Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Wednesday 26 October 2011
Lists of Various Steganographic Tools
Steganography is the art and science of hiding information such that only the sender and recipient can read that hidden piece of information. While the cryptography is focussed on making message unreadable, steganography focusses on data hiding and hence combination of both can give better security in most cases.
As mentioned earlier, steganography is the art of hiding information and can be done in many ways. For instance, simplest forms of steganography would be toinsert each character of hidden message in the Nth position of each word in a sentence so that recipient takes Nth letters of each words to reconstruct the message. While this was very basic example, steganography has no bounds and one can hide messages within images, audios, videos, source codes, etc and this involves some sort of creation to increase the obscurity of the hidden message. Wikipedia entry gives far much deeper information on steganography tool and I would like to recommend you to read it.
To make digital steganography easier, numerous tools have been developed and I'm listing some of them here.
1) Hide in Picture: Hide In Picture is a program that allows you to conceal files inside bitmap pictures, using a password. The pictures look like normal images, so people will not suspect there is hidden data in them.
2) wbStego: wbStego4 offers steganography in bitmaps, text files, HTML files and PDF files. It is has two very user-friendly interfaces and is ideal for securely transmitting data online or adding copyright information, especially with the copyright information manager.
3) Hide4PGP: Hide4PGP is a freeware program distributed as source code in ANSI C and precompiled executables for DOS (any version but 1.x), OS/2 (Warp and up), and the Win32 console (9x and NT). It's purpose is to hide any data in a way that the viewer or listener does not recognize any difference. It supports BMP, WAV and VOC file formats.
4) MP3Stego: Hide files within mp3 files. MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream.
5) TextHide: Simple text steganography
6) GifShuffle: gifshuffle is used to conceal messages in GIF images by shuffling the colourmap, which leaves the image visibly unchanged. gifshuffle works with all GIF images, including those with transparency and animation, and in addition provides compression and encryption of the concealed message.
7) Snow: snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.
8) Camouflage: Camouflage allows you to hide files by scrambling them and then attaching them to the file of your choice. This camouflaged file then looks and behaves like a normal file, and can be stored, used or emailed without attracting attention.
9) OpenPuff: OpenPuff is a professional steganography tool, with unique features you won't find among any other free or commercial software. OpenPuff is 100% free and suitable for highly sensitive data covert transmission. Its very advanced tool with support to images, audios, videos, flash, adobe.
10) SteganRTP: Steganography tool which establishes a full-duplex steganographic data transfer protocol utilizing Real-time Transfer Protocol (RTP) packet payloads as the cover medium. The tool provides interactive chat, file transfer, and remote shell access. A network steganographic tool.
Read more...
As mentioned earlier, steganography is the art of hiding information and can be done in many ways. For instance, simplest forms of steganography would be toinsert each character of hidden message in the Nth position of each word in a sentence so that recipient takes Nth letters of each words to reconstruct the message. While this was very basic example, steganography has no bounds and one can hide messages within images, audios, videos, source codes, etc and this involves some sort of creation to increase the obscurity of the hidden message. Wikipedia entry gives far much deeper information on steganography tool and I would like to recommend you to read it.
To make digital steganography easier, numerous tools have been developed and I'm listing some of them here.
1) Hide in Picture: Hide In Picture is a program that allows you to conceal files inside bitmap pictures, using a password. The pictures look like normal images, so people will not suspect there is hidden data in them.
2) wbStego: wbStego4 offers steganography in bitmaps, text files, HTML files and PDF files. It is has two very user-friendly interfaces and is ideal for securely transmitting data online or adding copyright information, especially with the copyright information manager.
3) Hide4PGP: Hide4PGP is a freeware program distributed as source code in ANSI C and precompiled executables for DOS (any version but 1.x), OS/2 (Warp and up), and the Win32 console (9x and NT). It's purpose is to hide any data in a way that the viewer or listener does not recognize any difference. It supports BMP, WAV and VOC file formats.
4) MP3Stego: Hide files within mp3 files. MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream.
5) TextHide: Simple text steganography
6) GifShuffle: gifshuffle is used to conceal messages in GIF images by shuffling the colourmap, which leaves the image visibly unchanged. gifshuffle works with all GIF images, including those with transparency and animation, and in addition provides compression and encryption of the concealed message.
7) Snow: snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.
8) Camouflage: Camouflage allows you to hide files by scrambling them and then attaching them to the file of your choice. This camouflaged file then looks and behaves like a normal file, and can be stored, used or emailed without attracting attention.
9) OpenPuff: OpenPuff is a professional steganography tool, with unique features you won't find among any other free or commercial software. OpenPuff is 100% free and suitable for highly sensitive data covert transmission. Its very advanced tool with support to images, audios, videos, flash, adobe.
10) SteganRTP: Steganography tool which establishes a full-duplex steganographic data transfer protocol utilizing Real-time Transfer Protocol (RTP) packet payloads as the cover medium. The tool provides interactive chat, file transfer, and remote shell access. A network steganographic tool.
Read more...
Bookmark this post: | 
|
Monday 26 September 2011
RSS and Related Security Issues For Business People
While RSS is a very simple way to expand your business and nothing complex is involved in RSS feed systems, you should never underestimate the security issues in any digitized systems, not even in really simple technology like RSS. A business company should always be aware of possible security risks in any system they are employing to help them in their tasks.
Most of you might believe there would not be much security issues in RSS feeds and feel that you need not worry about any cases of exploiting of your system but that's just a myth. Malicious attackers can inject scripts inside the feeds and affect thousands of feed readers with even a single vulnerability discovered in the popular RSS reader or aggregators.
Bad HTML or javascript can be injected as malware inside the feeds and if your business is gathering content from other sources and adding them to feeds, your feeds are likely to be affected by such malwares. Such scripts are generally injected in the feed titles, descriptions, links and other components of the RSS feeds. The scripts injected can exploit the possible vulnerabilities in the RSS readers of your subscribers leading to possible control of your subscriber's PC by the attacker. This can open possible backdoors by the installation of trojans or keyloggers using the proper exploits such as browser exploits, activex exploits, etc. and let the attacker steal the data by using possible local zone security attacks which can be the worst thing you can imagine happening to your business as customers are the life blood of every business and you engage customers everywhere. And if your customers are affected, then ultimately your business will be affected. Hence extreme care should be taken while importing content from other sources to develop your RSS contents.
Many times business owners like to include the comments from subscribers in the RSS contents and mostly they hardly watch the actual content in those comments. There is always a possibility of injection of malicious scripts in those comments as well. So proper filtering and stripping mechanism has to be employed before storing new contents to your RSS feeds rather than just storing those comments in the feed contents. The HTML tags such as script, embed, object, etc. are the ones that must be stripped out in most cases to avoid possible security issues. Also, using safe and secure RSS reader or aggregator is a good approach to RSS security. So you should choose the most secure RSS reader or aggregator from the available ones and suggest those to your subscribers. Also, make sure that your customers and employees use the latest and patched version of the reader so that maximum level of security is ensured.
In many cases, the RSS generators and other services in the RSS servers are also prone to security attacks and the attackers might be able to gain certain level of privilege in the system. In such case, the attackers can replace the original RSS feeds with their own affected version of RSS feeds which will then be delivered to your customers affecting your customers and your business as well. This can be devastating as this might lead not only to the script injections in the feeds but also stealing of many sensitive information from the server. For example, if your RSS server is used to host your business website or maybe for file sharing, the critical data related to them might be compromised as well. So proper security assessment of the server and network from the security professionals is necessary before taking your system live for production usage.
As a business owner, you must understand that security is a necessity in any system, be it a physical system or be it a digitized and online system and RSS is not an exception to this. If you want to succeed as a business owner, you should never underestimate the need of security and privacy and you should employ proper level of security as discussed above in the RSS system. Security in RSS system will ensure gaining of customers and expansion and promotion of your business so do not miss security practices in your RSS feed contents.
Read more...
Most of you might believe there would not be much security issues in RSS feeds and feel that you need not worry about any cases of exploiting of your system but that's just a myth. Malicious attackers can inject scripts inside the feeds and affect thousands of feed readers with even a single vulnerability discovered in the popular RSS reader or aggregators.
Bad HTML or javascript can be injected as malware inside the feeds and if your business is gathering content from other sources and adding them to feeds, your feeds are likely to be affected by such malwares. Such scripts are generally injected in the feed titles, descriptions, links and other components of the RSS feeds. The scripts injected can exploit the possible vulnerabilities in the RSS readers of your subscribers leading to possible control of your subscriber's PC by the attacker. This can open possible backdoors by the installation of trojans or keyloggers using the proper exploits such as browser exploits, activex exploits, etc. and let the attacker steal the data by using possible local zone security attacks which can be the worst thing you can imagine happening to your business as customers are the life blood of every business and you engage customers everywhere. And if your customers are affected, then ultimately your business will be affected. Hence extreme care should be taken while importing content from other sources to develop your RSS contents.
Many times business owners like to include the comments from subscribers in the RSS contents and mostly they hardly watch the actual content in those comments. There is always a possibility of injection of malicious scripts in those comments as well. So proper filtering and stripping mechanism has to be employed before storing new contents to your RSS feeds rather than just storing those comments in the feed contents. The HTML tags such as script, embed, object, etc. are the ones that must be stripped out in most cases to avoid possible security issues. Also, using safe and secure RSS reader or aggregator is a good approach to RSS security. So you should choose the most secure RSS reader or aggregator from the available ones and suggest those to your subscribers. Also, make sure that your customers and employees use the latest and patched version of the reader so that maximum level of security is ensured.
In many cases, the RSS generators and other services in the RSS servers are also prone to security attacks and the attackers might be able to gain certain level of privilege in the system. In such case, the attackers can replace the original RSS feeds with their own affected version of RSS feeds which will then be delivered to your customers affecting your customers and your business as well. This can be devastating as this might lead not only to the script injections in the feeds but also stealing of many sensitive information from the server. For example, if your RSS server is used to host your business website or maybe for file sharing, the critical data related to them might be compromised as well. So proper security assessment of the server and network from the security professionals is necessary before taking your system live for production usage.
As a business owner, you must understand that security is a necessity in any system, be it a physical system or be it a digitized and online system and RSS is not an exception to this. If you want to succeed as a business owner, you should never underestimate the need of security and privacy and you should employ proper level of security as discussed above in the RSS system. Security in RSS system will ensure gaining of customers and expansion and promotion of your business so do not miss security practices in your RSS feed contents.
Read more...
Bookmark this post: |
|
Monday 12 September 2011
Nixory - A Light Antispyware Tool
Nixory is a light and handy open source antispyware tool aimed at removing malicious tracking cookies. It currently supports Mozilla Firefox, Google Chrome and Internet Explorer and it runs on all major OS including Windows, Linux and MacOSx.
For more information and download, visit nixory sourceforge page.
Read more...
For more information and download, visit nixory sourceforge page.
Read more...
Bookmark this post: |
|
Friday 19 August 2011
Open Source Anti-theft Solution For MAC, PCs and Phones
Prey is an open source application that helps us track the lost laptops or phones. Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen. It's lightweight, open source software, and free for anyone to use.
In order to understand more about the project, visit the Official website.
Also try this video tutorial for configuring the Prey application.
I hope it becomes useful for you. :)
Read more...
In order to understand more about the project, visit the Official website.
Also try this video tutorial for configuring the Prey application.
I hope it becomes useful for you. :)
Read more...
Bookmark this post: |
|
Anonymous and Encrypted Torrent Download With Anomos
Anomos is a free and open source standalone anonymous and encrypted torrent client so if you are too concerned about anonymity, why not try this torrent client. Anomos is available for all major platforms including windows, linux and OSX.
Anomos Quote:
Anomos is a pseudonymous, encrypted multi-peer-to-peer file distribution protocol. It is based on the peer/tracker concept of BitTorrent in combination with an onion routing anonymization layer, with the added benefit of end-to-end encryption. By combining these technologies, we have created a platform where by no party outside of the trusted tracker will have any information about who a peer is or what they are downloading.
smwhite
Anomos is designed to be easy to use – you won’t even be aware of the security that it provides. Anybody who is already familiar with BitTorrent won’t have to do anything differently, other than use ‘atorrent’ files rather than ‘torrent’ files.
For more technical details, please see this blog post.
For downloads and more information, visit the Anomos Official Site.
Read more...
Anomos Quote:
Anomos is a pseudonymous, encrypted multi-peer-to-peer file distribution protocol. It is based on the peer/tracker concept of BitTorrent in combination with an onion routing anonymization layer, with the added benefit of end-to-end encryption. By combining these technologies, we have created a platform where by no party outside of the trusted tracker will have any information about who a peer is or what they are downloading.
smwhite
Anomos is designed to be easy to use – you won’t even be aware of the security that it provides. Anybody who is already familiar with BitTorrent won’t have to do anything differently, other than use ‘atorrent’ files rather than ‘torrent’ files.
For more technical details, please see this blog post.
For downloads and more information, visit the Anomos Official Site.
Read more...
Bookmark this post: |
|
BleachBit : Disk Cleanup Utility For Windows and Linux
Bleachbit is a free and open-source utility that can be used to clean Junk space to free disk space and maintain privacy.
BleachBit quickly frees disk space and tirelessly guards your privacy. Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean 90 applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source.
Downloads and more information available at Bleachbit SourceForge Page.
Read more...
BleachBit quickly frees disk space and tirelessly guards your privacy. Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean 90 applications including Firefox, Internet Explorer, Adobe Flash, Google Chrome, Opera, Safari,and more. Beyond simply deleting files, BleachBit includes advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source.
Downloads and more information available at Bleachbit SourceForge Page.
Read more...
Bookmark this post: |
|
IPV6 Attacking Toolkit - THC-ipV6 Toolkit Released
The famous hackers group The Hacker Choice(THC) has released a set of tools to attack the IPv6 protocol. IPv6 is the descendant of IPv4 protocol which was purposed due to exhaustion of the IPv4 pool.
THC writes:
THC is proud to be the first who are releasing an comprehensive attack toolkit for the IPv6 protocol suite. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. Included is a fast and easy to use packet crafting library to create your own attack tools.
For more information on the project, visit the THC IPv6 Project Page.
Download Here
Read more...
THC writes:
THC is proud to be the first who are releasing an comprehensive attack toolkit for the IPv6 protocol suite. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. Included is a fast and easy to use packet crafting library to create your own attack tools.
For more information on the project, visit the THC IPv6 Project Page.
Download Here
Read more...
Bookmark this post: |
|
Backtrack 5 R1 Released
The most widely used linux-based penetration testing distro, BackTrack had a new release yesterday. Backtrack 5 R1 was released on August 18 which adds 30 new tools in the famous hacker's distro.
Offsec team says:
We are really happy with this release, and believe that as with every release, this is our best one yet. Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.
We’ve released Gnome and KDE ISO images for 32 and 64 bit (no arm this release, sorry!), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed.
For downloads, visit Backtrack Download Page.
Read more...
Offsec team says:
We are really happy with this release, and believe that as with every release, this is our best one yet. Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.
We’ve released Gnome and KDE ISO images for 32 and 64 bit (no arm this release, sorry!), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed.
For downloads, visit Backtrack Download Page.
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)