Archive for the 'Security' Category

From April 24, 2008 AVG is releasing a free version of the popular AVG Anti-Virus. This version (8.0) contains both anti virus and anti spyware and is the best free option available in the market. Unfortunately the free version lacks proactive scanning of browsing links to block malicious URLs (which contain spam/keyloggers).

AVG free offers fast scanning since spyware/antivirus engines are integrated. Another good thing is that it has a low load on the system.  It also comes with safe search - each time you search online, Safe Search checks the results on the fly to give you an immediate idea of which websites are safe to visit.

The limitations of the free version are,

• No real time link scanning.
• This cannot be installed on Windows server versions.
• No technical support

AVG anti-virus free 8.0 can be downloaded from here.

Captchas are images used by online service providers to prevent automated sign ups. Ideally characters in these images can only be identified by a human. Spammers have been working hard to created a program which can identify captcha characters. They can then randomly create email accounts and then use it for bulk spamming! Since the mail is a genuine email from a well known email provider(Gmail, Hotmail) anti-spam providers cannot block them.

Websense is reporting that spammers have finally managed to write captcha decoding programs for Hotmail which takes only few seconds to decode the characters! The success rate is over 10% and is good enough for spammers.  Here is how spammers make money from this,

1. Spammer releases the automatic signup bot as a virus.

2. An unprotected machine on the Internet gets infected by this bot virus.

3. Bot creates multiple hotmail accounts from victim’s machine using captcha decoding logic.

4. Bot sends advertising messages to multiple mail addresses using the newly created hotmail account.

5. When millions for spam messages are sent, fairly good percentage of them brings business and spammer makes money through affiliate cut.

Whoever wrote this must be pretty good since the Hotmail captcha is pretty difficult interpret even for a human. For example, consider the captach (displayed on the right side) I got when I tried to signup to Hotmail!

Weak captchas have caused havoc earlier. For example, PhpBB forum software captcha was so weak that was hacked in a few days. So if you have a popular forum which is running on PhpBB 2.0, you will soon find majority of new users are from automated signups! It was complicated by the fact that a signed up account can have a live link in the profile.

I think one way to handle the bots will be to have very big set of different captcha styles which will reduce the success rate to below 0.01%. Another way will be to introduce new type of captcha every day so that any decoding program will become obsolete in a day!

Is your Wireless network secure? If your answer is “Yes, I use WEP encryption”, then probably you need to think again. I have been using WEP encryption for sometime and hence was not amused when I saw this news!

Code breakers have discovered a technique for extracting a 104-bit Wired Equivalent Privacy (WEP) key in under a minute.

Under a minute? Basically RC4 stream cipher used by WEP(Wired Equivalent Privacy) has cryptographic weakness which is exploited by WiFi crackers. You can checkout more details of the WiFi exploit here.

We were able to extend Klein’s attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition.

It is time for me to switch to WPA which is supposed to be much more secure. I mean, till it is cracked by somebody else!

But in a world where there are so many insecure WiFi networks, WEP weakness is probably the last thing you worry about!