I liked the article on some remote attacks without network!!! Interesting…….
http://www.scientificamerican.com/article.cfm?id=hackers-can-steal-from-reflections
What about analyzing your brain waives..Hah.. Funny…
Posted by yadab das on July 15, 2009
I liked the article on some remote attacks without network!!! Interesting…….
http://www.scientificamerican.com/article.cfm?id=hackers-can-steal-from-reflections
What about analyzing your brain waives..Hah.. Funny…
Posted in Hacking | Leave a Comment »
Posted by yadab das on July 14, 2009
I got an email from some amateur hacker asking me to change my bank account details.
The email was quite promising, I liked it
Here is an screen shot of that from my mailbox :-

After i clicked th URL, the layout was good but the URL that was visible on address bar is really bad, I mean really amateur
Here is a screen shot of that. I have marked the mistakes

Posted in Hacking | Leave a Comment »
Posted by yadab das on July 14, 2009
i liked the article on BIOS attack :- http://searchsecurity.techtarget.com.au/articles/33210-BIOS-can-become-a-source-of-malware.
The author sited two examples/ mechanism to prevent such attacks:
1) Non-writable BIOS, well it was before, but not user freindly.
2) Trusted Platform Module. This based on cryptographic verification and very secure. But there is problem of certificate expiration of public key cryptography. With current standard a certificate can be valid upto 2-3 years max and you can’t throw your PC after that period if you do not update your certificate store. Now that becomes more or you can say very complicated process. Atleast not so user friendly.
Posted in Cryptography | Leave a Comment »
Posted by yadab das on April 8, 2009
There is a very good note on plugins and firefox setup. The problem occurs sometimes,
if you install a new JRE after your firefox installation on LInux. Here is the Link :
http://plugindoc.mozdev.org/linux.html
Hitghlighted the Java Plugin & Firefox
Install Java Runtime Environment.
Make a symbolic link to libjavaplugin_oji.so in your Mozilla Plugins directory.
Use the copy located in the plugin/i386/ns7 directory of JRE 5.0 or later, or plugin/i386/ns610-gcc32 if you are using JRE 1.4.2
Posted in General | Leave a Comment »
Posted by yadab das on January 17, 2009
It might be a good idea to add a firewall to each of your VMs to protect the whole system. The “Whole System” is of concern becuase one compromise VM can become a hacker’s playground and will be used it attack other VMs in it’s boundary. But there is an; LATENCY, software switches makes the latency more and the firewall (software) will add to it. The presentation from ALTOR networks looks promising for ALTOR VF.
Posted in Hacking, Information Security | 1 Comment »
Posted by yadab das on December 19, 2008
I am not a big fan of cartoon but i appreciate the work on Cartoon Cosmos. Realy thoughtfull and well presented. Good work Mr Sumanta Baruah.
Posted in General | Leave a Comment »
Posted by yadab das on December 12, 2008
I have been observing a quite simple but very interesting attack these days and that is based on the popularity of the Web Service. Though is it similar to this definition but it has a clear distintion from the previous one.
Consider about the enormou popular Web Servers like – yahoo, google, ….etc. Now consider about all the Developer, system testers, testers, network troubleshooter, network tester and so on…
What is the first thing you do when your server is not respondig? This what:
I am not claiming that this same to everyone of us but it is somewhat common. Now, immediate question will be; How to get rid of such attack? Ans: It is really great to have such honor.
Posted in Information Security | Leave a Comment »
Posted by yadab das on November 21, 2008
World Wide Web — ??? Some Buzz words
——————–
Semantic — Ontology
——————–
Internet –HTTP
———————
Communication Protocols – TCP/IP
========================
Come on it is too much !!! The length is increasing vertically on top same old infrastructure. I feel we need to stop and make some foundation changes..
http://schneider.blogspot.com/wwg.htm
http://tech.slashdot.org/article.pl?sid=08/11/19/2335219
http://schneider.blogspot.com/wwg.htm
Posted in SOA | Leave a Comment »
Posted by yadab das on November 13, 2008
I think this is a very interesting topic, I have just started to learn this, But as I am going through this I have found couple of links as well as documents which are really interesting. These articles talk about openssl, Hardware Security module, SSL Accelerator and information about provider companies
I will write about my findings, An how to do , Short cut of course. But let me look in to it more carefully. Thanks to Jad.
Posted in Cryptography, Information Security, OpenSSL, TLS/SSL | Tagged: HSM | Leave a Comment »
Posted by yadab das on August 30, 2008
I was not able to find any communication or message security related documents for Microsoft’s DSSP (Decentralized Software Services Protocol). The current DSS defines a fine grain application security model / access control mechanism to restrict service consumtion and it has been improved from the last MSRS 1.5 version.
As per I know (From the available documents on the Web), the current implementation of DSSP always uses SOAP as a message tunneling mechanism. That means either it may be binary TCP or HTTP, it is always SOAP. The following two diagrams helps to visualize the scenario.
Well, it uses SOAP and also defines the transport on top of HTTP or TCP. So, the security mechanisms comes to mind are HTTPS, WS-Security or if you do not want to touch the DSSP communication stack then it is IPsec.
Since MS defines DSSP for Robots or Control systems, so HTTPS may be the last choice as device with low resource are not well suited with https. As one of advantage of DSSP is to provide a decentralized and distributed system so WS-Security would be a very good choice since it provides end-to-end security instead point-to-point security like https.The following diagram shows the new stack with WS-Security.
In WS-Security, Message integrity is provided by XML Signature and Message confidentiality leverages XML Encryption. Both these techniques has numbers of advantages other than TLS or SSL or even IPsec style of Security. Also “Specifically, the WS-Security profile specifications describes how to encode Username Tokens, X.509 Tokens, SAML Tokens , REL Tokens and Kerberos Tokens as well as how to include opaque encrypted keys as a sample of different binary token types.“
So, if the security for the SOAP messages exchanged during DSSP service request and response are provided by WS-Security, it will be very strong as well as end-to-end security mechanism. The existing username/pasword security policy of DSS can be combined with WS-Security and also with WS-SecureConversation to have secure session. However attaching with Kerberos will be a better option as it guarantees better network security to overcome those entropy related attacks in username/password cases.
Posted in DSSP | Tagged: DSSP, Microsoft, Network, Robotics, Security | 1 Comment »