Brainfoldb4u's Blog

Just another WordPress.com weblog

Archive for the ‘Open Source’ Category

sqlmap: Open source pentest tool

Posted by brainfoldb4u on March 15, 2010

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. It comes with a broad range of features lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

sqlmap features

Features implemented in sqlmap include:

Generic features

  • Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server back-end database management systems. Besides these four database management systems software, sqlmap can also identify Microsoft Access, DB2, Informix, Sybase and Interbase.
  • Full support for three SQL injection techniques: inferential blind SQL injection, UNION query (inband) SQL injection and batched queries support. sqlmap can also test for time based blind SQL injection.
  • It is possible to provide a single target URL, get the list of targets from Burp proxy requests log file or WebScarab proxy conversations/ folder, get the whole HTTP request from a text file or get the list of targets by providing sqlmap with a Google dork which queries Google search engine and parses its results page. You can also define a regular-expression based scope that is used to identify which of the parsed addresses to test.
  • Automatically tests all provided GET parameters, POST parameters, HTTP Cookie header values and HTTP User-Agent header value to find the dynamic ones, which means those that vary the HTTP response page content. On the dynamic ones sqlmap automatically tests and detects the ones affected by SQL injection. Each dynamic parameter is tested for numeric, single quoted string, double quoted string and all of these three data-types with zero to two parenthesis to correctly detect which is the SELECT statement syntax to perform further injections with. It is also possible to specify the only parameter(s) that you want to perform tests and use for injection on.
  • Option to specify the maximum number of concurrent HTTP requests to speed up the inferential blind SQL injection algorithms (multi-threading). It is also possible to specify the number of seconds to wait between each HTTP request.
  • HTTP Cookie header string support, useful when the web application requires authentication based upon cookies and you have such data or in case you just want to test for and exploit SQL injection on such header. You can also specify to always URL-encode the Cookie header.
  • Automatically handle HTTP Set-Cookie header from the application, re-establishing of the session if it expires. Test and exploit on these values is supported too. You can also force to ignore any Set-Cookie header.
  • HTTP Basic, Digest, NTLM and Certificate authentications support.
  • Anonymous HTTP proxy support to pass by the requests to the target application that works also with HTTPS requests.
  • Options to fake the HTTP Referer header value and the HTTP User-Agent header value specified by user or randomly selected from a text file.
  • Support to increase the verbosity level of output messages: there exist six levels. The default level is 1 in which information, warnings, errors and tracebacks (if any occur) will be shown.
  • Granularity in the user’s options.
  • Estimated time of arrival support for each query, updated in real time while fetching the information to give to the user an overview on how long it will take to retrieve the output.
  • Automatic support to save the session (queries and their output, even if partially retrieved) in real time while fetching the data on a text file and resume the injection from this file in a second time.
  • Support to read options from a configuration INI file rather than specify each time all of the options on the command line. Support also to save command line options on a configuration INI file.
  • Option to update sqlmap as a whole to the latest development version from the Subversion repository.
  • Integration with other IT security open source projects, Metasploit and w3af.

Fingerprint and enumeration features

  • Extensive back-end database software version and underlying operating system fingerprint based upon inband error messages, banner parsing, functions output comparison and specific features such as MySQL comment injection. It is also possible to force the back-end database management system name if you already know it.
  • Basic web server software and web application technology fingerprint.
  • Support to retrieve the DBMS banner, session user and current database information. The tool can also check if the session user is a database administrator (DBA).
  • Support to enumerate database users, users’ password hashes, users’ privileges, databases, tables and columns.
  • Support to dump database tables as a whole or a range of entries as per user’s choice. The user can also choose to dump only specific column(s).
  • Support to automatically dump all databases’ schemas and entries. It is possibly to exclude from the dump the system databases.
  • Support to enumerate and dump all databases’ tables containing user provided column(s). Useful to identify for instance tables containing custom application credentials.
  • Support to run custom SQL statement(s) as in an interactive SQL client connecting to the back-end database. sqlmap automatically dissects the provided statement, determines which technique to use to inject it and how to pack the SQL payload accordingly.

Download:

Click here to download

Posted in Auditing, Open Source, Penetration testing, Security tools | Tagged: | Leave a Comment »

Network Stuff – Handy network utility

Posted by brainfoldb4u on March 15, 2010

Network stuff is a cool Network Utility that comes whole set of very useful network tools like Whois, tcp/udp telnet, raw packet forger that gives more information about a host on a network and to perform simple tasks.

Network open source tool including:

  • – tcp/udp telnet
  • – ping/traceroute
  • – DNS resolver
  • – Whois
  • – Arp
  • – Stats and TCP/UDP/IP tables (iphelper functions)
  • – TCP/UDP/ICMP/CGI multithreaded scan (TCP and CGI scan could be done throw HTTP or socks proxy)
  • – Raw packet capture (multiple options including application name)
  • – Raw packet forging
  • – Wake on LAN and Remote Shutdown
  • – Interactive TCP/UDP Transparent Proxy

Its key features allows user to easily find information on a network reached through different interfaces, which are accessible through different tabs.  Information includes the hardware address being used, the IP address assigned, the link speed, link status, and vendor information on the network adapter. It also provides traffic information, including incoming and outdoing packets. While it doesn’t have advanced troubleshooting features, it does show errors in both incoming and outgoing packets, and provides a collision count. This includes information separated into TCP info, including detailed packet stats, UDP info with information about datagram like  ICMP, IGMP.  Network stuff  can also provide a routing table, with comprehensive information included. It can also show multicast data, and show the current state of all sockets the computer might have open, closed, or waiting.

Network stuff offers a number of diagnostics, including statistics and error counts, and all zones on a network. The Ping utility used by Network Utility is similar to other ping services, allowing input of a destination address, and a set number of pings to be sent. For each ping, of 64 byte packets, a transit time is given, helping troubleshoot network connections.  The Traceroute, Whois, and Finger options of the Network Utility are all analogous to those found in other operating systems. Traceroute displays the full route from the host computer to the destination, with hop times listed. Whois queries a whois service to return information on a domain name registrant. The Finger utility allows a user to look at a specific user profile on a specific server.

Download:

Click here to download the latest version 3.0.6.0 of Network stuff tool

It comes with a handy manual with how to’s for 26 network functions like

  • How to create TCP or UDP clients or server
  • How to make a telnet
  • How to make a ping
  • How to make traceroute
  • How to get host address (DNS resolve)
  • How to get host information (Whois)
  • How to retreive a MAC address on remote host
  • How to view or close active tcp connections (or end process of tcp connection owner)
  • How to view active udp servers
  • How to view tcp stats
  • How to view udp stats
  • How to view icmp stats
  • How to view or modify ip table
  • How to view IP stats
  • How to make cgi scan
  • How to make tcp scan
  • How to make udp scan
  • How to make icmp scan
  • How to make tcp or cgi scan throw proxy
  • How to make a wake on LAN
  • How to Shutdown a windows remote host
  • How to view your computer’s IP
  • How to get your computer’s outside IP (for people in LAN)
  • How to capture packet
  • How to forge packet
  • What is Interactive TCP/UDP

To  capture packets

Go to the Capture window (Tab “Raw Packet” then “Capture”).

To capture packets, you have to check protocol you want to capture.

Here we are capturing tcp and icmp packets

Next, for each protocol you can specify special filters. Another filter is available for tcp/udp connection: this is the “Application filter”

The option “Packet’s details” allow to show generally usless header fields. By checking this, all header fields are shown.

You can start/stop capture using the coresponding buttons.
The “Clear” button allows to clear the list of captured packet.
The “Load” button allows you to load a previous saved capture in txt or xml format.

Tcp filters :
– Source Ip
– Destination Ip
– Source Port
– Destination Port
– Sequence Number
– Acknowledgment Number
– Data Offset
– Window Size
– Control (URG,ACK,PSH,RST,SYN,FIN)

In this sample we are capturing only packets sent to and received from ip 10.0.0.138 port 80

How to forge packets

Go to the Forge window (Tab “Raw Packet” then “Forge”). Three different easy forging interfaces are available for tcp,udp and icmp;and another generic interface for other protocols is also available

For all protocols, you can configure all IP header fields options that means :

  • – Version
  • – IHL
  • – Precedence
  • – Delay
  • – Precedence
  • – Throughput
  • – Relibility
  • – Total Length
  • – Identification
  • – Fragment type/position/offset
  • – TTL
  • – Protocol number
  • – Checksum
  • – IP source
  • – IP dest
  • – Options

Some fields have the “Random” option which allows you to test your firewall/IDS reactions.

Notice : random fields are computed separately for each sent packet

What is the option “Auto” for length and checksum ?

If you don’t want to forge bad packets, you just check these options, so the fields are computed and you don’t need to comput them manualy.

Protocol data could be ASCII or hexa depending the “Hexa values” option

At this point you just need to specify the number of packets you want to send.

If you select the “Looping” option, packet are send until you push the “Stop” button.

Just click “Send” to begin packets sending

unknown protocol forge

Posted in Free but useful tools, Open Source, Security tools | Tagged: | Leave a Comment »

Checking brand name availability

Posted by brainfoldb4u on February 4, 2010

Its common for most of us to have a virtual name in the internet. And we tent to have that name across the internet and that becomes our  identity. There are chances that your username/virtual name/your identity may be used by some one anywhere in the internet (heavily possible).  having the same username across every website makes you to easily remember  and helps you be recognizable across multiple networks without the need to link your accounts. I started browsing to find a way to customize a brand name and check how unique it is. thank fully i  found great solutions in order to verify the availability of our username across multiple social media websites for free.

KnowEm

This is a free site allows you to check for the use of your brand, product, personal name or username instantly on over 350 popular and emerging social media websites. It lets us to secure your brand before someone else does.

With a click of a button it lets us to search for the availability of a username across more than 350 popular social networking websites. All you need to do is is enter your desired brand username in the search box and click “Check it”. KnowEm will then come up with a list of all the social media networks along with the availability of your username. If you wish to sign up simply click on “Available” to jump to the sign up page of any particular website and get registered.

KnowEm also constantly updates and adds new sites to their vast database of social sites. The next Facebook, Twitter or MySpace is already out there or could be coming soon – do you know which one it will be? KnowEm offers a subscription service (Brand Protection Program) to ensure that you and your brand will not have to worry about it. As new sites emerge we will make sure that your flag is already planted and you will not have to worry about dealing with a squatter or someone who is misrepresenting your social media identity.

Is Your Name Available?

The basic free version of KnowEm makes it easy to find out if your favorite username is still available on the 350 social media services. Just type in your favorite username and KnowEm will check if your name is still available on these sites. Given how closely our online identities are often tied to one single username, it only makes sense to claim the same username on every site and to ensure that somebody else isn’t impersonating you. Other services that offer similar free features include Namechk (148 sites) and Usernamecheck.com (68 sites).

Premium Services

The new premium services extend KnowEm’s portfolio by giving businesses additional services for claiming and monitoring their brands. For users of the Corporate Edition ($349), KnowEm will create profiles on 150 social media sites and populate them with photos, bios and descriptions. A cheaper version of this services ($99) only includes the signup process, and users will have to populate their profiles by hand. For an additional $49 per month, KnowEm will also register your name or brand on new social media services as they launch.

Namechk

Namechk is an worthy alternative to KnowEm with almost similar features. It checks for desired username or vanity URL’s that are still available at dozens of popular social networking and social bookmarking websites. It helps to promote your brand name constantly by registering a username that is still available on the majority of popular websites.

NameChk is completely free to use, it seems to be supported by Google Adsense adverts, but these are small and don’t get in the way. It’s a very useful website and a real joy to use! NameChk is perfect for anyone that struggles to find good usernames on a number of the social networking sites. It is becoming more difficult so this is a great idea. It is also good for companies who are trying to build their brand image; they can use this tool to find a name which is available on most of the platforms and then register it to promote their products.

Namechk Features

  • Check usernames on 106 different social networking sites
  • Register by clicking on the buttons
  • Find usernames which are available on all platforms
  • Build your brand image

Username check

A simple service that might nonetheless come in handy sometime, the suitably-titled UsernameCheck will let you find out where is your username registered in a more or less instant way. If you claim  “Do I have my username registered across every site that I should?”. That is a valid question, because how would you feel if the next Internet humiliation that comes along happens to share the same username that you have been using since the dawn of the web?

This site, then, will let you check where you username is registered just by supplying it and hitting the “check” button. A service by service rundown is then carried out, and you will then find out whether your back is covered or not.

Posted in Cool Techniques, Free but useful tools, Open Source | Tagged: | 1 Comment »

Online power point presentation tool: Preezo

Posted by brainfoldb4u on January 22, 2010

Where you ever in a situation,you had no Microsoft power point installed and you are restricted to download any additional softwares or plugins but you still wanted to prepare some power point slides? Here is an easy solution called “Preezo” all you needed is an active internet connection and a reasonably popular web browser.

Web app Preezo is a stripped-down version of PowerPoint right inside your web browser. Create, edit, collaborate on and permalink slideshows at Preezo, which isn’t as featureful as PowerPoint proper but has all the essential tools you need to create a full-on presentation minus desktop software. Preezo is ajax based online presentation creator replaces Microsoft power point application and share it over the web without any software or plug-in to install. If you like to spice up your slide shows with a little movement then check out their Slide Transitions feature. Not only can you make your slides wipe, push and fade, but you can also set your slides to advance automatically after a specified amount of time. They have a diagramming features as well that can help you to create rectangles, ellipses, triangles, lines and more.



They have a large collection of transition effects. For example, Box In, Box Out, Cover Down, Cover Left, Cover Right, Cover Up, Cover Left-Down, Cover Left-Up, Cover Right-Down, Cover Right-Up, Cut, Cut Through Black, Fade Smoothly, Fade Through Black, Push Down, Push Left, Push Right, Push Up, Push Left-Down, Push Left-Up, Push Right-Down, Push Right-Up, Random, Split Horizontal In, Split Horizontal Out, Split Vertical In, Split Vertical Out, Uncover Down, Uncover Left, Uncover Right, Uncover Up, Uncover Left-Down, Uncover Left-Up, Uncover Right-Down, Uncover Right-Up, Wipe Down, Wipe Left, Wipe Right, Wipe Up, Wipe Left-Down, Wipe Left-Up, Wipe Right-Down, Wipe Right-Up.

Key Features

– You can create professional quality presentations using an ultra-fast Ajax user interface.

– Access your presentations from any computer with an Internet connection and a modern browser. And there’s no need for dedicated hosting to use Preezo.

– Reuse images or the content of entire slides from easy to use galleries.

– Save time and reduce headache by collaborating on a centralized web document.

– Distribute presentations to clients and colleages without having to email huge PowerPoint files.

Posted in Free but useful tools, Information Security, Open Source | Tagged: , | Leave a Comment »

Email Encryption: Lockbin

Posted by brainfoldb4u on January 21, 2010

IF you want to send an email with critical contents and needed to safeguard it from prying eyes, Lockbin would help you by using a closed system that will take any message and send it to someone in a highly secure manner. Sender needs to share a secret password to recipient while the recipient needs to remember the password to read the message.  You dont have to install any additional software, everything is done online, you just needed to be online to read the message. In the case of Gmail, and a handful of other popular Web-mail providers, your e-mail could be in a dozen different servers (albeit encrypted), or even be analyzed to try to sell you contextual ads.

In a few words, Lockbin is a free service for sending private email messages. People use it to send things like credit card information or confidential information. Secure Socket Layer is used as a secure way of sending emails from Network sniffers but there is no guarantee the recipient is taking the same precaution.

Developers claims about its safety as:

Nothing is perfect, and neither is this, but it is certainly safer than sending sensitive data directly through email. The largest threats to this method would be

1) capturing the sender or recipient’s password by spoofing the Lockbin website, or

2) a screen capture virus that images the decrypted message on the recipient’s computer.

Neither attacks are likely, but are possible in theory.

How it works:

Lockbin’s cryptographic algorithm uses a Secret Word to encrypt messages. You invent the Secret Word and deliver it to the recipient using a phone, text message, instant message, smoke signals, homing pigeon, or as a last resort… another email.

When the encrypted message is received, it is destroyed from Lockbin’s database, and decrypted in the recipient’s browser, provided that they entered the Secret Word correctly. Uncollected messages are destroyed after six months.

Posted in Cool Techniques, Free but useful tools, Open Source | Tagged: | Leave a Comment »

Draw Anywhere

Posted by brainfoldb4u on January 21, 2010

DrawAnywhere is an online diagramming website, where you can draw, change and share flowcharts and other diagrams, with the look & feel of a desktop application. It runs on any browser with Flash 9 installed. There is no need to download and install any custom software. It runs entirely on the web, and thus it is an always-on-access-anywhere solution. It meets all your diagramming needs without installing, maintaining and purchasing expensive software. Draw Anywhere offers the business user an online, always on, and everywhere accessible project and plan organization, scheduling, and presentation tool. Store and Organize your research and information, accessible anywhere with an Internet connection. Share your diagrams with others or by embed into an existing webpage or blog. You can create diagrams for you needs. Draw any flowchart or process diagrams or just a webpage layout. With the look and feel of any desktop application you will find it easy to use, yet versatile.

Create a free account and share diagrams with others. It runs in your web browser, and there is no need to download any more software to use it.

DrawAnywhere’s Main features

  • Draw Flowcharts, Process diagrams, Organizational charts etc.
  • Login from anywhere and modify your drawing.
  • Share your diagram with others.
  • Export your diagram as image file (jpg, png etc) or a pdf file.
  • No software to download and install.
  • You just need a web browser with Flash player.

Draw any where different accounts

I find this useful for drawing web diagrams on the go.. If you got any tools that serves the same purpose with more capabilities please do let me know..

Posted in Cool Techniques, Free but useful tools, Open Source | Tagged: | Leave a Comment »

Twitter Apps

Posted by brainfoldb4u on January 21, 2010

Twitter..a.k.a SMS of the Internet, since its start in 2006 has gained its popularity and used by millions of people world-wide.  According to a statistics there were 18 million unique twitter users (until end of 2009) and lists is growing significantly. It is simple, yet powerful way to communicate with your followers. Being a free Social networking and micro-blogging service tweeter enables users to send and receive text-based posts of up to 40 characters which will be displayed on author’s  profile page and also displays the message to authors followers page. Other than just tweeting an update, we could use twitter effectively. It has lot of third-party applications (126 windows alone) categorized under 26 categories and the list is growing much. The list includes many creative and cool applications that can be very useful and productive in our working environment and here are my list of best top 10 tweeter applications.

Twitterfeed

Twitter Feed is a simple module that displays a configurable number of updates (Tweets) based on the Twitter Search API.  The result is a powerful part that enables you to have a great deal of control over which updates are posted to your website.  Want to filter out certain hash tags?  No problem.  Want to only display items with links?  It’s an option.  Want to apply a custom CSS styling to the rendered links? Tweet updates are rendered is CSS-friendly DIV tags and can be easily styled to fit the look and feel of your website. Getting started is very simple, sign up and add the services that you need RSS consolidated and thats it..

Readtwit

Readtwit filters your twitter feed to links only, resolves link destinations and publishes the content as an RSS feed. You can then use any feed reading software / service to read twitter posted content along with the rest of your feeds. Duplicate links in the same time-frame are grouped together. No more retweets overwhelming your link browsing activity.

readtwit

readtwit

Twhirl

It is a better desktop application to keep updated with your twitter. It has various functions than enable you to use twitter effectively. Wonder why Twitteroo is the official software for Windows Twittering. Some of twhirl’s features:

  • runs on both Windows (2000/XP/Vista/Win7) and Mac OSX
  • connects to multiple Twitterlaconi.caFriendfeed and Seesmic Video accounts
  • displays notifications for new messages
  • shorten long URLs (using digg.combit.lysnurltwurl or is.gd)
  • cross-post your updates to Jaiku and many other sites likeFacebookMySpaceLinkedIn and more via Ping.fm
  • post images to yfrog
  • search tweets using Twitter Search and TweetScan, and follow topics in near-real time with saved searches
  • automatically find tweets mentioning your @username
  • record a video on Seesmic Video, and share it on Twitter immediately
  • get your Seesmic Video updates in real-time using XMPP
  • English spell checking

GroupTweet

GroupTweet turns a standard Twitter account into a group communication hub where members can post updates to everyone in the group using direct messages. When the group account receives a direct message from a group member, GroupTweet converts it into a tweet that all followers can see.

Group Tweet

Qwitter:

If you want to know that when and why someone stops following you on twitter then Qwitter is a best tool for you. Qwitter e-mails you when someone stops following you on Twitter.

qwitter

Future Tweets

FutureTweets.com is a free service that lets you schedule your Twitter messages. Send it at a specific time in the future or send a reoccurring Tweet daily, weekly, monthly or yearly! You’ll never forget the birthdays of your beloved Twitter friends again! Just schedule a nice Tweet on their birthday!

Tweet Alarm

Tweet Alarm is a simple system.  Once  you sign up, you can create your alerts.  Note that I have set alerts for Social Media and Social Networking.  At the bottom of the page you can decide on the frequency that you want to see the emails Daily, Weekly, Twice per day and as often as you find tweets.

Click to Tweet

Click to tweet is the unique app till now that converts your whole text in single URL. You only have to share the URL to your friend. After clicking on the URL, It can spend the text in the Twitter box that converted by ClicktoTweet. You don’t need to copy all the text to each of your friends for tweet. Simply convert into the single URL and share with your friends. Once sharing your link, whoever clicks on the link will have the message automatically added to their Twitter status box, then they simply click to tweet!

Monitter

Monitter is web app that let you check words/hashtags on Twitter in real-time. What’s special about Monitter is the simple interface which is divided into columns and you can increase or decrease the number of columns as the number of words you are monitoring.

If you want to know more about twitter, its applications and third-party application. Click here
To look at the different categories of twitter. click here
Twitter fan wiki. click here
Top 100 twitter users as per twitterholic.. click here

Posted in Cool Techniques, Free but useful tools, Open Source | Tagged: | Leave a Comment »

Free ways to resize your image

Posted by brainfoldb4u on January 20, 2010

Free ways to cut and resize your image:

When we shop for digital cams, we mostly go for the one with high mega pixels to get good high quality images but when it comes to sharing not many web sites lets us to share the image with same size as original.  For non technical users who have almost no graphics knowledge the question like  How do i resize my image? How do i make image smaller? and how do i crop this pics for an avatar? needed some ways to be shown. Below are few free tools that i found online can be of worth notice.

Resize Image online:

Resize your is a simple image resizing tool available online. Follow the simple three steps to cut and resize your image without downloading any files.

  • Upload your image
  • Use the button and arrow to set size
  • Resize and donload your image

Shrink Pictures

Shrink Pictures tools that are no more difficult than posting in a Forum and now anyone can Resize Images and Digital Pictures. This link also has an dedicated section for resizing an Avatar which is very commonly used in social networking sites and online forums.

To resize your images it is as simple as 1, 2, 3, 4, 5!

  1. Browse your computer and select your image/photo to resize
  2. Select the new size for your picture – use a preset or choose a custom size
  3. Optionally, add an effect to your image
  4. Select output image/picture quality Lower quality means a smaller file
  5. Click “Resize” and wait for the processed images to be displayed

Resize2mail

Resize 2 mail is another online resize website utility developed for digital camera owners, webmasters, people travelling or anybody who quickly wants to resize a digital image for email or publishing on a web site. It needs the same three steps as above..

Pixnate

Pixenate makes photo-centric websites more useful by embedding simple photo-editing directly in your website. Pixenate increases repeat visits to your website and makes photo-centric websites stickier. Your users may already use your website for uploading, storing, sharing or printing photos. Adding Pixenate to your website allows your users to edit those photos too. Whether it’s social networking, photo merchandising or online classifieds, people want to show their photos in the best possible light. Pixenate helps non-experts get the most out of their photos by providing powerful but simple-to-use photo-editing tools. Pixenate is particularly well suited for photo-merchandising websites and offers powerful tools for cropping and overlaying photos on to product templates such as cards, calendars and mugs.

pixneteQuick Thumbnail

The fastest way to resize your pictures and images. Choose an image file, select some resize options, and hit Resize it. Your image will be uploaded to the server, resized and then your resized image(s) will be provided in a single convenient view. The power comes from the simultaneous generation of different sizes and the ability to enlarge your images too. With your final picture be sure to check out Whats Its Color, a fun little online application

rsizr

rsizr is a Flash application that lets you resize JPG, PNG, and GIF images on your computer. With rsizr, in addition to normal image rescaling and cropping, you can also resize images using a new image resizing algorithm called seam carving (a method of image retargeting) that tries to keep intact areas in your image that are richer in detail.

rsizrCutMyPic

Another useful online app for resizing your image from Japan.

cutmypicHope you enjoyed this collection. There are many other online editing tools available but i find these tools easy and quick. They are not listed in any particular order. IF you got any other online tool that serves the purpose, feel free to share it with me..

Posted in Free but useful tools, Open Source | Tagged: | Leave a Comment »

Easily Install Ubuntu Linux with Windows Using the Wubi Installer – the How-To Geek

Posted by brainfoldb4u on January 18, 2010

You might be looking for a way to try out Ubuntu Linux but don’t like the idea of creating a partition, using a slow live CD, or don’t have enough resources to run a virtual machine. Today we take a look at using the Wubi installer to get Ubuntu running on your computer with very little effort.

Wubi is an officially supported Ubuntu installer that allows Windows users to easily get started in the Linux realm. Using Wubi to install Ubuntu is a similar process you’d use to install any other software program in Windows. It saves you the hassle of creating another partition or creating a VM. Wubi has been around for a few years now, and official version have been included on the Ubuntu Live CD since 8.04 “Hardy Heron”. We’ll take a look at installing Wubi from the Ubuntu Live CD and also downloading Wubi.exe separately and installing Ubuntu.

For full installation look at Howtogeek.com Easily Install Ubuntu Linux with Windows Using the Wubi Installer – the How-To Geek.

Posted in Cool Techniques, Linux, Open Source, Ubuntu | Tagged: | Leave a Comment »

Android's malicious apps

Posted by brainfoldb4u on January 11, 2010

Android, a Linux based mobile operating system intially developed by Android Inc., and later purchased by Google. Google recently released their new mobile “Nexus One”with android OS. Google allows developers to write managed code in the Java language, controlling the device via Google developed Java libraries.

So far in 2010 Google android has proven to be a hot topic with increasing popularity. As it popularity increases it becomes the target for hackers and malware writers to explore its security.  As per kaspersky, “2010 promises to be a difficult time for iPhone and Android users,”.

As per kaspersky press release

An increase in attacks on iPhone and Android mobile platforms. 2010 promises to be a difficult time for iPhone and Android users. The first malicious programs for these mobile platforms appeared in 2009, a sure sign that they have aroused the interest of cybercriminals. The only iPhone users currently at risk are those with compromised devices; however the same is not true for Android users who are all vulnerable to attack. The increasing popularity of mobile phones running the Android OS combined with a lack of effective checks to ensure third-party software applications are secure, will lead to a number of high-profile malware outbreaks.

They also made five other predictions on greatest threats and new attack vector and they are

  • A rise in attacks originating from file sharing networks. This year, we will see a shift in the types of attacks on users, from attacks via websites and applications toward attacks originating from file sharing networks.
  • An increase in mass malware epidemics via P2P networks. In 2009 a series of mass malware epidemics has been “supported” by malicious files that are spread via file sharing networks. This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X. In 2010, we expect to see a significant increase in these types of incidents on P2P networks.
  • Continuous competition for traffic from cybercriminals. The modern cybercriminal world is making more and more of an effort to legalize itself and there are lots of ways to earn money online using the huge amount of traffic that can be generated by botnets. In the future, we foresee the emergence of more “grey” schemes in the botnet services market. These so-called “partner programs” enable botnet owners to make a profit from activities such as sending spam, performing denial of service (DoS) attacks or distributing malware without committing an explicit crime.
  • A decline in fake anti-virus programs. The decline in gaming Trojans witnessed in 2009 is likely to be repeated for fake anti-virus programs in 2010. Conficker installed a rogue anti-virus program on infected computers. The fake anti-virus market has now been saturated and the profits for cybercriminals have fallen. Additionally, this kind of activity is now being closely monitored by both IT security companies and law enforcement agencies, making it increasingly difficult to distribute fake anti-virus programs.
  • An interest in attacking Google Wave. When it comes to attacks on web services, Google Wave looks like it will be making all the headlines in 2010. Attacks on this new Google service will no doubt follow the usual pattern: first, the sending of spam, followed by phishing attacks, then the exploiting of vulnerabilities and the spreading of malware.

Users of mobile devices with Android software may have noticed several applications available for download in the Android Marketplace. If you see any applications provided by the user Droid09, please do not download these applications. Android applications provided by Droid09 are fraudulent. Please remove any applications by Droid09 from your mobile device and contact your mobile provider to evaluate whether any other applications or information stored on your mobile device have been compromised.”

Here is a link describing the fraudulent app that attempts to steal bank information has made it to the Android app store.

To know more about android and its architecture visit android developer center or click here

Posted in Google, Linux, Open Source | Tagged: , , | Leave a Comment »