Information Security Help!!!
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
Hi Guys,
Take a look to this: see how much our security on stake
http://review.zdnet.com/4520-6033_16-4206694.html
Now comes to the solution:
http://www.qfxsoftware.com/
I would recommend everyone to use key scrambler personal at least
and My favorite is Korean Product name Hauri Live Call (not free)
http://www.globalhauri.com/product/viru ... tures.html
Companies are developing a keyboard and a monitor to prevent against keylogger and screen capture unknown Trojans. lets hope for the best
Thanks
Take a look to this: see how much our security on stake
http://review.zdnet.com/4520-6033_16-4206694.html
Now comes to the solution:
http://www.qfxsoftware.com/
I would recommend everyone to use key scrambler personal at least
and My favorite is Korean Product name Hauri Live Call (not free)
http://www.globalhauri.com/product/viru ... tures.html
Companies are developing a keyboard and a monitor to prevent against keylogger and screen capture unknown Trojans. lets hope for the best
Thanks
SecurityKID-ITdotCOM
Security Every Where! BUT where?
Security Every Where! BUT where?
does it...work on linux?securitykid wrote:Now comes to the solution:
http://www.qfxsoftware.com/
I would recommend everyone to use key scrambler personal at least
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Naik
- Posts: 70
- Joined: Sat Oct 20, 2007 5:18 am
Knowing this since last year when my friend from CIA USA let me know this fact about keylogger and even anti viruses will detect it. This is simply..... ..Take a look to this: see how much our security on stake
http://review.zdnet.com/4520-6033_16-4206694.html
Agree with you! like we say a good hacker can be a good defender of attacks!sameer666 wrote:keyloggers are good, but rootkits are much better way of logging. as rootkits are installed in ring zero.
in my humble opinion, basic knowledge of attacks should be discussed first, before digging into further.
yea that is true.x2oxen wrote:Agree with you! like we say a good hacker can be a good defender of attacks!sameer666 wrote:keyloggers are good, but rootkits are much better way of logging. as rootkits are installed in ring zero.
in my humble opinion, basic knowledge of attacks should be discussed first, before digging into further.
Novice at heart
-
- Naik
- Posts: 53
- Joined: Wed Jan 04, 2006 3:51 pm
- Location: Quetta, Pakistan
- Contact:
GMAIL PRIVACY ISSUES
Hello folks,
Its been a while i posted on LP but this thread got me motivated in posting something i have been silently observing & i believe this is a good platform to discuss and get to know how many others have observed or are victim to it.
Almost all of us have free email accounts hotmail, yahoo gmail yep we know em all very well. These services are free, but freedom at a cost of collecting our data trends and providing them to their sponsor marketing people is a high cost dont you think so?
Well using my gmail I mailed one of my university friends who told me something about him getting an HEC scholarship & while i was reading i looked up just above the mail main menu and there it was "Do you want UK scholarships/student visa?" this must be coincidence so i returned back to my mail box and now "For all scholarships in UK xxxx consultants"
Next in another mail a friend sent me his pub key and just as i opened it I see on top "www.cryptostudio openPGP solutions" I return to my inbox and another PGP add
Question: Which email should the community use? One which is free but at a strangely high privacy cost? or maybe this is pointing to project where we should all chipinn to create a service for ourselves to atleast mail with true FREEDOM & true PRIVACY as webster dictionary defines the word PRIVACY
Chao!
Its been a while i posted on LP but this thread got me motivated in posting something i have been silently observing & i believe this is a good platform to discuss and get to know how many others have observed or are victim to it.
Almost all of us have free email accounts hotmail, yahoo gmail yep we know em all very well. These services are free, but freedom at a cost of collecting our data trends and providing them to their sponsor marketing people is a high cost dont you think so?
Well using my gmail I mailed one of my university friends who told me something about him getting an HEC scholarship & while i was reading i looked up just above the mail main menu and there it was "Do you want UK scholarships/student visa?" this must be coincidence so i returned back to my mail box and now "For all scholarships in UK xxxx consultants"
Next in another mail a friend sent me his pub key and just as i opened it I see on top "www.cryptostudio openPGP solutions" I return to my inbox and another PGP add
Question: Which email should the community use? One which is free but at a strangely high privacy cost? or maybe this is pointing to project where we should all chipinn to create a service for ourselves to atleast mail with true FREEDOM & true PRIVACY as webster dictionary defines the word PRIVACY
Chao!
I think, therefore i am!
Re: GMAIL PRIVACY ISSUES
i don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.blackdaemon wrote:These services are free, but freedom at a cost of collecting our data trends and providing them to their sponsor marketing people is a high cost dont you think so?
it shouldn't be shocking. google even tells us what they do to get the ads on your pages: they have software to scan your email for ads. it's no different from the software they use to put ads on your pages if you use google adsense.Well using my gmail I mailed one of my university friends who told me something about him getting an HEC scholarship & while i was reading i looked up just above the mail main menu and there it was "Do you want UK scholarships/student visa?" this must be coincidence so i returned back to my mail box and now "For all scholarships in UK xxxx consultants"
what you want can't exist as a service. the main reason for that is governments all over the world have laws regarding the wiretapping of communication links (phone, fax, email, whatever). even if you were to provide a secure service, the minute someone using your system breaks the law, some police/government agency will come by and demand access to the email messages. in some cases, they'll just take your server(s) away -- and then they'll be able to read everyone's email.Question: Which email should the community use? One which is free but at a strangely high privacy cost? or maybe this is pointing to project where we should all chipinn to create a service for ourselves to atleast mail with true FREEDOM & true PRIVACY as webster dictionary defines the word PRIVACY
you could be clever and set up something that automatically encrypts email and everything else on the server (see this book) -- but that won't help you when you actually send or receive email: a lot of mail servers out there do not use tls over smtp, or ssl'd pop3/imap. the authorities can just put a traffic sniffer between your servers and the internet; there goes your security!
so, what do i think is the solution here? don't use email. use some sort of peer-to-peer system for communication that encrypts all links. it will need a storage network to queue up your "messages" if the remote user/host you're trying to communicate with is down (it won't be a p2p file sharing system, it'll be a p2p file storage system). the stored messages will, of course, be encrypted. for ease of use, it can either have a web frontend (sort of like webmail) or smtp and pop/imap front-ends for easy integration with existing email applications.
there is such a system out there -- epostmail -- but last i tried, it didn't work properly. anyway, even if you could get something like that to work, most people in pakistan don't have dsl, or computers on 24x7, so they can't really use such a system efficiently. you'll need a set of servers somewhere to queue up messages for people who are offline, and that leads us back to the problem of them being shut down by the authorities: they may not be able to read your email, but they'll be able to disable communication on the network.
for now, we'll ignore the fact that simply using encryption is illegal in some countries, maybe even in pakistan (see this and this).
it's "ciao".Chao!
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Naik
- Posts: 53
- Joined: Wed Jan 04, 2006 3:51 pm
- Location: Quetta, Pakistan
- Contact:
ah, lambda always with rigid beliefs and correcting folks like a nice auto-corrector in any word editor.
Lamba said:
1. I don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.
Then said:
2. it shouldn't be shocking. google even tells us what they do to get the ads on your pages: they have software to scan your email for ads. it's no different from the software they use to put ads on your pages if you use google adsense.
Im curious does this make gmail any better or diff from rest?
I achieved my objectives of pointing out what i experienced, with the community.
Seniors should always be respected so hats off to lamda, & im glad that to some point you have agreed for need of privacy in mail. though methods might be lil unorthodox. Yes totally agree with the sniffer thing thats why they say no sys is 100% secure. but implementing a sniffer on a gigabit node to sniff a laymans traffic like mine is ridiculous & folks implementing sniffers will be implementing them for a whole different reason other than giving to marketing people.
Point is:
Why not encrypt and sign email messages with keys and then send over the internet, easy, cost-effective, whole pub/priv key concept can be understood in 100-300 words
maybe less
So, a productive debate. kool oh i mean cool
Thanks for the correction once again but i like writting ciao as chao. live with it
Ciao! for bro lamda
&
Chao! for the community
I think, therefore i am!
i'm not concerned about whether their behavior is better or different. i'm simply pointing out that it's normal for them -- not something shocking or surprising in any way.blackdaemon wrote:Im curious does this make gmail any better or diff from rest?
marketing people? why do you care about marketing people? they're the least of your concerns, if you're interested in private email conversations.Yes totally agree with the sniffer thing thats why they say no sys is 100% secure. but implementing a sniffer on a gigabit node to sniff a laymans traffic like mine is ridiculous & folks implementing sniffers will be implementing them for a whole different reason other than giving to marketing people.
you underestimate contemporary computer hardware. people can buy off-the-shelf packet sniffers or packet sniffer sdks (some even optimized for email traffic) that will handle 10 gigabit links (you can even find free ones for linux). the commercial ones for windows cost less than $500. still think it's ridiculous?
besides, no one needs to implement it on a gigabit node. you have a very small pipe to the internet (your link to your isp -- dialup, dsl, cable, or wireless). if you use wireless, dsl or a proper cable network (like worldcall), then they have multiple internal networks that can be separately tapped into. and lastly, your isp likely has a relatively small pipe to the internet -- 8, 20, 45 mbit, something like that. the ethernet hardware on your desktop can happily sniff more than twice that much traffic -- 100mbit, or even 1 gigabit.
in over fourteen years of using pgp, i've probably had fewer than 30 encrypted email conversations. i can't even remember the last time i received an encrypted email message. it's just too much work to set up and use pgp with most mailers, so that rules out lazy people (ie, most of us). also, most people simply don't care to use encryption, even when they have pgp installed and set up -- they're not concerned that someone will read their messages. in other words, you can show them this cool technology, but how can you convince them to use it?Why not encrypt and sign email messages with keys and then send over the internet, easy, cost-effective, whole pub/priv key concept can be understood in 100-300 words
as i understand the problem, the only way you'll get your privacy is by making all the security transparent. if the user has to as much as click on a button or link before activating encryption or whatever, they won't do it.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Naik
- Posts: 53
- Joined: Wed Jan 04, 2006 3:51 pm
- Location: Quetta, Pakistan
- Contact:
There you go, thats what i wanted the community to think about
lamda said:
"in over fourteen years of using pgp, i've probably had fewer than 30 encrypted email conversations. i can't even remember the last time i received an encrypted email message. it's just too much work to set up and use pgp with most mailers, so that rules out lazy people (ie, most of us). also, most people simply don't care to use encryption, even when they have pgp installed and set up -- they're not concerned that someone will read their messages. in other words, you can show them this cool technology, but how can you convince them to use it?"
You and me might be knowing & using pgp since years infact i admit ure experience of 14 yrz is waaayyyy more than my 2-3 yrs of it but i got aware and started using it. Setup aint that big a deal these days, especially with smart mail clients having nifty plugins that do wonders. Its all about making the masses aware, convincing is a whole different story. for now lets just do the GEO/ARY strategy of making folks aware of what the more experience have experienced
At times like these i always remember one of my teachers saying that "One person's common sense is the other persons non sense". & thats exactly what i saw i developed a common sense about something and posted it here and realized many didnt know, but some were not at all impressed. but im sure the later are in very few numbers maybe only one
Cheerz!
lamda said:
"in over fourteen years of using pgp, i've probably had fewer than 30 encrypted email conversations. i can't even remember the last time i received an encrypted email message. it's just too much work to set up and use pgp with most mailers, so that rules out lazy people (ie, most of us). also, most people simply don't care to use encryption, even when they have pgp installed and set up -- they're not concerned that someone will read their messages. in other words, you can show them this cool technology, but how can you convince them to use it?"
You and me might be knowing & using pgp since years infact i admit ure experience of 14 yrz is waaayyyy more than my 2-3 yrs of it but i got aware and started using it. Setup aint that big a deal these days, especially with smart mail clients having nifty plugins that do wonders. Its all about making the masses aware, convincing is a whole different story. for now lets just do the GEO/ARY strategy of making folks aware of what the more experience have experienced
At times like these i always remember one of my teachers saying that "One person's common sense is the other persons non sense". & thats exactly what i saw i developed a common sense about something and posted it here and realized many didnt know, but some were not at all impressed. but im sure the later are in very few numbers maybe only one
Cheerz!
I think, therefore i am!
lamda said:
"in over fourteen years of using pgp
Lamba said:
1. I don't know about yahoo or hotmail, but gmail doesn't provide your personal information to advertisers.
Then said:
heyyyy come on guyssss its lambda not lamba or lamda is it too hard to to spell it?? lookCiao! for bro lamda
&
Chao! for the community
L
A
M
B
D
A
see so simple! So dont mispell him he deserve more respect than this ain't he?? He must be minding that ain't you lamba?
AOA,
Dear All my Very Experienced Big Brothers
While i was surfing google for a way to hack WEBMIN, or to find exploits regarding WEBMIN, i came across a web that has many exploits regarding many APPs on different PLATFORM's Like
Linux
Windows
BSD
SOLARIS
So thought that this might be very usefull for all SENIOR guyz here at LP, as i am not in to this exploit thing.
http://www.blacksheepnetworks.com/security/hack/
This link has many hacks and exploints.
Dear All my Very Experienced Big Brothers
While i was surfing google for a way to hack WEBMIN, or to find exploits regarding WEBMIN, i came across a web that has many exploits regarding many APPs on different PLATFORM's Like
Linux
Windows
BSD
SOLARIS
So thought that this might be very usefull for all SENIOR guyz here at LP, as i am not in to this exploit thing.
http://www.blacksheepnetworks.com/security/hack/
This link has many hacks and exploints.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com