Sunday, July 15, 2012

Free Online File Converter


Do you need to convert a file (e.g. picture, video, music, eBook, archive, document etc.) into a different format?  There is a site called Online-Convert that provides a fast easy way to convert several different file formats, without installing extra software.


Website Link: http://www.online-convert.com/

Tuesday, July 10, 2012


Fast and Free Public DNS Servers


The DNS protocol is an important part of the web's infrastructure, serving as the Internet's phone book: every time you visit a website, your computer performs a DNS lookup.

Here is a list of fast and free public DNS servers. By using these fast and free public DNS you can:

  • Speed up your browsing experience.
  • Improve your security.


Free Public DNS Servers:


Google Public DNS

  • 8.8.8.8
  • 8.8.4.4


OpenDNS free DNS server list:

  • 208.67.222.222
  • 208.67.220.220


DNSadvantage free DNS server list:

  • 156.154.70.1
  • 156.154.71.1


Public Name server IP address:

  • 209.244.0.3
  • 209.244.0.4


Scrubit public DNS server address:

  • 67.138.54.100
  • 207.225.209.66

Sunday, July 8, 2012

Website, Web Server & Server Monitoring : SMS/Email Notification


This system can notify you via SMS or Email whenever your website or server is in trouble. A notification contains the name of the website or server, current status, time of incident in your local timezone and relevant error message.


An example of notification looks like below 



Subject: My Business Website is DOWN
To: you@yourcompany.com
My Business Website
DOWN at Feb 27 2005 03:55 AM (US/Eastern)
Err: cannot connect to port 80



Website Link: http://monitoring.seven49.net/en/notification.php

Saturday, July 7, 2012


Invisible Secrets 4: Steganography Tool

Hide Files

1.  Download this file invsecr-trail (3202KB).
2.  Have a JPEG image and a WAV file ready for use.
3.  Install the invsecr-trail file. Accept the terms outlined. The following screen should   display


4.  Select Hide files and then click add files; select the WAV file click open
5.  Click next and select the carrier file JPEG, click next
6.  Set the encryption setting password e.g.123, confirm the password type 123
7.  Click next and enter the destination (or) target file name e.g.1234
8.  Click hide, click next and click finish.

Unhide Files

1.  Click unhide files and select carrier file, click next enter the decryption password
2.  Enter the destination file name e.g.12345, click unhide and click finish.

Friday, July 6, 2012

Malware Analysis : HijackThis

This tool will scan your pc and generate a log file of registry and file settings. It will provide the ability to remove any unwanted stuff.


Usage:
Open the program
  • Click à Do a system scan only. When the scan is done
  • Click à Save log and save the log file to the same folder HijackThis is in.

Please do not check or fix anything. Open the log file with notepad or similar text editor. Compare with log file and other reports also, after you will fix anything.  

Thursday, July 5, 2012


Mobile Visual Search (MVS): QR Alternative 


Mobile visual search (MVS), you simply point at a product or logo and shoot a picture with your smartphone’s built-in camera. Within seconds, the MVS application will provide product or company information, or even the option to make a purchase right then and there on your mobile device.


MVS is a far more compelling and interactive tool to enable mobile marketing and commerce. In today’s increasingly mobile world, instant gratification is the norm, and taking the extra step of finding a QR code scanner on your mobile device no longer makes sense. With MVS, you are interacting with images that are familiar and desirable, not a square of code that elicits no reaction.

The world has already started to migrate to MVS. For example, companies in Argentina and South Korea currently allow commuters waiting for subways or buses to view images of groceries or office supplies. Embedded within these images are recognitions triggers: Smartphone users place and pay for an order to be delivered or picked up within minutes.

Also, MVS can cash in on word-of-mouth marketing. Marketers will seamlessly link their campaigns to social networks so consumers can share photos and rewards, such as vouchers, coupons or music downloads, with their friends and followers.

QR Code Security Risks


In addition to being a more versatile medium, mobile visual search is also more secure than QR code technology. Cybercriminals are able to cloak smartphone QR code attacks due to the nature of the technology QR codes’ entire purpose is to store data within the code. There is no way to know where that code is going to take you: a legitimate website, infected site, malicious app or a phishing site. MVS’s encryption modality will eliminate the opportunity for malicious code to download to your smartphone.

Recently, there have been documented cases of QR code misuse and abuse around the globe. For instance, infected QR codes can download an app that embeds a hidden SMS texting charge in your monthly cellphone bill. QR codes can also be used to gain full access to a smartphone — Internet access, camera, GPS, read/write local storage and contact data. All of the data from a smartphone can be downloaded and stolen, putting the user at risk for identity theft — without the user noticing.

Mobile visual search is a safer and more secure technology that can provide more information and content than a QR code, without as many security risks. By focusing on real-world objects and images rather than code, MVS lessens the risk of a virus or Trojan attack.




Wednesday, July 4, 2012


QR CODE ATTACKS AND SECURITY SOLUTIONS

In September 2011, Kaspersky Lab detected a first-of-its-kind malicious QR code. The attack method used in the QR code was that when a user scans the code he is directed towards a website and then a malicious file downloads in the user’s device without the knowledge of the user. Till now, this is the only method of attack known about malicious QR codes. They detected several malicious websites containing QR codes for mobile apps (e.g. Jimm and Opera Mini) which included a Trojan capable of sending text messages to premium-rate short numbers.

SECURITY SOLUTIONS

  • QR codes are tricky because you cannot weed out the bad from the good by simply looking at the code. Because the vulnerability is practically part of the design, consider downloading an app on your phone which provides a preview to each code before it opens a webpage (eg: I-nigma) reader. This way, you will have right to refuse the QR code is corrupted.
  • Scan a code and get directed to a login form, always remember never to fill it in for it may be a trap used by criminals to get access to personal information. Legitimate QR codes never ask for personal info.
  • Include signage telling the user what the code does. Otherwise the user has no way of knowing if the code should point to a URL, phone number, or SMS.
  • Print the URL near to the code. This way if the code is hijacked and pointed to http://evilsite.xxx/ the user can see they're not visiting the correct site.
  • Include https in the URL. Get users used to checking for https before they interact with you.
  • If possible, use a short domain. Not only will it reduce the size of the QR code, it will give your users confidence if they can see the full domain in their phone's URL bar.
  • Don't ask a user to get their credit card out on a busy street. Use a mobile payment solution which charges to the user's phone bill or deducts it from their credit.
  • Every time you put out a QR Code in a public area, you should know where it is. If a code is on a billboard, on a storefront, or anywhere else it can be accessed by the public, it could be at risk. But you’ll know your code is working correctly when you see “normal” traffic through it. If the traffic suddenly stops, check up to make sure that the code is still there and hasn’t been tampered with.
  • Distinctive, branded QR Codes with special colors or other design features are far more likely to get attention, so you should be using them anyway. But what’s more, it’ll help people to know that they’re dealing with a legitimate link to your brand and not a counterfeit code. It’ll be much more difficult for a hacker to simulate a highly designed and colorful code than a plain one.

Monday, July 2, 2012


QR CODES


Bar codes have become widely popular because of their reading speed, accuracy, and superior functionality characteristics and their convenience universally recognized, the market began to call for codes capable of storing more information, more character types, and that could be printed in a smaller space. As a result, various efforts were made to increase the amount of information stored by bar codes, such as increasing the number of bar code digits or layout multiple bar codes. However, these improvements also caused problems such as enlarging the bar code area, complicating reading operations, and increasing printing cost. 2D Code emerged in response to these needs and problems.


QR Code is a kind of 2-D (two-dimensional) symbology developed by Denso Wave the primary aim of being a symbol that is easily interpreted by scanner equipment.


QR Code (2D Code) contains information in both the vertical and horizontal directions, whereas a bar code contains data in one direction only. QR Code holds a considerably greater volume of information than a bar code.

QR codes data types


QR codes can contain many different types of information. Different app readers on Smartphone are able to act and read this data. Think of it as an alternative way of getting data into your phone (as opposed to typing it in manually). Here are some of the possibilities.


  • Contact information: QR codes can contain contact information so someone can easily scan a QR code, view your contact details, and add you on their phone. You can input your name, phone number, e-mail, address, website, memo, and more.
  • Calendar event: If you have an event you want to promote, you can create a QR code containing info for that event. QR codes containing event info can contain event title, start and end date/time, time zone, location, and description. This could work well on an event flyer or possibly even on a website promoting.
  • E-mail address: A QR code can contain your e-mail address so someone can scan the code, see your e-mail, and then open an e-mail on their phones. If your call to action is mostly to have someone e-mail you, this would be great.
  • Phone number: Maybe e-mail isn't immediate enough and you want someone to call. Link them up to a phone number.
  • Geo location: If you have an event you want to promote, you might want to stick a QR code linking someone to a Google Maps location. This will allow someone to scan your QR code and get directions so they don't have to manually type in an address. Although some may prefer to type it in, it doesn't hurt to give them another option.
  • SMS: QR codes can populate a text message with a number and message. You can have your QR code send you a text saying "Tell me more about XYZ," for instance.
  • Text: You can also just have a sentence or a paragraph of text. This could be fun for having some type of QR code based game where you can leave hints in QR codes.
  • Wifi network: Do you hate telling someone a long WEP wireless key that's a pain to type out on a mobile phone? Set it up so someone can scan a QR code and automatically configure wifi on their phones.
  • URL: The possibilities of encoding URL into barcode are endless. You can use a link that takes someone to your Facebook fan page, LinkedIn or Twitter profile. You can also link someone to a YouTube video. Check in to some place via check in link. Encoding android market or iPhone app store link allows promoting and downloading you mobile application anywhere. Or maybe you want someone to pay for something via PayPal.





Automated IPv6 Configuration


Due to the huge growth of the internet users, mobile users using internet connection makes development and implementation of IPv6 as an alternate solution. IPv6 is a long anticipated upgrade to the internet’s main communication protocol, which is called IPv4. The current address space provided by IPv4, with only4, 294, 967, 296 addresses. Nowadays IPv6 tunneling over IPv4 are widely used to form the global IPv6 Internet. The IPv6 128-bit address scheme it should provide enough addresses for everyone’s computer. Tunneling provides a path to use an existing IPv4 to IPv6. This paper describes typical IPv6 tunneling and tunnel broker’s deployment in real IP networks. In the deployment of IPv6, it is a well adopted practice that IPv6 networks are interconnected via IPv6 over IPv4 (IPv6/IPv4) tunnels.


TUNNEL BROKERS

There are a variety of tunnel brokers that provide their own implementations based on different business goals. For example, one tunnel broker product on the market is called gogo server (formerly Gateway6).It’s free client utility tunnel broker.

1. GOGO CLIENT IPv6 CONNECTIVITY


Go to http://gogo6.com/. At the upper right of the page, click "Freenet6". On the next page, click Sign Up. Fill in the form to create an account. You will have to read your email and click a link to verify your account, and also fill out a profile form. Go to http://gogo6.com/ and, at the top of the page, click "Freenet6". Your name should appear at the upper right of the page Freenet has recorded your ID with a cookie. In the "Freenet Services" section, click the Download button. The next page offers several versions to download. Download the "gogoCLIENT - Basic version" and install it with the default options. Now you need to create a Freenet6 Tunnel account. In your browser, on the "Download" page, at the top, click the "Freenet6" link. Scroll down to the "Freenet6" section and click the "Learn more" link, as shown below on this page.





On the next page, scroll down to the "Getting started" section, and click the "here" link, as shown below on this page. Fill out the form to get a Freenet6 account.





When the gogoCLIENT is installed and running, click the "Advanced" tab, and select a "Tunnel Mode" of "IPv6-in-UDP-IPv4 Tunnel (NAT Traversal)" as shown below on this page. Click "Apply".





In the gogoCLIENT window, click the "Basic" tab. Change the "Server Address" to authenticated.freenet6.net. In the middle of the window, click the "Connect Using the Following Credentials" button. Enter your Freenet6 username and password. Click the "Connect" button. A box will pop up asking "Save changes before connecting?” Click Save.

Click the "Status" tab. When it connects, you should see a long IPv6 "Local Endpoint Address", as shown below on this page. If you cannot connect, you may have to adjust your router or firewall to allow UDP port 3653.


Effectively, you load on a driver on your client system, and you establish a tunnel from your system, through the Tunnel Broker’s network to access servers and services, things like http://ipv6.google.com  over IPv6.


For the individual or small business that doesn’t want to setup its own DirectAccess server and relay or routing setup, the Tunnel Broker can drastically simplify the process. Say for example you want to access the latest IPv6 Facebook site from your home office, but your DSL provider doesn’t have IPv6 support yet and your company hasn’t setup IPv6 routing on their end, you can simply download the Tunnel Broker drivers, install them on your home system, and within about 10 minutes, your home system is now configured using IPv6 to Facebook’s IPv6 site.

2. HURRICANE ELECTRIC IPv6 CONNECTIVITY


This is also one of the free IPv6 tunnel broker. Go to http://tunnelbroker.net. At the left corner of the page, click register. On the next page fill the form to create an account. Your new login username and password will be sent to your registered email address. After login the user account click “Create regular tunnel” IPv4 endpoint enter your viewing IP, select anyone server closest to you? Click Submit. On the next page will show tunnel detail. 


Now establish a tunnel from your system, through the Tunnel Broker’s network to access servers and services, things like http://ipv6.ericsson.com




Sunday, July 1, 2012


FIND LOCATIONS: MALWARE


Almost all malware will install in similar directories in order to execute and propagate throughout a victim’s computer. These are some of the more common directories in which malware will install itself on Microsoft Windows (multiple versions)

  • ApplicationData%\Microsoft\
  • %System%\[FileName].dll
  • %Program Files%\Internet Explorer\[ FileName].dll
  • %Program Files%\Movie Maker\[ FileName].dll
  • %All Users Application Data%\[ FileName].dll
  • %Temp%\[ FileName].dll
  • %System%\[ FileName].tmp
  • %Temp%\[ FileName].tmp

Affecting Processes of all malware will attempt to hook system and user processes in order to operate behind the scenes and also attempt to prevent the victim from quickly identifying its activity. These are typical system and user processes affected by malware found.

  • explorer.exe
  • services.exe
  • svchost.exe


This is will attempt to disable operating system features in order to continue to execute and propagate.

  • Windows Automatic Update Service (wuauserv)
  • Background Intelligent Transfer Service (BITS)
  • Windows Security Center Service (wscsvc)
  • Windows Defender Service (WinDefend)
  • Error Reporting Service (ERSvc)
  • Windows Error Reporting Service (WerSvc)


Here are some of most common Registry locations where malware will install itself on a victim’s computer in order to execute and propagate.

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\