Wednesday, December 31, 2008


Steganography is the method of hiding information from third party. In other words, Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message. Today, the term steganography includes the concealment of digital information within computer files.
There are a large number of steganographic methods that most of us are familiar with ranging from invisible ink and microdots to secreting a hidden message in the second letter of each word of a large body of text and spread spectrum radio communication. With computers and networks, there are many other ways of hiding information, such as:
· Hidden text within Web pages
· Hiding files in "plain sight" (e.g., what better place to "hide" a file than with an important sounding name in the c:\winnt\system32 directory?)
· Null ciphers (e.g., using the first letter of each word to form a hidden message in an otherwise innocuous text)
Steganography today, however, is significantly more sophisticated than the examples above suggest, allowing a user to hide large amounts of information within image and audio files. These forms of steganography often are used in conjunction with cryptography so that the information is doubly protected; first it is encrypted and then hidden so that an adversary has to first find the information and then decrypt it.

Monday, December 22, 2008


Stalking means the behaviour of individuals towards others which has no universally accepted definition. It has been applied to the obsessive following, observing, or contacting of another person. This includes following the person to certain places, to see where they live or what the person does on a daily basis, it also includes seeking and obtaining the person's personal information in order to contact him or her. Cyberstalking is the use of the Internet or other electronic means to stalk someone.
Cyber stalking is defined as the use of information and communications technology, particularly the Internet, by an individual or group of individuals, to harass another individual, group of individuals, or organization. The behavior includes false accusations, monitoring, the transmission of threats, identity theft, damage to data or equipment, the solicitation of minors for sexual purposes, and gathering information for harassment purposes. Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they failed to satisfy their secret desires.
Cyber stalker may operate any of the following ways.
Collect all personal information about the victim such as name, family background, Telephone Numbers of residence and work place, daily routine of the victim, address of residence and place of work, date of birth etc.
The stalker may post this information on any website related to sex-services or dating services, posing as if the victim is posting this information and invite the people to call the victim on her telephone numbers to have sexual services.
People of all kind from any part of the World, who come across this information, start calling the victim at her residence and/or work place, asking for sexual services or relationships.
Some stalkers keep on sending repeated e-mails asking for various kinds of favors or threaten the victim.
Stalkers will almost always make contact with their victims through email. The letters may be loving, threatening, or sexually explicit. He will many times use multiple names when contacting the victim.

A number of key factors regarding cyberstalking have been identified. Some of them are :
False accusations.
Attempts to gather information about the victim. Encouraging others to harass the victim.
False victimization.
Attacks on data and equipment.
Ordering goods and services.
Arranging to meet.
Cyberstalkers meet or target their victims by using search engines, online forums, bulletin and discussion boards, chat rooms etc. They may engage in live chat harassment or flaming or they may send electronic viruses and unsolicited e-mails. Victims of cyberstalking may not even know that they are being stalked.
More commonly they will post defamatory or derogatory statements about their stalking target on web pages, message boards and in guest books designed to get a reaction or response from their victim, thereby initiating contact. In some cases, they have been known to create fake blogs in the name of the victim containing defamatory or pornographic content.

Friday, December 12, 2008

What is GSM?

GSM stands for Global System for Mobile Communication. This is the most famous system for mobile communication in the world. More than 200 countries in the world are using this system for mobile communication. It is fully digital and allows both voice and data transfer. It also allows roaming services across the networks and countries.

We can broadly divide the GSM into three parts.

1. The Mobile Phone itself
2. The Base Station Sub System which controls the radio link with the mobile phone
3. The Network Sub Station where the switching of calls between mobile users and between mobile and fixed lines takes place.

1. The Mobile Station (MS) or the Mobile Phone

This consists of two parts i.e. the mobile phone itself and the Subscriber Identity Module or popularly known as the SIM card.

The mobile phones in the GSM are independent from the service providers. The SIM contains IMSI (International Mobile Subscriber Identity), which is used to identify the subscriber. This IMSI is a unique number to a particular subscriber globally. It gives the details of the country and the service provider. Personal Identity Number (PIN) protects the SIM card.

The mobile phone is identified by a 15 digit IMEI Number (International Mobile Equipment Identity). In most of the mobile phones typing *#06# will show the IMEI Number. No two mobile phones in the world supposed to have the same IMEI Number.

The first six digits of the IMEI no. is the Type Approval Code (TAC), the next two digits are the Final Assembly Code (FAC), next six digits represents Serial Number and the last digit is the check digit.

2. The Base Station Subsystem

This also consists of two parts i.e. BTS and BSC. BTS stands for Base Transceiver Station. The BTS houses the radio transceivers that define a call and handles the radio link protocol with the mobile. Speech and data transmission from mobile phones are recorded here.

BSC stands for Base Station Controller. This controls the magnitude of several hundred BTSs. The BSC takes care of a number of different procedures regarding call setup, location update etc. for each mobile phone.

3. The Network Subsystem

The main component of the network sub system is MSC (Mobile Switching Centre). The basic function of MSC is to switch voice and data connection between BSCs, other MSCs and other networks. It performs the registration, authentication, location identity and call routing to a roaming subscriber etc. It contains Home Location Register (HLR), Visitor Location Register (VLR), Equipmet Identity Register (EIR) and Authentication Centre.

HLR is the home register of the subscriber which contains the subscription information, services provided, authentication details and the location of the subscriber.

VLR stores data about customers who are roaming within the area of the MSC.

EIR registers the IMEI number of the mobile in use.

Friday, December 5, 2008


If you are keen in studying cyber crime , hacking etc then you might be heard of the word Honeypot. What is meant by Honeypot? We are going to explain it here. In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. It can be defined as an information system resource whose value lies in unauthorized or illicit use of that resource.

Generally it consists of a computer, data, or a network site that appears to be part of a network but which is actually isolated, unprotected in a broad sense, and monitored, and which seems to contain information or a resource that would be of value to attackers.

A honeypot is valuable as a surveillance and early-warning tool. While it is often a computer, a honeypot can take on other forms, such as files or data records, or even unused IP address space. Honeypots should have no production value and hence should not see any legitimate traffic or activity. Whatever they capture can then be surmised as malicious or unauthorized.

The advantages of Honeypots are: It collects small amounts of information. This means that it is much easier and cheaper to analyze the data a honeypot collects and derive value from it. It uses minimal resources. Honeypots can collect in-depth information that few other technologies can match. Honeypots are designed to capture anything thrown at them, including tools or tactics never seen before. Simplicity is another added advantage of Honeypots.

It has disadvantages too. The main important disadvantage is the risk factor. If they are not properly walled off, an attacker can use them to break into a network system.
Honeypots come in many shapes and sizes. Honeypots can be classified as
1. Production Honeypots
2. Research Honeypots
Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by organization to improve their overall state of security.

Research honeypots are run by a volunteer, non-profit research organization or an educational institution to gather information about the motives and tactics of the hackers targeting different networks. These honeypots do not add direct value to a specific organization. Instead they are used to research the threats organizations face, and to learn how to better protect against those threats.

Wednesday, December 3, 2008

Demilitarized Zone (DMZ)

In computer security, a demilitarized zone (DMZ), more appropriately known as demarcation zone or perimeter network, is a physical or logical subnetwork that contains an organization's external services to a larger, untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN).

In a network, the most vulnerable hosts to attack are those that provide services to users outside of the LAN, such as e-mail, web and DNS servers. Due to the increased potential of these hosts being compromised, they are placed into their own subnetwork in order to protect the rest of the network if an intruder was to succeed. Hosts in the DMZ should not be able to establish communication directly with any other host in the internal network, though communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external network while still protecting the internal network.

Generally, any service that is being provided to users in an external network should be placed in the DMZ. The most common of these services are web servers, mail servers, and DNS servers. In some situations, additional steps need to be taken to be able to provide secure services.

Tuesday, December 2, 2008

What is spam?

E-mail spam is also known as Junk mail or bulk mail. Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Email spam targets individual users with direct mail messages. Spam has frustrated, confused, and annoyed e-mail users. We can define spam as email that is unsolicited and sent in bulk.

Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. E-mail addresses are collected from chartrooms, websites, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. One particularly nasty variant of email spam is sending spam to public or private email discussion forums. Because many mailing lists limit activity to their subscribers, spammers will use automated tools to subscribe to as many mailing lists as possible, so that they can grab the lists of addresses, or use the mailing list as a direct target for their attacks. The personal things you can do about spam include never responding to it, filtering it out of your e-mail, and complaining to providers about it.

By filtering the e-mail we can better stop spam. Email filtering is the processing of e-mail to organize it according to specified criteria. Most often this refers to the automatic processing of incoming messages and outgoing emails as well. Email filtering software inputs email. For its output, it might pass the message through unchanged for delivery to the user's mailbox, redirect the message for delivery elsewhere, or even throw the message away. Some mail filters are able to edit messages during processing.


Monday, December 1, 2008

Understanding Phishing

Phishing is the term which is used to describe the activity of a hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers and clicking the links in the e-mail people were directed to bogus Web pages that looked nearly identical to the companies' sites. In othe words, Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

Tips on how to avoid the phishing are as follows:

· If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body. If you want to check the details open the website of your bank by typing the URL and not from the link provided in the e-mail.

· Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission. In this case also you can be cheated. Always open the original web site by typing the URL.

· If you are uncertain about the information, contact the company through an address or telephone number you know. Do not use the Telephone no. or address provided by the site. Always keep the telephone number and address of your institution for ready reference.

· If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately to avoid any misuse of your account/ card.
Some times bogus websites are opened in place of the original one and they look like the same as the original one. Any changes in the outlay of the web site may clearly viewed and if you have any doubt do not work with that site further. Any small spelling mistake in the URL may lead to the opening of a web site exactly look likes the original one.
Following these precautions you can protect yourselves from phishing in a better way.


Keylogging is a method of capturing and recording user keystrokes. Keylogging can be useful to determine sources of errors in computer systems, to study how users interact and access with systems, and is sometimes used to measure employee productivity etc. But this can also be used to obtain usernames, passwords and even credit card numbers illegaly. Keyloggers are very useful for the law enforcem,ent agencies also to capture some data that leads to some conclusions in their investigations. Keyloggers are widely available on the Internet for downloading.
There are two types of keyloggers, Software as well as Hardware. We can see both of them and their working in the following paragraphs
Hardware key loggers are commercially available devices which come in three types:
1. Inline devices that are attached to the keyboard cable
2. Devices which can be installed inside standard keyboards, and
3. Actual replacement keyboards that contain the key logger already built-in.
When used covertly, inline devices are easily detected by a glance at the keyboard connector plugged into the computer.
Local Machine software Keyloggers are keyloggers installed directly on to the target computer
Remote Access software Keyloggers are local software keyloggers programmed with an added feature to transmit recorded data out of the target computer and make the data available to the monitor at a remote location through data is uploaded to a website or an ftp account, or periodical e-mail or through the LAN.

Detecting these key loggers are very difficult and most of the anti virus software and Spywares doesn't even recognize them. While you are working with a public access computer system like a cyber cafe, do not use your credit/debit card information to make online purchases. Some key loggers even didn't appear in the installed programs list or even a shortcut in the desktop or listed in the programs listing.