1 / 3
2 / 3
3 / 3

Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Friday, June 19, 2020

Linux Series #3: Open Source

Hello Everyone. This post is about Open Source. At the end of this post, you will get an idea of what Open Source means.


What is Open Source?


If you come across someone saying, "It's an Open Source Software", you might wonder what it means? Does it mean, the software is free? Does it mean it gives full privacy? 

If the software is Open Sourced, then it means that the source code of that particular software is available for the public. Anyone can view and modify it for their personal or other purposes. For example, when it comes to Windows you have to pay to get a genuine copy. Whereas when it comes to Linux, the genuine copy is available for free. In this case, Windows is known as Proprietary Software and Linux is said to be an Open Source Operating System.


Why Open Source? What are its benefits?


Let's say I came up with a Software called "X". Now I am Open Sourcing it.  Since the Source Code is available to all, a lot of people will start exploring the code. Here development is done Collaboratively. Many People will show interest to contribute to my software with new ideas, unlike Proprietary Softwares where only the Company or the Owner is responsible for innovative ideas. More the number of people from different background work in the project better the quality of review will be. For an Open Source Project, reviews and suggestions can be made by anyone, from anywhere. Open Source never guarantees that the software is always free. And do not confuse Open Source with Privacy issues. 


Some of the features of Open Source are,


 Collaboration
 Peer and Community Review
 Transparent
 Cheaper
 Flexibility
 Reliability
 Control
 Training
 Security
 Stability
In the field of Artificial Intelligence, Cloud Computing and Data Science, a a lot of innovations occur and most of them are derived from Open Source.

Examples of Popular Open Source Sofware are,
 Linux OS
 Ansible
 Kubernetes
 Apache
 MySQL
 PHP
 Android OS
 Firefox
When you discuss Open Source, you will come across the terms OSI  ( Open Source Initiative ) and FSF ( Free Software Foundation ) and Licenses.

 

Free Software Foundation (FSF)


Richard Stallman came up with this foundation to promote the growth of free and open-source software. During his time he saw increased usage of proprietary Softwares which denied the users their freedom to access and modify the source code. So he designed an Open Source Operating System called GNU (GNU is Not Unix). The word "free" in FSF doesn't mean that the software is available at free cost, it refers to the "freedom" of the users. FSF promoted and provided Funding for free software development. According to him, the software has to follow the below regulations to be recognised by FSF.
 Freedom to run the program for their own personal use.
 Freedom to access and examine how the program functions, and change it so that it performs as per the instructions.
 Freedom to redistribute the copies.
 Freedom to redistribute copies of your modified versions.
 One of the most popular licenses offered by FSF is the GNU General Public License v3. To see the complete list of available FSF licenses, check here.


Open Source Initiative (OSI)


OSI is a non-profit organisation, found by B.Perens and Raymond in 1998. The aim of this organisation is to spread the principles of Open Source. You can check the licenses here. Like FSF, OSI too had their own regulations.

1. Free Redistribution

The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fees for such sale.

2. Source Code

The program must include source code and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost, preferably downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.

3. Derived Works

The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

4. The integrity of The Author's Source Code

The license may restrict source-code from being distributed in modified form only if the license allows the distribution of "patch files" with the source code to modify the program at build time. The license must explicitly permit distribution of software built from modified source code. The license may require derived works to carry a different name or version number from the original software.

5. No Discrimination Against Persons or Groups

The license must not discriminate against any person or group of persons.

6. No Discrimination Against Fields of Endeavor

The license must not restrict anyone from making use of the program in a specific field of endeavour. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

7. Distribution of License

The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.

8. License Must Not Be Specific to a Product

The rights attached to the program must not depend on the program's being part of particular software distribution. If the program is extracted from that distribution and used or distributed within the terms of the program's license, all parties to whom the program is redistributed should have the same rights as those that are granted in conjunction with the original software distribution.

9. License Must Not Restrict Other Software

The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be open-source software.

10. License Must Be Technology-Neutral

No provision of the license may be predicated on any individual technology or style of interface.

Source: https://opensource.org/docs/osd
Hope you got an Idea what Open Source means.
Share if you find it useful. And Comment if there is any doubts/room for improvement.

Join the telegram group for more.


Read More

Friday, July 14, 2017

Cross-platform Remote Access Trojan - Adwind

Hello Friends,

Remote Access Trojan(RAT) Called “Adwind”(Adwind/jRAT)  Targeting Aerospace Industries to steal credentials, record and harvest keystrokes, take pictures or screenshots, film and retrieve videos, and exfiltrate data.

Its a Cross Platform Remote Access Trojan which Detect as JAVA_ADWIND and Malware Authors developed this Malware to run on any machine installed with Java, including Windows, Mac OSX, Linux, and Android.

This RAT Mainly Targeting Aerospace industries and infected countries including Switzerland, Ukraine, Austria and US listed as Most Affected Countries.
Read More

6 Million Verizon Customers Data Leaked online

Hi Friends,
Telecommunications giant Verizon’s Customers 6 Million Sensitive personal data leaked online due to misconfigured cloud-based file repository and this Misconfiguraton leads to exposed customer phone numbers, names, and some PIN codes publicly available online.


This Data Breach occurred due to “Human Error” and  Verizon’s Cloud-based file server was operated by Verizon’s Third Party vendor  NICE Systems.
Read More

Wednesday, April 12, 2017

Microsoft Office Word 0-day remote code execution vulnerability

Hello Friends,
On April 7, two researchers from McAfee and FireEye broke a 0-day vulnerability in Microsoft Office Word. By sending a message with an OLE2link object attachment, when the user opens the attachment, the code executes and connects to an attacker-controlled remote server, thereby downloading a malicious HTML application file (HTA) that will disguise Become a Microsoft RTF document.
Read More

Sunday, January 24, 2016

How to Protect Your Hard Drives from Data Forensics ?

Hello Friends,
The mass arrests of 25 anons in Europe and South America, and the rumors of an FBI sweep on the east coast of America floating around, times look dicey for hackers. Over the past few days, a lot of questions have been posed to me about removing sensitive data from hard drives. Ideas seem to range from magnets to microwaves and a lot of things in-between. So, I’d like to explain a little bit about data forensics, how it works, and the steps you can take to be safe.
Often, an anon will delete files from his computer, but that is only half the story, as those files are still really there. And if the careless anon doesn’t take steps to fix that, when his door gets kicked in and the FBI takes his hard drive, they will be able to see everything. Don’t be that anon.
Read More

Sunday, May 10, 2015

Trace Facebook Profile Visitors

hi friends,
Today billions of people are using Facebook today, Facebook is one of the biggest network of internet and is very much popular worldwide. Today billions of people using Facebook daily in their life and many of user visits each other profile daily and more than even the respective user another user visits more than him/her. But you can’t see directly the visitors that have visited in your profile. So in this post i will tell you the method by which you can easily trace the friends that visit your profile. And you will also check the visitor that visit your profile everyday.
Read More

Friday, December 5, 2014

Hacking PayPal Accounts

Hi Friends,
The computer security industry has made many positive changes since the early days of computing. One thing that seems to be catching on with bigger tech companies is bug bounty programs. PayPal offers such a program and [Yasser] decided to throw his hat in the ring and see if he could find any juicy vulnerabilities. His curiosity paid off big time.
Read More

Tuesday, October 28, 2014

Samsung 'Find My Mobile' Flaw Allows Hacker to Remotely Lock Your Device

Hi friends,
follow us on facebook https://www.facebook.com/justhackitnow
Join group https://www.facebook.com/groups/197622320253974/
The National Institute of Standards and Technology (NIST) is warning users of a newly discovered Zero-Day flaw in the Samsung Find My Mobile service, which fails to validate the sender of a lock-code data received over a network.
The Find My Mobile feature implemented by Samsung in their devices is a mobile web-service that provides samsung users a bunch of features to locate their lost device, to play an alert on a remote
Read More

Saturday, October 25, 2014

Google Launches USB-Based "Security Key" To Strengthen 2-Step Verification

Hi Friends,
Google is taking its users’ privacy very serious and making every possible effort for its users just to make them feel secure when they are online.
Today, the tech giant has announced its enhanced two-step verification service that is based on a physical USB key, adding yet another layer of security to protect its users from hackers and other forms of online theft.
Read More

Google Search Algorithm to Demote Piracy Sites In Search Results

Hi Friends,
The Search Engine giant is not going to spare the Pirated content providing sites. Google is ready to fulfill its commitment to downgrade the search rankings of ‘notorious’ piracy sites globally that often rank above legal and commercial sites.
Google and the Copyright holders are, to some extent, enemies for years, but in Google's ongoing anti-piracy efforts, the company will fight copyright infringement and assure rights holders that their contents will be appeared at the top of its search results and that the search made up only a small portion of pirate traffic.
Read More

Tuesday, October 21, 2014

TAILS VERSION 1.2 RELEASED

Hi Friends,

A new version Tails 1.2 has also been released. Tails, also known as 'Amnesiac Incognito Live System', is a free security-focused Debian-based Linux distribution, specially designed and optimized to preserve users' anonymity and privacy.
The operating system came into limelight when the global surveillance whistleblower Edward Snowden said that he had used it in order to remain Anonymous and keep his communications hidden from the law enforcement authorities.
Read More

Tor Browser 4.0 and Tails 1.2 Update Released

Hi Friends..
Like us on facebook:- https://www.facebook.com/justhackitnow
 Tor - Privacy oriented encrypted anonymizing service, has announced the launch of its next version of Tor Browser Bundle, Tor version 4.0, which disables SSL3 to prevent POODLE attack and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive firewalls.

Tor is generally thought to be a place where users come online to hide their activities and remain anonymous. Tor is an encrypted anonymizing network considered to be one of the most privacy oriented service and is mostly used by activists, journalists to circumvent online censorship and surveillance efforts by various countries.
Read More

Tuesday, March 11, 2014

Website Hacking Using Havij (sql injection)

Hi Friends,

The technique we are going to use sql injection. For more information about the topic can be found here. I will be soon posting tutorial about manual sql injection.

Google Dorks: Google dorks are specifically query's that can reveal all the information about the specific website. I am giving you some Google dorks which you can use for finding the website vulnerable to sql injection.

Read More

10 reasons Why websites get HACKED.

Hi Friends Welcome Back,
For more updates join our facebook group:-
https://www.facebook.com/groups/197622320253974/

Below you will find list of top 10 web vul­ner­a­bil­i­ties clas­si­fied by OWASP, here is also descrip­tion of the prob­lem and some examples.
I will just give you the list in case you missed it before, i will not com­ment on any of these as there is already hot dis­cus­sion about this mat­ter on sev­eral sites/​forums.
Read More

4 Ways to Crack a Facebook Password and How to Protect Yourself from Them

Hi Friends,
We share our lives on Facebook. We share our birthdays and our anniversaries. We share our vacation plans and locations. We share the births of our sons and the deaths of our fathers. We share our most cherished moments and our most painful thoughts. We divulge every aspect of our lives.
But we sometimes forget who's watching.
We use Facebook as a tool to connect, but there are those people who use that connectivity for malicious purposes. We reveal what others can use against us. They know when we're not home and for how long we're gone. They know the answers to our security questions. People can practically steal our identities—and that's just with the visible information we purposely(?) give away through our public Facebook profile.
Read More

Friday, November 22, 2013

Man In the Middle attack using BT5 Ettercap Tutorial

Ettercap

Ettercap is a suite for man in the middle attacks on LAN (local area network ). It features sniffing of live connections, content filtering on the fly and many other interesting tricks.It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. In this tutorial i will explain how to sniff (user names,passwords) in LAN using Ettercap.....


The man-in-the-middle attack (also known as a bucket-brigade attack and abbreviated MITM) is a form of active  eavesdropping  in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker



There are several kinds man in the middle attacks that we can perform, But in this tutorial we will see attacks based on the ARP protocol




Steps to be followed 

1. Open terminal  and type ettercap -G. This will open GUI based ettercap utility ....
2. Now scan for hosts in your sub net  by going to Hosts ---> scan for hosts




3.   Now open host list from hosts tab and select the IP address of the victim as target 1 and IP address of the router as target 2.




4.. Now start ARP poisoning by going to mitm ---> ARP Poisoning 


























Finally start the sniffer by going to start ---> start sniffing . Now if the victim logs into gmail , face book yahoo mail...etc .we will get his user name and password  

Hope you Enjoyed the article, In my coming posts i will be writing about the countermeasures that you can take against ARP poisoning , MITM ..etc .Till then have a nice time

If you have any doubts please feel free to post a comment.....:) :)

Read More

Tuesday, July 23, 2013

Security Apps To Help Protect IPhone Apps

Hello Friends,
Smart iPhone practices like carefully vetting apps before you download can help keep your phone safe. However, security goes far beyond making careful choices: If you use your iPhone for business or keep sensitive information on it, you need better protection. Here is a collection of downloads you can use to increase your phone security and prevent viruses, malware, and data theft from ruining your smartphone experience.

Like us on facebook https://www.facebook.com/justhackitnow
Join Just hack it now group on facebook

SecureWeb

SecureWeb is a free app that functions as a mobile browser, but with a lot of extra filtering features that
Read More

Monday, May 20, 2013

Mozilla Firefox Top 5 Extensions a Hacker Must Have>>>>>

Hi Friends Mozilla Firefox is a browser which is loved by security experts and hackers. Mozilla has more that 450 million world wide users and is written in majorly in c,c++,javacript, XSS, XBL. The reason why it is so popular amongst security expert's is because it is open source and has a number of extension's available which make work of penetration testing easier and faster.

1. HackBar: HackBar is like a toolbar but it comes very handy while testing for web vulnerabilities like SQL, XSS etc. Loading,Splitting and Execution of URL can be done using this toolbar. When testing for SQL and XSS vulnerabilities the codes/queries can be injected into the URL quickly using this toolbar.
Read More

Bypass Phone and SMS verification of Any Website

Hi Friends Now days, almost most websites need sms verification which includes google, facebook, youtube and other survey websites.

First of all we should understand why SMS and Phone Verification System is Important?

  •   Keep More Visitors for Market
  •   Providing Extra Security for their Website
  •   Keep Spammers out
  •   Daily Advertisement and promotional ads daily

Rather we can able to create and Bypass gmail (facebook, youtube, other shopping sites) without SMS verification. Because gmail allow to create only few account. When you try to create more account with same mobile number, google restricted and you can't create more account. so we can create counterless gmail accounts using following steps.
Read More

Sunday, December 9, 2012

Kaspersky Anti-Virus & Internet Security 2013 Final + Key

Hi Friends,

Kaspersky Anti-Virus & Internet Security 2013 provides a wide range of technologies to protect your privacy and your identity – including two unique security features for entering personal information online.

 Secure Keyboard is a new Kaspersky technology that automatically activates whenever you open a bank website or payment website – or you enter a password within any web page – to ensure that information you enter using your physical keyboard can’t be accessed by keyloggers

 For our ultimate protection, Kaspersky’s improved Virtual Keyboard feature allows you to use mouse-clicks to enter your banking information – so that keystrokes can’t be tracked or stolen by keyloggers,
Read More

Search This Blog

Powered by Blogger.

Pages