Friday, May 28, 2010

Opera browser does not erase all the tracks while clearing history

People who use opera, just be(a)ware!

Clearing the history completely does not erase all the readily available tracks. Opera caches the site icons from almost every visited site and it remains on the system forever!

Clearing the history and deleting all the cookies does not clear these files.

Check it out yourselves if using opera.

In a normal desktop installation of the opera browser, the favicon files cache is available at "C:\Documents and Settings\\Local Settings\Application Data\Opera\Opera\icons" folder. This is applicable for Windows XP Operating systems and for Windows 7 this folder location will be different. The folder can be easily accessed using "%HOMEFOLDER%\Local Settings\Application Data\Opera\Opera\icons\" string typed at the RUN dialog box. If the folder cannot be located, type, opera:config#UserPrefs

OperaDirectory which will contain the location of the User Preferences directory for the opera installation.
 
The folder contains the http location and favicon files of almost all the sites ever visited by a user. If not to get a glimpse of the history or for forensic purposes, the folder can be looked at to know when the user has visited a particular website. Though there is no way of telling if the user has visited a site more than once, but at least one can clearly get a list of visited websites. This is of great help while performing forensics.

The above is applicable to Opera browser v9.x and above.

Thursday, May 27, 2010

Google's SSL Search Compromises security

Well, Well, Well! Google's SSL search compromises the user's desktop security to a large extent.

When a user searches using google, user's local desktop security applications such as McAfee's Site Protector or such similar suites will not have any clue on the content of the results. And the links cannot be verified for genuine and security. This is applicable for all such applications and it can be overridden as the applications are local, but would McAfee care to release an updated version to the existing suite? And all other applications which provides link security would really care to release an update? If at all it can be overridden. ( I have not done any research on IE8 to validate the claim if it can be overridden, but on older versions of IE, it can be.)

So, if a malicious site is returned by Google, (Well, Google is not too good in site classification / user protection. Are they? :)), the user is at risk of getting the infection. In case of any 0-day exploits getting a chance to infect the user's system via Google's "secure" search results, the user is doomed. For what? Using the Google's secure search?

I can clearly visualise the long term monopoly google is going to have on everything that is connected! :D

Do you?

Goggle's introduction of SSL to search has been a deliberate move to curb third party access it contents. Though they can talk about privacy issues, sniffing, blah blah blah, any one who relied on the referrer information is doomed when the site gets redirected. Any non-google analytics will not have any data on the referrer/search terms which the user has used to get to the site.

As long as you stay with google, you will have access to a wealth of information. But once you are out of it, there might practically be nothing!

A recent comment from one of the netizen, I thought it is nice to be quoted here! :D

"GOOGLE IS NOT BE TRUSTED, INVESTIGATIONS IN THE USA STATES GOOGLE IS PURCHASING KNOWLEDGE , BOOKS , ETC. COPYRIGHTS . WITH A VIEW OF HAVING FUTURE GENERATIONS TO ACCESS OF ANY COPY RIGHT MATERIAL. WHICH MEANS A PRICE WILL BE PLACED ON KNOWLEDGE.???
STUDENTS, RESEARCHERS , IF FACT ALL WILL HAVE PAY FOR ACCESS.
MEAN WHILE GOOGLE IS SELLING EMAIL ADDRESSES, PLUS ANY INFORMATION RECEIVED. HOME LAND SECURITY AND OTHER GOVERNMENT AGENCIES ARE INVESTIGATING. ZERO CONCLUSIONS WILL BE REACHED , DUE TO THE ENORMOUS SUMS GOOGLE GIVES TO POLITICAL PARTIES AND LOBBYISTS."

I do not make any claim or support of the above quoted, bold comments as it is not mine, but forewarned, the above is true and already in the making.

Thought for time?

Monday, May 24, 2010

Search and Replace across multiple files

Some times, it becomes a tedious process to do a string search and replace across multiple files. If one is comfortable with Regular Expressions or not, V-Grep from http://www.vgrep.aionel.net/ can be used for the operations.

It is very fast and small standalone application which can be used to perform search and replace across multiple text files with ease.

Check it out!

Easily transfer files between Linux and Windows systems

Some like me work across multiple platforms like Linux and Windows operating systems. Some times, it becomes easier on one platform to perform certain functions on some files and then move it to the required platform rather than struggling there.

For example, some would prefer to edit the source code on Windows systems using some Windows specific editors rather than in Linux. To move the files across the systems, normally one would either use Samba based network mapping or a FTP server or any other method. But, for some with command line fu skills, SCP is god sent. This method only covers execution of the commands on Windows systems. (i.e., Windows will be host for the to and fro transfer of the files).

Enable SSH on the Linux box, get Putty utilities on the windows system.

Add the putty utilities to the path and create a small batch file for copying from Windows system to Linux system with the following command.

Say, name the batch file as CPF.BAT

@pscp -pw %1 @:/home/

Now, you can copy files from Windows system to the Linux system using the following command.
CPF

The file will be copied to the directory under the credentials.

Similarly to copy from the Linux to Windows, use the same command. Explore the command and parameterise whatever you need, like the destination directory Etc,.

Simple productivity tips and utilities

There are thousands of utilities to help in productivity. But using the following improves it a lot.

Essential PIM  - A nice portable freeware which can store all notes, addresses, schedules and appointments. Available from http://www.essentialpim.com/

Flashnote - A quickly accessible background application which can be used to store and access all immediately accessible content in a categorical manner using a short cut key. With little organisation, this utility can rock. Portable version of the application is available. Available from http://softvoile.com/flashnote/

Clipdiary - A quickly accessible background application which captures whatever is copied on to the clipboard using Ctrl+C. It orders the copied content in a chronological manner helping in retrieving older content in an easier manner. Unfortunately, now the product has been made commercial from freeware. If you could find a freeware version, use it. Can be made portable. Available from http://clipdiary.com/ (Note: Only commercial version is available from the given link.)

More utilities will be added soon.

Saturday, May 22, 2010

Private file sharing with SSL Tunneling - Part 1

How of us want to share information across multiple computers which are miles apart?

For example, to transfer some stuff from home computer into work computer or from work laptop to home computer or from home computer to mom's computer?

While there have been multiple simple ways to do it by creating a FTP server or even a SFTP server or any other file server technology where the files can be uploaded and downloaded, the following method is virtually limitless in terms of it's offering.

It can be used to access the system remotely, access the file system and everything else. It is more likely to be used across the systems that is managed by a single user, but physically at different locations. Yet there is not dependency on any third party remote control applications like Logmein etc and is definitely has its own merits and demerits.

This article will be spread across multiple posts.

Following are some of the pre-requisites:

One free dynamic dns account for creating host dns records.
Preferably a direct Internet connection. (Broadband connection with a addressable public ip address is sufficient as long as the router can be configured for port forwarding)
A computer (just kidding! :))
SSL Tunnel from http://www.stunnel.org/
Open SSL from http://www.openssl.org/
Any of the free VNC Servers
Any of the free FTP Servers
Any of the free File Serving Applications. My favorite is HFS.

Rest in next post.

Extracting images from Word documents

Occasionally, we might need to extract images from the documents. Traditionally, it involves copying the images from the document and pasting it in an image editor was the way. With the ODF (Open Document Format), life gets much easier.

In Word 2007 and above, the document is stored in ODF format which is nothing but essentially an zip archive of all the needed information. It contains the images, text and formatting neatly tucked as a document.

To extract the images, just rename the .docx to a .zip file and extract the contents. One can find all the needed images, text and formatting XML as individual files under various folders.

From there one could use the embedded images.

Synthia - End of life for humans?

While numerous bright minds around the world are talking about the creation of life by Biologist Craig Venter, the human who played god, some things are to be noted. For centuries, humans have tried mutating various species of organisms for profit (yes... for profit. be it political, medical, research, military or for else), it has been always with the help of other carrier organism or a substrate.


This is the first time a completely synthetic organism has been brought to life after which it has continued it's biological life. As there is always two sides of the coin, the risks out weigh the benefits in this case. Once some body has done it, it finds its way into the most dangerous, cunning minds around the world who would replicate it for profit. People argue about the benefits of creating complex organisms to turn the world into a better place. Creating an organism that can reduce CO2 from atmosphere, turn waste into fuel, bla bla and what not. As seen so far in human history and with the other so called inventions, human life it put at more risk than ever. With the advent of artificial life, the natural habitat of humans on this so called Planet Earth has started the count down.

It is not being overly sarcastic or pessimistic about the developments / advancements, but as humans we are causing a slow death to the planet by consuming it's natural resources and causing the system to fail slowly but steadily, yet but rant only at the face value while continuing to do whatever.

While the research has been on for almost 15 years before a life form could be created. But once it has been, it will continue to emerge some where on the planet in near future. The worry is how deadly / lethal it could get? What if an organism could make a targeted human population to disappear? What control / protection do a normal person has over a deadly lab organism soon to be delivered into his food chain? Was it really necessary to create something like this? What if the technology gets into wrong hands? Would there be chaos everywhere? It looks like soon there will be.

At least as played as natural disasters or unknown epidemics, a plague will definitely engross the world costing the lives of many. Was this the case with almost any technology that could be weaponised? Yes, but most were not so deadly. For years, there have been biological and chemical warfare and even there are excellent footages in Discovery Channel dating back to the pre world war 1 and 2 times, but nothing will be more deadly as it will get in near future.

This is like breaking the security of the already weaker humans.

Update: Now scientists are claiming whatever Venter has done is not exactly artificial life. Following explanation is quoted from a popular indian daily news paper:

Are the bacterial cells created in J Craig Venter’s laboratories in the US actually synthetic life? After the hype and hoopla over the announcement of the world’s first “manmade living cells”, scientists are getting down to answering that question. And this is what most of them have to say: Venter’s team has achieved a stupendous technical feat, but the cells cannot be called synthetic.
 
Using an analogy from everyday life, what the team did is akin to completely reprogramming a computer, but not building one from scratch. Here’s why.

As the first step in the decadelong work, Venter and his researchers mapped the genome of a simple bacteria, Mycoplasma mycoides. Genome is the ‘brain’ of any cell and contains sequences of DNA which carry all the genetic information needed for the cell — and by extension, the organism — to function.
 
Like all living matter, the genome is made of chemicals. What Venter’s team did next is being hailed as a tour de force. It manufactured the M mycoides’ genome, step by step in the lab, using, in Venter’s words, “four bottles of chemicals”. This synthetic genome, identical in every way to the ‘original’ except for certain harmless ‘signatures’ the team put in to mark it as a builtin-the-lab version, was then inserted into another type of bacteria after the bacteria’s own genome had been sucked out.
 
Venter describes what happened next: “As soon as the genome goes into the cell, it starts making new proteins encoded in its DNA and converts it into a new synthetic species. It’s a completely synthetic cell now, it has replicated over a billion times. The only DNA it has now is the synthetic one that we made.”
 
In other words, the once the synthetic M mycoides genome is introduced in the bacterial cell, it transforms into an M mycoides. When it replicates, the off-springs too are M mycoides, carrying copies of the man-made genome. Venter believes, for all practical purposes, this is synthetic life. But other experts are saying that though the cell’s control station is artificial, the cell itself isn’t. Neither is it a new form of life —the artificial genome is an exact replica of a M mycoides genome.
 
Says Delhi University Vice-Chancellor Deepak Pental, himself a biotechnologist, “In this case, the bacterial cell is being seen as a shell, an envelope into which man-made genome is inserted. But the shell is much more than an envelope.”
 
Nobel-winning British biologist Paul Nurse elaborates the point. In an conversation with BBC, he says, “Venter’s work is a major advance. But it’s not a creation of synthetic life...Creation of synthetic life would be to make an entire bacterial cell through chemicals.”  Nurse, Venter’s rival in many ways, believes creating an entirely new cell from scratch, though theoretically possible, would require a level of technology likely to be reached “long after we are dead”. He points out that in Venter’s method, there’s very little scope of deviating from nature’s script. “In an earlier attempt, Venter’s team got just one genetic ‘letter’ wrong — out of a million — and this cell simply didn’t function,” he says.

THESE CELLS AREN’T SYNTHETIC

 
Craig Venter's team created the genome of an M mycoides bacteria in the lab and inserted it into another type of bacteria. The recipient bacteria started behaving like an M mycoides. Its offspring too carried copies of the man-made genome 
Venter says the cells are synthetic since they are controlled by genes made in lab  
Other experts say that for any cell to be called synthetic, all its components should’ve been created artificially — perhaps possible in theory, but as yet technically impossibl.

Friday, May 21, 2010

Photocopier privacy issues

Photocopiers used at offices pose a serious threat to the privacy. With nearly all models of the photocopiers manufactured after 2002-03 comes with a built-in Hard Disk. Whether it was used as a temp buffer to store the scanned documents for printing or for serving the scanned documents over the network as most devices have a in-built file server, it throws a surprise. While this was done to improve the performance as to use the HDD as a scratch pad for multiple copies, the image stays there forever!

Once written to the HDD, the images can be very easily recovered revealing all the details. Right from CC (Credit card) numbers to personal information such as SSN, Addresses, Telephone Records, Medical Records, Blue prints, Internal official documents and whatever was scanned, photocopied!

It is a must to erase the HDD on the devices (Desktops, Laptops, Personal Media/Music Players, Storage units, Cell phones, Printers, Photocopiers, Multi function devices) before disposing it off. This requires removing the storage unit from the device and erasing using one of the secure erasing tools available in the market. There are numerous freeware applications available in the market to erase the data permanently off the magnetic storage devices and even a single pass erasure is sufficient to thwart the most common data theives.

A recently published article reveals the amount of spine shocking information mined through such storage units salvaged from old, disposed photocopier machines.

Another Apple Leak - This time it is iPod Touch!

Apple has been in the top news recently for leaked versions of their prototype gadgets. Be it because of the media frenzy surrouding their devices or else, Apple has a tough time in protecting their prototypes being released on to the world.

Though this has nothing to do with the security article of the blog, it also iterates the importance of having a secure environment for prototype devices, right from the conception, design, development, testing till release. This might spur fakes to release a new version of the device much before the official launch of the device.

This time, the new iPod Touch has been leaked by vietnamese. Not sure what's cooking with Vietnam these days and whether Apple has been moving the factories from China to Vietnam for even cheap labour.

Foxconn, one of the Apple's major device assembler has been in the news recently for unsafe and substandard working conditions with staggering lower wages. Check out that article here.

The new iPod Touch sports a camera and found running the same diagnostic utility as seen with the devices assembled by Foxxconn.

While the physical dimensions appear to be the same, Foxconn label appears to indicate a 64GB model ("64G") along with a 2 MP camera by Omnivision. Though camera was a long desired feature on iPod, Apple has finally decided to add it to the iPod family!

The DVT-1 label denotes that this is a design verification test unit for production testing probably a first model. Albeit, this may not be the final design that will be revealed whenever Apple chooses to officially release, or until the next leak!.

It seems cheap labor is costing Apple more than they had bargained for, with the recent leak of their refreshed MacBook and the 4th gen iPhone in Vietnam as well. Device Manufacturers have to make a note of it!

Check out a hands-on video below, along with more images:

Front Face:


Back


In comparison with the current 2G model. Note the addition of the Camera.


Diagnostic Video: