Why anti-virus software is so necessary for your mainpc ?

Now a days practically everyone are online.They spend their time in social network or online games or

downloading and exchanging files, and developers are in such a hurry to get their Web sites up or their files out that checking for a nasty bug is more of a courtesy than a requirement. If you're not careful, your computer can end up with a worst virus that makes your files act oddly, crashes your computer, pops up bizarre messages, or worst of all, destroys your operating system.

If your computer is not on a network, and you never, ever install new programs or download files from the Internet or open email enclosures, you don't have to worry about viruses. But that's like living in a sealed bubble. Most of us have to go out into public every day, where we're subject to the germs carried by others (though natural immunities will usually protect us from most of them.) Likewise, most people also have to update their software and are interested in communication and information from others. Luckily, there are some preventions and cures for these viruses by installing the anti-virus software and regularly scan for the virus.

What are the threats that may affect your blog in blogger or wordpress or live journal?

 In professional security speak Threat is something unwanted that might happen to your blog. Generally there are only few abbreviated by STRIDE:
They are
1.Spoofing
2.Tampering
3.Repudiation
4.Information disclosure
5.Elevation of rights

    Spoofing : Stealing your identity (for example, your User Name and Password that you use to logon into your blog).
    Tampering. Modifying the data on your blog (for example, defacement of your blog’s homepage).
    Repudiation. Less relevant to blogging but in a nutshell it is the ability by hacker to deny what he has done.
    Information disclosure. Exposing private information like passwords.
    Denial of service. Making your blog unavailable.
    Elevation of rights. Gaining higher privileges, such as administrative ones, that can make possible performing harmful actions on your blog.

What is Packet Sniffer?

                                A packet sniffer can be considered as a sort of wire tap device. A device that can "plug" into computer networks and eavesdrops on the network traffic. Just as a telephone wiretap allows the CIA to listen to conversations, the same concept follows a packet sniffer in the sense that it allows someone to listen in on computer conversations.

                                When you make contact with the Internet, data isn't sent in one continuous stream of data; this would be impractical and it would limit the performance of the Internet network. To keep the performance of the Internet as high as possible, the data is cut in slices. Such a slice of data (either inbound or outbound) is called "a packet".

                                    Now, you can't see atoms with your naked eye can you? No, I thought so. Sending information on a network means sending "packets" of data. Think of them like the atoms. A lot of packets will create the final information you will see on your screen, be it website or email. To "see" the atoms you would need a special device, some kind of electron microscope, to be able to see the "packets" you've sent or received... you also need a special device. This is a special type of monitoring program called... a packet sniffer. By using a packet sniffer you're able to see any bit of information entering or leaving your computer... even those you normally wouldn't see!

                                  

What is ARP Spoofing?

      

           

                 ARP is Address Resolution Protocol. ARP Spoofing is a technique used to attack an Ethernet LAN (wired or wireless network). ARP Spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The attack can only be used on networks that make use of ARP and not another method of address resolution.

                  It is also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), ARP cache poisoning. The principle of ARP spoofing is to send fake, or "spoofed", ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway). Any traffic meant for that IP address would be mistakenly sent to the attacker instead. 

                

                 The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.

                 ARP spoofing attacks can be run from a compromised host or from an attacker's machine that is connected directly to the target Ethernet segment. A successful ARP attempt is invisible to the user.

Arp spoof features 

• Support both IPv4 Address resolution and IPv6 Neighbor discovery address resolution.
• Platform-independent, now it can be run in Window 2000/XP 
• Add interface selection function to help user to choose the right interface
  this is very useful for Window environment, because its interface name is
  very long, and number based. e.g. \Device\NPF_{50B9EDBA-4C63-49B4-902B-59FD53778EBE}
  although the program still allows users to specify the interface in its arguments, it
  is very difficult to remember it and very easy to make mistakes.
• Add cleanup function for Win32 system
  when the user stops arpspoof, arpspoof will tell the target host the real MAC
  address of the victim host. Otherwise, the system will take longer time to wait
  until the corresponding Arp cache entry to neighbor cache entry times out.
• When using for IPv6, arpspoof provides its own function to get the target MAC address.
  This feature will allow arpspoof run in those OS without IPv6 to be able to run the arpspoof
  for IPv6, e.g. in Window 2000.
• Completely compatible with the arpspoof distributed in the d sniff package written by Dug Song <dugsong@monkey.org>
• Full source code provided.

Arp spoof distribution

• Arpspoof is distributed as binaries and source code.

Arp spoof support reference

• Report and track bugs using the Source Forge Tracker.

File comparison and merge tools

• Win Merge is an Open Source visual text file differencing and merging tool for Win32 platforms. Features include: diff / merge, directory comparison, directory recursion, horizontal diff, Visual Source Safe integration, and a simple integrated editor.
• Ara-xis Merge is a very powerful commercial diff and merge program for Windows.
• Xx-diff has some nice features (horizontal diffs, recursive directory diffs). It runs on UNIX (IR-IX, Linux, Solaris, HP/UX, DEC Tru64) and it's under GPL.
• Cs-diff is a free advanced file difference analysis tool for Windows 95/NT.
• Guiffy is the quintessential cross-platform, visual source file / folder & tree, Compare/Merge utility and component. It's commercial and implemented in Java.
• KDiff3 is a text diff and merge tool for KDE3 and MS-Windows distributed under GPL.
• MacCvs has built-in support for using either Code-warrior, BBEdit or File Merge as external diff viewers and merge tools. However, it also allows driving any other external application either directly or via shell scripts and/or Apple-script.
• Grig Software offers shareware tools for file compare/merge and directories/archives synchronization.
• Beyond Compare from Scooter Software is a commercial advanced file and folder comparison utility which also allows visual comparison of binaries (in hex view) and images via plug-in.
• Proxy-diff is a small Open Source tool that lets you use multiple external Diff tools from within WinCvs based on file extension. Also allows reformatting of input arguments.
• Image Compare is a (very) simple Open Source tool for Windows which eases spotting differences in image files by offering three different views: side-by-side, stacked or overlay-ed (alpha-blended).

Do you feel safe chatting on the internet?

What is Man in the middle attack?

Man in the middle attack often abbreviated MITM is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. 

The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances.(for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).

It is also known as bucket brigade attack, Janus attack and is sometimes known as fire brigade attacks. The term derives from the bucket brigade method of putting out a fire by handing buckets of water from one person to another between a water source and the fire.

In a man in the middle attack, the intruder uses a program that appears to be the server to the client and appears to be the client to the server. The attack may be used simply to gain access to the message, or enable the attacker to modify the message before retransmitting it.

MITM Attack tools

There are several tools to realize a MITM attack. These tools are particularly efficient in LAN network environments, because they implement extra functionalities, like the Arp spoof capabilities that permit the interception of communication between hosts.

• Packet Creator
• Ettercap
• Dsniff
• Cain e Abel

MITM Proxy only tools

Proxy tools only permit interaction with the parts of the HTTP protocol, like the header and the body of a transaction, but do not have the capability to intercept the TCP connection between client and server. To intercept the communication, it’s necessary to use other network attack tools or configure the browser.

• OWASP Web Scarab
• Paros Proxy
• Burp Proxy
• Proxy Fuzz