Friday, November 25, 2011

Security is sometimes Unsecure


We have been getting lot of online PDF files and also consider that format to be very much secure as it is a picture format. But what i will present below are some facts, which will make you think again on the defination of Security

Stegnography : An art to hide malicious files inside picture formats. The recent terriost attacks were successfully executed with this technology. With increase in the maturity within global cyber intelligence group world wide, movement of information in a public platform without getting detected is becoming more and more critical. So this art came as a rescue, to understand this art, we need to understand that this is not a recent technology but it is very old one. But the importance, has grown with the growing strictness in global cyber law on sharing information.

The motive is simple, you need to take a picture or anything which is of embedded in nature, where the internals are not visible and then inject a malicious object inside that, is tricky. There are tools like S-Tools 4, using which you can put anything in any picture. The interface is clean, with no much jargons and one can easyly understand, how to handle the application;. The coolest part is that the injection can be done simply with dragging and droping the file into the picture. But one thing you need to keep in mind is to choose the object smaller in size as compared with the parent picture.

But this is not the same with PDF files, one cannot inject an object in that so easy. having a very condensed architecture that finding the right insertion point is very difficult. But it not that, it is safe. There is a tool called FileInsight, which opens the architecture of any online PDF. If you want to infect any online PDF, you can just open it using this tool and paste anything you need. The good part is, whatever you do, you do online, so no saving on the hard disk.

This tool takes a PDF URL and opens the entire logic in front of you, you can see everything, how the file is working or what is the logic behind the file format. You can create a small probe and paste the code in the file and send the file. I will not call this totally Stegnography, as it more on images, but i will include this as a part of the technology.

Now the question is how to detect this, open your eyes when you see any picture. The easiest way to detect this, is the change of the color schema of the picture. The % of change in the pixals will determine the type of object it is carrying. The problem is more in PDF, as no one detect the presence of an object just by seeing that. Modern day's anti-viruses also fail in detecting such probes and so even after having most advanced security technologies, fail to prevent the threat.

Wednesday, November 2, 2011

Artificial Intelligence (AI)


We all have seen lot of movies, focusing on "ARTIFICIAL INTELLIGENCE"., but how many of us really understand this concept? First of all, is it really possible to replicate human intelligence and make a system or an agent which will show the same kind of adaptability to its environment and intelligently produces the same kind of reasult, which a human being could have produced.

Sounds Intresting, AI has been designed as a branch of computer science, which deals in understand the emotional stimulas and creating intelligent agents, within the same human wavelength. The focus is to create an intelligent race of intelligent species , who can double the productivity graph with out facing a human latency.

Many prominent scientists have given their entire life in doing behavioural analysis on human intelligence and still they are not able to decode the exact pattern to replicate the human behavour. But there are lot of researches going on this ground and people have started making human endroids. These endroids are classified as in the higher classes of robots, who can act and react like humans.

Some of the specialized projects in Artificial Intelligence (AI) are:

Cat : A - Brain simulation


Cyc, an attempt to assemble an ontology and database of everyday knowledge, enabling human-like reasoning.


Eurisko, a language by Douglas Lenat for solving problems which consists of heuristics, including heuristics for how to use and change its heuristics.


Mycin, an early medical expert system.



Cat : B - Cognitive architectures


CALO, a DARPA-funded, 25-institution effort to integrate numerous artificial intelligence approaches (natural language processing, speech recognition, machine vision, probabilistic logic, planning, reasoning, numerous forms of machine learning) into an AI assistant that learns to help manage your office environment.

SHIAI (Semi Human Instinctive Artificial Intelligence), an AI methodology based on the use of semi-human instincts, developed at Islamic Azad University in 2004.

Virtual Woman, the oldest continuous form of virtual life — a chatterbot, virtual reality, artificial intelligence, video game, and virtual human.


Cat : C - Games


Chinook, a computer program that plays English draughts; the first to win the world champion title in the competition against humans.

Deep Blue, a chess-playing computer developed by IBM which beat Garry Kasparov in 1997.

FreeHAL, a self-learning conversation simulator (Chatterbot) which uses semantic nets to organize its knowledge in order to imitate a very close human behavior within conversations.


Cat : D - Knowledge and reasoning

Blue Brain Project, an attempt to create a synthetic brain by reverse-engineering the mammalian brain down to the molecular level.

HNeT (Holographic Neural Technology), a technology by AND Corporation (Artificial Neural Devices) based on non linear phase coherence/decoherence principles.


Hierarchical Temporal Memory, a technology by Numenta to capture and replicate the properties of the neocortex.


Cat : E - Motion and manipulation



  • Cog, a robot developed by MIT to study theories of cognitive science and artificial intelligence, now discontinued.




  • Grand Challenge 5 – Architecture of Brain and Mind, a UK attempt to understand and model natural intelligence at various levels of abstraction, demonstrating results in a succession of increasingly sophisticated working robots.



  • Cat : F - Natural language processing

    AIML, an XML dialect for creating natural language software agents.

    A.L.I.C.E., an award-winning natural language processing chatterbot.

    ELIZA, a famous 1966 computer program by Joseph Weizenbaum, which parodied person-centered therapy.


    If this works out well then we can save human lives in wars and other critical and emergency situations. We can replicate endlessly and keep on creating intelligent agents, which will serve the mankind in the same way humans serve.


    # The project information is taken from http://en.wikipedia.org/wiki/List_of_notable_artificial_intelligence_projects








    Monday, October 24, 2011

    Honey Pots and Honey Nets - A new defense mantra !!

    We keep saying that , we need to invent measures to track down any malicious activity coming to our website or application or our network. But for that, what do we invent?we cone down to those traditional measures of having a bunch of firewalls or IPS, heavily configured on signatures to guard our premises. One more step, is deploying enteriprise monitoring and management systems to help us to keep an eye on the activity happeing outside the network.

    But then also how to catch a hacker, who comes ane easily hacks down the site even having these technologies in place. The problem is, we are not thinking like a hacker, rather we are thinking like a administrator, who do not have any inovative ways of solving this problem because he has his boundaries set. One needs to be very much innovative these days to catch these smart fellows.

    First thing to remember, no hacker will reveil his own identity. If at all you are successfull in getting hold of an identity details, be sure that this one is nothing but FAKE. If you realize, you still be on the same step from where you started some days back. So, what to do??

    There is an intresting technology, which attracts the hacker to hack the resource and there by catching the person beind the intention, this is called "HONEY POT" or "HONEY NET".

    The concept is very simple, its like putting a goat to catch a tiger. Here also we do the same thing, we create a trap to attract the hackers and then we catch them. These applications create a trap, by opening some fake  ports or services, making the hacker realize that the target is very vulnerable. He feel excited to see many backdoors, enabling his easy access. In thiswhole process, the application captures all the necessary credentials and alerts the user of the activity and that is how the person gets caught.

    I have personally used it and tested with many situations. I also tried to integrate the application with my incident management framework and it worked. Now i dont have to over configure my security devices nor introduce any new technology to ensure the security of my organization. Honey Pots cater a single network setup and if an organization has multiple networks then they can go for Honey Nets.

    Specifically, these types of traps are used by organizations, which are dealing with national security or dealing with high level classified data like defense organisations, space research, ordinance factories etc. the threat to these type of organization is always alrarming and needs to be stringent in terms of security. But at the end, we also understand that irrespective of the type of the organization , the data is always critical in itself and to ensure its security , it is advisable to implement this as an additional defense layer.

    Tuesday, October 4, 2011

    Controls, Policies and Procedures - A corporate jargon!!



    Organizations consider that if they have implemented strict controls, policies or procedures, they are secure. But they, fail to understand that one simple question, “what to secure and from whom?”
    This is a very common practice to have this type of mind set because when a security has to be implied to prevent a information from getting leaked out from an organization, then I don’t think, any stringency would be of any help in doing this. The reason is very simple, “Are we feeling the every possible gap within the organization?”

    The answer to this question will be “No” every time because it is not possible to close all the gaps because, we are not aware of all the gaps. We are putting our thinking on what is visible but there would be many things, which are not visible. So is an organization safe?

    Due to an increase in the pressure of getting organizations comply on various standards; we have shifted our thinking to the real problem of limiting data theft. The biggest threat prevailing in this area is on the human mind , acting a vital role in data leakage. The behavior of a non satisfied employee is always uncertain and there is no policy to govern the mind.

    It is and was never possible to control over a human mind and there will be always a non-compliance in this aspect, then “what are we preventing and from whom?”, this is the reason, why we always emphasize on awareness. It is very important to minimize the internal threat against external. Till today, people working in an organization, are considered to be the biggest threat against the external entities.

    For me, having policies, procedures and controls are just good to have for an organization, to say “ I have security implemented” but when you look at the granular level then you will realize the purpose of having all these is never achieved. One talking to limit the data theft is impossible, if it is not implemented at the level where humans dealing with the data, take the responsibility of its security. I don’t believe, any technology can go above the intelligence of human brain. This is the only weapon which can cause and prevent the damage from getting worse.

    Friday, July 1, 2011

    Blackberry Enterprise Solution Security - A Snap shot


    This solution helps a blackberry user to transfer data securely from one point to another, through wireless networks. This application uses a symmetric key to encrypt the data sent between them , thereby preventing the third party wireless providers from accessing an organization’s critical data.
    Blackberry Enterprise solution uses symmetric algorithm to provide and maintain the confidentiality, Integrity and authenticity of the data. This happens because, before sending a data, the blackberry client authenticates itself with the blackberry server and then only the data is transmitted. No other peer knows there is a transmission happening.

    Some of the striking security features in this suite are

    Data Protection
    The data is protected in the transit from one device to another device by using a unique symmetric algorithm. The data is encrypted and stored in a configuration database and can be made to be accessed using a password, smart card or both.
    Encryption key protection
    The device is programmed to encrypt the keys stored in the device. It automatically decrypts the keys automatically when the device is locked.
    Control of device connections
    The suit is designed to control Bluetooth and wi-fi networks
    Seamless administration
    The device can be administrator by sending administrative commands to lock the device, delete user or data etc.

    General Architecture


    The above figure depicts the connectivity model from a centralized Blackberry Enterprise Server to the clients. The inherent connectivity may differ as the organization's requirements.

    Tuesday, June 21, 2011

    Wireless with a Hole !!!


    Do you always pay for your internet usage? And do you think that you pay more than what you use? If the answer is Yes, there we need to find a way where we can use internet but do not pay for that. There are at times we know that most of the public places in today’s date are equipped with the complimentary wireless and WIFI functionality. They give you access to internet for some time and then you have to go for buying a voucher. What if we can have something, which can give an unlimited access to the internet without paying a penny for that.
    Whenever I visit UAE, I make sure that I don’t have to pay for my internet connectivity and by god’s grace, I haven’t paid for my access till date . The concept is very simple; I often keep my laptop in a position or a place which is open, where I can get as many access points while I scan the surroundings. When I get a good amount of access points in my laptop, I go for filtering them to search for those who are unsecured in nature or WPA enabled. I end up getting some of them.
    Then I try to connect randomly to all those access points, this seems to be easy, but the real challenge is when there is a possibility of a Honey pot running at the other end and the person can easily detect your location using your IP address/ MAC Address. So it is always recommended, to hide the IP and MAC addresses from getting broadcast.
    You need to be very carefull while doing this, sometimes applications stop working after changing the IP or MAC Address, so to prevent this, it is always recommended, to apply an alias on your physical and logical addresses and then plan for something like this.
    If you are lucky enough, then you can get a successful connection of the target access point and you can browse internet endlessly, the fun part is, all wireless controllers saves the IP addresses in its buffer and the next time, any session initiated by those IP addresses are not authenticated. So since you have already established a connection, the next time you can directly connect the access point and start a session.
    One cannot guarantee the speed you will be getting from this. The speed will depend on the no. of connections on the device and also the burst rate of the device.  But believe me, I always got a more than decent speed, although it was on wireless.
    You might be thinking, why I am not talking about cracking a wireless network?
    The answer is very simple, most of the cracking tools needs a Wireless Card supporting a specific driver called “WinPcap”. This driver enables us to probe into the access point and get the passwords or keys. The main problem is , our standard laptop models do not have the card compatible to this driver…. I have checked this on my laptop and almost crashed the card..:)
    Have a clear an good intention while trying this ….:)