Basics of GnuPG (GPG) command in Linux

What is GPG ?

GnuPG (GPG)Gnu Privacy Guard or GnuPG or popularly known as GPG is a GPL Licensed alternative to PGP (Pretty Good Privacy) and its openPGP complaint program for *nix people based on rfc 4880. It is part of GNU software project started in 1991 by Werner Koch and majorly funded by German Government.  Download its pdf format from here.

Its basic use is to send encrypted mails or files  to the recipient who can decrypt these using its private key. It is based on public and private key mechanism for encryption/decryption. We can encrypt any of our data using our own key pair and send it to the person who can read the message if he has the proper key to decrypt it! Many people use public key generated by gpg to verify his email signature too!

 
It uses following algorithm for various purposes used for safe message communication:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
 

Why GPG?

  • Because it is free and meant to be a replacement of PGP.
  • Gpg is a CLI program but there are many GUI also through which you can manage keys easily like seahorse for GNOME (yum install seahorse) and KGpg for KDE.
  • It allows you to encrypt and sign your data, includes a key management system as well as access modules for all kind of public key directories.
  •  If you wish to encrypt your message while sending mail to someone important, you may try this method.
  • You can share your public key and other users can download it to verify signature in mails/files sent by you for authenticity. It would stop social engineering through email even would stop spams send in the name of your friend’s id.

 Applications of GPG

  • GPG encryption has been added to graphical email client like Evolution for email security.
  • There is a GNOME front-end application for managing PGP and SSH keys called “Seahorse” which integrates with Nautilus, gedit and Evolution too for encryption, decryption etc.
  • PHP based email framework “horde” uses it too!
  • Enigmail is a data encryption/decryption extension for Mozilla Thunderbird and the SeaMonkey which uses GPG
  • Mozilla Firefox also gets GPG enabled using Enigform.
  • GnuPG is being used for Windows Explorer and Outlook through GPG4win tool which are wrapped in the standard Windows installer to make GnuPG easier to get installed and to be used in Windows systems.
  • There are many frontend softwares that support GPG.

 

How GPG works

It uses hybrid encryption techniques i.e. it uses a combination of symmetric key cryptography for speed and public-key cryptography for easy secured key exchange. By default GnuPG uses the CAST5 symmetrical algorithm.
 
As a matter of fact, GnuPG does not use patented or otherwise restricted software or algorithms. Instead, GnuPG uses a variety of other, non-patented algorithms.
 
It will be clearer that how GnuPG works once we see the working of gpg commands step by step:

  • Which version of gpg we are going to use?
  • gpg command to generate keys
  • Analysis of freshly created directory (.gnupg) and files inside it.
  • Once you get public and private key. You must keep private key safe, once you forget it then you will never be able to decrypt the data. So, better take private key backup.
  • Want to see the list of public and private keys?
  • Encrypt the message for specific recipient
  • Decrypt the encrypted message

 

GPG commands explained

Which version of gpg we are going to use?

[vim][sjaiswal@AlienCoders ~]$ gpg –version
gpg (GnuPG) 1.4.5
Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
 
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
[sjaiswal@AlienCoders ~]$
[/vim]
 

gpg command to generate keys

 [vim][sjaiswal@AlienCoders ~/gpg_test]$ gpg –gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
 
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4094
Requested keysize is 4094 bits
rounded up to 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 3m
Key expires at Mon 03 Feb 2014 04:46:09 AM MST
Is this correct? (y/N) y
 
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
 
Real name: Sanjeev Jaiswal
Email address: sjaiswal@gmail.com
Comment: "GPG Key Test"
You selected this USER-ID:
    "Sanjeev Jaiswal ("GPG Key Test") <sjaiswal@gmail.com>"
 
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
 
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.++++++++++.+++++++++++++++..+++++..++++++++++++++++++++.+++++++++++++++++++++++++.
 
+gpg: /home/sjaiswal/.gnupg/trustdb.gpg: trustdb created
gpg: key CBE9BE42 marked as ultimately trusted
public and secret key created and signed.
 
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2014-02-03
pub   1024D/CBE9BE42 2013-11-05 [expires: 2014-02-03]
      Key fingerprint = 40B3 E709 81DA 43AF 1F64  117B DF03 A4AD CBE9 BE42
uid                  Sanjeev Jaiswal ("GPG Key Test") <sjaiswal@gmail.com>
sub   4096g/38765DB9 2013-11-05 [expires: 2014-02-03]
[/vim]
 
Note:  

  • To generate keys using gpg, it would ask which kind of key you wish to use; you can choose any of the given option. Type 1 or 2 or 5.
  • Type the keysize between the given range
  • Then provide the expiration date of key. You can use days,weeks, months, years.
  • Once you are done with expiration days, use the next option carefully. Type Real name, Email and comment appropriately as it will be used while encrypting the data and will ask the recipient name. it will match recipient name before matching the keys.
  • Then type anything using keyboard, do mouse activities etc to speed up random generation of keys else it may take lot of time.
  • Once it will get created,  .gnupg directory under your home directory will be there. Use ls to see what all files got created.

 

Analysis of freshly created directory (.gnupg) and files inside it

[vim] $ ls .gnupg/
gpg.conf  pubring.gpg  pubring.gpg~  random_seed  secring.gpg  trustdb.gpg
[/vim]

  • gpg.conf -> it contains all options set by you. Unless you specify which option file to use (with the command line option "–options filename"), GnuPG uses the file ~/.gnupg/gpg.conf  by default. Check strings gpg.conf for more details.
  • pubring.gpg -> public key stored here. You should export it in ASCII format to send it to others.
  • pubring.gpg~ -> backup of public key
  • random_seed -> it contains all random keys used for encryption that you might be typing while generating keys.

[vim][Sanjeev@AlienCoders]$ strings random_seed
u-~N
bqUk
9a<b
vxyv
H@W@
02H]
KC!%
^v9@'
,i~JZ8Y
T_3     P>
[/vim]

  • secring.gpg -> it’s the secret key ring and one should keep it safe. Better have its backup
  • trustdb.gpg -> its trusted db which contains signatures, expiration date etc. and from time to time the trust database must be updated so that expired keys or signatures and the resulting changes in the Web of Trust can be tracked.

Normally, GnuPG will calculate when this is required and do it automatically.
 
 

Getting fingerprint and KeyID

[vim][sjaiswal@AlienCoders ~/.gnupg]$ gpg –fingerprint sjaiswal@gmail.com
pub   1024D/CBE9BE42 2013-11-05 [expires: 2014-02-03]
      Key fingerprint = 40B3 E709 81DA 43AF 1F64  117B DF03 A4AD CBE9 BE42
uid                  Sanjeev Jaiswal ("GPG Key Test") <sjaiswal@gmail.com>
sub   4096g/38765DB9 2013-11-05 [expires: 2014-02-03]
[/vim]
 
Note: KeyID here is: 0xCBE9BE42  (always prepend 0x as it is 8 hex digits)
 

Taking backup of private key

[vim]gpg –export-secret-keys –armor sjaiswal@gmail.com > sjaiswal-privkey.asc
[/vim]
 

Listing public and private key(s)

[vim][sjaiswal@AlienCoders ~/.gnupg]$ gpg –list-keys
/home/sjaiswal/.gnupg/pubring.gpg
———————————
pub   1024D/CBE9BE42 2013-11-05 [expires: 2014-02-03]
uid                  Sanjeev Jaiswal ("GPG Key Test") <sjaiswal@gmail.com>
sub   4096g/38765DB9 2013-11-05 [expires: 2014-02-03]
 
[sjaiswal@AlienCoders ~/.gnupg]$ gpg –list-secret-keys
/home/sjaiswal/.gnupg/secring.gpg
———————————
sec   1024D/CBE9BE42 2013-11-05 [expires: 2014-02-03]
uid                  Sanjeev Jaiswal ("GPG Key Test") <sjaiswal@gmail.com>
ssb   4096g/38765DB9 2013-11-05
[/vim]
 

Encrypting Message for recipient Sanjeev Jaiswal

Type the message and save it in text file, let’s say message.txt
[vim][sjaiswal@AlienCoders ~/.gnupg]$gpg recipient Sanjeev Jaiswal  –encrypt message.txt
[/vim]
 
It will create message.txt.gpg , which is an encrypted file. To decrypt it, you need to type passphrase that you had typed while generating keys.
 Or
[vim]gpg  -r real-name –out secrets_to_aliencoders –encrypt secrets
[/vim]
 
which will have encrypted message in secrets_to_aliencoders

Decrypting the message

 
[vim][sjaiswal@AlienCoders ~/.gnupg]$ gpg –decrypt message.txt.gpg
[/vim]
 
You need a passphrase to unlock the secret key for
user: "Sanjeev Jaiswal ("GPG Key Test") <sjaiswal@gmail.com>"
4096-bit ELG-E key, ID 38765DB9, created 2013-11-05 (main key ID CBE9BE42)
 
gpg: encrypted with 4096-bit ELG-E key, ID 38765DB9, created 2013-11-05
      "Sanjeev Jaiswal ("GPG Key Test") <sjaiswal@gmail.com>"
Hi
This is Sabnjeev
 
Or
[vim][sjaiswal@AlienCoders ~/.gnupg]$ gpg  –output secrets_from_tom –decrypt secrets_to_aliencoders
[/vim]
 
 Which would save the decrypted message in secrets_from_sanjeev
 

Editing Key

[vim]gpg –edit-key sjaiswal@gmail.com
[/vim]
 

There is more:

Photo IDs

 GnuPG has the ability to add a photo ID to a public key, exactly as in recent Windows versions of PGP. A photo ID attached to a public key can help other users to identify the owner of the key. To add a photo ID to your own public key, use the command "gpg –edit-key <name>" and then enter "addphoto". GnuPG will ask for the filename of a suitable JPEG. No other types of image files can be used.
If you want to see a photo ID on a particular key, enter the command "–show-photos" before using the command "gpg –list-keys <name>". If <name> is omitted, GnuPG will display all the photos (if any) after listing all the keys in your public keyring. Alternatively, if you want photos to be displayed in all cases by default, you should uncomment the line "# show-photos" in the options file inside !GnuPGUser.
 

Output of trustdb

 [vim][Sanjeev@AlienCoders]$ gpg –update-trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   7  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   7  signed:   3  trust: 0-, 0q, 4n, 3m, 0f, 0u
gpg: the next trustdb check will be done on 2014-02-04
[/vim]
               
The first line shows you the actual trust policy used by your GnuPG installation, and which you can modify at your needs. It states that a key in your keyring is valid if it has been signed by at least 3 marginally trusted keys, or by at least one fully trusted key.
 
The second line describes the key of level 0, that is the key owned by you. It states that in your keyring you have one level zero key, which is signed by 7 keys. Furthermore among all the level zero keys, you have 0 of them for which you haven't yet evaluated the trust level. 0 of them are the keys for which you have no idea of which validity level to assign (q="I don't know or won't say"). You also have 0 keys that you do not trust at all (n="I do NOT trust"), 0 marginally trusted keys (m="I trust marginally"), 0 fully trusted keys (f="I trust fully") and 1 ultimately trusted keys (u="I trust ultimately").
 
The third line analyzes the keys of level 1 in your keyring. You have 7 fully valid keys, because you have personally signed them. Furthermore, among the keys that are stored in your keyring, you have 3 of them that are not signed directly by you, but are at least signed by one of the fully valid keys. The trust status counters have the same meaning of the ones in the second line. This time you have 4 keys signed by you but for which you do not trust at all the owner as signer of third party's keys. On the other side, 3 of the 7 keys that you have signed are marginally trusted. This means that you are only marginally confident that the owners of those keys can verify well the keys that they sign.
 
[vim][Sanjeev@AlienCoders]$ gpg –check-trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   7  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2014-02-04
[/vim]

If you wish to know other commands that you may use using gpg then try
[vim]man gpg
[/vim] or
[vim]gpg –help
[/vim]

We uploaded it in slideshare also:

 

Source: http://www.wikipedia.com
Reference: GnuPG Handbook

Read more

Cheque Fraud – Cheque Scams

Cheque ScamCheque Fraud is one of the oldest types of financial crime. Even in our computer and internet technology era, many still prefer to pay by cheque or bankers draft. The cause of this is people do not trust computer technology and have misconceptions about online banking. This is understandable because of the fact most of these humans are computer illiterate and what is unknown to human mind causes fear or rejection. This fear, however, is totally obsolete for statistics show online banking is safer than cheques. To protect yourself from cheque fraud I will show you some guidelines of necessary precaution you should take before you receive or send a cheque. Than it is your responsibility to inspect and analyze the cheque.There are three main types of cheque fraud:

  • Counterfeit Cheques These are not written or authorized by legitimate account holder. The existence of counterfeit cheques is supported by new technology. Thieves use printers, copiers and newest software to make clone cheques with high resemblance to the original. Many times these are hard to recognized as false even by experts.
  • Stolen Cheques Cheque is not signed by account owner, rather stolen, usually out of the glove box of your car or your house. The signature is then forged and cheque used as pleased. Most of the time once you recognize your cheques are missing it is too late.
  • Altered or Forged Cheques The Cheque is properly issued by the account holder but has been intercepted and the beneficiary or the amount of the item have been altered or new information added. To do so, sharp instruments and chemicals are used.
  • Closed Account Bank accounts which are not used anymore or are closed, but cheques still exist for this particular account. If you don't destroy those cheques you can be a potential victim.
  • New Account An identity is stolen or made up by false documents. If a fraudster has personal documents and some personal information, he can request a bank account in your name. Bankers, unknowingly accept these requests and open new accounts, giving scammers the opportunity to steal money from individuals or businesses in your name.
  • Over payed Cheques A false cheque issued by your “business partner with a larger sum than required. The thief will then ask you if you can give him the change, making up different excuses why he transfered the over payed sum. The cheque is false and will be declined by the bank and you will end up losing the amount you gave him in exchange. Read Nigerian Fraud.

Some steps you can take to prevent your cheque being forged or information added after you wrote the cheque:

  • Leave no gaps in your words
  • Draw a Line after the name, amount and else where empty space was left
  • Use full and correct names for all the information
  • Prohibit transfer of cheque
  • Never pre-sign cheques
  • Don't leave your chequebook in the glove box of your vehicle, a large percentage of stolen cheque books are taken from cars
  • If you close an account, destroy any remaining cheques relevant to that account

If receiving a cheque you can:

  • Ask for an ID. Only take a drivers license, personal ID or passport, don't take other ID confirmations as they are relatively easier to fake. Even than be cautions, these documents can also be forged
  • Compare the signature on the ID against the cheque signature
  • Ask the person issuing the cheque to give you their home telephone number and maybe some sort of personal information, compare the number in your phone book and call the person at home
  • Refuse cheques written with a pencil or cheque with signs of being altered
  • Be wary of accepting cheques not signed in front of you or single cheques not being torn out of the cheque book. Thiefs often steal just one or two cheques to gain time before the owner of cheques suspects them missing
  • Don't give change on cheques (if the cheque is false and you already gave change, you were scammed)

People who are cashing cheques end up losing funds when the banks realize the cheques are false. That's because people are held responsible for anything they deposit into their accounts. Source: http://www.bustathief.com

Read more

Secure your PC – Online Banking : Essential Security Measures

Online banking is quite a handy way to keep track of your finances. You simply log on through your bank's website, and you can do things like set up standing orders, transfer money to people or other accounts, and order cheque books. Online banking also allows you to get financial deals that are just not on offer in the offline world. For convenience sake, you can't beat an online bank! However, this popularity of online banking has not gone unnoticed by the criminal fraternity. We'll show you some popular attacks on your money, and what you can do to prevent them.

Phishing

One of the most common ways that a criminal will attempt to part you with your money is through something known as Phishing. Phishing is pronounced FISH-ING. It's the Internet's equivalent of this popular sport. The fisherman is a criminal, the bait is usually an email that attempts to panic you into action, and the fish is you! The criminal will send out thousands of email using a list he got from a spammer. The email that is sent pretends to be from a bank. Let's call it the Wee Bank.

Most people the criminal sends the email to will not have an account with the Wee Bank. But some will. It's those few that he's after. In the email, you may be warned that your banking details need updating, and that it's essential that you act now to protect your account. They'll usually try to scare you into taking action. And there's always a link for you to click on. All you need to do is to click on the link and you'll be taken to a secure area where you can enter your details. If you click on any of these links, you'll be taken to a page that does indeed look like your bank's website. Except it's not.
One trick the criminal may use is to have an address that looks similar to your bank's.
Your real bank is this: Real Address Take a closer look at the address bar, though, and you may see something like this: Spoofed Address The address has been spoofed. The "w" is now "vv" – two V's and not one W. But some spoofed addresses are quite difficult to spot, and even fool the more experienced surfers. You need to look for other clues in your browser. One thing that all browsers will have are padlock icons. These are supposed to tell you that the site is using security measures. If you're using Internet Explorer 7, you'll see this to the right of the address bar:
Click on the padlock and you'll see information about the security certificate (the one in the image below is for 2checkout – a genuine source): Internet Explorer 7 Security Click the link that says View Certificates, and you'll see something like this: View Certificates Click the Details and

 

Certification Path tabs at the top. There should be plenty of details for you to view. Make sure the certificate has not expired. In the image above, the security certificate is from a good source, and it's still valid (at least, it was when this article was written). The Firefox browser has more visual clues than Internet Explorer. Notice the address bar from Firefox: The address bar will turn yellow on a secure site, and the padlock is just to the left of the blue down arrow. Firefox also has another padlock. Look in the bottom left and you'll see this: Double click the padlocks and you'll see the security certificate. Notice the name of the website to the left of the padlock.

This one is from a legitimate source – 2checkout.com One more thing to note. The address for a secure site normally starts with https. If the "s" is missing, it's not a secure site! A last word of warning, however: these visual clues have been know to be spoofed by the criminals!

If in doubt, remember this: You bank will NEVER send you an email asking for your login details! If you receive such an email, forward it to your bank. And DON'T click on the link! The same is true for other secure websites that hold your money – PayPal never send you emails asking you to confirm your details!

For a more detailed look at Phishing, there's an excellent Wikipedia article here: Phishing Article The latest versions of Firefox and Internet Explorer have anti-Phishing measures built in. You should make sure these are turned on when accessing secure websites. (In Internet Explorer 7, click Tools > Phishing Filter > Check this Website.)

Password Protection

We've all got passwords. In fact we've all got LOTS of passwords! We've got so many that it's become increasingly difficult to keep track of them all. Banking passwords are no different. But the recommendation is to keep changing each one every few months or so! Because the whole password process is cumbersome, some people have one password for all of the sites on the internet that ask for them. This is something you should NEVER do! You need a different password for each site.

The reason is simple – if a criminal has your password for one website, he's got them for all your sites – he could clean you out! The problem is, how do you remember them all? One technique for password creation is to take letters and numbers from a favourite song, saying, or something that's special to you. For example, a favourite song of yours may be "happy birthday to you"!

To turn this into a password, take the initial letters of each word. You'd then have this: hbty Not very secure, but easy to remember. Let's complicate it a bit, by adding some capitals: HBty Slightly more secure. Let's add a number: HB2y Getting better. How about a non alpha-numeric character? HB_2y Adding non alpha-numeric character helps password security enormously. Let's make the password longer by singing Happy Birthday to Home and Learn: HB_2y_HBdhAL Now, not only is the password longer, but it has a mix of numbers, lowercase and uppercase letters, and non alpha-numeric character. This makes it more secure, and harder for criminals to guess. (The password is now "Happy Birthday to you. Happy Birthday dear Home and Learn".) A password like this is also easier for you to remember.

Passwords should never be just four characters long! The reason is that criminals may have password-cracking software. Using such software, short passwords can be cracked in no time at all. Use at least 8 characters. Duke University have a good page here that tells you how long it would take to crack a password of up to 8 characters. The amount of time needed to crack a password rises dramatically: Duke University Password Information

You and Your PC

You should never log in to your bank account using somebody else's computer. Simply because you have no idea what security measures they take, and whether or not the computer is infected. Internet cafes are also not somewhere you should be entering security information. In an internet cafe, all the data you enter is logged and saved by the owners (they may be forced to do this by law). You can never be sure that your data is safe from prying eyes. Also, what if you forget to log out properly?

The next person who uses the computer could see all of your details, and have access to your bank account! The only place you should be entering your bank details are from your own PC. Of course, you need to make sure that your own computer is safe from infection, and take sensible security measures when it comes to the emails you receive. Follow the suggesting on our site and your PC will be just that much more secure than it was yesterday! Source: http://www.homeandlearn.co.uk/BC/bcs5p7.html

Read more

Brief introduction on Computer Virus

Virus imageWhat is a Virus?
A virus is a self replicating code that produces its own code by attaching copies of itself into other executable codes and operates without the knowledge or desire of a computer user. Virus was discovered in early 1980s. Viruses require human activity such as booting a computer, executing an autorun on a CD, or opening an email attachment.

In day today life most of computers get attacked or infected with the viruses or worms. 4% attacks are due to viruses and worms are reported,  rest are due to human error (53%) and so on. But that 53% also includes viruses and worms which get attached to our system due to human error. So, whatever be the matter , every computer user should at least know the basics of viruses and worms and how one can try to avoid such stuffs from the system.

There are three basic ways viruses propagate through the computer world: Master boot record: This is the original method of attack.. It works by attacking the master boot record of floppy disks or the hard drive. This was effective in the days when everyone passed around floppy disks.

  • Document Virus: A slightly newer form of virus that relies on the user to execute the file.. Extensions, such as .com and .exe, are typically used. Some form of social engineering is normally used to get the user to execute the program. Techniques include renaming the program or trying to mask the .exe extension and make it appear as a graphic or .bmp.
  • Macro Virus: The most modern type of virus began appearing in the 1990s. Macro viruses exploit scripting services installed on your computer. Most of you probably remember the I Love You virus, a prime example of a macro infector.

Viruses must place their payload somewhere so that  they can overwrite a portion of the infected file. Most virus writers want to avoid detection for as long as possible One way the virus writer can accomplish this is to place the virus code either at the beginning or end of the infected file. 

Prependers infect programs by placing their viral code at the beginning of the infected file. Appenders infect files by placing their code at the end of the infected file.. This leaves the file intact while the malicious code is added to the beginning or end of the file or append at both sides.

Component/Working of a Virus: Working of VirusViruses that can spread without human intervention are known as worms. ->The search routine is responsible for locating new files, disk space, or RAM to infect -> Infection Routine is responsible for copying the virus and attaching it to a suitable host. ->Trigger Routine: is to launch the pay-load at a given date and time. The trigger can be set to perform a given action at a given time.

Characteristics of Virus

  • Virus resides in the memory and replicates itself.
  • It does not reside in the memory after completing its task
  • It may transform itself into other programs to hide its identity

Reason for the creation of Viruses:

  • It may be created for research purpose
  • May be to play pranks with friend and foes what we usually do J
  • Someone may intentionally wish to harm others computer i.e. vandalism
  • To gain over some companies content for financial or threat purpose i.e extortion
  • To have an eye over the people say in a computer lab or on any product distribution i.e Spyware.
  • For spreading threats and terrors at the people through internet by thefting others identity and misusing that and many more may be the reason.

Symptoms that computer get an attack

  • System will work in unmannered way
  • Process may take more time that its expected.
  • floppy drive or disk drive suddenly get opened
  • Hang up at the starting time.
  • Computer name gets changed.
  • Drive names get changed
  • Firefox or other browsers not working properly
  • Getting sudden restart or freezes fast on warning
  • Other gets vulgar messages what you have not sent to them and so on.

Basic Difference between Virus  and worm:

  • A worm is a special kind of virus that can replicate itself and use memory, but don’t attach itself to other programs what a virus does.
  • A worm spread through the infected network automatically but virus does not.

Types of Viruses:

What they infect

  • Boot virus: infects disk boot sectors and records.
  • File Virus: infects executables files in OS file system.
  • Macro Virus: infects documents, data sheets etc like word, excel
  • Network Virus: spread through email using command and protocols of computer network.
  • Source Code Virus: override host codes by adding Trojan code in it

How they infect

  • Parasitic Virus: attach itself to executable files and replicates itself
  • Memory resident Virus: resides and do changes in main memory
  • Stealth Virus: which can hide itself from anti-virus programs
  • Polymorphic Virus: A virus that mutates and changes accordingly.
  • Cavity Virus: overwrites a host file with constant null but with the same size and functionality
  • Famous Viruses and Worms: I love you which is a win-32 email based worm
  • Melissa Virus: it’s a Microsoft word macro virus
  • JS.spth: It’s a JavaScript internet worm which spreads through e-mail, p2p networks etc.
  • Klez virus: its an email attachment that automatically runs when viewed with MS word and uses its own SMTP engine to spread mail
  • Slammer/Sapphire worm: it was the fastest worm in history which doubles itself within 9 seconds. others are top rated viruses in 2008 detnat,  netsky,  mytob , bagle, mywife, virut, Zafi, mydoom, Lovegate and bagz.

Always remember Prevention is better than cure so don’t accept strange files, don’t do double click on everything, try to check file’s extension and learn little bit batch file commands.

Install good antivirus(Nod32, AVG, McAfee, Bitdefender , Kaspersky etc.) and regulary scan your whole sytem, always try to check processes and all.

For more information check Wikipedia, howstuffsworks.com , Ec-council CEH guide and don’t forget to google to get latest news and stuffs related to this topic. This was just an introduction!

Read more

Safety tips for mobile users

be safe while talking on mobile Hi friends, according to present scenario every people who are above 14 are having mobile (except those who can't afford it). Its good thing to have to be in touch with friends and families but it may turn into devil if you misuse it either knowingly or unknowingly. So, its the right time to know that what we should do and what we should not do with mobile.

  • Only give your mobile number out to people you know and trust. (Specially for girls)
  • Don't do any transaction through smart phone if password or any personal information is getting to be stored in your mobile.
  • Don't talk rubbish or don't harass anyone on phone, it comes under Cyber Crime. (while break up couples usually do so. So beware guys!)
  • Avoid, unless absolutely needed, connecting to an unsecured wireless network through your mobile (whici is having wi-fi facility)
  • Do not use your mobile phone to communicate with strangers. Only text and call people or businesses you know in real life.
  • Never reply to text messages from people you don’t know. (One or two messages you can do to know his/her identity, if possible)
  • Make sure you know how to block others from calling your phone. Using caller id ,you can block all incoming calls or block individual names and numbers.
  • Make a record of your Electronic Serial Number (ESN) and/or your International Mobile Equipment Identity (IMEI) number. You can find out your IMEI number by pressing *#06# on your mobile phone's keypad, it will display a 15 digit number – that is your IMEI number.
  • If your phone is lost or stolen, report it to your local police station and your network operator immediately.
  • Think about how a text message might be read before you send it. (Married couples may face many issues because of such messages. No need to explain i guess)
  • You should never give anyone else's number out without their permission.
  • You should never take pictures or videos of anyone with your phone if you do not have their permission.
  • Do not allow others to take pictures or videos of you without your permission. Remember – these pictures and videos can be posted to the Internet.
  • Be careful if you meet someone in real life who you only "know" through text messaging. Even though text messaging is often the "next step" after online chatting, that does not mean that it is safer.

We follow most of the steps but knowingly or unknowingly we do such mistakes which leads towards Cyber crime. So, play safe, be safe and make the nation Cyber crime free nation. Source: http://www.staysafeonline.org

Read more

Be friendly but use your brain while talking on Social networking sites

lets be frdHi friends, If you are using internet then you must be having accounts on Facebook or Orkut or Myspace etc. (may be in all :)) My question is: Why you joined social networking sites?

1. Just for fun,

2. To remain in touch with my friends and relatives,

3. To make new friends specially beautiful girls :D,

4. To remain updated about others

Let me guess in most cases it would case no. 2 or 3 (correct me if I am wrong). As far as you are safe at this site its ok even if you are addicted to it. But if you are sharing your social or personal information then be aware before talking even.
Bit Defender did survey on it and found more than 90% internet users share sensitive data within 2 hours of continuous talks over chat messenger or over Social sites.  According to Internet World Stats, people are spending increasingly more time online, with global Internet usage up by more than 390% between 2000 and 2009. Over this period of time, the popularity of social networks amplified as well.

They did survey by making a fake profile and sending friend request to more than 2000 users (male and female included age varying from 20-65 of 27 years mean age). After a week, the friendship request form proved very successful: out of the 2,000 requests sent by the test-profile, 1,872 were accepted.

A first analysis of the gathered datasets revealed that usually, on a social network, the first impression counts a lot: a very nice looking young woman will always attract a lot of friends. 94% of the 2,000-user experimental sample accepted to become friends with the test-profile.
Surprisingly 86% of them were from IT field (isn’t it hilarious), and more interesting ,31 % of them were from IT Security field. An industry that has been stressing the risks of using social networking sites for many years. (This really surprised me) Most of them added because of display picture which was of a lovely girl.

The worst thing with social networking site is, after having half an hour conversation with stranger they reveal many personal information like their parent’s names, address, spouse, children names (all these information can be use to crack passwords and in most of the cases it works).

They allow them to see their albums which may be copied for wrong purpose. In addition to that, after a 2 hour conversation, 73% revealed what appears to be confidential information from their work place, such as future strategies, plans, and unreleased technologies/software. The results of this study suggest not only that social network users accept unknown persons in their group just based on a nice profile photo, but also that they are willing to reveal personal, sensitive information after a short online conversation.

This means that social networks serve both as a meeting ground where people can present themselves and communicate, but also as a starting point for a virtual “friendship”, which brings people to divulge too much information because of the illusion of anonymity.
So, from the next time if someone sends you friend request or trying to talk to you over chat messenger, have patience do all investigations related to unknown profile (at least take help from Google) , if you feel O.K. then go on else reject it blindly. Never be too emotional over social sites and don’t reveal such things so easily. It may help them in social engineering and they may harm your system, your bank accounts, your reputation even you. See the images below for detailed analysis: frdship rateppl from diff jobpersonal info revealed Source: BitDefender

Read more

ESET’s nod32 and smart security 4

ESET v4 (latest one)Hi friends I am using this anti-virus from last 3 years and believe me i never got anything in mind to change this software and to use other. What i like most in ESET’s Nod32 is:

  • It doesn’t slowdown your system
  • It updates recent virus signature database automatically
  • Very user friendly and its just like a German shepherd, it will never allow any unwanted stuffs to get in.
  • It is written in assembly language, so its but obvious that it will have fast execution than other software.

ESET is having its two products mainly. They are ESET Nod32 and ESET Smart Security and it comes for home edition, business edition and enterprise edition. you can download softwares related to eset from its own site. click here

Features of NOD32 4.0.467 :

  •  ThreatSense technology — a single optimized Anti-Threat engine for analyzing code to identify malicious behavior, such as viruses, spyware, adware, phishing and more
  •  Unprecedented heuristic analysis capable of discovering new malware threats as they emerge • Powerful virtual PC emulation technology enables unpacking and decryption of all types of archives and run-time packing • Able to clean active malware running in memory
  •  Protects at multiple infiltration points, including HTTP, POP3, SMTP and all local and removable media
  • Removes infections from files that are locked for writing (e.g., loaded DLL file) • Prevents infected files from being opened and executed, and warns on creation of infected files
  •  Automatic execution on system startup • Supports multiple Terminal Server environments
  •  Supports scanning of mapped network disks and many more .

It will be hardly 34 MB and its latest version is 4.0.467 Final It has home edition, business edition, mobile edition as an option; whatever you need you can get the download link form here. You can give it a trial i am sure you will be loving it. One thing i will suggest that use USB disk security system with it then you will never have any kind of virus problem in your system.

Read more