Category Archive Information Security

ByJayanthi

Definition of the day: Trojan virus

The more connected we are with our tablets, mobiles, desktops, laptops, the more we are susceptible to an attack. The connected world boasts of different types of attacks. Some of them are viruses, worms, phishing emails, Trojans and so on. Malicious writers are constantly seeking new ways to exploit new vulnerabilities on new devices. We will explain the term Trojans in this post:

 

 

Similar to the fabled horse in the Trojan war (wherein the Trojan horse was used to stealthily get soldiers inside the enemy camp) –  in computer security,  a Trojan virus is a malware that disguises itself in everyday files. When an innocent user clicks on the file disguised as the Trojan a virus with extraordinary capability is unleashed. Most common Trojan viruses are used to create back doors on systems, steal data from personal and business systems and remotely control a computer. 

They do not replicate themselves and propagate by common social engineering techniques and duping the innocent user. 

 

ByJayanthi

Anatomy of the Shellshock vulnerability

If you thought, remotely seizing a machine and making it obey your orders was what sci-fi movies were made of, think again! The Shellshock vulnerability or the Bash bug vulnerability discovered in September of 2014 by Stephane Chazelas, a security researcher at Akamai firm allowed hackers to do exactly that in reality!

 It was different from other vulnerabilities because it attacked Unix, Linux and Mac OS machines instead of the traditional Windows systems. NIST (National Institute of standards and technology) named the vulnerability as, CVE-2014-7169.  It is to be noted that the terms Shellshock and Bash bug will be used interchangeably in this article.

 Why is it so named?

It was so named because it exploited a vulnerability in the shell of the Unix, Mac OS and Linux operating systems. The Shell of the Unix and Linux environment is known as GNU ‘Bourne again shell’ which gives the vulnerability its name ‘BASH’. The vulnerability affected all versions of Bash from 1.14 to 4.3.

This shell is the command line interpreter (that which is used to run commands) which is the crucial component in the vulnerability. The critical point about the Bash bug or the Shell shock vulnerability is that the machine can be exploited remotely and can be brought completely under the control of the attacker.

Hungry? Order from Swiggy!! 🙂 

In a nutshell, how does it work?

The flawed design of Linux/Unix/Mac OS Bash shell executes code after definition of the environment variable, first. Web applications are particularly susceptible since they take user input and execute accordingly. For example, when setting environment variables

env e=’() { :;}; echo new command

The interpreter executes the malicious code ‘echo new command’ first, specified after the environment variable and then executes the environment variable.  

What happens if the vulnerability has been exploited on your machine?

If your machine has been compromised and the vulnerability has been exploited these are some of the things that the hacker can do:

  1. take complete control of the OS
  2. install backdoors
  3. view/change database usernames and passwords
  4. ruin the web server by modifying its contents
  5. deface websites(TrendLabs Security Intelligence blog, 2014)

Now let’s move onto the move onto the most important point of the article, the anatomy of the attack.

 

Anatomy of the Shellshock attack:

The shellshock or the Bash bug vulnerability can be exploited under three circumstances:

  1. Machines running HTTP server using CGI scripts(which require no authentication)
  2. Machines running SSH(which require authentication)
  3. Machines running DHCP server

 

 

     We will discuss the anatomy of the Shellshock attack on the HTTP server running CGI scripts.

As an example, let us consider two machines one running Kali Linux (which is the victim machine) and one running Ubuntu OS (which is the attacker machine) Our Kali Linux system will be using the Apache web server which will be victim server.

  1. Create a CGI script and save it with .cgi extension on the victim machine. For simplicity, place it in the root folder of the Apache web server.
  2. Make sure the CGI script is executable and Apache web server executes it.
  3. Start the web server and execute the CGI script to make sure that it works accordingly
  4. Go to the attacker machine and create a ‘reverse TCP payload’ by means of Metasploit. Metasploit being a bundle of payloads and exploits – it is wise to use the popular ‘msfpayload’ for this. Note: The “reverse shell” is used by the attacker to create a listener on his machine and the victim machine connects to it. The attacker then gets the shell code.
  5. Once the “payload” has been created, make sure to see that it is indeed there.
  6. The ‘curl’ command is then used to send the payload to the victim machine by making use of ‘Bash’ vulnerability. The ‘curl’ command is the command to send data to/from a server. This can be monitored by the listener on the attacker machine. By now, the victim machine is completely under the control of the attacker. (EXPLAINED: What is SHELL SHOCK or BASH BUG and How to EXPLOIT!)

This is the successful anatomy of the Shellshock attack. To protect oneself from the Shellshock vulnerability, it is necessary to apply regular updates as and when they are released.

Bibliography

EXPLAINED: What is SHELL SHOCK or BASH BUG and How to EXPLOIT! (n.d.). Retrieved from Youtube.com: https://www.youtube.com/watch?v=u1H12rMdLTg

TrendLabs Security Intelligence blog. (2014, September 25). Retrieved from TrendMicro: https://blog.trendmicro.com/trendlabs-security-intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/

 

 

 

 

 

 

 

 

 

 

 

 

 

ByBala Manikandan

Java 8 – Default and Static Methods in Interfaces

Before beginning this post, I would like state that this post assumes some knowledge of Java.

 

Prior to Java 8, all methods in an interface had to be ‘abstract’. However, in Java 8, default and static methods could also be defined in interfaces. These are discussed in the following sections.

Default Methods:

A default method in an interface is used to define the ‘default’ behaviour of an object of that interface type, in case a class implementing that interface does not override the method. Unlike other interface methods, default methods have a method body. A default method is declared using the keyword ‘default’:

interface TestInterface {
      default void defaultMethod() {  }      //a default method
}

 Flat 20% cashback on Motorola, Vivo and Lenovo Smartphones

Note that the above method uses curly braces, not a semicolon. Just like normal methods, statements can be included between the curly braces. Now consider another piece of code:

package bala;

interface TestInterface{
default void print(){
System.out.println(“Default”);
}
}
class Sample1 implements TestInterface{ //overrides print()

public void print(){
System.out.println(“Not Default”);
}
}
class Sample2 implements TestInterface{} //doesn’t override

public class Test {

public static void main(String[] args) {
TestInterface obj1 = new Sample1();
TestInterface obj2 = new Sample2();
obj1.print();
obj2.print();
}
}

 

 

The above code prints:

Not Default
Default

In the above code, both the classes, Sample1 and Sample2, implement the interface TestInterface, which contains a default method.

class Sample1 overrides the print() method but Sample2 doesn’t.  In the main() method, two objects of object types Sample1 and Sample2 are created, which then invoke the print() method. Since Sample1 has the overridden print() method, the code in the overridden version executes.

But the print() method is not overridden in Sample2,  so the code in the default method of TestInterface executes. This accounts for the above output.

Static Methods:

Recall the definition of static methods – they belong to the class rather to an instance of the class.

As in classes, static methods in interfaces are the methods that can be called using the interface name itself, rather than using an object reference variable. These methods also use curly braces. Their usage is very similar to the usage of static methods in classes, as demonstrated in the following code:

package bala1;

interface TestInterface2{

static void print(){
System.out.println(“Static method inside an interface”);
}
}
public class Test2 {

public static void main(String[] args) {
TestInterface2.print();
}

}

 

As expected, the above code prints:

Static method inside an interface

We have seen the newer features of Java 8(namely – default and static methods in interfaces) in this post! Join me as I uncover some more technical aspects of the world!

ByJayanthi

The ‘Apple’ of my eye! :)

For most of the Apple lovers possessing iPhones, iPods, Mac books and iPad and so on, this week was an exciting week as it saw the  launch of the iPhone 8, iPhone 8S and iPhone X. How will the new iPhone X be? Pronounced iPhone ’10’ and not iPhone ‘X’, this is the thought for most of the world(if not all!) Till we can lay our hands on it or see someone who lays their hands on it 🙂 we can only surmise a few details as of now:

Features of iPhone XDescription   
Pre-orders starting date in IndiaOctober 27
Sales will start fromNovember 3 in India
Price of iPhone X$ 999 and up

89,000 Rs in India
Wireless charging
Display5.8 inch OLED display

Highest resolution display:

2436x1125 pixels at 458 pixels per inch
Authentication Face ID instead of Touch ID and NO home button

Appearance Durable glass in the front and back

Water and dust resistant


Battery life14 hours of Internet use
ProcessorA11 Bionic chip(can manage 600 billion operations per second)

6 core processor
CameraDual 12MP TrueDepth cameras

Storage64GB

Planning to go somewhere? Try booking flights through ‘Makemytrip‘!!

The most interesting features of the iPhone X  are:

  1. Price – $999 for US markets and a cool lakh for Indian markets(256GB variants)
  2. Processor speed – The iPhone X has the A11 Bionic chip supposedly the most powerful and smartest chip
  3. Battery life – The iPhone X boasts of 14 hrs of Internet usage which will be tested in due time(Scientific American)
  4. Camera – It has a larger and faster megapixel sensor(for camera buffs and geeks, there is plenty in store with the new iPhone X to achieve superior quality pictures) 
  5. Face ID – This is obviously the most talked about authentication feature of the new iPhone X – ‘face recognition’. Apple has done away with the home button and introduced the ‘face recognition’ feature which raises interesting and new questions. While biometrics is always a better way of authenticating a user than the traditional username and password combination(not to forget remembering the umpteen number of passwords) face ID might be much more trickier than  other biometrics.  These are some of the key points regarding Face ID:
  •   For now, only one face ID will be supported per device.
  •   Going by the number of thoughts around the web, what if the device can be unlocked while sleeping or by an identical twin?

           iPhone user experience is always beautiful and in India where owning an iPhone(or any Apple product and any version) is a symbol of pride, it remains to be seen if the new iPhone X will live up to its standards. Most of the details and doubts will only be solved in due course of time – but one final question that is on everyone’s mind – is it too pricey even by Apple standards?

Thanks to Satish for his thoughts, suggestions and tips for this post!

 

 

 

 

 

ByJayanthi

Types of hackers

In today’ post, we will see the different types of hackers:

 

Try Club Mahindra today!

ByJayanthi

Which is more secure: SSL, TLS or HTTPS

Data that is passed “as-is”(without encryption) is prone to attacks by hackers and people with malicious intent. In order to pass critical financial information without being eavesdropped, it is crucial to encrypt all data. Encrypting communication allows one to pass credit card numbers, banking information and other sensitive details between the client and server and it is more secure. Encryption between the client and server is done by SSL/TLS. Before seeing which is a more secure protocol,we will first understand the terms SSL,  TLS  and HTTPS.

SSL is ‘Secure Sockets Layer‘ and it is used to secure the connection between the client and server. It makes use of public key encryption(when a public key may be used encrypt and private key may be used to decrypt –  or it can work the other way around too) and it works at the transport layer of the OSI model. It provides data integrity, confidentiality for the connections between the client and server. 

 

 SSL is now known as TLS or ‘Transport layer security‘. It is again a cryptographic protocol that is used to encrypt all communication between client and server. SSL 3.0 officially became TLS and TLS 1.2 is the latest version.  TLS is backward compatible to secure older SSL connections. 

‘HTTPS’ is ‘Hyper text transfer protocol secure’. HTTP is the building block of the Internet. HTTPis ‘HTTP’ secured with SSL/TLS.  HTTPS is synonymous with security during transmission.  Connections can be understood to be encrypted by seeing the padlock at the left hand corner of the screen or by seeing ‘https’ instead of ‘http’.

Now coming to the original question of which is more secure TLS is more secure as SSL has given way to TLS. But since communication security is still understood as SSL, it can be said that SSL/TLS is more secure. 

 

Note: HTTP vs HTTPS image source: Google images

 

 Try Bigbasket today!

 

 

 

 

 

ByJayanthi

Have you heard about cyber diplomacy?

‘Diplomacy’ is defined as “the art of dealing with people in a sensitive and tactful way” and cyber diplomacy is a careful extension to that.

Social media is an absolute necessity for individuals, businesses and government organizations. Most major heads of state are present either on Facebook, Twitter and/or other social media platforms. Given the openness of social media platforms, interactions are easy at all levels with these social media channels.  It is also easy for heads of state to carry out conversations with each other and/or with ordinary citizens. 

Read More

ByJayanthi

Definition of the day: Honeypots

“Honeypots” in network security is a computer system which entices hackers to attack it.  All ports are kept open on the  system and the computer acts normally with its services(but in reality, it is isolated and monitored) The main idea behind setting up “honeypots” is used to study the motives of malicious individuals and track their actions.

 

 

It must be noted that none of the production systems are connected to the “honeypot” system and no vital business information is lost during the “honeypot” project.

ByJayanthi

Introduction to Bitcoins

Even as the Bitcoin fork is making news, and there is  “Bitcoin” and  “Bitcoin cash” now, we will deal with the elementary aspects of “Bitcoin” and “Blockchain” in this post.

“Bitcoin” first appeared in 2009, but they are much more prominent now, thanks be to better adoption by individuals and professionals. In this post, we will understand the meaning of the “Bitcoin” cryptocurrency, some basic terms related to it and the way it works.

Read More

Mani Prithiviraj ByMani Prithiviraj

Conflict Resolution at the Workplace

Advances in Technology and Market Pressures have led to increasing expectations on growth and performance in our workplace. Expectations can rarely be met purely based on individual efforts. Successful accomplishment of organizational goals requires collaboration and team work. Goals have to be accomplished with a diverse workforce (based on age, culture, work-styles). This gives rise to interesting challenges. Conflicts at the workplace can significantly impact achievement of goals. In this article I am going to write about common causes for conflict at the work place and methods that can be used for prevention and resolution of conflicts.

Read More