c0c0n is an annual event conducted as part of the International Information Security Day. Kochi City Police along with the Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2010, last time it was called CyberSafe . as part of Information Security Day 2010. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2010 is scheduled on 05, 06 Aug 2010.

c0c0n is aimed at providing a platform to discuss, showcase, educate, understand and spread awareness on the latest trends in information, cyber and hi-tech crimes. It also aims to provide a hand-shaking platform for various corporate, government organizations including the various investigation agencies, academia, research organizations and other industry leaders and players for better co-ordination in making the cyber world a better and safe place to be.

Starts: Thursday August 05, 2010, 08:00AM
Ends: Friday August 06, 2010, 05:00PM

Location: Dream Hotel, Kadavanthra, Cochin, KERALA 682020 IN

SPEAKERS :

Raoul Chiesa
Senior Advisor on Strategic Alliances & Cybercrime Issues – United Nations Interregional Crime & Justice Research Institute (UNICRI)
Member PSG – European Network and Information Security Agency (ENISA)
Founder & CTO, Mediaservice.net – Italy

Fyodor Yarochkin
Security analyst for GuardInfo.

Michael Kemp
Xiphos Research Labs, Birmingham

Mauro Risonho de Paula Assumpção
Founder – BackTrack Brasil (BTB)
Moderator and Translator Backtrack USA.

Vahan Markarov
Yerevan, Armenia

Sebastian Edassery, CFE, CHFI, ACE
Manager – Forensic & Dispute Services – Deloitte India

Visit Official website for more details

Find c0c0n on – Facebook – Twitter – Linkedin

Sometimes back I got a chat message from one of my friend, And the message was like this “When you get on, can you take a look at this picture and tell me what you think? ” and there was a link to a file named MVS-Photo04.JPG.zip. It was containing a virus called backdoor.Win32.Agent.riu its also known as Trojan.Delf.PKZ. The message was send without the knowledge of that sender.

You may get this type messages with .exe and .zip extensions, do not click /download the links even if its send by your friends/family. Because it may not be send by them.

Find the description about the worm ( Via FortiGuard Center )

This is a generic detection for a type of trojan injector. This trojan creates a new instance of itself and injects codes into it.

It may have anti-virtual-machine or anti-emulator functionalities.

It may attempt to stop some security-related services, such as the following:

o SharedAccess

o Security Center

Download Copssh from http://sourceforge.net/projects/sereds/files/Copssh

Install  Copssh

After the installation you have to assign user to access the serve

Select “Active a user”

Select the User and click next

Enter Password for above user

Click OK

Now you can access your Windows server using SSH.

Service name : OPENSSHSERVER

Run following command to find the Process ID from port number

root@server:~ # fuser -n tcp 80

Now you can see the Process IDs associated with this service

80/tcp:               2584 15941 15943 15944 15945 16332 16333 16880 16881 16882 16899

Run the following command to find the service name from process ID

root@server:~ # ps -ef | grep 2584

root      2584     1  0 Apr01 ?        00:00:08 /usr/sbin/apache2 -k start

But some users are Still getting the Original page : Because It was a DNS Attack, This same attack once happened in twitter.com. Now Some DNS Servers  serving IP address  :   205.178.152.154  and others giving 216.15.200.140.  hackers have even put a live counter of the number of people on the hacked site. Searches showing many incidents were there in the name of abed_uk@hotmail.com. they are using whos.amung.us tool to track the traffic.  See the traffic Graph of fist 10 hrs.

Update : www.tcs.com is up and running

Microsoft have now released a security advisory 979352 for IT professional listing ways to mitigate the security issue to work around the security issue before they release a patch, http://www.microsoft.com/technet/security/advisory/979352.mspx

Microsoft created an application compatibility database that will enable Data Execution Prevention (DEP) for all versions of Internet Explorer. You do not need this database if you are using Internet Explorer 8 on Windows XP Service Pack 3 (SP3) or on Windows Vista SP1 or later versions. This is because Internet Explorer 8 opts-in to DEP by default on these platforms.

Download Fix This Microsoft link.

http://support.microsoft.com/kb/979352

It is a very critical vulnerability, Try to keep away from unknown URLs ..

The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.

With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.

.

.

Download and install Matriux

Minimum System Requirements

• Intel-compatible CPU (i486 or later),
• 20 MB of RAM for text mode, at least 96 MB for graphics mode with KDE (at least 128 MB of RAM is recommended to use the various office products),
• bootable CD-ROM drive, or a boot floppy and standard CD-ROM (IDE/ATAPI or SCSI),
• standard SVGA-compatible graphics card,
• serial or PS/2 standard mouse or IMPS/2-compatible USB-mouse.

Symantec Security Check

Symantec Security Check tests your computer’s exposure to a wide range of online threats. It’s free and an effective tool that helps determine your Internet security needs.

http://security.norton.com/sscv6/WelcomePage.asp

McAfee FreeScan

McAfee FreeScan helps you detect thousands of viruses on your computer. Based on the award-winning McAfee VirusScan engine, FreeScan searches for viruses, including the latest known “in the wild” viruses, and displays a detailed list of any infected files. Should viruses be found, FreeScan even provides links to more information about the viruses and what you can do to clean your system.

http://home.mcafee.com/Downloads/FreeScanDownload.aspx

Panda ActiveScan

ActiveScan 2.0 is an advanced online scanner based on Collective Intelligence (scanning in-the-cloud) that detects malware that traditional security solutions cannot detect.

http://www.pandasecurity.com/activescan/index

CA online

The CA Online Threat Scanner scans your computer for viruses and spyware and can detect malware threats from within your web browser. You can use the scanner free of charge

http://cainternetsecurity.net/entscanner

Kaspersky lab

If you discover a suspicious file on your machine, or suspect that a program you downloaded from the Internet might be malicious, you can check the files here.

http://www.kaspersky.com/scanforvirus

bitdefender

Incorporating the BitDefender award-winning scanning engines, BitDefender Online Scanner is an on-demand antivirus and antispyware tool that shows how safe your PC is. Accessible from your browser, it will scan and automatically clean the system memory, all files and drives’ boot sectors.

http://www.bitdefender.com/scanner/online/free.html

Trend Micro (HouseCall)

HouseCall can quickly identify and fix a wide range of threats including viruses, worms, Trojans, and spyware. It is now faster, more powerful and browser independent

http://housecall.trendmicro.com/us/index.html

ESET Online Scanner

ESET Online Scanner is a user friendly, free and powerful tool which you can use to remove malware from any PC utilizing only your web browser without having to install anti-virus software. ESET Online Scanner uses the same ThreatSense® technology and signatures as ESET Smart Security/ESET NOD32 Antivirus, and is always up-to-date.

http://www.eset.eu/eset-online-scanner

Onecare Online scanner

Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC.

http://onecare.live.com/site/en-us/default.htm

F-Secure

can help get rid of viruses and spyware causing problems on your PC. After running Online Scanner, you should make sure that you have an up-to-date security solution keeping your computer free of problems in the future.Before you can start scanning your computer, you need to install the F-Secure Online Scanner add-on for your browser.

http://www.f-secure.com/en_IN/security/security-lab/tools-and-services/online-scanner

avast Online scanner

avast! online virus scanner gives the possibility to check your files quickly and free of charge.

http://onlinescan.avast.com

How can you enable a password protection for putty connection manager?

There is an option to “enable database encryption” in PuTTYcm. But by default this features is disabled. You should use an Encryption library to use this feature. You can download it from PuTTYcm site

• First you download pcmcrypt.dll from http://puttycm.free.fr/download/pcmcrypt.dll

• Now open your Putty installation folder (Default location “C:\Program Files\PuTTY Connection Manager\” )

• Copy pcmcrypt.dll to above folder

• Open your PuTTYcm

• Go to “Database” menu and click on “Properties”

• Put tick mark on “enable database encryption” (It will enable only if pcmcrypt.dll is the same directory of puttycm.exe)

• Enter your Passphrase & Confirm.

• Go to file and “Save Database”

Next time onwards it will ask for a password while open the application

1, Press and hold the Unlock button until it will ask for Security code.

2, Don’t release the key just keep it pressed

3, suddenly it will ask for “Press * to unlock”

4, quickly press the * in this stage.

Just try this and Give a surprise to your friends .. !