Wednesday, February 10, 2010

http://dmiessler.com...g/infoseccerts/

A good article for the guys who are interested in pursuing security certifications


http://dmiessler.com...g/infoseccerts/

Posted by SHAILESH KHACHANE at 10:35 AM 0 comments

How To Hack The Sky


ARLINGTON, Va. -- Satellites can bring a digital signal to places where the Internet seems like a miracle: off-the-grid desert solar farms, the Arctic or an aircraft carrier at sea. But in beaming data to and from the world's most remote places, satellite Internet may also offer its signal to a less benign recipient: any digital miscreant within thousands of miles.

In a presentation at the Black Hat security conference in Arlington, Va., Tuesday, Spanish cybersecurity researcher Leonardo Nve presented a variety of tricks for gaining access to and exploiting satellite Internet connections. Using less than $75 in tools, Nve, a researcher with security firm S21Sec, says that he can intercept Digital Video Broadcast (DVB) signals to get free high-speed Internet. And while that's not a particularly new trick--hackers have long been able to intercept satellite TV or other sky-borne signals--Nve also went a step further, describing how he was able to use satellite signals to anonymize his Internet connection, gain access to private networks and even intercept satellite Internet users' requests for Web pages and replace them with spoofed sites.

"What's interesting about this is that it's very, very easy," says Nve. "Anyone can do it: phishers or Chinese hackers … it's like a very big Wi-Fi network that's easy to access."

In a penetration test on a client's network, Nve used a Skystar 2 PCI satellite receiver card, a piece of hardware that can be bought on eBay ( EBAY - news - people ) for $30 or less, along with open source Linux DVB software applications and the network data analysis or "sniffing" tool Wireshark.

Exploiting that signal, Nve says he was able to impersonate any user connecting to the Internet via satellite, effectively creating a high-speed, untraceable anonymous Internet connection that that can be used for nefarious online activities.

Nve also reversed the trick, impersonating Web sites that a satellite user is attempting to visit by intercepting a Domain Name System (DNS) request--a request for an Internet service provider (ISP) to convert a spelled out Web site name into the numerical IP address where it's stored--and sending back an answer faster than the ISP. That allows him to replace a Web site that a user navigates to directly with a site of his choosing, creating the potential for undetectable cybercrime sites that steal passwords or installs malicious software.

In his tests on the client's network, Nve says he was also able to hijack signals using GRE or TCP protocols that enterprises use to communicate between PCs and servers or between offices, using the connections to gain access to a corporation or government agency's local area network.


The Barcelona-based researcher tested his methods on geosynchronous satellites aimed at Europe, Africa and South America. But he says there's little doubt that the same tricks would work on satellites facing North America or anywhere else.

What makes his attacks possible, Nve says, is that DVB signals are usually left unencrypted. That lack of simple security, he says, stems from the logistical and legal complications of scrambling the signal, which might make it harder to share data among companies or agencies and--given that a satellite signal covers many countries--could run into red tape surrounding international use of cryptography. "Each [country] can have its own law for crypto," says Nve. "It's easier not to have encryption at the DVB layer."

Nve isn't the first to show the vulnerability of supposedly secure satellite connections. John Walker, a British satellite enthusiast, told the BBC in 2002 that he could watch unencrypted NATO video feeds from surveillance sorties in the Balkans. And the same lack of encryption allowed insurgents to hack into the video feed of unmanned U.S. drone planes scouting Afghanistan, the Wall Street Journal reported in December.

In fact, the techniques that Nve demonstrated are probably known to other satellite hackers but never publicized, says Jim Geovedi, a satellite security researcher and consultant with the firm Bellua in Indonesia. He compares satellite hacking to early phone hacking or "phreaking," a practice that's not well protected against but performed by only a small number of people worldwide. "This satellite hacking thing is still considered blackbox knowledge," he wrote in an e-mail to Forbes. "I believe there are many people out there who conduct similar research. They may have some cool tricks but have kept them secret for ages."

At last year's Black Hat D.C. conference, British cybersecurity researcher Adam Laurie demonstrated how he intercepts satellite signals with techniques similar to Nve, using a DreamBox satellite receiver and Wireshark. But Nve argues that his method is far cheaper--Laurie's DreamBox setup cost around $750--and that he's the first to demonstrate satellite signal hijacking rather than mere interception.

"I'm not just talking about watching TV," says Nve. "I'm talking about doing some very scary things."

Posted by SHAILESH KHACHANE at 10:31 AM 0 comments

Sunday, February 07, 2010

iPad (Apple Tablet) Details

Rumors, rumors, rumors. That was all one would get while searching for the Apple Tablet. It was revealed yesterday by Steve Jobs who confirmed that the tablet will be named iPad. The name resemblance is not the only similarity to Apple’s overly successful branch of gadgets. The show yesterday revealed lots of information about the iPad and we have collected them for you to help you get an overview of what it can and cannot do.

Let us start with the pricing for the device. The announcement that the cheapest model of the iPad would cost $499 was a surprise to many who expected the tablet to start at $799 or even more than that.

But $499 has some severe limitations. It comes with a 16 Gigabyte SSD drive and no 3G. The 32 and 64 Gigabyte iPad models retail for $599 respectively $699 but they too come without 3G. 3G costs $130 on top of this which means that the price span for the iPad ranges from $499 for the basic iPad without 3G to $829 for the 64 Gigabyte hard drive iPad with 3G.

Dimensions and weight:

  • Height: 9.56 inches (242.8 mm)
  • Width: 7.47 inches (189.7 mm)
  • Depth: 0.5 inch (13.4 mm)
  • Weight: 1.5 pounds (.68 kg) Wi-Fi model, 1.6 pounds (.73 kg) Wi-Fi + 3G model

iPad Hardware specs:

  • 9.7-inch (diagonal) LED-backlit glossy widescreen Multi-Touch display with IPS technology, 1024-by-768-pixel resolution at 132 pixels per inch (ppi)
  • Processor: 1GHz Apple A4 custom-designed, high-performance, low-power system-on-a-chip
  • Battery: Built-in 25Whr rechargeable lithium-polymer battery ,Up to 10 hours of surfing the web on Wi-Fi, watching video, or listening to music (according to Apple)
  • Wi-Fi model: Wi-Fi (802.11 a/b/g/n), Bluetooth 2.1 + EDR technology
  • Wi-Fi + 3G model: UMTS/HSDPA (850, 1900, 2100 MHz), GSM/EDGE (850, 900,1800, 1900 MHz), Data only2, Wi-Fi (802.11 a/b/g/n), Bluetooth 2.1 + EDR technology
  • Input / Output: Dock connector, 3.5-mm stereo headphone jack, Built-in speakers, Microphone, SIM card tray (Wi-Fi + 3G model only)
  • Viewable document types (mail attachments): .jpg, .tiff, .gif (images); .doc and .docx (Microsoft Word); .htm and .html (web pages); .key (Keynote); .numbers (Numbers); .pages (Pages); .pdf (Preview and Adobe Acrobat); .ppt and .pptx (Microsoft PowerPoint); .txt (text); .rtf (rich text format); .vcf (contact information); .xls and .xlsx (Microsoft Excel)
  • H.264 video up to 720p, 30 frames per second, Main Profile level 3.1 with AAC-LC audio up to 160 Kbps, 48kHz, stereo audio in .m4v, .mp4, and .mov file formats; MPEG-4 video, up to 2.5 Mbps, 640 by 480 pixels, 30 frames per second, Simple Profile with AAC-LC audio up to 160 Kbps, 48kHz, stereo audio in .m4v, .mp4, and .mov file formats

What speaks for the iPad? Its design obviously which is something that Apple seems to be very capable of doing right. Support for the all apps that are currently offered in the App Store.

What the iPad does not offer:

  • Connectivity is bad. It does not have one USB port nor the possibility to use an adapter for better hardware support. That means no external hard drives (buy the more expensive devices if you need more space), no card readers to automatically upload the previous photos from your kid’s last birthday and no functionality for devices that can only be connected with wires (most printers for example).
  • No Flash. the iPad does not support flash much like the iPhone which makes it less usable for web surfing, especially for entertainment hungry folks
  • No Camera. No camera, no webcam means no video and webcam chat.
  • 3G costs extra. If you want 3G you have to pay an extra fee of. To be precise it will cost $130 in the US
  • Fixed battery that cannot be replaced by the user
  • No optical drive which means no option to view movies or access files this way
  • multitasking

The unknown

  • Which formats can be read by the iPad once they are on the hard drive. Are those the same formats that are supported to be viewed as mail attachments?
  • Will there be DRM?
There you have it. The iPad is there and it seems that while some users cannot wait to get their hands on the stylish tablet computer others are wary and prefer to wait for the soon to be released iPad 3G instead

Posted by SHAILESH KHACHANE at 5:50 AM 0 comments

Installing Flash in Ubuntu 9.04 with Firefox

If you’ve spent enough time over the years with Linux you know that the browser plug-in has been a source of agony for many. When plugins first became a necessity for browsing Linux was at an “early” age and adding these plugins was truly a nightmare.

That was then, this is now. During my first trials with Ubuntu 9.04 I discovered just how far the installation of browser plugins has come. This article will illustrate to you this fact.

Ideally, of course, the distribution would ship with all of the necessary plugins installed. By default there are a number of plugins already for you:

  • Demo Print
  • DivX
  • Quicktime
  • VLC (handles many media formats)
  • Windows Media Player

But the number one plugin is still missing. Why? The reason for flash missing is because there are actually three different flash plugins you can install. One is the official Adobe plugin and the other two are open source versions. Although I am a big supporter of open source software, both open source flash plugins are still in their infancy and are not yet up to par with the official version. I made the mistake of installing one of the open source versions and had to uninstall so I could get the official version.

How to install

As is typical for Linux, there are a number of ways to install the flash plugin. You can download the plugin from the Adobe site. You could open up a terminal window and issue the command:

sudo apt-get install flashplugin-installer

You could open up Synaptic (Add/Remove Software utility) and search for adobe and select “flashplugin-installer”.

Or you could browse to a web site that requires Flash.

The latter is the easiest and reliable.

Figure 1

Figure 1

When you go to a site that requires flash you will see a bar appear with a button on the right side labeled “Install Missing Plugins” (see Figure 1). Click that button and a new window will open (see Figure 2). This new window asks you to choose which flash player you want to install. There are three choices:

Figure 2

Figure 2

  • Swfdec: The GNOME version of the flash player
  • Adobe Flash Player: Official version
  • Gnash: GNU SWF player

Choose the Adobe version and click Next. You will then be warned that the Adobe Flash Player will download and install another application. This is okay. You will be required to enter your user password to continue.

Once the installation has finished you will need to click the Finish button.

Check the installation

After the installation is complete you can check it by opening up the plugins page. Do this by typing about:plugins in the address bar. In this page you will see all installed plugins listed. The first one listed should be the most recently installed, which will be flash.

Using this method does not require you to restart Firefox. You have completed the process of installing the Adobe Flash plugin for Firefox.

Final thoughts

If you have any history with Linux then you know how much of a relief it is to be able to install browser plugins so easily. If you have any interest in using the open source version of these plugins, give them a try. You can uninstall them by looking at the about:plugins page to know which version you have installed. When you know which plugin you have installed search for it in Synaptic and remove it. Once removed you can go through the process of installing through Firefox again.

Posted by SHAILESH KHACHANE at 5:49 AM 0 comments

Friday, November 06, 2009

ALL CL Prograsm

i am uploading all the programs for the CL1 practicals for veryone to study
these are the corrent and running programs

http://rapidshare.com/files/303286744/os.zip.html

http://rapidshare.com/files/303286745/pcd.zip.html

http://rapidshare.com/files/303286746/daa.zip.html

Posted by SHAILESH KHACHANE at 10:28 AM 0 comments

Tuesday, November 03, 2009

RVPL PRACTS

http://rapidshare.com/files/302140186/rvpl.exe.html

Posted by SHAILESH KHACHANE at 8:00 PM 0 comments

Wednesday, May 06, 2009

RVPL

http://rapidshare.com/files/229917418/rv.exe.html

Posted by SHAILESH KHACHANE at 11:58 AM 0 comments
Subscribe to: Posts (Atom)