Sunday, April 18, 2010

How to Stay safe on public Wi-Fi

Blog moved. I have a new home now at Do update your bookmarks :)

I have found an interesting article about staying safe on public wifi, so thought putting some points of my own. You can read the article here.

What are the safety concerns associated with public Wifi?
         Public Wi-Fi networks will be mostly un-encrypted, which means anyone with a wireless card and a laptop will be able to see the pages you are visiting, you emails etc.People hesitate to turn on the encryption on a public network inorder to avoid the hassle of key management.Every encyptd network needs a key( like a password) for decypting the traffic, how do you share the key among the users, say in an airport where people come and go very fast. Thats not the case in your home network where you once setup the network, set the passkey and tell all of your family members.
         Even if the network in encrypted, still all the people in the network will be able to see the traffic you are generating. Yet another problem ( its not exactly with public wifi, but with windows wifi implementation) is that if a default access point is set in your XP machine, it will automatically try to connect that SSID. If it didn't find such a AP, it will create an ad-hoc network with that particular SSID. An attacker can listen for the broadcast signals from your machine for the SSID and can create a fake wireless network with that SSID, allowing them to connect to your PC.
So some one else can see my traffic, whats the big deal??
         Well, eavesdropping in the traffic won't do any harm if you are using the net for only, say seeing the cricket score or checking the weather or any other activity which does not require a login or some other kind of authentication. If you are checking mails, or logging into a social networking site, then there is a chance that your password might get compromised, as your login information will be send over the network which could be read by an attacker.Most site has an option to use SSL(Secure Sockets Layer ) to protect its users from such attacks.But most of them may not use this by default( use of SSL can be recognized by looking at the URL, SSL uses https:// instead of the normal http:// )
or some even donot have such an option!!!. 
        Another problem is the usage of email clients like Microsoft outlook or Thunderbird. These softwares will not use any encryption for mail transfer, which basically means if you use you laptop in a public wifi to dowload your work mail using Outlook, its almost like printing the mails and giving it all the people around you!!.

What are the precautions that can be taken??
       Whenever possible try not to use a public wifi, especially for financial transactions or offcial purpose. The best thing to do is to switch off your wireless card when in a public place.Even if you are not using the network, malicious softwares can still sneak in, if your system is just connected to the network, through the bugs in your installed softwares using what is know as remote exploits.
       It may not be always possible to stay away, especially if you have to kill hours or have to send some urgent mails etc. You can do the following things to keep you secure as much as possible.
  •        Keep your softwares and OS up to date, that means windows updates as well.If you are having a pirated OS, your are in trouble. Either buy an original version or switch to a linux flavor.
  •        Install and keep  updating  an antivirus and firewall software
  •        Always use SSL ( URLs  beginning with https:// ) for the whole session,by default most sites protect its login pages with SSL, but not after that, you are still at risk as some one can steel your authentication tokens send with each request or read your mails.( Its worth mentioning that gmail now by default uses SSL for all the communications.).How to do that, use https:// always. For example instead of going to goto
  •      Never open Outlook while in a public wifi, as it will automatically download the mails through an unencrypted channel. Always use the webmail, as most of the standard installations protect all the communication with SSL by default.
  •      If you have VPN access to your company network, use it. It will not only protect your mail transactions,also it will protect your all other traffic. If you are using VPN, then it will be OK to use Outlook, since the communication will be happening over the encrypted VPN tunnel.In fact if you are under a VPN, you are protected from most the above described threats.  
  •    Never use a website that does not offer SSL for during any serious transactions. A good example will IRCTC website. They donot offer any SSL. So its best NOT to use it while on a public Wifi.

Tuesday, April 6, 2010

"Shadows in the cloud" - Is indian defence secrets are at risk?

Blog moved. I have a new home now at Do update your bookmarks :)
The recent news in the Indian media about Indian defense documents being stolen by Chinese hackers is a pretty disturbing one. The news is based upon the research report published by the Information Warfare Monitor and Shadowserver Foundation, titled "SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0". You can read the actual report here

The most interesting observation from this report is the shift in the focus and the nature of the attackers, the face of attackers are changing from lonely kids in their parents basements trying to impress their friends to well knowledgeable professional doing organized crimes for financial benefits. There has been incidents in the recent times that even state actors are promoting hacking for there own profit.

The research is started on the lines of earlier research works done, which revealed that computers of His Holiness Dalai lama was compromised along with that of several others to form a eave dropping network that they called 'GhostNet'. The findings given in the report is shocking as far as Indian Computer Security is concerned. There has been clear evidence that, its a cleverly plotted one tailored to compromise Indian defense systems and to steal sensitive data.

It has been confirmed by them that the malware used in these attacks have uploaded a number of documents from the compromised systems to few Central servers controlled by the attackers.They were able to recover documents( mainly in pdf ) from one of these control servers, few of them are marked SECRET, CONFIDENTIAL etc.The recovered documents also include 1,500 letters sent from the Dalai Lama’s office between January and November 2009. The profile of documents recovered suggests that the attackers targeted specific systems and profiles of users.

Compromised systems includes that of National Security Council Secretariat India, Diplomatic Missions ( Indian Embassys ), Institute for Defence Studies and Analysis,
Defence-oriented publications like FORCE and United Nations. From the nature of the targets selected, it is clear that the attack was indeed intended to collect intelligence on India military and related organizations.

Researchers identify the attackers to hail from PRC.Evidence of links between the Shadow network and two individuals living in Chengdu, PRC to the underground hacking community in the PRC. Though there are no evidence to suggest a tie between the hackers and PLA, considering the mode of operations of PLA and the patriotic hacking activities in PRC, there is a high probability that the documents that were siphoned from the compromised systems can end up in with PLA.

They were not able to clearly identify the exact method used by the attackers to infect the target machines, but the evidence suggested that exploits are used against PDF and MS office files which will install a trojan leading to first level infection. Attackers have used a well know services like google groups and twitter to control the infected systems.This attack is the latest example of using trusted sites for malicious purpose in order to circumvent easy detection.

It can be concluded that this incident should not be seen as an isolated one, but should seen in connection with previous attacks. The underground hacking community has become a well organized crime unit. In order to combat the terror mutual co operation between various governmental/non-govt agencies and even between counties are required.

Viruses Simplified

Blog moved. I have a new home now at Do update your bookmarks :)
3 types of "viruses" demystified

In the anti-malware business we often quibble over details the general public does not care about. To us these differences are important, though, as classifying a piece of malware helps us define and understand its nature and helps those of us stuck with detecting or cleaning up an infection.

Many people, especially journalists and Mac users, try to use their understanding of these terms to defend their poor choices in security practices. I thought it might be a good time for a little review over the Easter weekend to explain the differences between these types of malware, and unblur the lines between them.

Read the rest of the story...