queue up your "messages" if the remote user/host you're trying to communicate with is down (it won't be a p2p file sharing system, it'll be a p2p file storage system). the stored messages will, of course, be encrypted. for ease of use, it can either have a web frontend (sort of like webmail) or smtp and pop/imap front-ends for easy integration with existing email applications.

there is such a system out there -- epostmail -- but last i tried, it didn't work properly. anyway, even if you could get something like that to work, most people in pakistan don't have dsl, or computers on 24x7, so they can't really use such a system efficiently. you'll need a set of servers somewhere to queue up messages for people who are offline, and that leads us back to the problem of them being shut down by the authorities: they may not be able to read your email, but they'll be able to disable communication on the network.

for now, we'll ignore the fact that simply using encryption is illegal in some countries, maybe even in pakistan (see this and this).
Chao!
it's "ciao".
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
blackdaemon
Naik
Posts: 53
Joined: Wed Jan 04, 2006 3:51 pm
Location: Quetta, Pakistan
Contact:

Post by blackdaemon »

8)
ah, lambda always with rigid beliefs and correcting folks like a nice auto-corrector in any word editor. :)

Lamba said:
1. I don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.
Then said:
2. it shouldn't be shocking. google even tells us what they do to get the ads on your pages: they have software to scan your email for ads. it's no different from the software they use to put ads on your pages if you use google adsense.

Im curious does this make gmail any better or diff from rest? 8)

I achieved my objectives of pointing out what i experienced, with the community.
Seniors should always be respected so hats off to lamda, & im glad that to some point you have agreed for need of privacy in mail. though methods might be lil unorthodox. Yes totally agree with the sniffer thing thats why they say no sys is 100% secure. but implementing a sniffer on a gigabit node to sniff a laymans traffic like mine is ridiculous & folks implementing sniffers will be implementing them for a whole different reason other than giving to marketing people.

Point is:
Why not encrypt and sign email messages with keys and then send over the internet, easy, cost-effective, whole pub/priv key concept can be understood in 100-300 words
maybe less 8)

So, a productive debate. kool oh i mean cool 8)

Thanks for the correction once again but i like writting ciao as chao. live with it :wink:

Ciao! for bro lamda
&
Chao! for the community
I think, therefore i am!
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

blackdaemon wrote:Im curious does this make gmail any better or diff from rest? 8)
i'm not concerned about whether their behavior is better or different. i'm simply pointing out that it's normal for them -- not something shocking or surprising in any way.
Yes totally agree with the sniffer thing thats why they say no sys is 100% secure. but implementing a sniffer on a gigabit node to sniff a laymans traffic like mine is ridiculous & folks implementing sniffers will be implementing them for a whole different reason other than giving to marketing people.
marketing people? why do you care about marketing people? they're the least of your concerns, if you're interested in private email conversations.

you underestimate contemporary computer hardware. people can buy off-the-shelf packet sniffers or packet sniffer sdks (some even optimized for email traffic) that will handle 10 gigabit links (you can even find free ones for linux). the commercial ones for windows cost less than $500. still think it's ridiculous?

besides, no one needs to implement it on a gigabit node. you have a very small pipe to the internet (your link to your isp -- dialup, dsl, cable, or wireless). if you use wireless, dsl or a proper cable network (like worldcall), then they have multiple internal networks that can be separately tapped into. and lastly, your isp likely has a relatively small pipe to the internet -- 8, 20, 45 mbit, something like that. the ethernet hardware on your desktop can happily sniff more than twice that much traffic -- 100mbit, or even 1 gigabit.
Why not encrypt and sign email messages with keys and then send over the internet, easy, cost-effective, whole pub/priv key concept can be understood in 100-300 words
in over fourteen years of using pgp, i've probably had fewer than 30 encrypted email conversations. i can't even remember the last time i received an encrypted email message. it's just too much work to set up and use pgp with most mailers, so that rules out lazy people (ie, most of us). also, most people simply don't care to use encryption, even when they have pgp installed and set up -- they're not concerned that someone will read their messages. in other words, you can show them this cool technology, but how can you convince them to use it?

as i understand the problem, the only way you'll get your privacy is by making all the security transparent. if the user has to as much as click on a button or link before activating encryption or whatever, they won't do it.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
blackdaemon
Naik
Posts: 53
Joined: Wed Jan 04, 2006 3:51 pm
Location: Quetta, Pakistan
Contact:

Post by blackdaemon »

There you go, thats what i wanted the community to think about :)

lamda said:
"in over fourteen years of using pgp, i've probably had fewer than 30 encrypted email conversations. i can't even remember the last time i received an encrypted email message. it's just too much work to set up and use pgp with most mailers, so that rules out lazy people (ie, most of us). also, most people simply don't care to use encryption, even when they have pgp installed and set up -- they're not concerned that someone will read their messages. in other words, you can show them this cool technology, but how can you convince them to use it?"

You and me might be knowing & using pgp since years infact i admit ure experience of 14 yrz is waaayyyy more than my 2-3 yrs of it :) but i got aware and started using it. Setup aint that big a deal these days, especially with smart mail clients having nifty plugins that do wonders. Its all about making the masses aware, convincing is a whole different story. for now lets just do the GEO/ARY strategy of making folks aware of what the more experience have experienced 8)
At times like these i always remember one of my teachers saying that "One person's common sense is the other persons non sense". & thats exactly what i saw i developed a common sense about something and posted it here and realized many didnt know, but some were not at all impressed. but im sure the later are in very few numbers maybe only one 8)

Cheerz!
I think, therefore i am!
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

lamda said:
"in over fourteen years of using pgp
Lamba said:
1. I don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.
Then said:
Ciao! for bro lamda
&
Chao! for the community
heyyyy come on guyssss its lambda not lamba or lamda is it too hard to to spell it?? look

L
A
M
B
D
A


see so simple! So dont mispell him he deserve more respect than this ain't he?? He must be minding that ain't you lamba? :P
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Dear All my Very Experienced Big Brothers :D

While i was surfing google for a way to hack WEBMIN, or to find exploits regarding WEBMIN, i came across a web that has many exploits regarding many APPs on different PLATFORM's Like

Linux
Windows
BSD
SOLARIS

So thought that this might be very usefull for all SENIOR guyz here at LP, as i am not in to this exploit thing.

http://www.blacksheepnetworks.com/security/hack/

This link has many hacks and exploints.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Post Reply