Cyber Law Asia

The state of cyber crime awareness amongst the law enforcement agencies

noreply@blogger.com (Shoeb Hakim) — Fri, 31 Jul 2009 08:00:26 PDT

Reference : http://www.expresscomputeronline.com/20090803/market01.shtml

In an instance of a cyber crime investigation in India, a police officer was asked to seize the computer of the hacker. What he brought from the hacker’s premise was his monitor. In another similar instance, the police officials seized the memory and the CD-ROM drive of a hacker’s computer instead of taking out the hard disk.

If that doesn’t explain the state of cyber crime awareness amongst the law enforcement agencies, try reporting a cyber crime and most likely you will never think of contacting the police again for such an instance.

Today’s cyber attacks are not undertaken by amateur hackers who create viruses or malware to prove their worth or to showcase the vulnerabilities of government systems. There is a new economy emerging around cyber crime, which is sophisticated and organized.

In its Cybercrime Intelligence Report of 2009, Finjan shows the operations of the Golden Cash network consisting of an entire trading platform of malware-infested PCs. The trading platform utilizes all necessary components (buyer side, seller side, attack toolkit, and distribution via “partners”). This advanced trading platform marks a new milestone in the evolution of cyber crime.

By turning compromised PCs from a one-time source of profit into a digital asset that can be bought and sold again and again, cybercriminals are maximizing their illegal gains.

Another report from Symantec on the ‘Underground Economy’, highlights the kind of money these cyber criminals make. According to the report, Script (a well-known figure in the underground economy) and his associates were known for mass-producing counterfeit credit and debit cards, which they delivered internationally and used to withdraw cash.

This was so efficient that, at one point, those working with Script were reportedly earning up to $100,000 a day—significantly more than estimates of earnings on US-based forums. Script was arrested by Russian authorities in 2005.

Trends in cyber crime
The last few weeks have seen cyber attacks being carried out on many countries. Just a couple of weeks ago, it was reported that a widespread and unusual computer attack was launched on Web sites of several government agencies in the United States, including some that are responsible for fighting cyber crime as well.

In addition to this the last few days saw the Web sites of major South Korean government agencies, banks and Internet sites being paralyzed in a suspected cyber attack as well.

Analysts at Symantec pointed out that many of these attacks were offline. Vishal Dhupar, MD, Symantec India said, “We observed a number of malware components that were responsible for the attacks. W32.Dozer, Trojan.Dozer, W32.Mydoom.A@mm and W32.Mytob!gen work in tandem to both spread and attack.”

All these components of the attack are basically pieces of old malware code, which were bolted together to launch the attack. If these highly unsophisticated attacks were able to create such havoc, imagine what would happen if more sophisticated and better-coordinated attacks occur!

Yuval Ben-Itzhak, CTO of Finjan, opined, “The primary trend that we see is that hackers are using automatic tools to conduct crime. These automatic tools (toolkits) enable any person with some basic IT skills to start infecting online users with data-stealing malware within hours. Data stealing malware is what these criminals are using to cash out from their activities. They are selling the data they managed to steal online.”

Dr. Jose Nazario, Manager of Security Research, Arbor Networks, Inc. added, “We have seen, just like in physical criminal world, criminals who specialize in different things, criminals who burglar houses, criminals who buy and sell stolen property, there are conmen online too. This kind of specialization has existed in the physical world for thousands of years. Now it has appeared in the online world as well. So you have division of labor, and specialization in the online crime world.”

Dr. Nazario said, “If you are able to do a complete investigation of all the various actors involved in online crime such as DDoS attacks, economic espionage, or financial fraud, there would be many different parties who are enablers at different points in the process just as the people who are enablers of a crime in the physical world.

Long-standing physical crime organizations have moved heavily into online crime as it is extremely lucrative when compared to similar efforts in the physical world and the risk of being caught is lower. Victims can be global as opposed to local in the physical world. So the vast majority of online crime today is organized crime and a big proportion of it is being committed by traditional organized criminals.”

Indian criminals learn the ropes
There are many small groups of cyber criminals in India. We have not yet seen the emergence of a cyber crime mafia. However, most small-organized groups are located either in big cities or in small towns. This phenomenon hasn’t percolated to the countryside yet.

Most of these initially began as amateur activities and after tasting success, they went ahead with other cyber criminal activities. In the metros, and in the B class cities, we have seen the emergence of data brokers or data merchants who source data from people working with offshoring or outsourcing companies like the BPOs, KPOs and LPOs. Then these brokers go ahead and process the data before selling it. This is rampant.

Pavan Duggal, Advocate, Supreme Court of India and a noted cyber lawyer, said, “Cyber crime in India is going through a learning curve of maturity. Gone are the days when Indians would indulge in petty cyber crime activities such as defacing profiles or cyber stalking. What is emerging is a professional approach towards cyber crime.”

Cyber terrorism is another challenge in India. Ankit Fadia, an independent computer security and digital intelligence consultant, who is also a cyber terrorism expert, said, “During the investigations after the Mumbai attacks it was found that the terrorists were using VoIP to do all of their planning and communications. Before the Gujarat blasts, an e-mail was sent to a few news agencies in Mumbai. Both Gujarat and Mumbai police were inadequately equipped to track who sent the e-mail etc. I was working with the Gujarat police and the Navi Mumbai cyber cell department on both of these cases and after talking to them, I realized that they weren’t properly trained.

They asked me for tools and software that are basically downloadable from the Internet and that every hacker would know about. Together with my help and that of some other security consultants, we were able to track down the e-mail but then the problem was that the e-mail was sent from a Yahoo e-mail account and when the Mumbai cyber cell and ATS contacted Yahoo, it took about four-five days for Yahoo to get back on this as they needed approvals from their US office. This is too long a time when you are working on such a critical case.”

Indian Web sites are being hacked all the time just to demonstrate the vulnerabilities of these sites. Now with cyber terrorism coming in, although cyber terrorism has been termed a heinous offence with life imprisonment as the penalty, Duggal felt that many mechanisms needed to evolve pertaining to investigation and prosecution in cyber terrorism cases. It would be far better if India had a dedicated cyber crime force. Further, cyber crime related matters have to be given a fast track court rather than go to trial, a process that drags on for years.

According to Mikko Hypponen, Chief Research Officer, F-Secure Corporation, “India is not a major source of malware or cyber crime. However, it is a major target of such crime—mostly because of its size and emphasis on high tech. In the early days of computer viruses, India used to be a big source of viruses. That was the days of hobbyist virus writers. Nowadays, the large-scale organized criminal malware attacks are coming from Russia, China and Brazil.”

That said, cyber crime is not local; it is international. The criminals are in country A, stealing money from victims in countries B, C and D through computers in countries E, F and G. In order to get the criminal arrested and sentenced, you need cooperation from the law enforcement authorities in all of these countries. That doesn’t happen as smoothly as it should.

Call for Internetpol
The Internet has no borders and online crime is almost always international, yet local police authorities often have limited resources for investigations. According to Hypponen, we should consider the creation of an online version of Interpol – ‘Internetpol’ that is specifically tasked with targeting and investigating the top of the crimeware food chain.

“I’m not holding my breath waiting for this to happen overnight. In my talks with international law enforcement, everybody agrees we need more info sharing and more co-operation. However, getting all the necessary countries on board will be hard. Then we have to take into account the possible resistance from people who think such a ‘Net police’ would be used to curb free speech or hunt peer-to-peer users when what we would really be after would be catching online criminal gangs,” Hypponen said.

According to Fadia, “An organization like an Internetpol, which is an international body that operates on a cross-border investigation, is really required. The problem that every country faces today, is that even if you get trained officials to do the investigations for a cyber crime case, if the criminal is in another country, even if the agencies have all the proof, for them to be able to contact the local police agencies in the other country to even arrest the person is nearly impossible. No international agencies like the UN or the Interpol for Internet security currently exist. Every country wants to protect their own citizens, they would never cooperate in such an investigation.”

The IT Act 2008
In order to curb cyber crime and protect the country’s sovereign interests, the government has come up with the amended IT Act 2008. Duggal believed that while the amended Act has taken two steps forward, it has taken three steps back. So, while it has increased the coverage of cyber crimes in terms of covering crimes like cyber defamation, identity theft and cyber terrorism, the majority of cyber crimes, barring a few, have been made bailable.

Duggal said, “Once a person is out on bail, as a matter of right, he will immediately go and tamper with the electronic evidence. That being so, the chances of getting convictions in the cyber crime cases would further decrease. Therefore, to that extent, it is a piece of cyber crime friendly legislation.

Already statistics are not in India’s favor. We have got only four cyber crime convictions till date, which gives you an idea of how poor the law is. I think the actually number of convictions would further recede with the new cyber act because in any cyber crime case, conviction depends upon electronic evidence and if evidence is tampered, there will be no conviction. Therefore, I think the law has gone soft on cyber criminals, except for cyber terrorism, which has been made a heinous offense.”

Duggal explained, “The amendments have deleted the term ‘hacking’ from the law. This will have a psychologically negative impact. Cyber criminals today feel that hacking has been deleted from the law. Moreover, I think this soft approach is sending out a loud message to the world is that we are not focused on cyber crime. This would certainly hurt corporate India and the rate of growth of the Indian economy. So I think it would have been far better had the government gone for stringent punishments.

The world over, post 9/11, the focus has been on increasing the quantum of punishment for cyber crime in different jurisdictions. India is the only country that has acted to the contrary and reduced punishment for cyber crimes. For e.g. Under section 67, publishing obscene electronic information was earlier punishable with five years imprisonment and a Rs. 1 lakh fine on the first conviction and 10 years imprisonment and a Rs 2 lakhs fine for the second conviction. This has now been reduced from five years to three years and from 10 to 5 years. Similarly, all other punishments have been reduced. This doesn’t make any sense.”

Government officials, however, beg to differ. According to a senior official, the quantum of punishment has not been reduced in most cases. However, he admits that most offences under the IT Act 2008 have been made bailable, but argues that this is to serve a purpose. Consider a scenario where your system is infected with a virus through the Internet or through an infected pen drive etc.

In case you send an e-mail to a company, the virus would be sent along with it and the company can press charges against you of causing harm to their systems. Though you did it unknowingly, you can be proved guilty. Now, if this offense were treated seriously with a high quantum of punishment, a large number of innocent people would get convicted. This is one reason why all many offences have been made bailable under the amended IT Act.

Another reason, for making the offences bailable pertains to the fact that due to low awareness and knowledge about technology (amongst police, lawyers as well as the judges), cyber crime related cases take a long time to resolve. In such case, many petty offenders or innocent people are treated like hardcore criminals, which isn’t fair. That being said, a lot needs to be done to educate the law enforcement agencies about technology and cyber crime.

According to Jatin Sachdeva (CISSP, CISA), Information Security Specialist, Cisco India & SAARC, “As with any law, there is a constant need to evaluate relevance and context. Even with cyber crime laws in place in so many places around the world, it has not brought about the end of cyber crime. We believe that there is definitely more that can be done, and more importantly, more stakeholders to be brought into the ecosystem.”

Plan of action
Enhancing law is one issue, then the law needs to be properly implemented. There must be an appropriate orientation and awareness of how the law needs to be applied. Then there need to be fast track courts. Another major problem is the non citizen-friendly interface of the law enforcement agencies. Getting an FIR registered is a herculean task in any cyber crime case.

It is time for India to provide for electronic FIRs. Similarly, the criminal justice system needs to be appropriately reformed in India to keep in sync with the changing realities of the electronic economy.

The Indian Computer Emergency Response Team (CERT-In) is working with state police forces to train them on cyber investigations and cyber crime. However, CERT-In has certain limitations and it is up to the state police to contact CERT-In as the latter is ready to give money for setting up cyber forensic labs.

CERT-In is also trying to educate school students about the Dos and Don’ts of the Internet and create awareness amongst them about cyber crime. This is being currently done in association with Data Security Council of India, Nasscom and Google.

Sources from the government claim that India is well prepared to face any large-scale cyber attack. The government has also prepared a cyber crisis management plan, the contents of which are classified.

When it comes to enterprise security, things come down to deploying best current practices (BCPs). From the network, server and application standpoint, there are well-known BCPs out there that network operators, server administrators, Webmasters and so forth can follow to ensure that their systems and infrastructures are hardened against attacks.

Roland Dobbins, Solution Architect, Arbor Networks, opined, “A lot of these BCPs don’t consist of most of the things that you buy so much as the things that you do in your infrastructure. It requires time and effort to implement these things and a lot of folks for various reasons are under resourced and overworked so they don’t deploy these well-known best current practices that would not only make their sites more resilient against attacks but also provide greater visibility into the attacks and mitigate them.

One of the basic things that people can do is to ensure they have a virtual team comprising of their networking staff, their sysadmins and Web and database administrators, who can be called together and can work together. Another effective thing that they need to do is that they need to have an understanding as to who are your ISPs, who’s your operational security contact who can be reached out if there is a problem.

There are lot of reports where the folks didn’t know who their SPs were and how to go about contacting them. Many SPs offer commercial DDoS mitigation services that organizations can subscribe to. These act like insurance for your systems.”

All in all, we as a country need to develop a culture of security through proper training—be it at school level, college level or at organization level. As the Chinese philosopher, Confucius rightly said, “Success depends upon previous preparation, and without such preparation there is sure to be a failure.”

varun.aggarwal@expressindia.com

Free File storage sites

noreply@blogger.com (Shoeb Hakim) — Sun, 14 Dec 2008 21:39:27 PST

You can upload files to free file storage sites and download them on another computer
Here are a few

Box.net lets you Share and Access your Photos, Documents, and Files from ANY Computer. Backup and Sync important data. 1GB of space for free, or 5GB for $7.95/mo. Easy to use and no software to download.

http://www.justsendonline.com/
http://www.send6.com/
http://www.heavymail.com/

Savefile.com - Free file hosting. Advanced features, no registration required. Upload and share your files today, 100% free.

Afilehost.com Free file hosting
Free music & file hosting Up to 150MB per file, 5 Files at once.
Premium Accounts starting from $5 per month, Registration is optional.

FileSend - Free File Hosting and Delivery
We offer a generous 120 MB of space to upload your files and send to your
friends! All files are accepted! 45-day inactivity limit! 100% free!

FileCrocodile
Earn Points When Someone Downloads! Redeem Points for Cash or Prizes!

Hotlinkfiles
A free file hosting service that support hotlinking. 1000MB webspace, 8000MB bandwidth with 50MB upload. All file types accepted.

4filehosting - Free File Hosting & Free MP3 Hosting
Providing Unlimited free file hosting with one click for any type of files up to 100MB per file. Premium accounts also available for up to 500 MB per file for only $9.99 per month. Suitable for your music, videos, movies, images or documents.

Snapdrive.net is a handy free service that lets you upload, share and save files in an online hard drive. Accounts include 2GB file storage and generous amounts of bandwidth transfer.

Host-a.net offers 30 MB upload with 850 MB bw per month, multi file upload and real time stats.

Agigforfiles
Allow files up to 1GB (1000mb) to be uploaded

Yourfilelink
File size limit is 50 MB.

Myfile.ws
Max file size limit is 100 MB.

Upload-globe
Files up to 500 MB can be uploaded

Sharedelight
500 MB file size limit.

Filehost.gr
File size limit is 100 MB.

Filewind
500MB a file, no download counter, no bandwidth limits

fileXoom
2 GB space. Allow all file types.

Uploadwiz
125 MB file and image hosting

HugeUploads
File and image hosting

Megaphile
1000 MB a file limit.

Online-storages
Maximum file size 500 MB.

Filecrunch - Free File Hosting
Accept ALL files. Unlimited uploads/downloads with 250MB file size limit. Powered by a upload progress bar. Add comments to the files.

Mysharefile
Dedicated free file hosting service. No registration required. 150MB upload limit.

Savefile
50MB filesize, unlimited uploads and downloads.

FilePlace
No banners, no popups.

Uploadjar
You don't have to sign up or login to upload files. Files must be smaller than 250 MB.

filehosting.cc
Free File Hosting - 150 MB filesize, unlimited uploads/downloads. Registration is not required.

More free file hosts

1-klick-hoster.de
35mb
Axifile
Bestsharing
Canoop
Copiousdude
Drivehq
Fastdump
Fasterupload
Filebull
FileDen
Fileelite.com
Filefactory.com
F-forge.com
Filegig.com
Files.bz
Freefilespace.net
Freefilehosting.net
Gimehost.com
Happyupload
Hispeed
Justfreespace
Midload
Sharebig
Sharemation
Uploadingit
Verzend.be
Yahoo! Briefcase

Most are .com names if not type the name in Google or Yahoo and you will find the website.

Windows 95/98/NT/2K/XP Registry Tips

noreply@blogger.com (Shoeb Hakim) — Tue, 09 Dec 2008 23:26:48 PST

Changing the Location of Outlook Express Data Files

Normally Outlook Express keeps its data files in the C:\Windows\Application Data\Microsoft\Outlook Express directory.

To change this:

1. First copy those files to the new location
2. Start RegEdit
3. Go to HKEY_CURRENT_USER \ Software \ Microsoft \ Outlook Express
4. Change the Store Root key to the directory where you moved the files

Adding an Application to the Right Click on Every Folder

Here is how to add any application to the menu when you right click on any Folder.
This could be useful if there is an app you always want available and don't want to go through the Start menu

1. Start Regedit
2. Go to HKEY_CLASSES_ROOT \ Folder \ shell
3. Add a key Name_of_Your_App
4. This can really be any label, just use one that makes sense to you
5. Give it a default value of Name_of_Your_App
6. Putting a & in front of a character will allow you to use the keyboard
7. Go to HKEY_CLASSES_ROOT \ Folder \ shell \ Name_of_Your_App
8. Add a key command
9. Give it a default value of the application you want to run
10. For example: c:\program files\internet explorer\iexplore.exe
11. Include the full path

Now when you right click on any folder, you can have access to that application
This will work for both Windows95 and NT 4.0

Disabling Run or Find from the Start Menu

1. Start Regedit
2. Go to HKey_Current_User \ Software\ Microsoft \Windows \ Current Version \ Policies \ Explorer
3. Right click on the right panel and add a New / DWORD
4. Name it NoFile or NoRun
5. Give it a value of 1
6. Logoff or Reboot the computer

Get Your Folders to Open the Way You Want Every Time

To get your folders to open the way you want every time:

1. Set up all your folders the way you want (auto arrange, view, etc.),
2. Start RegEdit
3. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
4. Go to NoSaveSettings
5. Modify and change Value to 1

Clearing the Documents Menu Automatically

The Documents Menu displays the last file and programs you used. You can clear item manually but only through editing
the Registry can you turn this off automatically. This can be useful on computers that are used by multiple people.
The same settings can be also used in NT 4.0

1. Set the properties on the Recycle Bin to delete files immediately.
2. Start Regedit
3. Go to HKey_Current_User \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ User Shell Folders
4. Right click on the right panel
5. Select New / String Value
6. Rename it to Recent - Only if it is not already there
7. Give it the value of C:\RECYCLED
8. Set your Recycle bin to Automatically delete files
9. Log off and back on again.

Your Documents Menu should now be blank. This will be for all subsequent users who logon as well.

Windows Registry Tricks and Tips

noreply@blogger.com (Shoeb Hakim) — Tue, 09 Dec 2008 23:20:31 PST

Disable Password Caching

To disable password caching, which allows for the single Network login and eliminates the secondary Windows logon screen. Either use the same password or:

1. Open RegEdit
2. Go to the key
HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\ Windows\ CurrentVersion\ Policies\ Network
3. Add a Dword value "DisablePwdCaching" and set the value to 1

Customize the System Tray

You can add your name or anything you like that consists of 8 characters or less. This will replace the AM or PM next to the system time. But you can corrupt some trial licenses of software that you may have downloaded.

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Control Panel\International
3. Add two new String values, "s1159" and "s2359"
4. Right click the new value name and modify. Enter anything you like up to 8 characters.

If you enter two different values when modifying, you can have the system tray display the two different values in the AM and PM.

Disabling Drives in My Computer

To turn off the display of local or networked drives when you click on My Computer:
1.Open RegEdit
2.Go to
HKEY_CURRENT_USER\Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer
3.Add a New DWORD item and name it NoDrives
4.Give it a value of 3FFFFFF
5.Now when you click on My Computer, none of your drives will show.

Disabling My Computer

In areas where you are trying to restrict what users can do on the computer, it might be beneficial to disable the ability to click on My Computer and have access to the drives, control panel etc.
To disable this:
1.Open RegEdit
2.Search for 20D04FE0-3AEA-1069-A2D8-08002B30309D
3.This should bring you to the HKEY_CLASSES_ROOT\CLSID section
4.Delete the entire section.
Now when you click on My Computer, nothing will happen.
You might want to export this section to a Registry file before deleting it just in case you want to enable it again. Or you can rename it to 20D0HideMyComputer4FE0-3AEA-1069-A2D8-08002B30309D. You can also hide all the Desktop Icons, see Change/Add restrictions.

Removing Programs from Control Panel's Add/Remove Programs Section

If you uninstalled a program by deleting the files, it may still show up in the Add/Remove programs list in the Control Panel.
In order to remove it from the list.
1.Open RegEdit
2.Go to HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall
3.Delete any programs here.
If you have a problem locating the desired program open each key and view the DisplayName value

Setting the Minimum Password Length

1.Open RegEdit
2.Go to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Policies\ Network
3. Now, choose the Edit/New/Binary value command and call the new value MinPwdLen. Press Enter twice and Assign it a value equal to your minimum password length.

Changing the caption on the Title Bar

Change the Caption on the Title Bar for OutLook Express or the Internet Explorer:
For Outlook Express:
1. Open RegEdit
2. Go to
HKEY_CURRENT_USER\Software\Microsoft\OutLook Express
For IE5 and up use:
HKEY_CURRENT_USER\IDENTITIES \{9DDDACCO-38F2-11D6-93CA-812B1F3493B}\ SOFTWARE\ MICROSOFT\ OUTLOOK EXPRESS\5.0
3. Add a string value "WindowTitle" (no space)
4. Modify the value to what ever you like.

For no splash screen, add a dword value "NoSplash" set to 1
The Key {9DDDACCO-38F2-11D6-93CA-812B1F3493B} can be any key you find here. Each user has his own Key number.
The Key 5.0 is whatever version of IE you have

For Internet Explorer:
1. Open RegEdit
2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
3. Add a string value "Window Title" (use a space)
4. Modify the value to what ever you like.

Remove Open, Explore & Find from Start Button

When you right click on the Start Button, you can select Open, Explore or Find.
Open shows your Programs folder. Explore starts the Explorer and allows access to all drives.
Find allows you to search and then run programs. In certain situations you might want to disable this feature.
To remove them:
1.Open RegEdit
2.Go to HKEY_CLASSES_ROOT\Directory\Shell\Find
3.Delete Find
4.Scroll down below Directory to Folder
5.Expand this section under shell
6.Delete Explore and Open
Caution: - When you remove Open, you cannot open any folders.

Change/Add Restrictions And Features

You can add and delete Windows features in this Key shown below.

Zero is Off and the value 1 is On. Example: to Save Windows settings add or modify the value name NoSaveSettings to 0, if set to1 Windows will not save settings. And NoDeletePrinter set to 1 will prevent the user from deleting a printer.

The same key shows up at:
HKEY_USERS\(yourprofilename)\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer so change it there also if you are using different profiles.

1.Open RegEdit
2.Go to
HKEY_CURRENT_USER\Software\Microsoft\ CurrentVersion\ Policies
3.Go to the Explorer Key (Additional keys that can be created under Policies are System, Explorer, Network and WinOldApp )
4.You can then add DWORD or binary values set to 1 in the appropriate keys for ON and 0 for off.
NoDeletePrinter - Disables Deletion of Printers
NoAddPrinter - Disables Addition of Printers
NoRun - Disables Run Command
NoSetFolders - Removes Folders from Settings on Start Menu
NoSetTaskbar - Removes Taskbar from Settings on Start Menu
NoFind - Removes the Find Command
NoDrives - Hides Drives in My Computers
NoNetHood - Hides the Network Neighborhood
NoDesktop - Hides all icons on the Desktop
NoClose - Disables Shutdown
NoSaveSettings - Don't save settings on exit
DisableRegistryTools - Disable Registry Editing Tools
NoRecentDocsMenu - Hides the Documents shortcut at the Start button
NoRecentDocsHistory- Clears history of Documents
NoFileMenu _ Hides the Files Menu in Explorer
NoActiveDesktop - No Active Desktop
NoActiveDesktopChanges- No changes allowed
NoInternetIcon - No Internet Explorer Icon on the Desktop
NoFavoritesMenu - Hides the Favorites menu
NoChangeStartMenu _ Disables changes to the Start Menu
NoFolderOptions _ Hides the Folder Options in the Explorer
ClearRecentDocsOnExit - Empty the recent Docs folder on reboot
NoLogoff - Hides the Log Off .... in the Start Menu

And here are a few more you can play with
ShowInfoTip
NoTrayContextMenu
NoStartMenuSubFolders
NoWindowsUpdate
NoViewContextMenu
EnforceShellExtensionSecurity
LinkResolveIgnoreLinkInfo
NoDriveTypeAutoRun
NoStartBanner
NoSetActiveDesktop
EditLevel
NoNetConnectDisconnect
RestrictRun - Disables all exe programs except those listed in the RestrictRun subkey
This key has many other available keys, there is one to even hide the taskbar, one to hide the control panel and more. I'm not telling you how, as someone may want to play a trick on you. The policies key has a great deal of control over how and what program can run and how one can access what feature.

In the System key you can enter:
NoDispCPL - Disable Display Control Panel
NoDispBackgroundPage - Hide Background Page
NoDispScrSavPage - Hide Screen Saver Page
NoDispAppearancePage - Hide Appearance Page
NoDispSettingsPage - Hide Settings Page
NoSecCPL - Disable Password Control Panel
NoPwdPage - Hide Password Change Page
NoAdminPage - Hide Remote Administration Page
NoProfilePage - Hide User Profiles Page
NoDevMgrPage - Hide Device Manager Page
NoConfigPage - Hide Hardware Profiles Page
NoFileSysPage - Hide File System Button
NoVirtMemPage - Hide Virtual Memory Button

In the Network key you can enter:
NoNetSetup - Disable the Network Control Panel
NoNetSetupIDPage - Hide Identification Page
NoNetSetupSecurityPage - Hide Access Control Page
NoFileSharingControl - Disable File Sharing Controls
NoPrintSharing - Disable Print Sharing Controls

In the WinOldApp key you can enter:
Disabled - Disable MS-DOS Prompt
NoRealMode - Disables Single-Mode MS-DOS

Creating a Logon Banner

If you want to create a Logon Banner: A message box to appear below your logon on.

1.Open RegEdit
2.Go To
For Windows 9x and ME -
HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon

For Windows 2000 XP 2003 Vista -
HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon

3.Create a new String value"LegalNoticeCaption "
4. Enter the Title of the window. What is displayed in the Title Bar.
5. Create a new string value "LegalNoticeText"
6. Enter the text for your message box that will appear even before the Logon window.

Deleting Registry Keys from the Command Line

There are two ways to delete a key from the Registry from the Command line. At the Windows Command line:

RegEdit /l location of System.dat /R location of User.dat /D Registry key to delete
You cannot be in Windows at the time you use this switch.

Or you can create a reg file as such:
REGEDIT4

[-HKEY_LOCAL_MACHINE\the key you want to delete]
Note the negative sign just behind the[
Then at the Command line type:
1. RegEdit C:\Windows\(name of the regfile).

Change the Registered Change the User Information

You can change the Registered Owner or Registered Organization to anything you want even after Windows is installed.

1) Open RegEdit
2) Got to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion.
3) Change the value of "RegisteredOrganization" or "RegisteredOwner", to what ever you want

Changing Exchange/Outlook Mailbox Location

To change the location of your mailbox for Exchange:
1. Open RegEdit
2. Go to
HKEY_CURRENT_USER\Software\ Microsoft\Windows Messaging Subsystem\ Profiles
3. Go to the profile you want to change
4. Go to the value name that has the file location for your mailbox (*.PST) file
5. Make the change to file location or name

To change the location of your mailbox for Outlook
1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Outlook (or Outlook Express if Outlook Express)
3. Go to the section "Store Root"
4. Make the change to file location

Disable the Outlook Express Splash Screen

You can make OutLook Express load quicker by disabling the splash screen:

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\OutLook Express
3. Add a string value "NoSplash"
4. Set the value data to 1 as a Dword value

Lock Out Unwanted Users

Want to keep people from accessing Windows, even as the default user? If you do not have a domain do not attempt this.

1. Open RegEdit
2. Go to HKEY_LOCAL_MACHINE\Network\Logon
3. Create a dword value "MustBeValidated"
4. Set the value to 1
This forced logon can be bypassed in Safe Mode on Windows 9x

Anatomy of an Email Message

noreply@blogger.com (Shoeb Hakim) — Mon, 01 Dec 2008 23:45:07 PST

An email basically has two parts: the header and the body (it also has the envelope but users never see it - it is used internally by the Message Transfer Agent to route the message). When you receive an email, the header tells you where it came from, how it was sent and when. It's like an electronic postmark. And the body contains the message itself.
Now, we'll look at a typical email message to find out what information it contains.

Hi... This is a mail test...

The Header

The birth of a mail header.

A message header is text at the top of an email that appear when you click the "Send" button in an email client and gather additional lines while traveling through the Internet. Each header transmitted as a single line of text. Some of them are mandatory (Date, From, To...). Others are optional but widely used (Subject, Cc, Reply-To, Received, Message-Id). Any others are ignored by the mail system but all headers are propagated, recognized or not.
Let's watch the evolution of these headers by extracting the headers from a message during it's lifetime.

The user Dimm Jones (dimm@mailstart.com) composed a letter to his friend Rimus (rimus@mailfinish.com) and wants to send it from his workstation (called, for example, matrix.mailstart.com).
This is what the headers look like when the message was generated by Dimm's mailer (fabricated - Postoffice) and handed off to mail.mailstart.com:

From: dimm@mailstart.com (Dimm Jones)
To: rimus@mailfinish.com
Date: Sun, 20 Jan 2004 16:15:13 MSK
Message-Id: <200401181315.i0idffjs052778@mail.mailstart.com>
X-Mailer: Postoffice v1.62
Subject: Mail Test.

And here they are when mail.mailstart.com transmits the message to mailhost.mailfinish.com

Return-Path:
Received: from matrix.mailstart.com (matrix.mailstart.com [213.180.193.25]
verified) by mail.mailstart.com (8.8.5) id 247842041; Sun, 20 Jan 2004
16:15:15 +0300
From: dimm@mailstart.com (Dimm Jones)
To: rimus@mailfinish.com
Date: Sun, 20 Jan 2004 16:15:13 MSK
Message-Id: <200401181315.i0idffjs052778@mail.mailstart.com>
X-Mailer: Postoffice v1.62
Subject: Mail Test.

This is our message when mailhost.mailfinish.com finishes processing the message and stores it for Rimus (rimus@mailfinish.com) to retrieve. It's the actual header that Rimus sees in the letter when he downloads and reads his mail.

Reading Email Headers

The ability to read and decipher email headers is a useful skill to learn for tracing messages to their original source and diagnosing many other problems. Headers may contain a lot of information but the most important information will always be contained in every email header.
Practically, the "Received" header lines are the most important. Each "Received" line represents one handoff between machines, and the closer to the top of the message a "Received" line is, the later in the sequence it falls . As each new host receives the message, it will add its own routing information to the top of this stack(i.e., the first line should show the message arriving at Rimus's mail server, while the last line should show it departing Dimm's workplace). So, "Received" lines list every point the email has passed through on its journey along with the date and the time of passing. It's like having each post office that handles a letter print its identity, date, and time on the envelope.

Note: Normally, full headers list is not visible to receivers of the message. Read our tips section for more information on How To Show Mail Headers.

Here's a line-by-line analysis of these headers and exactly what each one means.

Return-Path:
This field is supposed to contain the sender's address, bounced mail gets sent to this address. It's trustworthy because it is explicitly collected by the mail agent that first picked up the mail for sending, and represents the address given to the outgoing mail host during authentication.

Received: from mail.mailstart.com (mail.mailstart.com [213.180.193.67])
The message was received from the machine mail.mailstart.com, really named mail.mailstart.com with IP 213.180.193.67.

by mailhost.mailfinish.com (8.12.10/8.12.10)
mailhost.mailfinish.com was the server that received this mail from mail.mailstart.com. The local SMTP software (in this case) is Sendmail (8.12.10/8.12.10). (There are a lot of variation of mail programs. So, you shouldn't be confused if you see anything like (fetchmail-5.1.2), (CommuniGate Pro SMTP 4.1.8), (Postfix) and so on).

with ESMTP id i0IDFFjs052778
The internal message ID number that the receiving host has assigned to this transaction. System administrators can often look up the information on this message in their system's logs using this identifier. It's useless to anyone except the administrator.

for ;
The message is addressed to rimus@mailfinish.com.

Sun, 20 Jan 2004 16:15:50 +0300 (MSK)
This mail transfer happened on Sunday , January 20, 2004, at 16:15:50, time is given with a (local) offset.

Received: from matrix.mailstart.com (matrix.mailstart.com [213.180.193.25] verified) by mail.mailstart.com (8.8.5) id 247842041; Sun, 20 Jan 2004 16:15:15 +0300
This line documents the mail handoff from Dimm's workstation matrix.mailstart.com to mail.mailstart.com. The real IP of the sender's machine is [213.180.193.25] and the real name is matrix.mailstart.com. The mail server mail.mailstart.com reciving server this handoff happened at 14:36:17 Pacific Standard Time. The mail server runs sendmail version 8.8.5 and called itself mail.mailstart.com. The assigned to this letter ID number is 004A21. The time and date are also shown.

From: dimm@mailstart.com (Dimm Jones)
The mail was sent by dimm@mailstart.com who introduces himself as Dimm Jones.

To: rimus@mailfinish.com
The letter is addressed to rimus@mailfinish.com.

Date: Sun, 20 Jan 2004 16:15:13 MSK
The message was composed on Sunday, January 20, 2004, at 16:15:13 Moscow time, at 14:36:14.

Message-Id: <200401181315.i0idffjs052778@mail.mailstart.com>
This is a globally unique identifier added by the originating MTA. This identifies the message at the point at which it entered the mail handoff process. Again, the administrator of this host can use this ID to look up details about the message in the host's logs but this ID number differs from those ID in Received fields because it marks the message during is all lifetime.

X-Mailer: Postoffice v1.62
The Dimm's mailer is called Postoffice v1.62

Subject: Mail Test.
This is the subject of this mail.

Other Header Lines

X-headers

X-headers are user defined headers. They can be inserted by email client programs or applications that use email.
Here are examples of some X-headers inserted into an email.

X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Those four headers have been inserted by the email client - in this case clearly indicated.

The Body

Speaking about the body is very easy after dealing with garbled and incomprehensible headers. The body is separated from the headers by a single blank line.

Hi...
This is a mail test...

This is, of course, a plain text message (MIME-type "text/plain"). Using Microsoft Outlook you can format this as an HTML message, which would allow you to use various fonts, colors, icons, images, backgrounds, sounds, video, and other niceties to decorate the message (as well as to enlarge its size in bytes in many times).
In order to analyze an HTML message body properly, you'll have to view its "markup" or source code. If the message has already been downloaded to your computer, you can do this by bringing the message up for view and then right-clicking on it (or, if you have a Mac, control-clicking) and selecting a "view source" or similar command from the popup menu. If this doesn't seem to work, search your program's menus for a view-source command or consult your program's online help or documentation. Once you have this source code in front of you, you can save it to a disk file for later use if you need to.

The attachment.

An attachment is a separate file added to and sent along with the original email message. The files to be attached are usually located on the user's hard drive or on a disk inserted in the disk drive. Typically, they are word-processed documents, spreadsheets, pictures, audio, video or program files. These types of files must be sent as attachments because a regular email message only allows the transmission of simple text characters.

Encoding and decoding standards

There exite various encoding and decoding standards for attachments such as MIME, Uuencode and BinHex. Email programs allow users to select the type of standard to be used for sending attachments.

MIME - (Multipurpose Internet Mail Extension)
MIME is the encoding standard that allows people to exchange multimedia email attachments such as audio, video, graphics and application programs over the Internet.
The unique characteristic of MIME is the presence of a MIME header in an email message. MIME headers include the version of MIME used, the type of file attached and the encoding method used. It helps the recipient to figure out the appropriate application that will open and handle the attached file.

Uuencode
Also called Uuencode/Uudecode, it is a popular encoding and decoding standard between users in a network. The term stands for "Unix-to-Unix encoding" as it was created for use in Unix systems. Uuencode converts an email attachment from binary into 7-bit ASCII characters. It is available for use in all operating systems. Most email applications also offer it as an encoding alternative.

BinHex
Short for "binary to hexadecimal", it is another encoding standard usually used for Macintosh files. It encodes an attachment from its 8-bit representation into 7-bit ASCII text characters. Text encoding ensures that the transmission will be received by older systems since older email utilities sometimes can't handle binary transmission. Unlike Uuencode, BinHex handles resource forks in Macintosh files. BinHex files end with ".hqx".

To be able to decode attachments both the sender and the receiver's email programs should support the same standard used for encoding. Unfortunately, not all email programs support all encoding standards. It is therefore necessary to state within the body of the email message the encoding standard used for a certain attachment.

Let's imagine that along with our test message we want to send an attachment - file.zip. Here is an example of how MIME headers may appear in the email. (I shortened the actual binary data of file.zip. Otherwise, it would be bigger than the whole article.)

Return-Path:
Received: from mail.mailstart.com (mail.mailstart.com [213.180.193.67]) by
mailhost.mailfinish.com (8.12.10/8.12.10) with ESMTP id i0IDFFjs052778 for
; Sun, 20 Jan 2004 16:15:50 +0300 (MSK)
Received: from matrix.mailstart.com (matrix.mailstart.com [213.180.193.25]
verified) by mail.mailstart.com (8.8.5) id 247842041; Sun, 20 Jan 2004
16:15:15 +0300
From: dimm@mailstart.com (Dimm Jones)
To: rimus@mailfinish.com
Date: Sun, 20 Jan 2004 16:15:13 MSK
Message-Id: <200401181315.i0idffjs052778@mail.mailstart.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_7c1a880e7c472913544c4794b2649ed9"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Subject: Mail Test.
This is a multi-part message in MIME format.
--_----------=_7c1a880e7c472913544c4794b2649ed9
Content-Transfer-Encoding: binary
Content-Type: text/plain
Hi...
This is a mail test...
--_----------=_7c1a880e7c472913544c4794b2649ed9
Content-Transfer-Encoding: base64
Content-Type: application/zip; name="file.zip"
YRTTRtrYTAAAghgdAAAREUEsDBAEAUmicKJwUAANsdsdsAaG93bW/bRgz+
7AerEEwmR8k+DreronS5qwEeERTEesOIueeSeFtV+wxNYcjH77SN5JAPsN
--_----------=_7c1a880e7c472913544c4794b2649ed9

MIME-Version: 1.0
The MIME-Version is indicated - so far only version 1.0 has been used.

boundary="=_7c1a880e7c472913544c4794b2649ed9"
This is a 'boundary' string that is inserted in each encoded document to separate the attachments.

Content-Type: multipart/mixed;
Content-Type: text/plain;
Content-Type: application/zip; name="file.zip";
If you are not using the 7-bit US-ASCII characters set, these fields are used to specify the other types of data, such as binary, image, audio, video, or character sets for languages other than standard English. In our example (multipart/mixed) 'multipart' indicates there will be several documents and 'mixed' indicates each may be of a different type.
The Content-Type header also specifies both the type and subtype of the data in the message. So, the third line (application/zip; name="file.zip") means that the message body contains a zip file but it also has additional information called a parameter. Here, the parameter is a name and it shows the file name.

Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: binary
Content-Transfer-Encoding: base64
Encoding scheme needs to be specified in the email message so that email programs will know how to un-encode the data when it arrives. That's why we need to mark how we have encoded our data, as binary or 8-bit characters (this happens because the commonly used email transfer protocols, such as SMTP, assume 7-bit US-ASCII as the basis for text messages). Although there are several standard ways to do it, the most reliable way is to use base64.

Summary

An email message consists of a header followed by a body with zero or more attachments.
Each header is transmitted as a single line of text.
The header contains the information you need in order to track down the origin of the message.
The full header is seldom displayed by your mail program; you must take some steps to display it.
The "Received" lines of the header form a chain describing the path that the message took from the sender to your inbox. The "Recieved" field is structured like thas:
Received:
from [sending-host's-name] [sending-host's-address]
by [receiving-host's-name][software-used]
with [message-ID] for [recipient's-address];
[date][time][time-zone-offset]
Some headers are mandatory (Date, From, To...). Some are optional (Subject, Cc, Reply-To, Received, Message-Id...).
Headers starting with 'X-' are for personal application or institution use.
The Body is the actual content of the email message.
The body is separated from the headers by a single blank line.
The recipient may not be able to open the attachment because the recipient's email program does not support the appropriate decoder.
The sender and the receiver may not use the same email program.

The Google Hacking Database (GHDB)

noreply@blogger.com (Shoeb Hakim) — Wed, 19 Nov 2008 06:01:02 PST

What is Google hacking?
Google hacking is the term used when a hacker tries to find exploitable targets and sensitive data by using search engines. The Google Hacking Database (GHDB) is a database of queries that identify sensitive data. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.

The Google Hacking Database is located at http://johnny.ihackstuff.com. More information about Google hacking can be found on: http://www.informit.com/articles/article.asp?p=170880&rl=1.

The Google search engine found at http://www.google.com offers many features, including language and document translation; web, image, newsgroups, catalog, and news searches; and more. These features offer obvious benefits to even the most uninitiated web surfer, but these same features offer far more nefarious possibilities to the most malicious Internet users, including hackers, computer criminals, identity thieves, and even terrorists.

This article outlines the more harmful applications of the Google search engine, techniques that have collectively been termed "Google hacking." The intent of this article is to educate web administrators and the security community in the hopes of eventually stopping this form of information leakage. This document is an excerpt of the full Google Hacker's Guide published by Johnny Long, and located at http://johnny.ihackstuff.com.

Basic Search Techniques

Since the Google web interface is so easy to use, I won't describe the basic functionality of the http://www.google.com web page. Instead, I'll focus on the various operators available:

*Use the plus sign (+) to force a search for an overly common word. Use the minus sign (-) to exclude a term from a search. No space follows these signs.

*To search for a phrase, supply the phrase surrounded by double quotes (" ").

*A period (.) serves as a single-character wildcard.

*An asterisk (*) represents any word—not the completion of a word, as is traditionally used.

Google advanced operators help refine searches. Advanced operators use a syntax such as the following:

operator:search_term

Notice that there's no space between the operator, the colon, and the search term.

*The site: operator instructs Google to restrict a search to a specific web site or domain. The web site to search must be supplied after the colon.

*The filetype: operator instructs Google to search only within the text of a particular type of file. The file type to search must be supplied after the colon. Don't include a period before the file extension.

*The link: operator instructs Google to search within hyperlinks for a search term.

*The cache: operator displays the version of a web page as it appeared when Google crawled the site. The URL of the site must be supplied after the colon.

*The intitle: operator instructs Google to search for a term within the title of a document.

*The inurl: operator instructs Google to search only within the URL (web address) of a document. The search term must follow the colon.

By using the basic search techniques combined with Google's advanced operators, anyone can perform information-gathering and vulnerability-searching using Google. This technique is commonly referred to as Google hacking.

Site Mapping

To find every web page Google has crawled for a specific site, use the site: operator. Consider the following query:

site:http://www.microsoft.com microsoft

This query searches for the word microsoft, restricting the search to the http://www.microsoft.com web site. How many pages on the Microsoft web server contain the word microsoft? According to Google, all of them! Google searches not only the content of a page, but the title and URL as well. The word microsoft appears in the URL of every page on http://www.microsoft.com. With a single query, an attacker gains a rundown of every web page on a site cached by Google.

There are some exceptions to this rule. If a link on the Microsoft web page points back to the IP address of the Microsoft web server, Google will cache that page as belonging to the IP address, not the http://www.microsoft.com web server. In this special case, an attacker would simply alter the query, replacing the word microsoft with the IP address(es) of the Microsoft web server.

Finding Directory Listings

Directory listings provide a list of files and directories in a browser window instead of the typical text-and graphics mix generally associated with web pages. These pages offer a great environment for deep information gathering.

Locating directory listings with Google is fairly straightforward. Figure 1 shows that most directory listings begin with the phrase Index of, which also shows in the title. An obvious query to find this type of page might be intitle:index.of, which may find pages with the term index of in the title of the document. Unfortunately, this query will return a large number of false positives, such as pages with the following titles:

*Index of Native American Resources on the Internet
*LibDex—Worldwide index of library catalogues
*Iowa State Entomology Index of Internet Resources

Judging from the titles of these documents, it's obvious that not only are these web pages intentional, they're also not the directory listings we're looking for. Several alternate queries provide more accurate results:

intitle:index.of "parent directory"
intitle:index.of name size

These queries indeed provide directory listings by not only focusing on index.of in the title, but on keywords often found inside directory listings, such as parent directory, name, and size. Obviously, this search can be combined with other searches to find files of directories located in directory listings.

Versioning: Obtaining the Web Server Software/Version

The exact version of the web server software running on a server is one piece of information an attacker needs before launching a successful attack against that web server. If an attacker connects directly to that web server, the HTTP (web) headers from that server can provide this essential information. It's possible, however, to retrieve similar information from Google's cache without ever connecting to the target server under investigation. One method involves using the information provided in a directory listing.

Figure 2 shows the bottom line of a typical directory listing. Notice that the directory listing includes the name of the server software as well as the version. An adept web administrator can fake this information, but often it's legitimate, allowing an attacker to determine what attacks may work against the server.

Directory listing server.at example.

This example was gathered using the following query:

intitle:index.of server.at

This query focuses on the term index of in the title and server at appearing at the bottom of the directory listing. This type of query can also be pointed at a particular web server:

intitle:index.of server.at site:aol.com

The result of this query indicates that gprojects.web.aol.com and vidup-r1.blue.aol.com both run Apache web servers.

It's also possible to determine the version of a web server based on default pages installed on that server. When a web server is installed, it generally will ship with a set of default web pages, like the Apache 1.2.6 page shown in Figure 3:

Gooscan

Gooscan is a UNIX (Linux/BSD/Mac OS X) tool that automates queries against Google search appliances (which are not governed by the same automation restrictions as their web-based brethren). For the security professional, gooscan serves as a front end for an external server assessment and aids in the information-gathering phase of a vulnerability assessment. For the web server administrator, gooscan helps discover what the web community may already know about a site thanks to Google's search appliance.

For more information about this tool, including the ethical implications of its use, see http://johnny.ihackstuff.com.

GooPot

The concept of a honeypot is very straightforward. According to http://www.techtarget.com, "A honey pot is a computer system on the Internet that is expressly set up to attract and 'trap' people who attempt to penetrate other people's computer systems."

To learn how new attacks might be conducted, the maintainers of a honeypot system monitor, dissect, and catalog each attack, focusing on those attacks that seem unique.

An extension of the classic honeypot system, a web-based honeypot or "page pot" (click here to see what a page pot may look like) is designed to attract those employing the techniques outlined in this article. The concept is fairly straightforward. Consider a simple googledork entry like this:

inurl:admin inurl:userlist

This entry could easily be replicated with a web-based honeypot by creating an index.html page that referenced another index.html file in an /admin/userlist directory. If a web search engine such as Google was instructed to crawl the top-level index.html page, it would eventually find the link pointing to /admin/userlist/index.html. This link would satisfy the Google query of inurl:admin inurl:userlist, eventually attracting a curious Google hacker.

The referrer variable can be inspected to figure out how a web surfer found a web page through Google. This bit of information is critical to the maintainer of a page pot system, because it outlines the exact method the Google searcher used to locate the page pot system. The information aids in protecting other web sites from similar queries.

GooPot, the Google honeypot system, uses enticements based on the many techniques outlined in the googledorks collection and this document. In addition, the GooPot more closely resembles the juicy targets that Google hackers typically go after. Johnny Long, the administrator of the googledorks list, utilizes the GooPot to discover new search types and to publicize them in the form of googledorks listings, creating a self-sustaining cycle for learning about and protecting from search engine attacks.

Protecting Yourself from Google Hackers

The following list provides some basic methods for protecting yourself from Google hackers:

*

Keep your sensitive data off the web! Even if you think you're only putting your data on a web site temporarily, there's a good chance that you'll either forget about it, or that a web crawler might find it. Consider more secure ways of sharing sensitive data, such as SSH/SCP or encrypted email.
*

Googledork! Use the techniques outlined in this article (and the full Google Hacker's Guide) to check your site for sensitive information or vulnerable files. Use gooscan from http://johnny.ihackstuff.com to scan your site for bad stuff, but first get advance express permission from Google! Without advance express permission, Google could come after you for violating their terms of service. The author is currently not aware of the exact implications of such a violation. But why anger the "Goo-Gods"?!

TIP

Check the official googledorks web site on a regular basis to keep up on the latest tricks and techniques.
*

Consider removing your site from Google's index. The Google webmasters FAQ provides invaluable information about ways to properly protect and/or expose your site to Google. From that page: "Please have the webmaster for the page in question contact us with proof that he/she is indeed the webmaster. This proof must be in the form of a root level page on the site in question, requesting removal from Google. Once we receive the URL that corresponds with this root level page, we will remove the offending page from our index." In some cases, you may want to remove individual pages or snippets from Google's index. This is also a straightforward process that can be accomplished by following the steps outlined at http://www.google.com/remove.html.

*Use a robots.txt file. Web crawlers are supposed to follow the robots exclusion standard. This standard outlines the procedure for "politely requesting" that web crawlers ignore all or part of your web site. I must note that hackers may not have any such scruples, as this file is certainly a suggestion. The major search engine's crawlers honor this file and its contents. For examples and suggestions for using a robots.txt file, see http://www.robotstxt.org.

Thanks to God, my family, Seth, and the googledork community for all the support. Happy Googling! j0hnny (http://johnny.ihackstuff.com)

Vivek Ramachandran is a security evangelist

noreply@blogger.com (Shoeb Hakim) — Sun, 31 Aug 2008 23:00:32 PDT

http://www.securitytube.net
http://www.security-freak.net/

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years.

In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack).The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants.

He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the founder of an online startup (currently in stealth mode).

Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net

Cops to spread awareness on WiFi security

noreply@blogger.com (Shoeb Hakim) — Sun, 31 Aug 2008 22:42:43 PDT

The recent terror threats made via email have prompted the state police to launch an awareness drive on ways to make secure, internet connections or wireless fidelity (WiFi) networks on personal computers and prevent their misuse.

The Maharashtra police in association with the Federation of Indian Chambers of Commerce and Industry (FICCI) is launching a campaign called ‘How to secure your WiFi network or internet connections’ on September 1.

The drive will kick-off from the campus of Narsee Monjee Institute of Management Studies (NMIMS) where students will be taught ways to make their WiFi and internet connections secure.

Cyber experts will tour colleges in Mumbai, Navi Mumbai, Pune and Thane.

Vijay Mukhi, a cyber expert, will give a two-hour lecture to students on techniques to make their WiFi networks and mobile connections secure. Mukhi added, “We are going to demonstrate how to make a wireless connection secure and want to encourage the audience to do it themselves as that is the best way to learn.’’ According to him, there is no standard way to make a WiFi router secure as the user interfaces vary from router to router.

“A large galaxy of experts will be present and the topics are going to range from cyber law to the use of terror by criminals to cyber policing and best practices of wireless security,’’ he said.

Chairperson of NMIMS Dr Chirag Unadkat told TOI that the techniques to secure WiFi networks will be taught to students, who in turn, can teach the techniques to their friends and people in the locality. “This will help to curb the misuse of internet connections by terror outfits. The students can teach it to their friends in buildings, offices and actually prevent the misuse of networks.’’

According to Mukhi, the drive was initiated by the state police after two email threats were sent by terror outfits using WiFi. He also mentioned Ken Haywood, the American national from whose Internet Protocol (IP) address and the Khalsa college email ids, used by the terror outfits prior to the recent blast.

Joint commissioner of police (law and order) K L Prasad said, “The programme will help the people to make their email ids or internet connections secure and will also ensure that they do not fall prey to terror outfits. The recent cases of Ken Haywood and Khalsa are the best examples of misuse of email accounts.’’

Box: Making the connection WiFi is a popular method of connecting computers to each other or to an internet connection. The network allows people to share internet resources and to do away with cables. It is, therefore, important to ensure that Wifi connections are made secure to minimise their misuse.

Most people create these WiFi networks themselves and not the service providers or any other commercial agency. So it becomes the responsibility of the concerned individual to make them secure. The only way to achieve this objective is by training and actually showing people how to make their WiFi connections secure.

The top 10 email scams

noreply@blogger.com (Shoeb Hakim) — Thu, 28 Aug 2008 09:53:12 PDT

1. The Great Nigerian Scam, also simply known as 419

It's been going on for over a decade, and it's amazing how successful it continues to be. And that, probably, is because it appeals to two of the strongest aspects of human nature: kindness and greed.

Dearly Beloved, it will begin, or with a salutation to Respected or Kind Sir/ Madam. This will be followed by a heartfelt plea for help. You see, the person writing the mail either has tons of money with no way of getting it out of the country or has tons of money and wants to donate it.

In either case, they can't do it without your help because they are stuck in an obscure African nation that has either just faced a coup or is in the grip of an evil dictator.

(There are many variations to this theme. Sometimes it's a widow giving away her millions, or an Arab billionaire feeling altruistic and picking you to give his fortune. . . but all these are nothing but scams.)

They'll promise you a huge sum of money in return for your help, even though they know your motive is truly altruistic. You'll need to send money to a few selfish souls in order to prod them into releasing the said funds, or transferring it in your name, but person writing you the anguished mail promises to reimburse every penny and then some!

The more money you send, the more they wheedle out of you. Of course, you can be sure you aren't going to get a penny -- after all, they aren't going to share their ill-gotten wealth with you, are they?

2. Pay up, get a guaranteed loan or credit card

You have to hand it to these scamsters; they are great students of human nature. And the biggest problem most of us mortal souls face is money.

Even as we juggle to satisfy our needs -- it could be that additional night out at an expensive new joint or the desire to buy an iPhone -- we just never seem to have enough money.

So, if someone promises you a 'pre-approved' loan or a credit card if you pay a small fee upfront, how can you not grab the offer?

You wouldn't actually, if you stopped to think for a moment. Why would you randomly be offered a pre-approved loan without a creditworthiness check? After all, the banks would like their money returned with interest, so they would like to know if you have the capacity to pay them back.

A credit card begs the same question -- why would any bank give you one without checking if you are capable of paying the bill every month? And why would they charge you a fee upfront?

3. Have you won a lottery?

Almost everyone you know would have had this fantasy: of winning tons of money so that you never have to work again, never have to juggle your wants, go for expensive holidays and super-expensive shopping sprees and, in general, spend the rest of their lives wallowing in luxury's luxurious lap.

So, when an email pops up, boldly titled WINNING NOTIFICATION, and tells you that you are the lucky soul to have won a huge pile of cash, you have no reason to disbelieve it. Except for the fact that you never entered any such sweepstake or lottery.

But that's taken care of as well -- you are either a randomly selected winner, or your email has been entered automatically. How? You don't know and we are sure you don't really care -- your attention is focussed on that never-ending series of zeroes after that initial number.

You're already writing your resignation and dreaming of all the exciting things you can do with the money when. . . Hold your horses! You need to send them a small processing fee (it's generally a small amount compared to the millions you've won, but it large enough to have one happy scamster scampering all the way to the bank).

If you've fallen for this trap, and are waiting for the moolah, it's an expensive lesson learnt. If not. . .

4. Phished!

There's no doubt about the fact that technology can make life much easier. For example, instead of going to the bank, standing in a long queue and dealing with a bored clerk, or even going to an ATM to check your balance, transfer funds or pay bills, you can just as easily do it over the Internet.

It's convenient, and it saves time! But those Internet hackers, the ones who want to make money ripping you off, have such activities firmly in their radar. The result? One of the most widespread scams to have hit mail in-boxes in recent times.

You'll get a rather official looking, and a rather frightening, mail that tells you that you urgently need to verify your identity with the bank/ shopping site because your account has been hacked.

The implied threat is that your personal details could be misused and you could lose money.

If you click on the re-verification link they provide you, that's exactly what's going to happen. As you key in your login name and password, it is captured by a computer programme.

You innocently heave a sigh of relief, thanking the stars for the quick alert from your bank. But your troubles are just beginning. The hackers now know your login and password and can easily skim all your money from your account.

5. Hey, you're hired!

You've been looking for a job, or a change of job -- something that will leave you with some free time so that you can have a life!

Then, like unexpected manna from heaven, such a job actually falls in your lap. You get mail from an impressive sounding company offering you the grand-sounding post in the finance or marketing department.

The company, the mail explains in professional sounding terms, is doing very well in its home country and is now expanding across the globe/ in Asia, including India. They need people and you seem the right fit. They have Indian customers; all you have to do is collect money from them and send it to the company (pretty much like a post box they assure you, you're not a recovery agent and don't have to run after their customers).

Your commission will be somewhere between 5 per cent and 15 per cent; all you need to do is drop the cheques/ money orders into your account and send the money, minus your percentage, to them.

Of course, you'll need to share some personal information, such as your contact details bank account details. It all sounds simple and aboveboard, doesn't it?

Soon, you'll actually receive cheques and money orders. You'll deposit it in your account and send money to your employers. Then, you'll discover the cheques and money orders are fraudulent. Which leaves you. . . yup, conned, having sent your hard-earned savings to a scamster. If you try to trace them, you find they've vanished into the Internet. . . oops, ether!

6. It's a disaster!

Every time disaster strikes, in the midst of heart-wrenching human tragedy, there will be a few hard-hearted enough to make a quick buck.

When tragedy takes place on a large scale, help is needed from multiple sources on an even larger scale. Many of us pitch in. But be careful if you get an email asking you to help financially with disaster relief. It could be a scamster on the prowl.

Do not give out your financial details until you thoroughly verify the source is genuine.

7. Time to travel?

You're planning a much looked forward to holiday and -- stroke of luck! -- some interesting emails land in your mail in-box, offering you bargain holidays to these really exotic locations. It may even be a reasonably priced, decent sounding time share arrangement.

You click, send in your requirement, get a positive reply and even sign on the dotted line.

# And then discover. . . That, quite simply, the whole thing was a scam and the money you've already paid is lost forever.
# There are certain rather expensive charges you have to pay that you were told nothing about.
# That the time-share is on, but the dates that are available to you are the ones that no one else wants because they are not convenient.

These scams peak just before, or during, the holiday season, so beware!

8. Money can't be minted. . . or can it?

It's the classic scam and there are so many versions of it going on, both online and offline.

At first reading, or hearing as the case may be, it all sounds pretty plausible. The email will contain a list of people. You will be asked to send a certain amount of money to the person whose name tops the list. You will also be asked to forward the list to a certain number of people you trust.

The opportunity to make a good deal money, with minimal investment, will be impressively detailed. There will be quotes given, along with email addresses, of happily satisfied people who've already made their bundle. There are repeated guarantees and double reassurances that nothing, absolutely nothing, can go wrong.

If things go according the method listed, you may actually stand to make some money. But this, remember, is a scam. Most of the time, the mail is manipulated in such a way that the name of the scamster, or his friends, is always on top.

Even if the scheme is genuine, it works only if more people get added to the list and if they send money. And all such schemes have a strange tendency of fizzling out; only those who get in early make some money. This is the much prevalent Ponzi scheme. . . and sometimes even multi-level marketing schemes fall into this category.

9. Join a chain?

It's tough but you still have to believe it! Chain emails, where you are asked to forward the mail to a certain number of people, either in peril because something horrible will happen to you otherwise or because Bill Gates will give you a substantial chunk of his wealth, is nothing but -- sigh! -- a scam.

Bill Gates, Mukesh Ambani, Jack Welch, Richard Branson, Warren Buffett and all the other super-rich people are NOT interested in sharing their wealth with gullible people who forward chain mail with the celebrity's name in it. Yes, forwarding mails will not get you a Nokia cell phone or an iPhone.

You are NOT going dogged by bad luck if you delete a chain mail instead of forwarding it. Your friends are NOT going to desert you. NEITHER you nor your family is going to fall seriously ill. NOR will unexpected good luck come your way just because you did forwarded the mail.

Remember, you are not doing anyone a favour by forwarding these mails. All you are doing is cluttering some else's email box. And, probably, allowing some malicious virus to track the email addresses -- and infect the computers -- of the people you've sent the mail to.

10. Instant cures? Naah!

This one is horrible, because it preys on your fear.

It will either outline a surefire cure for a deadly disease. Or it will tell you about how heating water in the microwave could lead to cancer. Or how talking on your cell phone when you are charging it will lead to the phone blasting into pieces in your hand. Or some such other stuff that sounds plausible, and possible, but is unfortunately not true. Like enhancing your manhood, or making you a better lover, etc. . .

Do not forward! It is just a blatant attempt to collect as many genuine email addresses as possible, so that they can then be used in other email scams!