::: New w0rm (Linux.Darlloz) Creates Havoc for Linux PC's :::

What is Computer W0rm ?

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Linux.Darlloz - A new worm is targeting x86 computers running Linux and PHP, and variants may also pose a threat to devices such as home routers and set-top boxes based on other chip architectures.

According to security researchers from Symantec, the malware spreads by exploiting a vulnerability in php-cgi, a component that allows PHP to run in the Common Gateway Interface (CGI) configuration. The vulnerability is tracked as CVE-2012-1823 and was patched in PHP 5.4.3 and PHP 5.3.13 in May 2012.

The new worm, which was named Linux.Darlloz, is based on proof-of-concept code released in late October, the Symantec researchers said Wednesday in a blog post.

For more details : check the link

source : www.computerworld.com , www.symantec.com

::: Webpage Screenshot Plugin for Chrome Browser :::

Webpage Screenshot is a Google Chrome extension that allows you to take screenshots of the entire webpage with a click of a button. You can Save, Edit and Share with your friends instantly.

Webpage Screenshot is available in the Chrome Web Store as an installable plugin for FREE!

Download plugin 

::: Analyze Network Traffic using "Security Onion" :::

Security Onion is a Linux distro that includes Intrusion Detection System(IDS) , Network Security Monitoring(NSM) and Log management.

It is open source and free. Developed by Doug Burks.

It includes
1) Sguil : Sguil (pronounced sgweel or squeal) is a collection of Free software components for Network Security Monitoring (NSM) and event driven analysis of IDS alerts.

2) Snorby : Snorby is a new and modern Snort IDS front-end.

3) Squert : Squert is a web application that is used to query and view event data stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events through the use of metadata, time series representations and weighted and logically grouped result sets.

d) ELSA : Enterprise log search and archive (ELSA) is a centralized syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It also includes tools for assigning permissions for viewing the logs as well as email based alerts, scheduled queries, and graphing.

Check Security Onion tutorial link

::: "RECUVA" - File Recovery Software :::

Recuva (pronounced "recover") is a freeware Windows utility to restore files that have been accidentally deleted from your computer. This includes files emptied from the Recycle bin as well as images and other files that have been deleted by user error from digital camera memory cards or MP3 players. It will even bring back files that have been deleted from your iPod, or by bugs, crashes and viruses!

• Simple to use interface - just click 'Scan' and choose the files you want to recover
• Easy to use filter for results based on file name/type
• Simple Windows like interface with List and Tree view
• Can be run from a USB thumb drive
• Restores all types of files, office documents, images, video, music, email, anything.
• Supports FAT12, FAT16, FAT32, exFAT, NTFS, NTFS5 , NTFS + EFS file systems
• Restores files from removable media (SmartMedia, Secure Digital, MemoryStick, Digital cameras, Floppy disks, Jaz Disks, Sony Memory Sticks, Compact Flash cards, Smart Media Cards, Secure Digital Cards, etc.)
• Restores files from external ZIP drives , Firewire and USB Hard drives
• It's fast, tiny and takes seconds to run!

Download Recuva

::: CHINA spying by planting microchips in Electronic devices that can scan Wi-Fi devices to serve Malware :::

China is planting spying microchips in Electric Iron and kettles that can scan Wi-Fi devices to serve malware

Read more

Comparison of FORENSIC TOOL : ENCASE vs FTK

EnCase
* GUI : Confusing for new user , very user friendly GUI.
* Timeline : Encase supports timeline view.
* Encase has its own image format ( Encase image file format) used to store various types of digital evidence.
* Encase supports more file system than FTK.
* SEARCHING : Encase uses its own search engine , Live and Indexed search supported.
* HASHING : Encase supports only MD5 (Message Digest 5).
* RAID : Encase supports several Dynamic Disk Configuration as compared to FTK.
* DELETED FILES, bad SIGNATURE : Encase does not highlight a file with Bad signature , it simply displays it.
* CARVING : Encase supports recovering of  deleted files and filenames on EXT 2/3 File Systems.
* SCRIPTING : Encase uses its own script known as EnScript.
* REPORTING : Encase supports reports in RTF or HTML format.

FTK
* GUI : Rated most user friendly forensic tool.
* Timeline : FTK does not support timeline view.
* FTK supports more image formats than encase.
* FTK cannot handle compressed drives like DoubleSpace (DoubleSpace is a technology that compresses data stored by the FAT file system in real time. Real time means that data is compressed and decompressed as it is written and read).
* SEARCHING : FTK search takes longer , has good features as Live and indexed Search.
* HASHING : FTK supports Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1).
* DELETED FILES, bad SIGNATURE : FTK highlights if a file contains Bad signature followed by (x) symbol next to a file which is deleted.
* CARVING : FTK doesn't supports recovering of deleted files on EXT 2/3 File Systems.
* SCRIPTING : FTK doesn't supports scripting.
* REPORTING : FTK supports reports only in HTML format.


CONCLUSION:

Both the tools are essential for a thorough and complete forensic investigation. As both the tools, have some common and some unique special features which aid in the investigation, it is suggested to use both the tools for investigation.

If only one tool is to be chosen, EnCase leads FTK due to its advanced features.

REFERENCES:

1. http://www.accessdata.com/products/digital-forensics/ftk
2. https://www.encase.com/products/Pages/encase-forensic/overview.aspx
3. http://www.h11dfs.com/products/products/forensic-software/forensic-analysis-investigative-software/

::: L0gin Using Face Detection for Windows :::

A freeware called BananaScreen gives you the wonderful ability to log on to your Windows PC or laptop using your face. We're alreday familiar with feature on Android and iOS devices. Now the same facial recogniton technology has been brought to Windows PCs.


First, you'll need to install BananaScreen on your PC. Once installation is done, you'll proceed to configure your login settings. Here, you must record your own face and predefine how long your system can remain idle before it's locked automatically. You can also use [Alt]+L to lock it. now your webcam will keep looking for your face to appear, and when it detects and matches your face, it will immediately unlock your system. Cool, right?

Click here BananaScreen to download