Join the God Side, Jesus is Coming…….

Archive for August, 2009

Powerful applications that run from a USB flash drive

Some of the valuables applications that could be run into a USB flash drive are :

  • PREDATOR which can turn your drive into a key to lock and unlock your computer.
  • Rohos – This security tool allows you to create a secret partition on the drive and then password-protect/encrypt that partition, thus protecting any documents you copy to that partition via the utility’s file manager

Easily identify SSL-related problems (MSW Server 2003)

Source: New Horizons eTips

I know that there are a lot of systems out there using WS 2003 and now I present to you this Diagnostics utility  that provides an  invaluable information for troubleshooting Secure Sockets Layer (SSL) problems in Internet Information Services (IIS). For example, you can use SSL Diagnostics to troubleshoot problems with certificates by creating a temporary certificate to see if the new certificate resolves the problem. If it does, then you know the problem you’re experiencing with SSL is due to the IIS server’s certificate. You can download the SSL Diagnostics utility from http://www.microsoft.com/downloads (search for SSLDiag.msi).

When you launch SSL Diagnostics the first time, it queries your server to determine if you have IIS installed, obtains a list of websites defined on your server, and then checks to see if you’ve installed the appropriate certificates (as required by SSL). If you want to perform diagnostics to troubleshoot SSL for a specific website, double-click on that site. SSL Diagnostics checks the website to verify that it supports SSL. If SSL Diagnostics detects any problems, it displays an error number and a detailed description of the message. You can use this information to help you resolve SSL communication problems on your web server.

Authenticate digital signatures with PGP

Source: New Horizons eTips

Electronic documents and email messages are a common way to conduct business transactions, but it’s important to be able to verify that the author of a document or message is really the person he or she claims to be.

You can use digital signatures to verify identity. This is easy to do with programs such as Pretty Good Privacy (PGP). PGP is based on a public/private key pair; you sign the document by encrypting it with your private key, to which only you have access. The recipient uses your public key to decrypt it. Note that this doesn’t provide data confidentiality because the public key is available to everyone. It does, however, ensure that it was really you who signed it, because no one but you has the private key that’s paired with that public key.

PGP is available in both freeware and commercial versions. You can get the commercial version at http://www.pgp.com or download the free version for Windows XP at http://www.pgpi.org/products/pgp/versions/freeware/winxp/8.0/.

There are also versions for earlier Windows operating systems, UNIX, Mac, and even MS-DOS, OS/2, and Palm OS.

Two ways to secure your portable computer

Source: New Horizons eTips

Shouldn’t you secure your notebook or handheld computer the same way you secure your desktop systems? Well, yes and no. Because of their mobility, portable machines are more vulnerable to security breaches, so extra precautions are advised. All of the usual security best practices apply, but in addition, you need to consider what happens if your portable is lost or stolen.

Cable locks are great for situations where you may have to leave your portable unattended—if you use them properly. For instance, if you wrap the cable around the leg of a lightweight table, a thief can simply pick up the laptop, slide the cable down to the ground, lift the leg of the table, and make off with computer and cable lock.

Another option you should consider is tracking software which “calls home” the first time the thief uses the computer to connect to the internet.

Scammers post fake job ads; prey on unemployed

Source:gadgetell

A new online scam targets the hundreds of thousands of unemployed people who use the net to job hunt and those who use it to fill job vacancies.  Scammers are posting fake job ads on Craigslist and the big job sites such as Monster.com and Careerbuilders and then taking the resumes they receive and selling them.  They are then sold to recruiters all over the world.  These recruiters are told by the scammers that the resumes are all from individuals who are fully vetted and have been thoroughly checked out.

Another type of resume selling scam also involves fake job ads.  When a job hunter responds they are told about several exciting and high paying jobs available to them, but in order to be considered they must pay to have a resume designed and written for them first.  Another waste of time and money.

The third type of resume scam is more malicious.  Scammers post fake job ads, and the resumes they get are harvested for the personal info they contain-addresses, phone numbers, email addresses, etc.  This info is used for phishing and spamming purposes.

If you’re looking for a job online, stick to the well known job sites, put as little personal information on your resume as possible, don’t respond to vague ads, those with lots of grammatical errors, or those that promise high salaries for little experience.  If you respond to an ad and are asked for your SSN or to visit a site and pay for a credit report, don’t!  If you include your email address on your resume, open an account on Yahoo or GMail and use that instead of your primary address – just make sure the username you choose is polite and professional sounding.

4 steps to better network & infrastructure security

Source: networkworld

According to one Canadian IT consultancy firm and an analyst, when it comes to securing business networks and infrastructures, the channel can help customers be more secure by following four easy steps.

1. More awareness and education

“Many people think that using more technology will solve the (security) problem,” Vincalek said. “It’s awareness and education that does. There’s an abundance of security software and tools in the marketplace and we have to learn to use them smartly.”

2. Involve IT more in business decisions and get them to understand overall business objectives

Often there’s a divide between the IT department and the rest of the business, Vincalek said. To properly secure the network, communication and understanding becomes important, he advises.

3. Use role-based policies and procedures

Partners should help customers set up security practices around role-based policies and procedures,” Vincalek advises.

“Only the people who are authorized should have access to data that’s relevant to their task and role within the business,” he added.

Low also suggests that businesses establish policies and guidelines around the use of corporate laptops and desktops, including figuring out which information can or can’t be given out over e-mail or the phone.

4. Keep it simple

“Less is more,” Vincalek said. “Don’t get too fancy because the more tools you add which are supposed to protect you and your environment, the more complexities are added, which means the end-users require more knowledge.”

Security practices within the business should be simple and easy to use so that employees won’t abuse them, he added.

Businesses should also patch their operating systems, servers and workstations on a regular basis, in addition to installing any relevant updates, but do this first in a test environment, Low suggests.

To increase awareness and promote education efforts, Vincalek said partners can send out newsletters, engage in seminars, and be active on social networks.

“The more aware people are, the better chance they have of making sure their networks stay secure,” he said.

Bootkit bypasses hard disk encryption

Source: h-online

At the Black Hat security conference, Austrian IT security specialist Peter Kleissner presented a bootkit called Stoned which is capable of bypassing the TrueCrypt partition and system encryption. A bootkit combines a rootkit with the ability to modify a PC’s Master Boot Record, enabling the malware to be activated even before the operating system is started.

Available as source code, Kleissner’s bootkit can infect any currently available 32-bit variety of Windows from Windows 2000 to Windows Vista and the Windows 7 release candidate. Stoned injects itself into the Master Boot Record (MBR), a record which remains unencrypted even if the hard disk itself is fully encrypted. During startup, the BIOS first calls the bootkit, which in turn starts the TrueCrypt boot loader. Kleissner says that he neither modified any hooks, nor the boot loader, itself to bypass the TrueCrypt encryption mechanism. The bootkit rather uses a “double forward” to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt. Kleissner tailored the bootkit for TrueCrypt using the freely available TrueCrypt source code.

Tag Cloud