20120131

5 Chrome Extensions That Are Going To Make Your (Browsing) Life Easier


Some people say our lives are getting harder the more technology we have. While I’m not here to argue that point, I am sure of one thing – some things only get easier. An example for one of these things is browsing 15 years ago, I was battling my way with Netscape 1.0, which pretty much included back and forward buttons and a stop button which never really worked.
Today, we have excellent browsers to choose from, and even more extensions and add-ons which hold the sole purpose of making our lives easier. It’s only a matter of finding the right ones. In this post, I will share with you a list of truly awesome Chrome extensions which can truly make your life easier. At least those aspects which have to do with browsing the web.

YouTube Options for Google Chrome

YouTube keeps changing. Sometimes we like the changes, sometimes we don’t, but most of all, we sometimes wish we could have more control over what YouTube looks like when we’re watching videos. YouTube Options for Google Chrome is a simple extension which lets you do just that.
The extension comes with an extensive list of options for changing YouTube’s default layout, as well as various playback, size and quality options. For example, you can set a certain size and quality for your videos, and have them automatically display that way every time. You can also disable auto-play, which is a very useful option if you’re regularly opening multiple YouTube windows.

Tabulate!

Ages ago, I heard about a service called BridgeURL. This handy web app lets you easily share multiple URLs in the form of a neat slideshow. How happy I was to find that BridgeURL’s technology also exists in a Chrome extension, which goes by the name of Tabulate.
If you’ve ever had the urge to share all your open tabs with a friend, Tabulate! lets you do this easily. Simply click on the Tabulate button and get a URL for all your tabs. You can then share this URL with friends. When they click on it, they will get a list of links which they can open separately, or choose to open all the links at once.
The most fun option, though, is viewing the links as a slideshow, which lets you browse through all the links one by one in the same window. I only wish there was a way to choose which tabs I want to share, instead of automatically sharing all of them.

Page Snooze

There are numerous ways to tackle the “too many tabs” problem, but despite that, I still find myself with a chock full of open tabs so as to not forget to look at them “later”. If you have the same problem, Page Snooze is going to come in mighty handy.
With Page Snooze, you can snooze any open tab for a certain amount of time. When that time is up, the tab will automatically open again. This means you no longer have to keep a tab open for a week just so you can look at it on Sunday.
Clicking the extension icon will snooze a page for one week. If you want to choose a different time window, right-click on the page itself and choose your preferred window from the context menu. In the extension’s options, you’ll find a list of all your snoozed pages and the date and time of their expected return into your browser.
Hopefully, this extension will get more options in the future, such as setting specific snooze times or at least something shorter than 1 day. As it is, it’s still really useful.

Readability Redux

The web is a cluttered place. Usually, this is not a problem, but when all you really want to do is read something, things can get quite distracting. Readability Redux is an awesome extension that lets you quickly unclutter any webpage, so you can comfortably concentrate on what’s important – the text.
There are five different styles to choose from, and you can also choose your font and margin sizes. You can set your own hotkey to activate the extension, and easily get a readable version with a quick press of a button. You can even apply Readability only to a selected fragment, and while this feature is still experimental, it worked very well for me.
Aside from comfortable reading, you can also use Readability Redux to create printer friendly versions of any webpage, and e-mail pages or fragments to friends.

Hover Zoom

Are you tired of having to click every single picture you want to view? With Hover Zoom, all you have to do is hover. Hover your mouse cursor over any image, and you will immediately get to view this image in full size. No clicking, no opening new pages. Clean and simple.
The extension works on almost every website; if a website supports it, the Hover Zoom icon will appear in the address bar. In the options, you can control delay times and other aspects of the display, disable Hover Zoom for specific sites, and create action keys to disable or enable Hover Zoom. This one is a true keeper.

Conclusion

Browsing should be fun, not tedious. There are some true life-savers out there. If you haven’t found the right one here, be sure to check out our Best of Chrome extensions page.
Are there any Chrome extensions that make your life easier? Tell us all about them in the comments.





TCP Split Handshake Attack and How it affect Server Security


Many computer network and IT Security professionals know the furious discussion going on about the last NSS lab report about security products (with Firewall protection). They tested 6 different situations and one of them "TCP Split Handshake Attack" was very successful for most of the products they tested. They successfully breached the security of most of the Firewall products from different vendors using TCP Split Handshake Attack method. So what is TCP Split Handshake Attack ? How it is a threat for current network ? If we refer RFC 793 (where TCP is explained), we can see how a TCP connection is established. TCP (Transmission Control Protocol) is a connection oriented protocol and thus it need handshaking process to establish a successful TCP connection. Blow you can see how the TCP connection is established between two TCP devices A and B.
TCP Split Handshake Attack and How it affect Server Security

What is TCP Handshake ? 

Before we go to TCP Split Handshake, we should understand how the three way handshake (normal TCP handshake) happen to establish a TCP connection. Let us say we have Two TCP devices A and B. Here A want to start a TCP connection with B and so A act as client and B act as server. In TCP connection the SYN\ACK packet is determining the server and client. So a proper TCP handshake is necessary to establish the right server client relation. So a simplified TCP handshake between A and B is:

Client (A) ISN =X

Server (B) ISN =Y

ISN= Initial Sequence Number

Step 1: A --- (connection request)-->B SYN=1, Seq= X

Step 2: B --- (Connection Granted) -->A SYN=1, Seq=Y, ACK= X+1

Step 3: A ----(acknowledgment) -->B SYN=0, Seq= X+1, ACK= Y+1
What is TCP Split Handshake 

Now let us check how TCP Split Handshake occur. The above three way handshake method can be written as below.

Step 1: A ----->B SYN, Seq= X

Step 2: B ----->A ACK sequence number of A is X

Step 3: B -----> A SYN, Sequence number of B is Y

Step 4: A ---> SYN\ACK Sequence number of A is X, Sequence number of B is Y+1 ( This is a possible error in many vendor products )

Step 5: Again the Three way handshake continue and the server will be A and B act like client. So Firewall get confused.

The above error in TCP three way handshake lead to TCP Split Handshake Attack where Firewall will be confused to find the actual server and client. So firewall think like B is the client (where in reality A is the client and requested connection) and it may lead to security vulnerability. In this split handshake signals some products (where the signal is strange ) drop the entire connection but some respond to it in unexpected ways.

5 Privacy Tips for Location-Based Services


The year 2012 is certain to reflect U.S. consumers’ continued love affair with sophisticated smartphones and tablets. One of the driving forces in the popularity of these devices is their ability to run mobile apps using wireless location-based services (LBS). Among other benefits, LBS allow access to real-time and historical location information online – whether to facilitate a social interaction or event, play games, house-hunt or engage in many other activities.
However, with these benefits also come privacy risks. And it is not uncommon for some popular LBS-enabled tools to lack clear disclosure about personal information collection, how that data is used, and the process for consumer consent.

1. Privacy by Design


At a minimum, a business should know what its LBS service does, what type of data it collects, and whether that data is shared with affiliates, partners or third parties. Claiming ignorance to the data flow of consumer location information is not likely to protect a business from privacy-related liability.
Consider carefully the intentional and unintentional data flows from LBS offerings. Is the data personally identifiable, either individually or when combined with other elements, in the company’s database? Will it be shared with an online advertiser, marketer or a social media platform like Facebook? Is there a legitimate business rationale for the collection, disclosure and retention of such information? Understanding the data flows is the first step in preventing an LBS privacy mishap.
When performing such due diligence, businesses also should appoint privacy-trained personnel to ensure that privacy considerations are identified and satisfied, both at the outset of the design of a new service or product, as well as at periodic intervals after the service or product has been released publicly. These are the core principles of the FTC’s “privacy by design” framework.

2. Transparency About LBS


Treat LBS information collection and disclosure as sensitive personal information, which means being transparent and careful with the data. This includes providing clear disclosures to consumers (before they download the LBS-enabled service) which explain:
  • What personal information will be collected, retained and shared.
  • The consumer’s choices as to such data collection.
  • How to exercise such choices.
  • Provide a periodic reminder to consumers when their location information is being shared.
  • If location information previously collected will be used for a new purpose, provide an updated disclosure to the consumer about the new use and an opportunity to exercise her choice as to that new use.
These disclosures should be presented prominently, in concise and plain language (i.e. not legalese or technical jargon).

3. User Consent

There can be some flexibility in how a business obtains a consumer’s consent to LBS information. That being said, a business generally bears the burden of demonstrating that it obtained informed consent to the use or disclosure of location information before initiating an LBS service. Thus, it is not advisable to use pre-checked boxes or other default options that automatically opt users in to location information collection, or any other manner that ultimately leaves the consumer unaware of such data collection.
The key is to clearly provide a disclosure about the location information collection, to clearly obtain consumers’ consent to use location information, and to keep accessible, organized business records of such disclosure and consent. It also is advisable to allow consumers the option of revoking consent previously given.

4. Treat Children’s Data as Sensitive


The use of mobile devices by children and young adults raises additional privacy and safety concerns. Therefore, be sensitive to consumer expectations on how to treat such data, as well as to the extra legal scrutiny that accompanies marketing efforts targeted to young people.
A business also needs to be mindful whether it is collecting location information from children under the age of 13, and the corresponding legal obligations that may be triggered under the federal children’s privacy law (the Children’s Online Privacy Protection Act). Navigating through these legal obligations with a privacy expert is critical to avoid mishaps.

5. Stay Current on Fast-Moving Privacy Developments


One common complaint by many a business is that it was unaware a particular business practice was considered unlawful (a complaint that is generally made after a regulator or litigant initiates legal action). A practical tip: In the sometimes murky area of consumer protection and privacy law, the rules of the road often are gleaned from analyzing cases, law enforcement examples and best practices, rather than from clear restrictions in a particular statute. For this reason, it makes good sense to periodically monitor law enforcement actions announced by the FTC and State Attorney General that highlight privacy-related practices, as well as guidelines issued by organizations that focus on LBS and privacy issues.
In 2012, we’ll witness legal action against companies that engage in LBS without accounting for privacy developments. While privacy investment is not inexpensive, proactively implementing best privacy practices at the outset is far less costly than being singled out by regulators, litigants and the media after-the-fact.

Failing to design a mobile app that covers these bases can be costly, inviting government investigations and lawsuits. For example, the U.S. Federal Trade Commission, which enforces consumer protection, has obtained 20-year settlements with numerous companies that engaged in deceptive or unfair practices by collecting personal information from consumers without appropriate disclosures or consent to such practices (including when personal information collection is set as a default). The commission has also targeted companies for engaging in practices that differ from their privacy standards. Furthermore, class action lawsuits and media scrutiny regarding these types of practices continue to serve as warnings.
LBS-based businesses that want to avoid becoming future legal or media targets need to take stock of existing business practices and identify where updates may be appropriate. Take a look at the following privacy LBS do’s and don’ts.Via[Mashable]

20120130

Samsung Galaxy Nexus on Sprint, the coming soon style teaser page goes live

It looks like Sprint is getting a little bit closer to launching the Samsung Galaxy Nexus. Of course, this little bit has arrived not as a surprise but as the next logical step considering the carrier had already confirmed that the handset was coming earlier in the month. Anyway, while it would have been a bit nicer if this page went live with a little bit more in terms of detail — those who have been waiting to get an Ice Cream Sandwich running handset on Sprint can now trade their email address and zip code for the promise of more information when it comes available. Via Google&AndroidCentral

Learn Ethical Hacking Basics-Required Skills of an Ethical Hacker- Session VIII


Required Skills of an Ethical Hacker


Objective: 

Describe ethical hackers and their duties 

Ethical hackers need hands-on security skills. Although you do not have to be an expert in everything, you should have an area of expertise. Security tests are typically performed by teams of individuals, where each individual typically has a core area of expertise. These skills include:


Knowledgeof routers, routing protocols, and access control lists (ACLs). Certifications such a Cisco Certified Network Associate (CCNA) or Cisco Certified Internetworking Expert (CCIE) can be helpful.
Skills in the operation, configuration, and management of Microsoft-based systems. These can run the gamut from Windows NT to Windows 2003. These individuals might be Microsoft Certified Administrator (MCSA) or Microsoft Certified Security Engineer (MCSE) certified.
A good understanding of the Linux/UNIX OS. This includes security setting, configuration, and services such as Apache. These individuals may be Red Hat, or Linux+ certified.
Knowledge of firewall configuration and the operation of intrusion detection systems (IDS) and intrusion prevention systems (IPS) can be helpful when performing a security test. Individuals with these skills may be certified in Cisco Certified Security Professional (CCSP) or Checkpoint Certified Security Administrator (CCSA).
Although mainframes do not hold the position of dominance they once had in business, they still are widely used. If the organization being assessed has mainframes, the security teams would benefit from having someone with that skill set on the team.
Network protocols —
Most modern networks are Transmission Control Protocol/ Internet Protocol (TCP/IP), although you might still find the occasional network that uses Novell or Apple routing information. Someone with good knowledge of networking protocols, as well as how these protocols function and can be manipulated, can play a key role in the team. These individuals may possess certifications in other OSes, hardware, or even posses a Network+ or Security+ certification.
Someone will have to lead the security test team, and if you are chosen to be that person, you will need a variety of the skills and knowledge types listed previously. It can also be helpful to have good project management skills. After all, you will be leading, planning, organizing, and controlling the penetration test team. Individuals in this role may benefit from having Project Management Professional (PMP) certification.
On top of all this, ethical hackers need to have good report writing skills and must always try to stay abreast of current exploits, vulnerabilities, and emerging threats as their goals are to stay a step ahead of malicious hackers.

Facebook makes Timeline feature compulsory


Social network Facebook has made compulsory its Timeline feature through which all of a user's photographs and wall posts would be seen by friends on their homepage.

The feature had been voluntary till now and Facebook has given all of its 800 million users a seven-day period to delete content before Timeline goes online, The Sun reported.

Timeline makes everything a person has ever done on Facebook appear on a single screen that scrolls down year by year right back to when the person was born.

Facebook founder Mark Zuckerberg recently said he was convinced people wanted to be able to share their entire lives with one another.

Zuckerberg said Timeline was the "story of your life and completely new way to express yourself".

"Millions of people curate stories of their lives on Facebook every day and have no way to share them once they fall off your profile page," he said.Via NDTV

Learn Ethical Hacking Basics :: Session VII



Continuation purpose related posts:-  Learn Ethical Hacking Basics Session I to VII



Define ethical hacking 



Ethical hackers perform penetration tests. They perform the same activities a hacker would but without malicious intent. They must work closely with the host organization to understand what the organization is trying to protect, who they are trying to protect these assets from, and how much money and resources the organization is willing to expend to protect the assets. 



By following a methodology similar to that of an attacker, ethical hackers seek to see what type of public information is available about the organization. Information leakage can reveal critical details about an organization, such as its structure, assets, and defensive mechanisms. After the ethical hacker gathers this information, it will be evaluated to determine whether it poses any potential risk. The ethical hacker further probes the network at this point to test for any unseen weaknesses. 



Penetration tests are sometimes performed in a double blind environment. This means that the internal security team has not been informed of the penetration test. This serves as an important purpose, allowing management to gauge the security team’s responses to the ethical hacker’s probing and scanning. Do they notice the probes or have the attempted attacks gone unnoticed? Now that the activities performed by ethical hackers have been described, let’s spend some time discussing the skills that ethical hackers need, the different types of security tests that ethical hackers perform, and the ethical hacker rules of engagement. 

Related Posts:- Learn Ethical Hacking Basics Session 4
                           Learn How to Break Into A Windows PC
                           Ethical Hacking Basics Session 1 & 2 
                          Learn Ethical Hacking Basics :: Session VI

20120127

Way to Secure a Folder in 2000/XP without using tools & hide from others


We are going to give you step by step solution for securing your folder in 2k/XP without using any special tools.

Step 1:

choose the folder you want to protect. [Ex: c:myFolder]

Step 2:

Copy the following text

{645FF040-5081-101B-9F08-00AA002F954E}

Step 3:

Right Click on your folder [Ex: c:\myFolder] and then click on rename.

when edit text is highlighted, at the end of the text type . and then

paste the above text. for ex:

myFolder.{645FF040-5081-101B-9F08-00AA002F954E} 

Now your folder will look like recycle bin and double click on it it will redirect you to recycle bin.



Unlock the folder


1. Go to command prompt

2. Type the following command there.

c:\ ren myFolder.{645FF040-5081-101B-9F08-00AA002F954E} myFolder

Press enter.
3. Now the folder will come back to Normal.


Related Posts:- Learn Ethical Hacking Basics Session 4
                           Learn How to Break Into A Windows PC
                           Ethical Hacking Basics Session 1 & 2 

Easy way-Hacking Windows Password


This section is to introduce some commands that are using to


change the windows password.



1. netuser

_______



It is a command using to change the windows password with out



knowing the original password.



Procedure

___________




C:/ net user username newpassword


If the user name is admin and the new password we are going to

create is nopassword , it shuld be like this

C:/ net user admin nopassword

and press enter.....now onwards the new password of the
account will be nopassword.



Related Posts:- Learn Ethical Hacking Basics Session 4
                           Learn How to Break Into A Windows PC
                           Ethical Hacking Basics Session 1 & 2