Friday, November 2, 2007

Securing Data Flow in Communication Channel

Security in data flow in communication channel is one of the greatest challenge for the Information security team. A lot of attempts have succeeded for the information leakage from communication channel.
The last useful model we are familiarize with is the encrypting the data and decrypting in the target model. Linux developers came up with the public key/private key concept. That worked fine with mails, if used properly but, can't we mechanize the encryption and decryption process for each flow of information ? and can't it be safe ?
Now my answer is YES it can be.
We can use the data encryption/decryption mechanism to each kind of data that flow in communication channel. For example
A message sent to abc@xyz.com can be crypted with an algorithm created with the word "abc@xyz.com" and we can use the algorithm to check whether the data was tempered in the channel or not, and even decrypt it in the hand of abc@xyz.com.
Shall we see the code ?
abc@xyz.com has user abc "literal character of 3 alphabets", the 3 numerical value can encrypt the 'data to flow' according to communication channel structure, that can easily be processed in abc@xyz.com's hand knowing if some cracking attempts are done. The encryption mechanism can be applied in any communication model.
This model can also be used securely for intracommunication.
I just dealt with the secure data flow, and common encryption mechanism or want to create the mechanism for your own, you can send me mail, if you have more queries at
mailbymarq@yahoo.com.

Wednesday, May 9, 2007

a secured computer

Security in computer
When we already accept the electronic medium, we need to have it controlled by us(the owner)
1. Physical security (System's physical control)
physical security can be managed in traditional way, locking the physical access. But now additional means can be applied as per the requirement. these technologies are developing each day and one can accept for their own purpose.
2. Software security (To keep own system secure)
Though many security measures are developed, they are insufficient for the future. Now we need to change the direction to keep software secure for the future. The means can be by using customized security measure.
Most of the security problem is due to the usage of common softwares in several machines. This helps the crackers exploit a bug and enter to several systems thereby attaining success to some of the system.
Now each system can have their own master's customized security feature, this reduces illegal panic for the system owners.
This can be done by adding a new layer between hardware and system software, that could be customized to large extent.
a. for administrators
Administrators have better worthless challenge due to inconsistent system rule. (I Will explain it later in further blogs )
b. for clients
Clients are facing problems as per increasing number of bugs, exploits and (past conquered) security measures.
3. Password security(To receive allowed resources)
Password security is explained in past blog, still i am doing much, we will get it with better option in near future.

Monday, May 7, 2007

CrackingViruses

Cracking.. it's itself difficult to imagine..
first get the hole, explore, extend implement your robust code and then crash out...
And finally claim yourself doing illegal and unethical.. mental pain for the little people who sticks to the rules..
Though it's not expected. I always took the way but ethical.
Viruses most of the times do it intelligent. The virus makers (I have deep respect to them) they are really good with codes and go deep through the machines.
Since i was first introduced to viruses while coding in C++; since then it was my great concern, something challenging.
I was habitituated with pirated windows(I have just tasted genuine windows) and had to spend a lot of time getting trouble to do the things. The context forced me to check the unexpected activities through machine but out of operating system. It's been more than decade i am habitituated taking viruses from others, checking their activities and taking them under my control ( I call it virus hacking) though you may accept it not.
You can believe i have crashed my OS more than 100 times since then, needed repair my system a couple of times due to Hardware crash. etc etc...
But again,
I like viruses because these are really good in function(Humble to their masters) as their master
coded.
I really don't like antiviruses updated in my machine, these antivirus don't respect the codes in virus, instead deletes it ( Deletion is removal from the existence) / it's like removing the creativity.
Viruses can exist everywhere as any operating system; I have gone through windows,linux and Macintosh systems, and deserve sun solaris in near future. All these machines must run codes ie some syntax, convert to machine readable form and execute by machine, virus goes parallel to these (till date) more smoothly ( i feel) .
Types i differentiated for viruses
1. Some viruses are intelligent as they explore holes in operating systems, I really love them doing this.
2. Some are targetted to the little people who exactly don't know what they are doing, change their original files and work for the bloody masters. I hate those codings, i love the little innocent people. who just plan to work for their limited purposes.
Most windows viruses i found go through the second type they are no more of use as they can easily be controlled, caring a bit, these codes can be used to check how that little virus maker thinks. as for example one i recall is MS32DLL.dll.vbs file combined with autorun.inf and a application file in recycled folder ... and some more vbs codes,
The first one are my teacher, i take care of these codes and try to keep far from their enemy(antiviruses).
Now these days i have cracked some viruses and used for my purpose( i think i am successful in it). And now mixed all my experiences to search a better platform where we can deny the second types, and need to test it.
Very soon you will get something where the worthless viruses are prevented and have a safe ground for normal users.
And again i am not comfortable to the first type of viruses, if i could be, it would be the great day for this world.

Hacking From the mind, let's get better protection

Hacking is the topic i like most. Though i plan to hack the great things.. i am totally ethical to it..
I have just started with little jocky of psycology, little bit of maths and science..
I have found several administrators (Those are my tiny creatures for fishing). I believe what starts is with the wall of servers.
In most cases i found these administrators has multiple responsibilities, to maintain network, maintain security, maintain emails security and in somecase webs too..
They have to do hard labour for all of it. I know ... and this is the loophole i striked...
These people have multiple places for safety.. and in most cases a couple of characters (Password) are maintained for the security issue. These administrators have the same memory ie remember 8-12 characters if it's not familiar and 20-25 characters if associated with the event (It's Psycology) and several words only for their protection.
Now the case is same for DOS (Denial of Service Attack) for computer, these people are attacked with continuous set of passwords for their lives.
So most common these people keep same password for all, if not for similar purposes..
Most vague part is how much they surf the Internet..
These days internet needs sign name and password for their relevance to provide information. Administrators have to create account and passwords for these activities. I have been watching the events and faced some administrators as
1. some keep record of usernames and password in their papers or mobile phones.
2. some just use name and password and view while neglet for next purpose.
3. some keep strong and relatively strong passwords at all
The first type administrators can't go often with their friends as they can leak their stuffs being with friends
The second type of administrators are in more complex situation, they have to create next account and password for next same purpose so they can be observed through network.
The third people have strong password but their limitation of memory lets them associate passwords with some events ... This could be easily targeted with (Event assumption) after caring multiple events.
Noway Secure..
This password system fails at all.
Why not discover a new system ..
I have an idea.. Let's discuss
meromarqu@gmail.com