10 Cyber Threats to Look for in 2009

cyber-threat

1. Collaboration Tools

Tools that help people collaborate i.e. IM, IRC, Social Networking Sites, Video Conferencing, and White Boards. Users can expect to see a surge of attacks through collaboration tools, as membership continues to increase. These tools will help cyber criminals in stepping up to hit interactive social networking site with unsolicited e-mail and malicious links. Ignorance about clicking on an ‘interesting link’ will be exploited by the bad guys on internet.  The cases of identity theft, cyber-stalking, cyber-bullying and cyber-extortion are expected to rise. At the corporate level, this may give rise to increase data theft from corporate databases.

2. Virtualization

Now a day’s companies are using virtual environments to reduce cost, save space and to increase convenience for their employees. Virtualization includes running a platform (Linux) on a different platform (Windows). But virtualization makes the security more complicated as it introduces an extra layer that must be secured. Now we have to secure both Virtual machine and the physical machine.

3. BotNet

A bot planted on the machine, maintains a command and control mechanism to enable communication with its master. A large number of such bots under command of the same master becomes a “bot army“ that has considerable computing power to engage in a variety of malicious activities including data theft, DoS attacks, spam delivery, NDS spoofing , to name a few.

4. Cyber Warfare

The low cost associated with launching cyber attacks as compared to physical attacks, the likely deniability of crime committed on the internet and the lack of international cyber laws to resolve conflicts between nations, are the main reasons for many governments mentoring cyber warfare. The vulnerability in systems , user ignorance and overdependence on outsourcing agencies are likely to be the main reason for the success of cyber warfare. The cyber attacks that occurred between Russia and Georgia in 2008 are indicators for military cyber engagements in 2009 and beyond.

5. Phlashing attacks

The attacks on network devices (router, switches etc) and other hardware systems that rely on firmware to contain OS related problems are likely to increase. In this type of attacks, hackers upload nonauthentic firmware to devices under the guise of original firmware updates. However this malicious firmware provides a back door into a network or permanently disables the devices. This may result to completely denial-of-service attacks.

6. Wireless Risks

Wireless will continue to be a big threat in 2009. Insecure protocols, easy accessibility, lack of strong encryption and authentication and more importantly, user ignorance are the main reasons for the increase in wireless risk.

7. Threats due to Green Computing

Using computing resources efficiently is certainly a good thing. But extra care should be taken while recycling computer resources, for example it can expose your data to a stranger if you don’t ensure that the hard drives have been completely wiped.

8.  Cloud Computing

Cloud computing is a buzzword these days.  It is a style of computing in which resources are accessed as a service over Internet. In this technology all of your resources are kept in terminals that are placed somewhere else. But when your data is placed somewhere else you can’t ensure the security of your data from everyone else out there.

9. Insider Threat

The financial meltdown and resulting lay-offs may fuel employee discontent, to cause serious threat to corporate networks and data theft.

10. Risk for OS other than Windows

Linux is safer than Windows. Is it true?
The reason Linux enjoying this reputation is Linux is not much popular as Windows is. Major portion of desktop OS market is acquired by windows. But as the popularity of Linux will increase, attention of bad guys toward Linux will also increase. There will be more targeted attacks on Linux in coming years.

Google to invest in StartUps.

gv

If you have an outstanding idea for a StartUp and worrying from where all the money required would flow in. DON’T WORRY.

World’s largest search engine Google is ready to help you with your startup. Under the management of Rich Miner and Bill Maris google announces Google Ventures. Google Venture is a effort to use google’s resources to encourage entrepreneurs and new companies.

For Entire Story visit www.google.com/ventures

Stop Web.config Inheritance into Child Application/Directories

Asp.net configuration file, web.config (machine.config at server level)  applies to the directory in which it appears and all sub – directories. The configuration file hierarchy for a Asp.net site goes as shown below.

Asp.net Configuration File Hierarchy

Here is a link where you can read more about web.config inheritance. While settings are inherited from the higher level of configuration file, child configuration files are always permitted to override them. Inheritance downward is useful for applying a unique settings for all applications on server but in certain situation a higher config file may want to prevent inheritance in child applications. This can be achieved by using the <location> element as follows.

<location path="." inheritInChildApplications="false">
<system.web>
...
...
</system.web>
</location>

The above code can prevent inheriting the <system.web> element in this case, into the child web application. Please note that this piece of code should be placed in the parent’s web.config file.

The Worlds “Fastest” Server

When I say “Fastest”, I mean fastest in anyway like a drag bike. So does guys from HostMySite.com. They said that they have created a World fastest server which is actually a customized fully electric Drag Bike that can go from 0 to really fast within 2 seconds. They are also hosting a contest on CodeProject.com.

World Fastest Server
World Fastest Server

See the evolution of this bike in this full album. Wendy and Matt have taken their fun interview at SXSW, checkout it here.

How to Create Web Slice

Microsoft has released the final version of Internet Explorer 8 at MIX09. IE8 has many new features with it, like InPrivate Browsing, Web Slice, Compatibility View etc.
The feature I like the most is Web Slice

What is a Web Slice.
Web Slice is a new feature in IE8 which allows users to subscribe to a portion of a webpage. Web Slice behave just like RSS feeds for a portion of a webpage.  Web slice are based on hAtom Microformat and hSlice Microformat. Any developer can create a web slice in a existing webpage just by annotating HTML with class names for title, entry content and other properties.

How to create a Web Slice.
Here is a simple working example.
Note: Web Slice works only when page is served by a server.

WEB SLICE Example

WebSlice Title

this is the content that will appear in the preview window
10

Twitter Bug?

Hey, this is really strange issue I faced today. I don’t know if it happens to anyone out there, but I guess this is a Bug with Twitter. I was playing around with my account when I changed my user name from “aakash” to “Aakash”. Curiously, I tried to create a new user as “aakash” in twitter with my other email-id. To my surprise, it was created successfully. WTH ! This means I was having two different accounts “aakash” and “Aakash”. A got a mail from Twitter that confirmed the successful creation of this new Id. Just to dig it deep, I tried to logout and login again and play more but then it failed to login my newly created account. I was not able to login into any of the both account and that moment I feel that I will lost all my updates and followers. Finally, I have to use “forget password link” (my email address and ph. number) to recover my password for my original account. Now I am using my email id to login as username doesn’t work. I am not sure if it happens due to delay in update in databases between servers. I would like if you could try it on your end too and let me know your experience. If it is a Bug then it need a fix.

Search for Trains from Gtalk

Just explored a new added feature from Cleartrip that allows you to search for Trains from your Gtalk. Add “cleartrip.trains@gmail.com” as a friend in your Gtalk and start searching. Unlike your normal friends “cleartrip.trains@gmail.com” is a ‘Bot’ which takes command as input, execute them and return the result back to you. Say, if you want to search for a 3-AC train from ‘Mumbai’ to ‘New Delhi’ on Mar 10. You will send a message as “Mumbai New Delhi Mar 11 3A”. This will return the list of trains with related information. Kwel!. You can send “help” for other instructions.

I see they have put a great deal of effort to make searching for Trains (in India) a pleasure experience through their website. You need to open an online account with them and start searching and booking the trains. You can customize your search and can even see the route on map. There possibly will be other website which might be providing this type of service, but they are yet to be explored.

Train Route
Train Route (Punjab - Mumbai)

I’ve been using the Indian Railway official website to search and book but it seems that the private players are a step ahead to provide easy service that make sense. Here, IRCTC (read it as “Indian Railways Catering and Tourism Corporation Limited”) is doing the right thing to allow the other service providers/vendors to search through the reservation database. I’m waiting for a stiff competition between various online service providers in near future and I’m sure this will bring out something that is useful, more personalized, and easy for users.