IT WILL NOT, THAT EASY FOR A NOVICE TO HACK A SECURED SERVER

Dear Sir/Mam



Pls do not publish such critical security related articles .However , Sonal & Neha sharma are sucesseded , to provide information on Survilence/Detectives/Devices & technology Used by experts for Detecting and Preventing hacker's /Intruders from ill-legal access to Information Servers(Confidential). No one is born till now , who claims that he hack a computer on his ownself ( Enterprise & Govt. PC's) , somebody from the department (any) provide them MAC address of the

Server , or a Fool , who unintentionaly allowed intruders , to take the control remotely.Otherwise its Impossible to intrude into secured server's.

If you are receiving bounce back messages from emails that you HAVEN'T sent you have probably been 'spoofed' .

Email spoofing: is when the sender changes the name in an outgoing email so that it looks like the email came from somewhere or someone else. This practice is often used by spammers to stop people finding out who they are. It also means that when the spam mail is rejected by the addressee's mail server, the bounce back message goes to whoever was specified in the outgoing mail rather than to the spammer themselves.

Important Note:At present there is nothing we can do to avoid this nuisance. If you have been spoofed, please simply delete the bounce back messages. It doesn't mean that anyone has accessed your email account. You will probably find you receive a few for a short while and then they will stop. However we are trying very hard to devolp a Platform Common for all the server's in use at present. So , pls Ask people to , will not click on any mail msg they dont know , who is the sender & never provide information , asked Necssary for claim their winning lotto/Beneficery/Coca-Cola / Live etc.

Snooping, in a security context, is unauthorized access to another person's or company's data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping can include casual observance of an e-mail that appears on another's computer screen or watching what someone else is typing. More sophisticated snooping uses software programs to remotely monitor activity on a computer or network .

Device's.

Malicious hackers (crackers) frequently use snooping techniques and equipment such as keyloggers to monitor keystrokes, capture passwords and login information, and to intercept e-mail and other private communications and data transmissions. Corporations sometimes snoop on employees legitimately to monitor their use of business computers and track Internet usage; governments may snoop on individuals to collect information and avert crime and terrorism. Although snooping has a negative connotation in general, in computer technology snooping can refer to any program or utility that performs a monitoring function. For example, a snoop server is used to capture network traffic for analysis, and the snooping protocol monitors information on a computer bus to ensure efficient processing.


SEE HOW BIG ENTERPRISE's USED SNOOPING & WHY?

BIG Enterprise Data Governance Data masking hides information from testers: Start-up DataGuise enters the data masking market fueled by regulatory compliance pressures. One analyst says companies prefer masking over other techniques. Deperimeterization changing today's security practices: Royal Holloway authors explain how basic deperimeterization principles can ensure that security does not suffer when traditional boundaries are eroded.

Necessary Cooperation: The teaming of human resources and security pros is mission critical for protecting corporate data.



Frequently Asked Qestions:



Q : What is Spoofing/Snooping ?



Q : How to hack a pc ?



Q: Pls , tell me how can i protect my pc from malware/spyware?



Q : How to hack a cell phone or trace a cell phone ?



Q : How to track a spammer ?



So its not that easy for everyone , to intrude into someone elses computer. Hacking is Impossible on the net , becoz , one can use a public network



Like Internet , you can just able to see his IP Address & Domain. To hack a pc , you must have the physical address (MAC ADDRESS) of that machine , you want to Hack. MAC Address is unique for each single pc ( NIC : Network Intrface Card/Ethernet/Lan).



For more information , pls visit the sites given below.

For More Information pls visit our site



Sincerely
Gurbinder Sharma
IT Specialist/Security

10 POWER SHELL COMMANDS , SYSTEM ADMIN MUST KNOW

• Over the last few years, Microsoft has been trying to make PowerShell the management tool of choice. Almost all the newer Microsoft server products require PowerShell, and there are lots of management tasks that can’t be accomplished without delving into the command line. As a Windows administrator, you need to be familiar with the basics of using PowerShell. Here are 10 commands to get you started.

Note: This article is also available as a PDF download.


 Get-HelpThe first PowerShell cmdlet every administrator should learn is Get-Help. You can use this command to get help with any other command. For example, if you want to know how the Get-Process command works, you can type:

• Get-Help -Name Get-Processand Windows will display the full command syntax.

       you can also use Get-Help with individual nouns and verbs. For example, to find out all the commands     you can use with the Get verb, type: 

• Get-Help -Name Get-*2: Set-ExecutionPolicyAlthough you can create and execute PowerShell scripts, Microsoft has disabled scripting by default in an effort to prevent malicious code from executing in a PowerShell environment. You can use the Set-ExecutionPolicy command to control the level of security surrounding PowerShell scripts. Four levels of security are available to you: 
• Restricted — Restricted is the default execution policy and locks PowerShell down so that commands can be entered only interactively. PowerShell scripts are not allowed to run.
• All Signed — If the execution policy is set to All Signed then scripts will be allowed to run, but only if they are signed by a trusted publisher.  
• Remote Signed — If the execution policy is set to Remote Signed, any PowerShell scripts that have been locally created will be allowed to run. Scripts created remotely are allowed to run only if they are signed by a trusted publisher.  
• Unrestricted — As the name implies, Unrestricted removes all restrictions from the execution policy.  
• You can set an execution policy by entering the Set-ExecutionPolicy command followed by the name of the policy. For example, if you wanted to allow scripts to run in an unrestricted manner you could type: 
• Set-ExecutionPolicy Unrestricted3: Get-ExecutionPolicyIf you’re working on an unfamiliar server, you’ll need to know what execution policy is in use before you attempt to run a script. You can find out by using the Get-ExecutionPolicy command.
• 4: Get-ServiceThe Get-Service command provides a list of all of the services that are installed on the system. If you are interested in a specific service you can append the -Name switch and the name of the service (wildcards are permitted) When you do, Windows will show you the service’s state. 
• 5: ConvertTo-HTMLPowerShell can provide a wealth of information about the system, but sometimes you need to do more than just view the information onscreen. Sometimes, it’s helpful to create a report you can send to someone. One way of accomplishing this is by using the ConvertTo-HTML command. 
• To use this command, simply pipe the output from another command into the ConvertTo-HTML command. You will have to use the -Property switch to control which output properties are included in the HTML file and you will have to provide a filename. 
• To see how this command might be used, think back to the previous section, where we typed Get-Service to create a list of every service that’s installed on the system. Now imagine that you want to create an HTML report that lists the name of each service along with its status (regardless of whether the service is running). To do so, you could use the following command: 
• Get-Service
• ConvertTo-HTML -Property Name, Status > C:\services.htm6: Export-CSVJust as you can create an HTML report based on PowerShell data, you can also export data from PowerShell into a CSV file that you can open using Microsoft Excel. The syntax is similar to that of converting a command’s output to HTML. At a minimum, you must provide an output filename. For example, to export the list of system services to a CSV file, you could use the following command: 
• Get-Service
• Export-CSV c:\service.csv7: Select-ObjectIf you tried using the command above, you know that there were numerous properties included in the CSV file. It’s often helpful to narrow things down by including only the properties you are really interested in. This is where the Select-Object command comes into play. The Select-Object command allows you to specify specific properties for inclusion. For example, to create a CSV file containing the name of each system service and its status, you could use the following command: 
• Get-Service
• Select-Object Name, Status
• Export-CSV c:\service.csv8: Get-EventLogYou can actually use PowerShell to parse your computer’s event logs. There are several parameters available, but you can try out the command by simply providing the -Log switch followed by the name of the log file. For example, to see the Application log, you could use the following command: 
• Get-EventLog -Log "Application"Of course, you would rarely use this command in the real world. You’re more likely to use other commands to filter the output and dump it to a CSV or an HTML file. 
• Get-ProcessJust as you can use the Get-Service command to display a list of all of the system services, you can use the Get-Process command to display a list of all of the processes that are currently running on the system. 
• Stop-ProcessSometimes, a process will freeze up. When this happens, you can use the Get-Process command to get the name or the process ID for the process that has stopped responding. You can then terminate the process by using the Stop-Process command. You can terminate a process based on its name or on its process ID. For example, you could terminate Notepad by using one of the following commands:
• Stop-Process -Name notepadStop-Process -ID 2668Keep in mind that the process ID may change from session to session.

Warm Regards
Gurbinder Sharma
IT Professional

THANKS TO TECH REPUBLIC TO CONTINOUSLY SENDING UPDATION MAILS.
www.techrepublic.com

 http://groups.google.com/group/microsoft-certification-exams

AirMagnet Spectrum XT (2.0.1) is now available

AirMagnet Spectrum XT provides a more efficient method for troubleshooting RF interference issues, saving time and costly IT resources .
AirMagnet Spectrum XT (2.0.1) is now available. With this release, users can create custom signatures for any RF interference issue or source in the wireless LAN spectrum, regardless of device or environment. In addition, AirMagnet Spectrum XT delivers the industry’s most comprehensive RF interferer classification library. With these capabilities, wireless professionals no longer have to depend on spectrum analyzer vendors to deliver database updates for detection of new interference sources.

Summary of new key features:

Detection for new RF interferers

Ability to create customized signatures

Remote Spectrum analysis

AirMagnet Spectrum XT Viewer

SNMP support

Enhanced Bluetooth analysis

64-bit OS support

You can request for a Demo version for trial period to be more user friendly with this amazig Product.

http://www.airmagnet.com/ 

www.talktoht.com/gurbinder

List Of Threats P-2

smona129060106239019490747 nsm0220 34 0 Dec 7, 2010 4:36 AM



Last Post By: nsm0220 »


SSS.exe nsm0220 32 0 Dec 7, 2010 4:34 AM


Last Post By: nsm0220 »


ee6419223eec4111deb038f5cff25f60_INFC4A4.tmp nsm0220 26 0 Dec 7, 2010 4:32 AM


Last Post By: nsm0220 »


KillEXE.exe nsm0220 40 0 Dec 7, 2010 4:29 AM


Last Post By: nsm0220 »


0001_BABEL TAMBAHAN.exe nsm0220 74 1 Dec 7, 2010 1:59 AM


Last Post By: pbust »


platinum.hide.ip.patch.exe nsm0220 75 4 Dec 7, 2010 12:04 AM


Last Post By: nsm0220 »


UFFICIALMENTE_ACCORDO.exe cfts 81 1 Dec 6, 2010 10:09 PM


Last Post By: bartblaze »


Trojan Thed.A rizel1967 141 0 Dec 1, 2010 11:20 PM


Last Post By: rizel1967 »


shPsoBB.exe nsm0220 338 4 Nov 30, 2010 4:03 AM


Last Post By: pbust »


MTASA-1.0.4.exe nsm0220 83 1 Nov 30, 2010 3:09 AM


Last Post By: kilps »


Why didn't the behavior analyser detect this? Pages: [ 1 2 ] Jallu 524 23 Nov 30, 2010 12:16 AM


Last Post By: rizel1967 »


Virus or Trojan when I try to pay my bills online? dracopticon 192 4 Nov 28, 2010 5:58 PM


Last Post By: Shadowman »


Want to report a "none virus" founded by PandaCloud Blackmamba93 382 5 Nov 27, 2010 10:01 PM


Last Post By: rizel1967 »


Trojan.Pakes missed by PCA ckcloud 566 5 Nov 26, 2010 6:13 AM


Last Post By: pbust »


crawler.com - Changed settings in the operating system MrHabbman 275 5 Nov 25, 2010 1:36 AM


Last Post By: Ibrad09 »










Pages: 4 [ Previous
1 2 3 4
Next ]


Subscribe


Popular Discussions


WHY PANDA DO NOT WORK???


Replies : 8


Last Post By: Shadowman


Last Post At: Dec 11, 2010 7:48 PM


GenericTrojan Detected...


Replies : 0


Last Post By: Gurbinder Sharma (Aklia)

Last Post At: Dec 12, 2010 4:13 AM

Gurbinder

IT SPECIALIST/Professional/security: List of Dangerous Threats Updated This Month

IT SPECIALIST/Professional/security: List of Dangerous Threats Updated This Month

Regards
Gurbinder Sharma
Microsoft Cert. Partner

List of Dangerous Threats Updated This Month

1.        GenericTrojan Detected after a long Period
2.        WHY PANDA DO NOT WORK???
3.          test74314914042766.bin
4.         AnVir.exe nsm0220 42 0
5.          LOIC.exe nsm0220 29 0
6. thinkpoint - hotfix.exe nsm0220 23 0
7. Vdeo.scr nsm0220 20 0
8. vcyj.exe1 nsm0220 17 0
9. firefox-update.exe nsm0220 41 0
10. [UG]+M2+MultiHack+v8.0.rar nsm0220 17 0
11. 212.exe nsm0220 38 0
12. malw_64.ex_ nsm0220 28 0
13. malw_59.ex_ nsm0220 86 1
14. update.exe nsm0220 58 0

 For More Information Visit Panda Security Website (cloud)

Gurbinder Sharma

IT Security

 

IT SPECIALIST/Professional/security: CBI’S COMPUTER HACKED BY PAKISTAN’S CYBER PROFESSI...

IT SPECIALIST/Professional/security: CBI’S COMPUTER HACKED BY PAKISTAN’S CYBER PROFESSI...: "CBI’S COMPUTER HACKED : Hi Guys This news stunned me to my soul. How come a nation which is under scanned by many countries for his ille..."

CBI’S COMPUTER HACKED BY PAKISTAN’S CYBER PROFESSIONALS

CBI’S COMPUTER HACKED :


Hi Guys

This news stunned me to my soul. How come a nation which is under scanned by many countries for his illegal links

With Terrorists and Involvement in such acts. This is very serious concern for India. CBI Known for his Investigation

Agency of govt. of India. Then what were they doing about security concerns. However wiki leaks are common now days , but your prime investigating agency’s computer was hacked by professional hackers working for ISI.Where

CBI fails due to ignorance, The IT professional’s are not capable to detect a Intruder & nor Stopped why? They Simply Enjoys the party (Hackers).What for they are paid , if they don’t even known to Network Security. Shame

On These Professionals, who just come for salary purpose rather serves the nation?

Performance: Zero, The information was stolen.

Soft/Hard: our equipments are of no use, why don’t they upgrade to the new technology.

Involvement: Hack a computer is not a easy cake put into mouth. One can required MAC Address (physical Address)

Of the System to Intrude. but on the network only IP/DNS are shown to everybody not the Mac tables. Its conspiracy

Between hackers and systems Administrators, for providing MAC address to the enemy to control defense computers Remotely.
in 1997 Intrusion was made into Defense Ministry’s confidential data stole by someone from china, I repeatedly wrote

These Guys That, What Happens (nothing) convict is in china and information stolen was related to indo-pak relations.

But they never reply to me, what they did.
Request: Pls handover this case to me , I want to investigate this incident , and CBI is not at all required now.

Genius IT Pro’s go abroad for more money because they can’t get the Job, like me.
I want all the details pertaining abt. This case, what did they intrude, for which particular data they were supposed to

Stole, The Exact Time and but did you guys do after this theft. You are hiring a pro wrongly, we have pool of experts

In this regard. Why wasting money and time on Idiots Sitting there.



Regards

Gurbinder Sharma

Electronic Security & Digital Forensics.

Computers & Network Security.

Microsoft Certified IT Professional

9216432873

IT SPECIALIST/Professional/security: Dedicated to my Mom

IT SPECIALIST/Professional/security: Dedicated to my Mom: "Getting a gentle touch from mother can be nearly as effective as a medicine after a tough event.According to research conducting in UK , the..."

Dedicated to my Mom

Getting a gentle touch from mother can be nearly as effective as a medicine after a tough event.According to research conducting in UK , the levels of a stress hormone , Cortisol , and oxytocin , among 61 young girls who had to make a presentation in public , the volunteers aged seven to 12 , were asked to do public speaking and then carry out an oral arithmatic test in front of people. Immediately after the event , a third of the girls comforted by their mother ; another third recieved the phone call from mom but did not see or touch them & remaining third recieved no support but wathed a neutral film for 75 min.. As expected , cortisol levels , measured in saliva soared as the youngsters became stressed by having to address the public.

Magic Touch: But amazingly after 30 minutes of the event , cortisol level returned to normal among children who experienced direct physical contact with their mother.

gurbinder

CHINA NABBED AGAIN IN PIRACY NEXUS

Hi
I was Declared Earlier Also , that the matter is serious know.They Are Addicted To Counterfiet Anything
Whether Software or Hardware.No body listen to me and loose 2 billions (Till 2007).Now Its Worsens
Even More And we are going to loose 5 billion app.

Culprit: Vendors having license to sell microsoft products ,  Re-Sellers , Institute All used Pirated CD's And DVD's( In India) .
 Raids and arrests in China over the past two weeks mark the culmination of a multiyear investigation into a major software counterfeiting syndicate based in the southern China province of Guangdong. The syndicate is allegedly responsible for manufacturing and distributing more than $2 billion worth of counterfeit Microsoft® software. The investigation into this syndicate, which is believed to be the largest of its kind in the world, was led by the FBI and China’s Public Security Bureau (PSB). Microsoft Corp., hundreds of Microsoft customers and scores of Microsoft partners also assisted in the investigation.

These raids and arrests by the PSB, drawing on information provided by the FBI Los Angeles and Microsoft, targeted sources behind the illegal commercial production of Microsoft software, software components and certificates of authenticity. Law enforcement authorities and forensic specialists identified numerous replication plant lines that were involved in the CD production and were the source of counterfeit Microsoft products that had been supplied and sold to business customers and consumers around the world. The counterfeit software, found in 27 countries and on five continents, contained fake versions of 13 of Microsoft’s most popular products — including Windows Vista®, the 2007 Microsoft Office release, Microsoft Office 2003, Windows® XP and Windows Server®. The counterfeits were produced in at least eight languages: Croatian, Dutch, English, German, Italian, Korean, Simplified Chinese and Spanish.
“Microsoft deeply appreciates the work of China’s Public Security Bureau in taking such strong enforcement action with these arrests and raids in Southern China,” said Brad Smith, senior vice president and general counsel at Microsoft. “This case represents a milestone in the fight against software piracy — governments, law enforcement agencies and private companies working together with customers and software resellers to break up a massive international counterfeiting ring. This case should serve as a wake-up call to counterfeiters. Customers around the world are turning you in, governments and law enforcement have had enough, and private companies will act decisively to protect intellectual property.”
During the course of the multiyear investigation, more than 55,000 sophisticated-quality copies of counterfeit software were traced back to the same southern China criminal syndicate. These counterfeit products came from seizures by law enforcement and customs authorities, through submissions made by Microsoft customers and partners, and from test purchases. The 55,000 examined discs are believed to constitute less than 1 percent of the millions of counterfeit copies that are estimated to have been produced and shipped to distributors and countries across Europe, the Middle East, Asia, Australia, the United States and Canada. Countries around the world are expected to experience a significant decrease in the volume of counterfeit software as a direct result of this action.
According to World Customs Organization Secretary General Michel Danet, “Customs around the world, from Cairo to London, Vancouver to Hamburg, and New York to Beijing, seized dozens of shipments numbering thousands of counterfeit Microsoft software products produced by these criminals. This clearly shows that customs around the world are at the forefront of the battle to protect consumers from harm by counterfeit goods, and that sharing information is vital in order to build strong enforcement.”



Customers and Resellers Report on Syndicate



Microsoft customers and software resellers played a major role in ultimately helping the FBI and the PSB identify and build the case against the China-based counterfeiting syndicate. Tens of thousands of customers used Microsoft’s anti-piracy technology in Windows Genuine Advantage to identify the software they were using as fake. More than 1,000 of these customers then submitted physical copies of counterfeit Windows XP for analysis, which Microsoft was then able to forensically link to the counterfeit syndicate. In addition, more than 100 Microsoft resellers played a key part in helping to trace the counterfeit software and provided physical evidence critical to building the case, such as e-mail messages, invoices and payment slips.



“The evidence provided by Microsoft customers through the Microsoft piracy reporting tool proved to be essential in tracking down this criminal syndicate,” said David Finn, associate general counsel for Worldwide Anti-Piracy and Anti-Counterfeiting at Microsoft. “It is no exaggeration to say that the ability of our customers to identify counterfeit software through Windows Genuine Advantage, and the subsequent help of our customers and partners, was absolutely critical in ultimately identifying this massive counterfeit manufacturing and distribution network. We take seriously our responsibility to protect customers from the productivity and security risks associated with counterfeit software, and we are committed to educating customers on what to look for and what to avoid, deploying engineering innovations to better protect the software, and pursuing criminal prosecutions to protect customers and partners when appropriate.”



Protecting Customers From the Risks of Counterfeit Products



Customers expect to receive genuine, high-quality software, but counterfeit copies often contain malicious code and/or malware and fail to operate properly, presenting real risk through potential security breaches and the loss of business data, reputation and cost to recover from them.



According to an October 2006 IDC white paper sponsored by Microsoft, acquiring and using counterfeit product keys, pirated software, key generators and crack tools for Windows XP and the Microsoft Office system may increase the risk of exposure to viruses, worms and other damaging code, including spyware, Trojan horses and modified code. The study can be found at http://www.microsoft.com/athome/security/update/wga/default.mspx.



The Costs of Piracy



Globally, counterfeiting robs the software industry of an estimated $40 billion (U.S.) per year. Lost industry revenue is just the beginning; the fourth annual BSA and IDC global software piracy study (May 2007) estimated worldwide piracy rates at 35 percent in 2006. According to the study, reducing this rate by just 10 percent over four years could potentially generate 2.4 million new jobs, $400 billion in economic growth and $67 billion in additional tax revenue for the world economy. In the last 18 months alone, worldwide law enforcement agencies have seized more than 914,177 units of counterfeit Microsoft software.



The Microsoft Genuine Software Initiative



Microsoft launched the Genuine Software Initiative in 2006, and since then it has intensified its efforts to protect customers and channel partners from the risks of counterfeit software through an increased focus on education, engineering and enforcement.



More information about Microsoft’s Genuine Software Initiative is available at http://www.microsoft.com/genuine.



Windows Genuine Advantage

As part of the Genuine Software Initiative, Microsoft is continuing to invest in anti-counterfeiting technologies and product features that protect the company’s intellectual property and alert consumers to the presence of counterfeit software. Windows Genuine Advantage enables customers to validate their software remotely with Microsoft, giving customers the power to check whether they are using genuine software. Since July 2005, 512 million users worldwide have validated their copy of Windows through Windows Genuine Advantage. In 2006, there were nearly 400 million validations, with a failure rate of 22.3 percent.

About Microsoft
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Are We Ready To Compete With Technology China Have Attained In Communication

­Huawei has released what it says is the industry's first commercially available WiMAX and LTE TDD SingleRAN solution. This end-to-end solution enables operators to seamlessly migrate from WiMAX to LTE TDD networks.
Huawei now offers a commercially available solution consisting of a WiMAX and LTE TDD dual mode remote radio unit (RRU) and dual mode base band unit (BBU), which fully support 2.3GHz, 2.5GHz and 3.5GHz mainstream Time-Division Duplexing (TDD) frequency bands. It is a 4T4R (four transmitters and four receivers) design that supports multi-input multi-output (MIMO) and Beamforming (BF), and it can be flexibly configured as a WiMAX module, a LTE TDD module, or a WiMAX and LTE TDD dual mode module simply by upgrading the software.
This solution also features an end-to-end advantage by adopting Huawei's SingleEPC packet core network solution, which enables GPRS, UMTS, LTE, and WiMAX users alike to enjoy high-speed mobile broadband access with converged and smart network management.
"Huawei's WiMAX and LTE TDD SingleRAN solution will provide our customers with great flexibility as the 4G ecosystem continues to take shape," said Tang Xinhong, vice president of Wireless, Huawei. "By adopting Huawei's SingleRAN solution, operators will be well-positioned to adapt and evolve their networks to any 4G standard in the future. This solution also offers operators current investment protection and an overall lower total cost of ownership."

What are we doing ? are we already competing their technology advancement or just doing testing testing testing , finally news will come up "Big Scam unleashed Involving Minister , Bribed for Spectrum Allocation"
I Personally Seen the crowd at BSNL main Exchange office in Mansa (punjab) India. First , i thought they Were here for depositing their phone bills.Then came the shock , they were the people from Rural areas and
Gathered there for returning the ADSL modems & Clousre applications for Broadband connections.I was most surprised by few people , who were there for Wi-Max Disconnection , they were used for almost a Month.Employees have no knowledge of Wi-Max Connectivity for far from areas.
Govt. is Thinking of E-Goverenance , How Come ? It is not a fix phone connection. It works on "OTA"
Technique OVER THE AIR . When you talking of over the air technology Bandwidth And Security prime concern.Equal Bandwidth for all  the users , The Obstructions coming in the way , Have to remove first ,becoz signal is transmitted once handled by other towers of the area for this orientation of the antennea's
Very important , if orientataion is not correct you lost connectivity at that particular Tower.

RISKS: Most common risks are related to skin & to Brain may be rare or might be life taking becoz radiations are dangerous to human body (Cardiac Arrest , Cancer , Skin Problems , Brain Imbalance) . Devoped Countries Allowed the Spectrum to be used by maximum 5 Carriers , But in India we Have 15
Carriers exist and in service.How much radiations , they ommitt in a day , now when everybody has a cell phone.It was proved in clinical researches that IR , MW waves are dangerous for a person , who is consistently remain in touch with these Radiations.
Every Mobile Operator active in india has to pay for every call made by his user.Then why BSNL always Failed to the expectations of the country.



Article published on 3rd November 2010



Page Tools

Email this article to a collegue



Printer Friendly Version







Related Links by GoogleUS Politicians Seek Assurances Over Huawei and ZTE Sales ...

Huawei Deploys ATCA-Based CDMA Mobile Softswitch Solution...

Sprint Nextel Drops Huawei, ZTE Contract Bids Due to Secu...

Huawei and Sequans Establish Partnership for LTE

Huawei to Create 164 Jobs at Canadian R&D Centre

Psychiatric Living Will

Psychiatric Living Will

IT SPECIALIST/Professional/security: IT SPECIALIST/Professional/security: MICROSOFT CERTIFICATION EXAMS DISCOUNT VOUCHER UPT...

IT SPECIALIST/Professional/security: IT SPECIALIST/Professional/security: MICROSOFT CERTIFICATION EXAMS DISCOUNT VOUCHER UPT...

http://www.talktoht.com

IT SPECIALIST/Professional/security: MICROSOFT CERTIFICATION EXAMS DISCOUNT VOUCHER UPT...

IT SPECIALIST/Professional/security: MICROSOFT CERTIFICATION EXAMS DISCOUNT VOUCHER UPT...: "HI Pls mail me on gurbinder.sharma@gmail.com if you are going for microsoft exam & get free discount vouchers upto 20% for free.Just go to ..."

MICROSOFT CERTIFICATION EXAMS DISCOUNT VOUCHER UPTO 20% FREE

HI
Pls mail me on gurbinder.sharma@gmail.com  if you are going for microsoft exam & get free discount vouchers upto 20% for free.Just go to any prometeric test centre and redeem your voucher on the spot.
After , i got your mail.I will Immediately mailed you the voucher & yes a second shot is Included.

Sincerely
Gurbinder Sharma
Microsoft Partner
Professional

Microsoft Critical Security Update

Microsoft released the Microsoft Security Intelligence Report - Volume Nine (SIRv9) and exposed the extent to which botnets provide a launch pad for cybercrime. Botnets sit at the heart of the cybercrime infrastructure, allowing criminals to perpetrate spam, phishing, identity theft, click fraud, and advance fee fraud. SIRv9 contains some of the most detailed research into the botnet threat ever conducted. It is clear that their controllers, known as bot-herders, work hard to sustain, maintain and grow them for financial gain. 87 percent of unsolicited e-mail is sent by botnets. Between April 2010 and June 2010, Microsoft cleaned more than 6.5 million computers of botnet infections - double the amount for the same period a year before.
SIRv9 covers the period January 2010 to June 2010 and contains analysis of data from more than 600 million computers around the world captured by Microsoft products and tools including Forefront security products, Windows Defender, Microsoft Security Essentials, Windows Internet Explorer, Bing and the Malicious Malware Removal Tool (MSRT). This tracking identifies evidence of increased integration between malicious threats and botnets.

• The U.S. is the country with the most botnet infections (2.2 million botnet infections in the second half of 2010) way ahead of second placed Brazil (550,000 botnet infections). Spain has the most infections in Europe (382,000 botnet infections) followed by France, the U.K. and Germany.

•Phishing sites that target social networks routinely have the highest number of phishing incidents per active phishing site. Sites that target social networks received 62.4 percent of all phishing incidents despite accounting for less than 1 percent of active phishing sites.

•In terms of the highest rate of botnet infection, Korea was found to have the highest incidence of botnet infection (14.6 bot computers cleaned per thousand) followed by Spain (12.4 bot computers cleaned per thousand) and Mexico (11.4 bot computers cleaned per thousand).

•In India the top Botnet threats and disinfected threats by category were - Rimecud - It downloads malware to the affected computer which is designed to send spam messages and to download more malware; Alureon - a trojan and rootkit which is designed to steal data by intercepting a system's network traffic and searching it for usernames, passwords and credit card data; Virut - infects executables and screensaver files, and attempts to downloads additional malware, also injects an iframe object into HTML based files, disables Windows file protection in order to infect essential protected Windows system files; Rcbot - lowers security settings; Hamweq - spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may request the machine to participate in Distributed Denial of Service attacks.


BOTNET PROBLEM DRIVERS:

• The existence of botnets poses a significant threat to the security of the internet. They are the result of the efforts of increasingly resourced and sophisticated cyber criminals and, to them, have a great deal of value.

• That they exist at all is down to a number of different and often dynamic factors. A proportion of Internet users not applying the fundamentals of good security practice, and the deceptive creativity of criminals we see evidenced in social engineering attacks and Potentially Unwanted Software are factors. So too are weak passwords and security policies.

•We also see evidence of the continued sophistication of cyber criminals. For example, in the way they are developing specialized botnets to launch specific crimes, such as the Lethic botnet through which 56.7 percent of botnet spam between March and June of 2010 was sent despite infecting only 8.3 percent of known botnet IP addresses.



Innovate and Collaborate to address Cybersecurity: Collective Defense

•What should we suggest:

°The tried and tested security fundamentals still apply. Newer versions of Windows are more secure.

°In addition, as a minimum, consumers in particular should look to take advantage of the free security tools such as:

»Microsoft Security Essentials and free antivirus tools from other recognised vendors. A word of warning though: be wary of the prevalence of rogue security software.

»Malicious Software Removal Tool (MSRT). The MSRT tool will run automatically when you install Microsoft security updates. It will detect and deal with some of the most common malware infections but should not be viewed on its own as providing adequate protection.

»Despite all this, we have to accept that there will always be a sizeable portion of the Internet using community, many of them consumers, who we are unlikely to educate on Internet security best practices. For a variety of reasons they will continue to not use antivirus and firewall software, they will not install security updates and latest versions of software. Those people are a fertile ground for cybercriminals to infect with malicious attacks and recruit into botnets. And they in turn pose a security threat to the broader Internet-using community.

•Addressing the problem of cybercrime requires creativity, innovative thinking and collaboration from industry, governments, law makers and law enforcers.

•Microsoft released a new position paper on this, "Collective Defense: Applying Public Health Models to the Internet," in which Microsoft proposed government and industry take action to help mitigate cyber threats today and ensure the long-term health of the Internet as it continues to grow and evolve. Microsoft called for industry and government to work to together to:

°Adopt a public health model for Internet security.

°Build a sustainable, socially-acceptable model that balances security and privacy.

°Build on and learn from existing industry, national and multi-national projects.

°Drive innovation to improve our abilities in the area of collective defense and Internet health.



•To highlight another example of how Microsoft is pursuing innovative solutions to address cybercrime, our Digital Crimes Unit (DCU) was able to develop an innovative legal approach to close down the Waledac botnet in collaboration with industry, law enforcement agencies, government entities, and academics.

°Waledac - capable of sending up to 1.5 billion spam emails a day

°Before the takedown Microsoft cleaned 84,000 computers that were part of the Waledac botnet in Q1 2010. Following the takedown, infected computers had fallen 64% to 30,000 computers.

°The Waledac takedown process, and the lessons Microsoft learned from it, provides Microsoft with a model and process through which it intends to pursue and take down other botnets in the future.

°There are other examples of successful botnet takedowns such as the Mariposa botnet in which Spanish authorities succeeded in closing down and arresting the operators.
I would urge you to go for the detailed report and understanding of the threat landscape. Also read the paper Applying Public Health Models to the Internet.

Sanjay Bahl is the Chief Security Officer for Microsoft Corporation (India) Pvt. Ltd., and is a member of various security committees at national and International level.

Announcing: Microsoft Security Essentials available FREE to Small Businesses.
Here is some great news for all of the small businesses out there from Microsoft

As we all know, small businesses are under incredible pressure to:
1.Reduce operating costs

2.Improve productivity

3.Grow their business

4.Do all of this in a very challenging economic climate

It's also no secret that most small businesses today do not have a dedicated IT professional on staff to manage their IT resources (which you may recall is why we originally launched the Small Business Specialist Community of partners worldwide). Small business owners and employees are focused on running their business, not managing complicated IT infrastructure.



Security Update

What is the purpose of this alert?

As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers concerning the number of new security updates being released, the products affected, the aggregate maximum severity, and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.



Microsoft released 16 new security bulletins. Below is a summary.





NEW BULLETIN SUMMARY



Bulletin IDMaximum Severity RatingVulnerability ImpactRestart RequirementAffected Software

Bulletin 1CriticalRemote Code ExecutionRequires restartInternet Explorer on Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 2CriticalRemote Code ExecutionMay require restartMicrosoft Windows Vista and Windows 7.

Bulletin 3CriticalRemote Code ExecutionMay require restartMicrosoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 4CriticalRemote Code ExecutionMay require restartMicrosoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 5ImportantInformation DisclosureMay require restartMicrosoft Windows SharePoint Services, SharePoint Foundation 2010, Office SharePoint Server 2007, and Groove Server 2010.

Bulletin 6ImportantElevation of PrivilegeRequires restartMicrosoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 7ImportantElevation of PrivilegeRequires restartMicrosoft Windows XP and Windows Server 2003

Bulletin 8ImportantRemote Code ExecutionMay require restartMicrosoft Office Word 2002, Word 2003, Word 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Word Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, Office Web Apps, and Word Web App.

Bulletin 9ImportantRemote Code ExecutionMay require restartMicrosoft Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

Bulletin 10ImportantRemote Code ExecutionRequires restartMicrosoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 11ImportantRemote Code ExecutionMay require restartMicrosoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 12ImportantRemote Code ExecutionRequires restartMicrosoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 13ImportantElevation of PrivilegeRequires restartMicrosoft Windows XP and Windows Server 2003.

Bulletin 14ImportantDenial of ServiceRequires restartMicrosoft Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 15ModerateRemote Code ExecutionMay require restartMicrosoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Bulletin 16ModerateTamperingRequires restartMicrosoft Windows Server 2008 R2.

*The list of affected software in the summary table is an abstract. To see the full list of affected components please click on the "Advance Notification Webpage" link below and review the "Affected Software" section.



Advance Notification Webpage: The full version of the Microsoft Security Bulletin Advance Notification for this month can be found at www.microsoft.com/technet/security/bulletin/ms10-oct.mspx.



Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.



Monthly Security Bulletin Webcast:To address customer questions on these bulletins Microsoft is hosting a webcast on Wednesday, November 10, 2010, at 11:00 A.M. Pacific Time (U.S. and Canada). Registration for this event and other details can be found at  https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx



Regarding Information Consistency

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft's security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's Web-based security content, the information in Microsoft's Web-based security content is authoritative.

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant in Your Region or Country.

Regards
Gurbinder Sharma
Microsoft Partner
Many Many Thanks To (For Providing This Critical Security Issue)
Microsoft CSS Security Team

Cyber Forensic Investigation and System Integrity Software

Secure 1st, network security and cyber forensic specialists, announce the release of Secure Hash V1.0. This new Windows application is designed to generate, store, and analyze digital signatures. These digital signatures can then be used during a cyber forensic investigation to ensure the integrity of the investigation.

Secure Hash scans the hard disk (or any storage media) on a Windows PC and calculates the MD5 and SHA1 hashes of the files and builds a list with other vital information such as file size, location, date of creation, and date of modification. The resulting list can be used during a cyber forensic investigation. For example, the investigator may use Secure Hash to save the names, locations, and hashes of all the files on a PC during the first stage of the investigation, after the PC has been removed from the crime scene. Later, the investigator could use this information in a court of law or in a lab to generate a report and file list to ensure the integrity of the investigation.
Secure Hash also allows for analysis and comparison of the digital signatures. A previously generated list of hashes can be loaded and various filters applied to compare the previous list with the current file states. With filtering, it is easy to discover if any files have been modified, created, or deleted as well as finding duplicate files.
Secure Hash is 100% compatible with all versions of Microsoft Windows from Windows 95 to Windows 7 including the 64 bit variants.
Secure 1st is an information security company which specializes in Computer Forensic Solutions, Computer Forensic Training Services, and Computer Forensic Consultancy Services. Secure 1st helps its clients to develop and maintain an integrated security infrastructure that can prevent and minimize the effect of possible security lapses.Pls do not try secure hash , if you are a starter , its risky for you to identify the rootkit thread.

For more information, visit   http://www.secure1st.com/.

Sincerely
gurbinder sharma

RAM DUMP ANALYSIS IN CYBER CRIMES

The RAM analysis is a crucial point in a forensic analysis as it allows to retrieve all information normally lost in case the ‘compromised’ computer is turned off. Thanks to the ever increasing number of programs and the constant increase of the space dedicated to RAM the importance of this phase was reconsidered. Inside the RAM it is possible to print list of open files for each process, print list of open connections, scan for modules, print list of open sockets and so on. This information allows a complete analysis in order to identify possible malware traces.

It’s standard procedure to use obfuscation methods in order to hide, among the system/user processes, the process associated with the malware. Common RAM analyses split in two ways of searching processes in the image memory:

• List-walking: which traverses the kernel's linked list of process data structures;
• Scanning: which does a sweep over memory, looking for byte patterns that match the data found in a process data structure.

The most common procedure is the use of the DKOM (Direct Kernel Object Model) technique presented also at the Black Hat.

Information present in the memory can be generally split in two categories: data and codes. Data refers to bytes that are not executed. For example, it could be data structures directly linked to the kernel functioning of the system or data of an open file. Data is usually stored in parts called heap, stack and pool. Codes refer to executable ‘commands’ necessary in order for the processor to end its task. Current rootkits can be ‘invisible’ and alter the content of the memory in order to change the behaviour of the operating system or the ways in which data is presented to the user. The operation which controls the content of the memory is called “memory patching”.

The term ‘ring’ is used to refer to the privilege level when an application is run. The term “ring 0” identifies running processes in kernel mode and “ring 3” refers to application in “user mode” such as browser, memo pad, etc . With “ring 0” the processor gets access to all registers and the entire system memory; with “ring 3” access is allowed solely to those memory parts used in “user mode”. Obviously the interest area for the rootkit is “ring 0”. Here is a practical example: In case you wish to obtain the list of processes running on one's Windows system. The first step is to open the Task Manager. This system application however, operates in user mode although running the code 'kernel' mode and retrieving the list of running processes. For this type of activity, the Windows Task Manager invokes a feature called NTQuerySystemInformationpresent in the NTDLL.DLL. A routine that operates in kernel mode receives the request and draws on an appropriate kernel structure called System Service Descriptor Table (SSDT). Every time the system interfaces with the kernel in order to run operations requested by applications or through the use of the shell, we could have to deal with a possible point of attack that a rootkit can use in order to alter the normal information flow and thus undermine the correct functioning of Windows. Before invoking a feature able to interface with the kernel of the operating system, the feature has to be imported by the application about to use it. This means that the library(file DLL) with the feature has to be uploaded in the memory space used by the application and added to a special table called Import Address Table. This method adds a new point of failure that the rootkit can take advantage of. Another method widely used by rootkit developers in order to alter the running procedure of the code in user mode is often called inline (function) patching or inserting a trampoline. In this case, the rootkit modifies the first bytes that characterize the feature; it is thus able to filter recovered data, going out of the feature. The possibilities are infinite: the rootkit could for example remove the file from a list of files into a data folder. It is thus possible to hide from the operating system and the installed applications files created ad-hoc linked to the rootkit functioning and other malware. The API NtQueryDirectoryFile is often criticised precisely for this peculiarity of rendering the list of files and folders stored in any directory on the disk.

The DKOM (Direct Kernel Object Manipulation)opened the way to the development of new rootkits that use this technique in order to hide operating processes in user mode altering the objects in kernel. One can take advantage of the kernel to hide not only processes but also peripheral drivers and network ports and run processes with higher user privileges.

In order to understand DKOM it is necessary to describe a Windows feature. The 'user mode' processes are governed by objects that operate in kernel mode known as “executive process blocks” (”EPROCESS blocks“). A EPROCESS block is a structure, stored in memory, that contains information on a specific process in 'user mode'. EPROCESS structures are organized in lists connected twice: every EPROCESS structure points to another process that contains reference (pointers) both to the following and the previous EPROCESS structure. Once the rootkit is able to identify pointers, it is easy to include them in a continuous cycle (loop) until a EPROCESS structure referring to the process you wish to hide or modify is identified. At this point, the rootkit will rearrange the distribution of pointers towards previous and following EPROCESS structures in order to 'disconnect' the hiding process from the respective EPROCESS block.

Although this technique allows to hide processes it is obvious how a low level scanning of the RAM memory searching for the EPROCESS structure could easily show hidden structures also. That's because the entire search highlights the presence of a ‘magic’ value that identifies the presence of the EPROCESS structure. The value looked for is \x03\x00\x1b\x00. This method is used in the Volatility tool through the psscan2 option. The tool makes a bruteforce on the memory under analysis searching for the pattern described. Jesse Kornblum and others have raised various questions about the need not to alter the header of the structure and on the possibility that such a modification may compromise the execution of the process. The answer was negative. The technique that reminds the “Better Magic throught fuzzing” was introduced in order to improve the detection technique of hidden. Although it may not appear appropriate the method consists of the arbitrary modification of the EPROCESS structure and the monitoring of the behaviour the system has. Fuzzing may be summed up as follows:


Once tests were over, it was possible to identify a series of patterns that have to be complete for the correct execution of the process. This approach presents various disadvantages that have to do with the operating system on which it is applied. These tests are actually repeated for the various operating systems supported by the analysis tool; especially for the 64bit systems. The above described complications have redirected investigators towards analyzing the different components involved during the execution of the process with particular attention to the connection between them. Particular interest is shown to the following:

• Thread;
• File handles.

A process is made up of different components such as: threads, handles, DLLs and other structures. As anticipated, interest is focused on threads. Every thread element is associated with a stack, operates inside that part of memory associated with the process and can interact with other threads. All threads are managed by Windows Sheduler which keeps a list of double pointers of the threads present, for each priority level. Going backwards, we note that there is inside the Windows Scheduler a list of running threads, each thread referring to the the ETHREAD structure and each ETHREAD structure refers to the EPROCESS structure. A similar analysis can be carried out for the management of the handles files; the kernel maintains a list of open files and each handle file keeps a reference to a EPROCESS file. Besides these elements (thread and file handles) there are similar analyses with open connections for example; it is thus difficult for an attacker to disguise all reference to the EPROCESS structure.

No tools combine the use of the two techniques shown: “magic” value and kernel object; however with the introduction of an add-on inside the Volatility framework it is possible to enact the first process discovery method.

Therefore, there are 51 fields inside the structure of a process that can be arbitrarily modified included those currently in use in order to find hidden processes. There are however data parts that can not be modified without causing a system crash and the end of the active process. From this analysis a new add-on called “psscan3” was created for the Volatily framework. The script considers solely the fields considered robust for the discovery phase of hidden processes.

One of the most valued features is the object of several famous publications “SIFT Workstation 2.0: SANS Investigative Forensic Toolkit" written by Russ McRee, (GCIH, GCFA, GPEN, CISSP, team leader and senior security analyst for Microsoft's Online Services Security Incident Management team) is the Windows Memory Analysis.Thanks to this new add-on. Thanks to the new “psscan3” script it is possible to see the setbacks of the previous “psscan2” and the process analysis based on new robust fields is introduced.

Here below is the output of the tests run in laboratory with an image example supplied by http://amnesia.gtisc.gatech.edu/~moyix/ds_fuzz_hidden_proc.img.bz2 where it is possible to see how the analysis of active processes with the psscan script and psscan does not detect the “network_listene process.

Very Very Thanks to Mr. Russ McRee. Senior Security analyst for the Microsoft's online security Team.

Regards
gurbinder sharma

 

 

 

 

How to set up an Open VPN server

Having a virtual private network affords a lot of convenience, particularly for those who want or need to access a remote network from a different location, such as connecting to a work network from home, or vice versa. With the availability of 3G on the road, or wireless hotspots everywhere, being able to connect, securely, to a remote private network from anywhere is ideal.


OpenVPN is one of the most reliable VPN setups around. It’s fully open source, it’s supported on Linux, Windows, and OS X, it’s robust, and it’s secure. Unfortunately, configuration can be a bit of a pain, so in a series of upcoming tips, I aim to get you up and running quickly.

To begin, you will need to have OpenVPN installed on the server or system you wish to use as a VPN end-point. Most distributions include OpenVPN; for the server setup, I am using OpenVPN 2.0.9 as provided by the RPMForge repository for CentOS 5.

The first part of this series concentrates on the server, while the second and third parts will concentrate on the configuration of Linux and OS X clients, respectively. So without further ado, let’s get our hands dirty.

To begin with, you need to copy some files from the OpenVPN docs directory (typically provided in /usr/share/doc/openvpn-[version]) to create certificates:

# cd /usr/share/doc/openvpn-2.0.9

# cp -av easy-rsa /etc/openvpn/

# cd /etc/openvpn/easy-rsa/

# vim vars

In the vars file, edit the KEY_* entries at the bottom of the file, such as KEY_COUNTRY, KEY_ORG, KEY_EMAIL, etc. These will be used to build the OpenSSL certificates. Next, it’s time to initialize the PKI:

# . ./vars

# sh clean-all

# sh build-ca

# sh build-key-server server

For the above, and the below client certificates, you can enter pretty much anything for the “Common Name” field, however there is a certain logic to use: “OpenVPN-CA” when generating the Certificate Authority, “server” when generating the server certificate, and “client” or the name of the specific client system for the client certificates. Those certificates are generated with:

# sh build-key client1

# sh build-key client2

The next step is to generate the Diffie Hellman parameters for the server:

# sh build-dh

When this is done, you will have a number of files in the keys/ subdirectory. At this point, for the clients, you want to copy the appropriate files to them securely (i.e., via SSH or on a USB stick); the files the clients need are ca.crt, client1.crt, and client1.key (or whatever you named the files when you generated them with the build-key script).

Next, create the OpenVPN server configuration file. To get up and running quickly, copy one of the example config files:

# cd /etc/openvpn/

# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf .

# vim server.conf

The aim here is to get this going right away, so we won’t examine each of the options in detail. The primary things you want to do are to uncomment the “user” and “group” directives, to make the openvpn process run as the unprivileged “nobody” user. You may also want to change the “local” directive to make it listen to one specific IP address. This would be the IP to which your firewall is forwarding UDP port 1194. As well, you will want to set the “client-to-client” directive to enable it, and also set the “push” directives for route and DNS options. What follows is a comment-stripped server.conf, as an example:

local 192.168.10.11

port 1194

proto udp

dev tun

ca ca.crt

cert server.crt

key server.key # This file should be kept secret

dh dh1024.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 192.168.10.0 255.255.254.0"

push "dhcp-option DNS 192.168.10.12"

push "dhcp-option DOMAIN domain.com"

client-to-client

keepalive 10 120

comp-lzo

user nobody

group nobody

persist-key

persist-tun

status openvpn-status.log

verb 3

Finally, copy the required keys and certificates that you previously generated:

# cd /etc/openvpn/

# cp easy-rsa/keys/ca.crt .

# cp easy-rsa/keys/server.{key,crt} .

# cp easy-rsa/keys/dh1024.pem .

And, finally, start the OpenVPN server:

# /etc/init.d/openvpn start

To get routing set up properly on the server so that remote clients, when they connect, can reach more than just the server itself, you will need to enable IP forwarding. This can be done by the following:

# echo 1 > /proc/sys/net/ipv4/ip_forward

You can also do it by editing /etc/sysctl.conf and adding the following (this is a good thing to do as it will ensure that packet-forwarding persists across reboots):

net.ipv4.ip_forward = 1

You also want to ensure that packets going back to the client system are routed properly. This can be done by changing the route on the gateway of the server’s network to route packets to the client network (10.8.0.1/32) through the OpenVPN server (if the server happens to be the gateway as well, you don’t have to do anything additional to accomplish this). How this is done largely depends on the operating system of the gateway.

Once this is done, you should be able to ping any machine on the server’s LAN from the client, and be able to ping the client from any machine on the server’s LAN. For instance, from a machine on the server LAN (not the server):

% traceroute 10.8.0.6

traceroute to 10.8.0.6 (10.8.0.6), 64 hops max, 52 byte packets

1 fw (192.168.10.1) 0.848 ms 0.342 ms 0.249 ms

2 server (192.168.10.11) 0.214 ms 0.231 ms 0.243 ms

3 server (192.168.10.11) 0.199 ms !Z 0.443 ms !Z 0.396 ms !Z

% ping 10.8.0.6

PING 10.8.0.6 (10.8.0.6): 56 data bytes

64 bytes from 10.8.0.6: icmp_seq=0 ttl=63 time=17.540 ms

And from the client:

# traceroute 192.168.10.65

traceroute to 192.168.10.65 (192.168.10.65), 30 hops max, 40 byte packets

1 10.8.0.1 (10.8.0.1) 22.963 ms 27.311 ms 27.317 ms

2 10.8.0.1 (10.8.0.1) 27.297 ms !X 27.294 ms !X 27.269 ms !X

# ping 192.168.10.65

PING 192.168.10.65 (192.168.10.65) 56(84) bytes of data.

64 bytes from 192.168.10.65: icmp_seq=1 ttl=62 time=515 ms

Sincerely
Gurbinder Sharma

DISORDER OF SEX DEVOLPMENT: A CASE OF MISSED OPPORTUNITY

A 14 year boy born of nonconsanguineous parents presented to the panel of ekta institute of child health.
with frequent vomitiing his illness dated back to the neonatal period when he started having frequent episodes of non-bilious vomitting. managment by local practioner brought tempraory relief . At 4 months of  age the parents noticed empty sacroyotal sacs and the medical advice sought suggessted to " wait till 4 yrs of age" Abdominal sonography was done at that age showed intra abdominal gonads, child was subjected to surgery and the gonads were removed histology confirmed the gonads as overies the symptoms continued unabted .
At 12 year of age when the problem increased in severity , an abdominal sonography was done showed " rudimentary fallopian tubes and uterus and a cervix ending blindly".An abdominal laproscopy was done and these structures were removed .even the second surgery was failed to relieve his symptoms .

EKTA :
The growth parameters were below third percintile stretched phallic lenghth was 5.2 cm both sacrotal sacs were empty and confirmed  " Adernal hyperplasia" (CAH).A proper reconstrution surgery and replacement therapy would have allowed the child to be reared up as a normal female.Paradoxical signs are commonly seen during treatment of TB steroids have found to be useful in their treatment. They Stated that adverse drug reactions was only possibly related to Isoniazid.

Gurbinder Sharma

How to Deal With The Malware

How to Prevent to Download a Malware with Sax2

1. what is Malware?

Malware (also: scumware), short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.
Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states, including California and West Virginia.

2. How Does Malware Get Installed Onto Computers?

Malware is downloaded

Malware can be downloaded to your computer through many different ways. The most prevalent way is by being bundled with apparently legitimate software. When the legitimate software is downloaded, the malware attaches itself to the "good" files. Another way malware can be downloaded is through false cookie and cache files that your Internet browser automatically downloads.

Malware Spreads

Once the malware downloads, it generally stays dormant until something triggers the malware to execute. These triggers can be as simple as runing a specific program or opening an Internet browser. Once the malware is triggered, it generally self-installs somewhere inside your computer's invisible system files. Even if the malware was originally downloaded to a temporary cache folder, once it installs to the system folders, it will be impossible to remove.

Malware Infects Others

Many modern malware programs are able to harness the power of local Internet to spread to other computers.The most common way that malware spreads is through e-mail attachments. However, since e-mail virus scanners have become increasingly sensitive, malware has become less effective at spreading this way.

3. How to customize the security policy

First, we should analyze the object to be detected before customizing any security policy. We will take "Trojan IRCBot" as an example to introduce how to customize a security policy. "Trojan IRCBot" is the latest trojan to have been intercepted by us . Through the analysis of "Trojan IRCBot", we found that the Trojan will send the HTTP request "http://http.icq.com.edgesuite.net/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exe" to the remote host, that's the significant feature of it. We can define security policy with this feature. It will be introduces as followings in detail:



Step 1: click "Detection/ Policy" button ,Pop-up the "Security Policy" window. Select the policy settings which need to be modified (notice : Only a derived settings of policies that use the green icon to be identified can be modified)



Step 2: Click "Edit" button, Pop-up the "Policy Maintenance" window, then switch "Custom" page. The whole window was divided by two parts., the left is a tree. According to different types ,all customized policies were listed. the corresponding details show on the right.



Step 3: Determine the type of policy. Such as "Trojan IRCBot "is adopted HTTP protocol ,so we choose "HTTP" on the left, then click "New" button at the bottom of window to add new policy, and select the new policy, the details settings of the policy will be displayed on the right window. As illustrated, we can set policy's name , severity, endpoint, transmission content, find what and other information. We need to highlight that because the download request is sent to the server, so set Endpoint property as "Client”;

set the Transmission Content property as "URL”, Set the "Find what" as http.icq.com.edgesuite.net/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exe. The three key settings show that we search "http.icq.com.edgesuite.net/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exe" feature in the sent URLS, and then can set other auxiliary information.

Step 4: After the customizing of security policy, the new policy still not take effect automatically, so have to close the ” Policy Maintenance” window, then click "Apply" button and Re-load policy information to the detection engine.

Step5: To test the policy, enter the http request "http://http.icq.com.edgesuite.net/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exe" to browser, we will see that sax2 breaks the connection successfully.
Sincerely
Gurbinder Sharma
IT Security
THNX to AX3 SAX2

LATEST THREATS REPORT 5

Hi
Read This Report

Latest Threats report 5


1. Trojan-GameThief.Win32.Taworm

Trojan-GameThief.Win32.Taworm is a Trojan horse that targets Windows operating systems. Trojan-GameThief.Win32.Taworm is able to propagate via unsolicited e-mails and malicious websites. On infiltrating a system, Trojan-GameThief.Win32.Taworm will download additional malware and negatively affect the performance of the infected machine. It is advisable to remove Trojan-GameThief.Win32.Taworm from an infected computer immediately after detection.more information...

2. Trojan Downloader-CKT

Downloader.CKT is a Trojan, which although seemingly inoffensive, can actually carry out attacks and intrusions: screenlogging, stealing personal data, etc., more information...

3. Backdoor.Win32.Turkojan

Backdoor.Turkojan is a malicious backdoor trojan that runs in the background and gives remote attackers access and control of the targeted computer system without the users knowledge. Backdoor.Turkojan is able to steal passwords, log keystrokes, create screenshots, and control the affected computer system. Backdoor.Turkojan can compromise system integrity by making modifications to the system that enables the attacker to use it for malicious activities unknown to the user, more information...

4. Trojan.Win32.Buzus

Trojan Win32 Buzus, also known as Trojan.Buzus, is one of the more dangerous Trojans. This is because, once Trojan Win32 Buzus installs itself on your computer, it opens a security hole that is used by hackers to access your personal information, including credit card and Social Security numbers. Consequently, Trojan Win32 Buzus should be removed immediately to avoid serious privacy problems. Note that the removal steps below apply to the Windows Vista and Windows Seven operating systems, more information...

5. Trojan.Win32.Refroso

Trojan.Win32.Refroso is a destructive and malicious trojan designed to steal information from an infected system and send the compromised data to a remote server. Trojan.Win32.Refroso, or Trojan-Spy.Win32.VB, may open a security hole that allows the download and installation of malware programs onto an infected system. Aside from gathering system information, Trojan-Trojan.Win32.Refroso may initiate computer performance problems. Trojan.Win32.Refroso is a security risk and should be removed, more information...

II. Policy Update of Sax2

1. HTTP_Trojan-GameThief.Win32.Taworm attempt to request data from the remote host

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the data identified by the following URL was then requested from the remote web server:

http://www.baiduop0.com/1mg/am1.rar

http://www.baiduop0.com/1mg/am.rar

2. HTTP_Trojan downloader-CKT attempt to request data from the remote host

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the data identified by the following URL was then requested from the remote web server:

http://p.winsoft1.com/http://p.winsoft1.com/receive/r_autoidcnt.asp?mer_seq=1&realid=up1&cnt_type=e1&mac=000000000000

http://p.winsoft1.com/http://p.winsoft1.com/receive/r_autoidcnt.asp?mer_seq=1&realid=up1&mac=000000000000

http://winsoft1.com/http://winsoft1.com/setup_b.asp?prj=1&pid=up1&mac=000000000000

http://winsoft1.com/http://winsoft1.com/setup.asp?prj=1&pid=up1&mac=000000000000

http://down.winsoft1.com/http://down.winsoft1.com/down/2/ckuk.exe



3. TCP_Backdoor.Win32.Turkojan attempt to send data to the remote host

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that these data are sent to the remote host:

amsBAGLANTI?BAGLANTI?BAGLANTI?BAGLANTI?BAGLANTI?BAGLANTI?BAGLANTI?BAGLANTI?BAGLANTI?amsBAGLANTI?

4. SMTP_Trojan.Win32.Buzus attempt to send e-mail

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the sender or recipients of email is invitations@twitter.com, e-cards@hallmark.com, resume-thanks@google.com, msdn@microsoft.com, msoe@microsoft.com.

5. HTTP_Trojan.Win32.Buzus attempt to request data from the remote host

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the data identified by these following URLs was then requested from the remote web server:

http://whatismyip.com/automation/n09230945.asp

6. TCP_Backdoor Bifrose attempt to send data to the remote host

Type: Backdoor & Trojan

Description: This event is generated when sax2 detected some suspicious traffic, such as: 7B 03B1 2FF0 B622 65CA 17C4 0463 B6F1 75F0 8DD3

4376 2FCE 8C91 0FDA D7B2 5986 861F DAA1

AD89 F47E C620 8C18 BB9B 24AC 0F92 36FD

6931 C121 0373 73C3 8DEF 42E5 F0EC AA8C

4ABF AECC 2300 308D 9144 13B2 3C19 357A

006F A940 4108 EE5E F5B9 35EB ADA5 CFA2

14FC 41BA 7D

7. TCP_Backdoor Bifrose attempt to send data to the remote host

Type: Backdoor & Trojan

Description: This event is generated when sax2 detected some suspicious traffic, such as: D4A2 695F 7622 8E4A 0E12 1387 DBE6 3221 246A 8298 ED4F 5982 F8F5 80A0 25AE 7FE5.
 
With Regards To AX3 SAX2 , Intruder detection system.
Sincerely
Gurbinder Sharma
IT Professional

THE STATE OF MOBILE DEVOPLERS

The problem


For Me:

Generally I don’t hear too much from the web developers about being able to hit wide swaths of devices with the same set of markup and styles. [...]

I hear things like “it works on the iPhone, that’s what I have anyway, I don’t care about Android” more often than I’ve heard people discuss how to make things work consistently on both platforms.

Whenever the discussion starts to revolve around hitting multiple handsets, it’s always driven by people already in mobile.

In other words: why aren’t mobile web developers doing their job? The unique selling point of the web is that it runs on all devices; and not just on one platform. But it seems mobile web developers aren’t much interested in reaching out beyond one or two specific platforms.

This is a bug, and not a feature. Web developers should reach out to as many platforms as humanly possible, and not confine themslves to the best one.

The easiest solution is to tell them so in no uncertain terms. The good ones will avoid your eyes nervously because they know you’re right. The bad ones won’t — and that gives you a good method of separating the chaff from the wheat.

Now why are web developers interested in mobile so reluctant to venture out beyond their iPhone comfort zone?

Demand and market share

On Mobile Web Brian Fling made an important point:(Very Important Point To Consider)

Maybe smaller companies get swayed by marketing buzz [about the iPhone], because they have no data to the contrary. But the companies we work with have a lot of data from a lot of different countries. They don’t make decisions hastily as it can take them 12-24 months to implement and roll out a mobile solution.

In other words, current mobile web projects for large companies are based on requirements written last year, during the height of the iPhone obsession. In addition, the iPhone’s share of mobile web traffic remains out of proportion to its sales figures.

That certainly influences web developers. If clients ask only for the iPhone, and their logfiles bear out this request, then doing an iPhone-only site makes sense.

Still, I believe that any mobile requirements being written today will be more diverse in approach, and that clients will start to appreciate writing something that can run on more than one platform. As to traffic market share, I expect the iPhone to lose some to everybody else, but I have no idea how much or how fast.

Best viewed in iPhone

Mobile is becoming hip in web development land. Web developers who want to impress other web developers increasingly turn to mobile.

Unfortunately “mobile” means the iPhone here, because it’s the only device web developers have access to, and because it supports the largest swathe of nifty tricks. Besides, it’s the only platform that ensures that other web developers will be able to appreciate the results.

And let’s face it, a slick animation on the iPhone is inherently more sexy than a complicated JavaScript workaround for BlackBerry 4.6, even though the latter is more important in the long run.

All this is quite natural in the current phase of mobile web development. Unfortunately iPhone-centeredness reinforces the idea that mobile web development is only about the iPhone.

Lack of devices

Still, it’s not unnatural of web developers to start at the top of the market, especially if the top device is all they own.

I bought an iPhone in 2008, did a little bit of testing, and didn’t really think about the rest of the mobile world.

Then I got lucky when Vodafone gave me access to lots and lots of devices, as well as some people who know their way around them. That gave me the opportunity to dig down deeply in the mobile browser market.

The average web developer, however, has to make a serious investment to get that far. He’ll have an iPhone or Android for personal use, but will need at least two or three more devices if he wants to get into the mobile web seriously. Not all web developers are willing to make this investment; especially not when they have no mobile clients yet, or those clients only ask for the iPhone.

So I can understand why web developers postpone the heavy investments that ar necessary to truly switch over to mobile.

About IE

but you don’t even really need to be familiar with the technology, all you have to do is take a look at Twitter on any given day at the discussion going on with web developers. Quite a bit of it revolves around bitching about cross-platform issues, which normally means getting the stuff to work on different browsers even when we’re dealing with full desktop layout. Now we’re talking about supporting different device resolutions and orientations all using different browsers (or at least different versions)? I can’t see the web devs I know jumping out of their seats to volunteer for that.

Bitching about IE is a bonding ritual. I’ll thank you for not making fun of web development’s most important cultural achievement .

What web developers must understand is that IE doesn’t matter on mobile! This is the biggest single advantage of crossing over to the mobile web, and web developers’ eyes start to glow whenever I make this point. (They’ll have to find another browser to bitch about, though.)

Incidentally, web developers are calling the shots on mobile; and not Microsoft. Microsoft can make IE matter by improving the mobile browser to IE9-like levels, but if it doesn’t it’s out of the mobile browser race.

Besides, exactly why do web developers bitch about IE? Because they insist on getting everything to work perfectly! If they had the courage to deny IE users a few advanced features, the level of bitching would drop significantly , Because every mobile is not compatible to run without java run time environment.The brain of the Devolpers is full untill now with growth and money , devolping applications for large enterprises , Even a 2G/3G handset was failed to installation processes. Our core focus was not just devolping Java Enabled Games or Applications but to create web based applications , which will running smoothly on a normal cell phone .Fortunately, this attitude is going to die pretty soon. On mobile it’s just plain impossible to give every single browser the same experience.

On mobile we must use progressive enhancement. We must deny users of certain browser certain advanced features, either because they’re not supported or they are so very hard to implement that it just doesn’t make sense to waste time on them.
Sincerely
Gurbinder Sharma
IT Specialist

POLICY UPDATED BY SAX2

Hi Friends pls be careful about these backdoor trojans.

Policy Update of Sax2


1. SMTP_Trojan IRCBot attempt to send e-mail

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the sender of email is crap@crap.com.

2. HTTP_Trojan IRCBot attempt to establish a connection with the remote hosts

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the following internet connections wil lbe established on port 80:

204.0.5.51

208.53.183.20

208.53.183.46

67.210.170.179

205.188.59.194

64.12.90.98

67.43.232.36

and the data identified by the following URLs was then requested from the remote web server:

/fdc2.data

/fdc1.data

/jiri.data

/zero.data

/buda.data

/b7k.data

/44.data

/rs.data

http.icq.com.edgesuite.net/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exe

yutunrz.1dumb.com/reg?u=7710BA55&v=187&s=0&su=0&p=1&e=0&o=0&a=0&wr=75

3. TCP_Trojan IRCBot attempt to establish a connection with a remote IRC server

Type: Backdoor & Trojan

Description: This event is generated when sax2 detected some suspicious traffic, such as: JOIN #kok7, USERHOST FQixZtkC, USER sxanro sxanro sxanro :kyxiqeezkkdoxrdj.

4. HTTP_Trojan-PSW.Win32.Agent.skv attempt to request a URL from from the remote web server

Type: Backdoor & Trojan

Description: Exactly detect the Cookie stealing in network. If gain the Cookie, The attacker will gain sensitive information, such as user name, password, email box and so on, after stealing the Cookie.

6. HTTP_Trojan-Banker.Win32.Banbra attempt to request data from the remote host

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the data identified by the following URL was then requested from the remote web server: http://85.234.191.174/zz.php?id=t_a_d_01

6. HTTP_Trojan.FakeAV attempt to request data from the remote host

Type: Backdoor & Trojan

Description: This event is generated when the sax2 detects that the data identified by the following URL was then requested from the remote web server:

http://mediafulluns.com/any3/5-irect.ex

http://www.searchaverage.org/a/ad

http://searchaverage.org/readdatagateway.php?type=stats&affid=396&subid=landing&version=4.0&adwareok



II. Articles and Tutorials

1. How to detect and remove the Trojan.IRCBot

This article introduces what is Trojan.IRCBot and how to detect and remove the Trojan.IRCBot, more information...

III. Latest Threats

1. Email messages with subject "LinkedIn Alert" lead to malware

An certain amount of emails with the subject “LinkedIn Alert" were intercepted, it leads to a website with malicious software and redirects surfers to a online pharmacy web site, more information...

2.Trojan-PSW.Win32.Agent.skv

Trojan.PSW.Agent monitors and records your keystrokes and scans your computer for stored passwords. This information is then sent to the parasite authors. Trojan.PSW.Agent is highly dangerous and is a serious threat to your financial and personal information, more information...

3.Trojan-Banker.Win32.Banbra

Trojan-Banker.Win32.Banbra is a malicious Trojan designed to steal banking details. Trojan-Banker.Win32.Banbra uses stealth tactics to enter the PC before downloading other harmful files from the Internet. Trojan-Banker.Win32.Banbra steals financial data like credit card numbers and online banking login details by taking screen snapshots of user activity. Trojan-Banker.Win32.Banbra also downloads additional components and poses a severe security risk to computer safety, more information...

4. Trojan.FakeAV

Trojan.FakeAV is a malicious trojan horse that may represent a high security risk for the compromised system or its network environment. Trojan.FakeAV, also known as Trojan.Win32.Small.ccz, creates a startup registry entry and may display annoying fake alerts of malware payloads in order to persuade users to buy rogue antispyware products. Trojan.FakeAV contains characteristics of an identified security risk and should be removed once detected, more information...
Sincerely
Gurbinder  Sharma
IT Specialist

PLS STOP TAKING OCTAGAM IMMIDIATELY

UPDATED 09/24/2010] Octapharma USA and   notified healthcare professionals that, effective immediately, Octapharma is initiating a voluntary market withdrawal of ALL lots of Octagam currently in the US market. Octapharma has determined, through consultation with the public health authorities , that until a root cause of the previously reported thromboembolic events can be determined and the problem corrected, the most prudent course of action is to suspend further administration of octagam. Customers are asked to immediately quarantine the use of these lots and to contact Octapharma’s Customer Service Department to arrange for product return.


ISSUE: Octapharma USA Inc. initiated a voluntary market withdrawal of selected lots of Octagam [Immune Globulin Intravenous (human)] 5% Liquid Preparation as a result of an increased number of reported thromboembolic events, some of which were serious.



BACKGROUND: There were 9 thromboembolic events potentially associated with 7 of the lots that are being withdrawn from the market. Octagam is indicated for treatment of primary humoral immunodeficiency (PI), such as congenital agammaglobulinemia, common variable immunodeficiency, X-linked agammaglobulinemia, Wiskott-Aldrich syndrome and severe combined immunodeficiencies.
RECOMMENDATION: Customers are asked to immediately quarantine the use of affected lots and to contact Octapharma’s Customer Service Department to arrange for product return.

 Urgent:  Withdrawal : Pls stop immidiately.
Sincerely
gurbinder sharma
cchr.org
investigator