Just some random thoughts on Windows 8

With the Microsoft Windows 8 launch just round the corner (26 Oct), just some random thoughts for our official organisations.....

(a) The User Interface is miles different than Win-7 and Win-XP. Will our official organisation resist using it for the re-learning involved?? Like the excuse they have been having for adapting Linux or other Open Source software?? The answer is obvious - a resounding NO

(b) Same goes for MS-Office 2013 - a totally different user interface. Lots re-learning involved!! But will they shift to free-open-source LibreOffice where some re-learning maybe involved? A resounding NO again

(c) Will we spend lots of $$$$ to send our personnel to train on these new platforms, while no effort (or money spent) is officially made to train personnel on Linux and LibreOffice??? A resounding YES

(d) Will home users who where not touching 'Linux' or 'LibreOffice' due to the re-learning involved jump on to Windows-8 and Office-2013 without a whimper or complaint on the long hours spent (and costs too or piracy!!) in learning these platforms????? A resounding YES

It sure beats me!!! :-)

Can you trust your Anti-Virus??

My belief has always been that the Anti-Virus makers are always a couple of steps behind and will always remain playing 'catch up'. The common users on Microsoft Windows platform are living under false assurances that once you have a patched up anti-virus, you are safe!! The saying in the Anti-Virus industry goes - Always run antivirus software and make sure the virus definitions are current.

Thats far from the truth and will show this briefly.

First, those using pirated copies of Windows OS and Windows MS-Office application suite - just know 'YOU ARE SITTING DUCKS' - and do not for a moment think that nothing is gonna happen!! Its just the 'ostrich-head-in-the-sand' attitude - until when the 'knock-out' punch arrives (though praying you do not face it!!) - in case you are using these pirated versions on the Internet for all you financial and personal (FB? Linkdin? Twitter? E-Mails? Banking?? Bill Pay? Online Purchase? etc..). DO GO AHEAD AND SPEND SOME $$$ ON GENUINE SOFTWARE - its worth the trouble! Or change over to the safe and secure Linux systems - Linux Mint or Ubuntu recommended - Go ahead and use it!! Assuring you, the Linux OS is now so user friendly that its setting it up can be done by a Primary class student!!

Coming to the main story - Every Software company keeps making 'security updates' to ensure any vulnerabilities that become known are patched up!! To patch up - you need to have genuine software (in Microsoft platform, you buy the software using precious $$$, in Linux - you download the OS and applications for free)

In the month of October 12, Microsoft released a major security patch to take care of some critica vulnerabilities. This can be assessed from the Microsoft Security Bulletin Site for Oct 12.

Among the Microsoft security alerts, the one that is very critical view the 'mango people' or aam-admi are effected is MS12-064. Visit the site to read more. The screen shot below shows it :-

To ensure you are protected from this exploit, you NEED to patch your MS-Office application suite. Other option - dump your pirated copy and start using the great office suite 'LibreOffice' available for free for Windows Platform from this site.

The reason for my this message is, lately I have been receiving targeted mails on my GMail accounts with attachments that seems too good to not open and see! Importantly, the mail subjects seems to a 'Targetted' attacks as they relate to some areas of my interest!!! Meaning, someone out there is sending mails knowing very well what type of documents/forwards (doc, PPT, XLS - MS-Office formats) one is interested in. And this comes from mail ids of known/trusted people (obviously their accounts has been hacked!!) Check out some of the 'interesting' mails I received last week. There has been some interesting PPTs and XLS files also falling into the same categories.

View my own interest and knowledge in security, and view using Linux + LibreOffice exclusively, I believe I am at very low risk - though I take necessary precautions of system scans nearly every other day! (when did you do your last system scan?? Did you leave it to your AV Software??)  Yess, I am a bit paranoid about my IT Security!!

The point I want to make, I had both the above document scanned using a number of reputed Anti-Virus software on fully patched up systems (facility available for free at Jotti Malware Scan site). The results were astounding and summarised as follows briefly:-

(A) The documents are using the latest Microsoft Vulnerabilities - namely the vulnerabilities that are being addressed in Microsoft Oct 12 bulletins - hoping that users are maybe using un-patched MS-Office (and they are right on target!!)

(B) More seriously - most of the so called reputed Anti-Virus Software failed to detect these malware. (Check out the 'Found Nothing' Remarks. This right away busts the myth that using a patched up anti-virus will protect the users.  I REST MY CASE 

Screen shots of the virus-scan on the documents received by mail attached below showing that many reputed Anti-virus software failed to detect that the documents contained malware!!   

Options for you:-

(A) Let go the assurances that if you have an updated Anti-Virus, you are safe!!
(B) Buy original software and ensure it is regularly patched/updated
(C) Move over to Linux (Linux Mint or Ubuntu or others) + LibreOffice in case you want rock solid performance and safe/secure software that remains patched automatically without you spending large $$$$$

BE SAFE in your Cyber Space!!!

Have a CryptoParty

Do you value Privacy and Anonymity online?? Do you want to be more secure online while using your PC or Smartphones??

Check out 'CryptoParty' documents and Wikis accessible from the site here

The CryptoParty document is a work in progress - but all the same it provides valuable security tips for all levels of users - very lucidly written and worth a read!!

You can download the 'CryptoParty' document PDF format (about 28 MB as on date) or can read it online here

What is CryptoParty?

Interested parties with computers, devices, and the willingness to learn how to use the most basic crypto programs and the fundamental concepts of their operation! CryptoParties are free to attend, public and commercially non-aligned.

CryptoParty is a decentralized, global initiative to introduce basic cryptography tools - such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging) - to the general public

Though each and every chapter are enlightening,  the chapters on 'Secure Calls', 'Email Encryption' and 'Safer Browsing' standout.  

Hope most of us become aware of issues like below:-

A GSM Interceptor (http://en.intercept.ws/catalog/2087.html) is an off the shelf device to record mobile phone conversations when in the vicinity of the call.

 Tor is a system intended to enable online anonymity, composed of client software and a network of servers which can hide information about users' locations and other factors which might identify them. Imagine a message being wrapped in several layers of protection: every server needs to take off one layer, thereby immediately deleting the sender information of the previous server

The only safe way of encrypting email inside of the browser window is to encypt it outside and then copy&paste the encrypted text into the browser window.

Have a CryptoParty if possible - and do send me an invite!!

Linux Commands - Tree View

Came across a very useful file-structure-view script from this website for a tree view of the directory.

Just replicating here in case the site disappears :-)

#!/bin/sh
#######################################################
#  UNIX TREE                                          #
#  Version: 2.3                                       #
#  File: ~/apps/tree/tree.sh                          #
#                                                     #
#  Displays Structure of Directory Hierarchy          #
#  -------------------------------------------------  #
#  This tiny script uses "ls", "grep", and "sed"      #
#  in a single command to show the nesting of         #
#  sub-directories.  The setup command for PATH       #
#  works with the Bash shell (the Mac OS X default).  #
#                                                     #
#  Setup:                                             #
#     $ cd ~/apps/tree                                #
#     $ chmod u+x tree.sh                             #
#     $ ln -s ~/apps/tree/tree.sh ~/bin/tree          #
#     $ echo "PATH=~/bin:\${PATH}" >> ~/.profile      #
#                                                     #
#  Usage:                                             #
#     $ tree [directory]                              #
#                                                     #
#  Examples:                                          #
#     $ tree                                          #
#     $ tree /etc/opt                                 #
#     $ tree ..                                       #
#                                                     #
#  Public Domain Software -- Free to Use as You Like  #
#  http://www.centerkey.com/tree  -  By Dem Pilafian  #
#######################################################

echo
if [ "$1" != "" ]  #if parameter exists, use as base folder
   then cd "$1"
   fi
pwd
ls -R | grep ":$" |   \
   sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/   /' -e 's/-/|/'
# 1st sed: remove colons
# 2nd sed: replace higher level folder names with dashes
# 3rd sed: indent graph three spaces
# 4th sed: replace first dash with a vertical bar
if [ `ls -F -1 | grep "/" | wc -l` = 0 ]   # check if no folders
   then echo "   -> no sub-directories"
   fi
echo
exit