Wednesday, January 23, 2008

Most commonly used Security Techniques against viruses

Virus detection and its removal are mode through an antivirus or with some other security program. Different antivirus programs are available in the market and over Internet. The most common and famous security technique against viruses is as under:

Virus Signature/ Virus Definition

Virus signature is a known pattern of code of a code of a virus program; this pattern is used by antivirus program to detect viruses and then to remove these viruses. You should update virus definition continuously by downloading updates from Internet. This ensures that your antivirus is always able to detect changing viruses.


Inoculation file is separate file created and maintained by antivirus program to record information like file size and file creation date. This information later on is used for virus detection and removal.


Quarantine is a separate area on a hard disk. It contains the infected files and folders that cannot be cleared or deleted by antivirus due to some reason, for example sharing violation or unknown virus for that antivirus.

Recovery Disk

Recovery disk is a removable disk that holds un-infected system commands and startup information. In case the boot record of actual hard disk fails, this recovery disk can be used to start the computer. Afterwards an antivirus program can be used to remove the virus.

Un-authorized access

Accessing a computer system without the knowledge or permission of its user is called unauthorized access. It is always recommended to restrict computer resources with the help of usernames and passwords. These are unique combination of characters to identify users and their secret codes respectively.


Firewall is a security system consisting of hardware and software to prevent unauthorized access of a network or computer. Big companies use a separate computer firewall software or hardware to protect their date from unauthorized access. Firewall check outgoing and incoming traffic and manage data access to the authorized users only.

Biometric Devices

A biometric device reads personal characteristics like fingerprints hand structure, facial features, and voice recognition to authenticate a user for any further access to a computer system or other peripheral devices. A biometric device translates the personal characteristics into digital code that is matched to already store user data in that system. If the digital data matches with any of the stored data, it gives access to the person. In case of no match, the access is denied.

Sunday, January 20, 2008

Mass host hack bigger than first thought, hits 10,000 sites

A large-scale hack of legitimate Web sites to infect visitors' PCs is much more massive than first thought, researchers said today. At least 10,000 sites have been compromised, and have hijacked unpatched systems that steered to their URLs.

On Monday, Mary Landesman, a senior security researcher at ScanSafe Inc., said that she had uncovered hundreds of sites which had been hacked and were feeding exploits to visitors. Today, Don Jackson, a senior researcher with Atlanta-based SecureWorks Inc., said the number was considerably larger.

According to ScanSafe's data, approximately 10,000 sites hosted on Linux servers running Apache, the popular open-source Web server software, have been hacked, most likely with purloined log-in credentials. Those servers have been infected with a pair of files that generate constantly-changing malicious JavaScript. When visitors reach the hacked site, the script calls up an exploit cocktail that includes attack code targeting recent QuickTime vulnerabilities, the long-running Windows MDAC bug, and even a fixed flaw in Yahoo Messenger.

If the visitor's PC is unpatched against any of the nine exploits Jackson listed, it's infected with new variant of Rbot, the notorious backdoor Trojan he called "a very nasty piece of software." The end result: The PC is added to a botnet.

Jackson's can't prove how the sites were originally hacked, but all the evidence points to the theft of log-on credentials; one reason why he came to that conclusion is that hosts that have been cleaned of the infection -- or in some cases even had Linux reinstalled -- are quickly reinfected.

"There was no sign of brute forcing [of passwords] just prior to the infection," said Jackson, "but attackers hosting companies are hit all the time with password attacks. It's part of doing business."

Earlier in the week, Landesman of ScanSafe drew a link between the security breach at U.K.-based Fasthosts Ltd., that country's largest Web hosting vendor, and the site hacks, saying then that the domains ScanSafe had found infected had, or had recently had, a relationship with Fasthosts.

Fasthosts denied such a cause-and-effect, and cited what it called "technical discrepancies" with Landesman's claims, but said it was investigating nonetheless.

Friday, Landesman said more data during the week had made her change her mind about the link to Fasthosts. "There are a great deal more of these [compromised] sites than earlier," she said today. "There are a number of them that can be traced to Fasthosts, but not all of them do."

Like Jackson, Landesman remained convinced that the hacks were possible because of stolen log-on usernames and passwords. "From everything we have it does point to some kind of compromise of usernames and passwords," she said. "My theory remains that the eventual source of the compromise is going to be a fairly finite number [of hosting companies]."

Jackson stressed that while the site hacks were done sans a true vulnerability, the Apache feature used by the hackers -- "dynamic module loading" -- is little known by most site administrators, making it extra difficult for all infected sites to cleanse themselves.

More to the point, said Jackson, administrators must change every password on the infected server; failing to do so has led to quick reinfections on some hosts. "All passwords must be changed," he said, "not just FTP and Cpanel passwords." There's some evidence, he said, that other passwords besides those for FTP and Cpanel -- a popular server control panel program -- have been used to access the hacked sites.

Other clues led Jackson to speculate that the attackers are not the usual cyber criminals based in Russia or China, but are likely from North America or western Europe. The code for the hacking and file upload tools lack any comments written in Russian or Chinese, which is normally the case when an attack originates in Russia or China. Instead, the comments and code snippets are in English only. "Almost all the hacking business in western Europe is done in English," Jackson said, mentioning Germany specifically.

Users can protect themselves from attack by making sure all software on their systems is patched and that their security software signatures are up-to-date. Web site administrators, on the other hand, should disable dynamic loading in their Apache module configurations.

Tuesday, January 15, 2008

Global System for Mobile Communications (GSM)

GSM network is designed by using digital wireless technology. It offers compatible wireless services to all mobile users in all over the world. The basic requirements for GSM are following:
  • Services
  • Quality of services and security
  • Radio frequency utilization
  • Network
Services: The services, which are provided by the system, should be potable to all Mobile Stations or Mobile Phones so that it can b used in all over the world.

Quality of services and security: The quality of both voice and data services of GSM should be good. The voice data is encoded in digital form by using a modulation technique i.e.Gussian Minimum Shift Keying (GMSK).The security features should be provided by the system to protect the network against unauthorized users.

Radio frequency utilization: The system should use the available band of frequencies (For uplink: 890-915MHz & For downlink: 935-960MHz) efficiently.

Network: Network designers manage the identification and numbering plans while switching and mobility management based upon signaling system i.e. Signaling System Number 7(SS7).

GSM Architecture

The main component groups of GSM architecture are:
  • Mobile Stations (MSs)
  • Base Station System (BSS)
  • Network and Switching Subsystem (NSS)
Mobile Stations (MSs):

The Mobile Station (MS) consist of two operational parts.
  1. Mobile Equipment (ME)
  2. Subscriber Identity Module (SIM)
Mobile Equipment (ME): This is the hard ware used by the subscriber to access the network and it has a unique identity number known as International Mobile Equipment Identity (IMEI).

Subscriber Identity Module (SIM): This is a type of electronic card that is plugs into ME and contains detailed information about the mobile subscriber.

Base Station System (BSS):

BSS is central equipment, which is located at the cell site. It provides the link between MS and NSS. The BSS consists of two operational parts.

Base Transceiver Station (BTS): BTS consists of transmitting and receiving antennas and signaling equipment that provide air interface for a cell to route the call. BTS communicates with the MS.A single BTS can support one or more cells.

Base Station Controller (BSC): All switching functions, which are performed in MSC, are controlled by BSC. It also supports handoff strategies and allocate or release temporary channels for those users whose needed handoff. Several BTSs can be controlled by a single BSC and one MSC can serve many BSCs

Network Switching Subsystem (NSS)

It is the main switching center of GSM network. NSS includes the following:

Mobile Switching Center (MSC): It is the basic unit of NSS, which supports call-switching or routing functions. Its purpose is the same as that of telephone exchange but due to advanced wireless technology, its working is much better than that of exchange. Each MSC provides coverage to a defined geographic area only.

Home Location Register (HLR): For subscriber its a reference data base. Current location of MS, identification numbers and various addresses are maintained in it.

Visitor Location Register (VLR): It's also a type of database. When an MS moves from home location to a visited location then its location is registered as a visitor in the VLR of visited system and this information is also updated in HLR of MS, by the VLR.

Equipment Identity Register (EIR): Its again a type of database, which contains information about MS equipment and check and identify its international validity of hardware and software to work properly.

Authentication center (AUC): Its a processing center and is normally worked together with HLR.Like HLR its also require to continuously access or update subscribers data. Its main purpose is to provide data security features to authenticate the subscriber.

Graphic Card

The graphic card is one of the most important pieces of hardware in your PC. Without it, your super monitor with all the bells and whistles is just a junk box.

Make Directional Input

Most video cards come with simple frame capture programs, but you'll have to do some programming if you plan to integrate video capture with other operations on your computer, such as adding text data as an overlay or changing video-in channels on the fly. In this case you'll need good programming libraries in a language with which you are familiar for the video card. Some companies include libraries with their cards, but most charge extra. Most often libraries, when available, are for C or BASIC, and sometimes Pascal.

Choose Between 24 bit and 32 bit

For True Color mode, some graphic cards offer 24 bit while some offer 32 bit. Which is the best? When True Colour mode was first suggested, it utilizes 32 bit which was very pleasing to the eye, they realize that 24 (with less coolers) won't look much different since the human eye can only take about a certain amount of colors. On the other hand, 24 bit will run faster compared to 32 bit because it uses less colors. So if your card utilizes 24 bit, don't worry, it isn't bad.

Always Use The Latest Drivers

Yes, it is important to make sure you always have the latest drivers. The latest drivers will offer you better performance, more utilities and more compatibility (usually for DirectX or Direct3D). Take the effort to check you card manufacturer's site to look for the latest driver updates.

Wednesday, January 2, 2008


A programmable machine. The two principal characteristics of a computer are:
  • It responds to a specific set of instructions in a well-defined manner.
  • It can execute a prerecorded list of instructions (a program).
Modern computers are electronic and digital. The actual machinery -- wires, transistors, and circuits -- is called hardware; the instructions and data are called software.

All general-purpose computers require the following hardware components:

  • memory : Enables a computer to store, at least temporarily, data and programs.
  • mass storage device : Allows a computer to permanently retain large amounts of data. Common mass storage devices include disk drives and tape drives.
  • input device : Usually a keyboard and mouse, the input device is the conduit through which data and instructions enter a computer.
  • output device : A display screen, printer, or other device that lets you see what the computer has accomplished.
  • central processing unit (CPU): The heart of the computer, this is the component that actually executes instructions.
In addition to these components, many others make it possible for the basic components to work together efficiently. For example, every computer requires a bus that transmits data from one part of the computer to another.

Computers can be generally classified by size and power as follows, though there is considerable overlap:

  • personal computer : A small, single-user computer based on a microprocessor. In addition to the microprocessor, a personal computer has a keyboard for entering data, a monitor for displaying information, and a storage device for saving data.
  • workstation : A powerful, single-user computer. A workstation is like a personal computer, but it has a more powerful microprocessor and a higher-quality monitor.
  • minicomputer : A multi-user computer capable of supporting from 10 to hundreds of users simultaneously.
  • mainframe : A powerful multi-user computer capable of supporting many hundreds or thousands of users simultaneously.
  • supercomputer : An extremely fast computer that can perform hundreds of millions of instructions per second.