Ads 230 x 230

Thursday, April 21, 2011

Comparison of Live Hotmail, Gmail and Yahoo Mail

Posted by: , 0 comments

The Windows Live team announced today that they’re rebranding their new email beta to Windows Live Hotmail. We haven’t written about the application for some time, and this is as good an excuse as any to compare the current release to Gmail and the new Yahoo mail beta.

The three applications, along with AOL mail, make up the vast majority of the 500 million or so webmail users around the world (see chart included in this post). Most of these users are still using the old, tedious, Ajax-free Yahoo Mail and Hotmail user interfaces, requiring page refreshes for every click. The new applications, along with Gmail, offer a much richer experience, much like Outlook or Mac mail. When these webmail clients are performing well, their speed and ease of use is easily as good as a desktop client.

Overall we prefer Gmail over all other webmail applications because performance (speed) is consistently fast, and emails can be tagged making search much more effective. They also offer more storage and other features, and it’s free. However, Yahoo and Live Hotmail offer more mainstream Outlook-like user interfaces (although Live Hotmail does not allow you to access other email accounts from their application), whereas Gmail takes some time to get used to. If you are looking for speed and tagging is important, Gmail is for you. If you are looking for the closest thing to Outlook online, go with Yahoo Mail.

The following chart compares the services on a feature-by-feature basis. Note that the user numbers for Yahoo and Hotmail include legacy users still on the old platforms.


Gmail

Gmail groups emails in a thread into a single line in the inbox. Some users love this, others hate it. It’s not my favorite feature, but I’ve gotten used to it. The best Gmail feature in my opinion is the ability to tag emails for better organization and search. None of the other services offer this. Gmail also has integrated Gtalk into the GMail interface, and continues to add other functionality as well (such as integration with Docs & Spreadsheets). Gmail is consistently fast, offers the most storage and free POP-in and POP-out, meaning you can use Gmail to access your other email accounts, or access GMail from whatever email client you use. It’s a near-perfect piece of software, and has only occasional hiccups. The fact that Google is paired with Google Calendar, the best online Calendar application, doesn’t hurt, either.

Windows Live Hotmail

The new Windows Live Hotmail will be a welcome change to Microsoft’s 228 million webmail users, but it falls short of the Yahoo and Gmail offerings. They offer 2 GB of storage, better than Yahoo, but there are no POP-in or POP-out features at all. If you want to access your account outside of the web site, you have to do it via Outlook or Outlook Express. It remains the slowest among the three in our tests.

Yahoo Mail

Yahoo Mail is very good, allowing users to access other email accounts (POP-in), but only offering POP-out access for an additional fee. This is probably due to the legacy users who are already paying for this feature – Yahoo may not want to give up this revenue stream. Storage is on the low side – only 1 GB, which is less than half of what Gmail offers. Still, Yahoo Mail has recently been running very fast and offers an intuitive, Outlook-like interface. Instant Messaging and RSS integration is awesome.

++++==++++


Network Basic Security Essentials

Posted by: , 0 comments

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as “intruders”) from accessing any part of your computer system. Network security involves all activities that organizations, enterprises, and institutions undertake to protect the value and ongoing usability of assets and the integrity and continuity of operations. An effective network security strategy requires identifying threats and then choosing the most effective set of tools to combat them.

Network Security Threats

  • Viruses : Computer programs written by devious programmers and designed to replicate themselves and infect computers when triggered by a specific event
  • Trojan horse programs : Delivery vehicles for destructive code, which appear to be harmless or useful software programs such as games
  • Vandals : Software applications or applets that cause destruction
  • Attacks : Including reconnaissance attacks (information-gathering activities to collect data that is later used to compromise networks); access attacks (which exploit network vulnerabilities in order to gain entry to e-mail, databases, or the corporate network); and denial-of-service attacks (which prevent access to part or all of a computer system)
  • Data interception : Involves eavesdropping on communications or altering data packets being transmitted
  • Social engineering : Obtaining confidential network security information through nontechnical means, such as posing as a technical support person and asking for people’s passwords

In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources.

The term network security and information security are often used interchangeably. Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders (hackers). Information security, however, explicitly focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of data loss prevention (DLP) techniques. One of these techniques is to compartmentalize large networks with internal boundaries.

Network Security Tools

  • Antivirus software packages : These packages counter most virus threats if regularly updated and correctly maintained.
  • Secure network infrastructure : Switches and routers have hardware and software features that support secure connectivity, perimeter security, intrusion protection, identity services, and security management.
  • Dedicated network security hardware and software-Tools such as firewalls and intrusion detection systems provide protection for all areas of the network and enable secure connections.
  • Virtual private networks : These networks provide access control and data encryption between two different computers on a network. This allows remote workers to connect to the network without the risk of a hacker or thief intercepting data.
  • Identity services : These services help to identify users and control their activities and transactions on the network. Services include passwords, digital certificates, and digital authentication keys.
  • Encryption : Encryption ensures that messages cannot be intercepted or read by anyone other than the authorized recipient.
  • Security management : This is the glue that holds together the other building blocks of a strong security solution.

Network Security Management for Small Homes

  • A basic firewall or a unified threat management system.
  • For Windows users, basic Antivirus software. An anti-spyware program would also be a good idea. There are many other types of antivirus or anti-spyware programs out there to be considered.
  • When using a wireless connection, use a robust password. Also try to use the strongest security supported by your wireless devices, such as WPA2 with AES encryption.
  • If using Wireless: Change the default SSID network name, also disable SSID Broadcast; as this function is unnecessary for home use.
  • Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router.
  • Assign STATIC IP addresses to network devices.
  • Disable ICMP ping on router.
  • Review router or firewall logs to help identify abnormal network connections or traffic to the Internet.
  • Use passwords for all accounts.
  • Have multiple accounts per family member, using non-administrative accounts for day-to-day activities. Disable the guest account (Control Panel> Administrative Tools> Computer Management> Users).
  • Raise awareness about information security to children

Network Security Management for Large Businesses

  • A strong firewall and proxy to keep unwanted people out.
  • A strong Antivirus software package and Internet Security Software package.
  • For authentication, use strong passwords and change it on a weekly/bi-weekly basis.
  • When using a wireless connection, use a robust password.
  • Exercise physical security precautions to employees.
  • Prepare a network analyzer or network monitor and use it when needed.
  • Implement physical security management like closed circuit television for entry areas and restricted zones.
  • Security fencing to mark the company’s perimeter.
  • Fire extinguishers for fire-sensitive areas like server rooms and security rooms.
  • Security guards can help to maximize security.


Wednesday, April 20, 2011

Air Stealth Technology and Military Science

Posted by: , 0 comments

A stealth fighter is just that we cannot detect its presence with radar.The observer can rely on the time difference from emission to reception to locate the enemy fighter. Aircrafts usually have a curved surface in order to minimize air resistance in flight. Thus, electromagnetic waves impinged in any direction will be partly reflected to their original direction, leading to a large signal on the radar detector.
Work on stealth has its roots in long-standing efforts to reduce the visibility of military aircraft through camouflage paint schemes. As electronic sensors have replaced the eyes of pilots as the primary means of tracking other aircraft, more intricate means of defense were needed.
Stealth Technology

Often the use of special materials (typically carbon, carbon fibre composites, or magnetic ferrite-based substance) renders aircraft invisible to radar, stealth reduces the ability of an opponent’s sensors to detect, track and attack an aircraft.

A variety of technologies are may be combined in order to make itself “invisible” to radar. These technologies include a smooth surface, “flying wing” design, radar absorbent materials (RAM) and electronic countermeasures (ECM).
Radar absorbent material (RAM): when radar impacts radar absorbent material, the energy acts as though it “sees” infinite free space instead of a boundary. The absorbed electromagnetic energy is dissipated as heat and very little energy is reflected.
Disadvantages: additional weight, expense, heating problems and aerodynamic drag.

Electronic countermeasures (ECM): are referred to as any electronic effort intended to disturb normal radar operation. The defence may utilize ECCM to overcome and mitigate the effects of ECM on the radar.

To understand, why a reflexed airfoil is able to provide longitudinal stability to a wing, two things are important:
  1. Total Force and Moment: the pressure forces, which act on the surface of each wing section, can be replaced by a single total force and a single total moment. Both act at the quarter-chord point (c/4) of the airfoil. When the angle of attack changes, the moment stays nearly constant, but the total force changes.
  2. Center of Gravity : When the angle of attack of a plane changes, the plane rotates (pitches) around its center of gravity.
The planes low radar cross section (RCS) reduces the range at which ground-based and air-based radars can detect the aircraft. String reel target manipulation systems are used to support targets for low frequency RCS measurements.The RAM absorbs most of a radar’s signal, and the aircraft’s wing-shaped and rounded design redirects much of the remaining power away from the radar source.
RADAR ( Radio Direction Finding)

A radio transmitter is a device that oscillates an electrical current so the voltage goes up and down at a certain frequency. This electricity generates electromagnetic energy, and when the current is oscillated, the energy travels through the air as an electromagnetic wave. A transmitter also has an amplifier that increases the intensity of the electromagnetic energy and an antenna that broadcasts it into the air.
A radio receiver is just the reverse of the transmitter: it picks up electromagnetic waves with an antenna and converts them back into an electrical current. Radar is the use of radio waves to detect and monitor various objects.

The radar device emits a concentrated radio wave. Radio waves move through the air at a speed of light ( c )so the radar device can calculate how far away the object is based on how long it takes the radio signal to return.

The other elements of air defense detection and tracking are infrared (IR) light, electro-optical (EO) sensors.
IR light is an electromagnetic radiation with a wavelength longer than that of visible light. Infrared light has a range of wavelengths, just like visible light has wavelengths that range from red light to violet.

Limitations
Some of the materials used require special and costly maintenance. The maneuverability of an aircraft can be compromised by the introduction of stealth design features. As was the case with the F-117A.






FLIRS (Forward looking infrared System)
FLIRs make pictures from heat, not visible light. Heat (also called infrared, or thermal energy) and light are both parts of the electromagnetic spectrum, but a camera that can detect visible light won’t see thermal energy, and vice versa.


The wavelength of infrared that FLIRs detects differs from that of night vision, which operates in the visible light and near infrared ranges (0.4 to 1.0 micrometres). Stealth aircraft may rely on an airborne laser radar, although such a sensor may prove of limited utility in bad weather. There are limits to the utility of stealth techniques. Since the radar cross-section (RCS) ( radar cross section is the measure of a target’s ability to reflect radar signals in the direction of the radar receiver) of an aircraft depends on the angle from which it is viewed.

Stealth aircraft are designed to minimize their frontal RCS. But it is not possible to contour the surface of an aircraft to reduce the RCS equally in all directions, and reductions in the frontal RCS may lead to a larger RCS from above. Thus while a stealth aircraft may be difficult to track when it is flying toward a ground-based radar or another aircraft at the same altitude, a high-altitude airborne radar or a space-based radar may have an easier time tracking it. Another limitation of stealth aircraft is their vulnerability to detection by bi-static radars.
Programs
F-117 (Nighthawk) — The F-117 first flew in 1983. The original F-117 program envisioned over 100 aircraft, but soaring costs (each aircraft costs over $100 million), performance problems (several of the aircraft have crashed in training flights), limited payload (the aircraft can carry only two 900 Kg laser guided bombs internally), and the lack of a clearly defined mission all contributed to the curtailment of the program.

ATB (Advanced Technology Bomber)- B-2 — The Stealth Bomber project was first announced in 1980. In November 1988, the B-2 has been the focus of criticism of the growing cost of the program/project.

The B-2 will be the most expensive aircraft ever procured!

Acoustic Detection

How owls developed stealth technology !!!?


The owl's wing is broad and rounded compared to that of other birds, which makes for less flapping, and a quieter ride through the air. That reduces some sound, but an owl is quiet even compared to other birds when they glide. It's more than just a difference in wing measurements. It's the fact that owls are fully upholstered in order to maintain silence.
How owls developed stealth technology
The inside of music studios, concert halls and movie theaters is covered with blocks of fabric. These muffle sound and prevent echoing. An owl's hard surfaces, specifically its legs and feet, are covered with soft feathered that muffle noise.
It's the wing feathers that are really counter intuitive, though. Most people, when designing something that makes little noise, will make it as sleek and rounded as possible. That turns out to be a mistake. A sleek, streamlined thing won't have any extra parts banging off each other or creaking in the wind. As we've seen before, though, it will have turbulence. Turbulence is moving air and moving air makes noise.
On the front of the owl's wing are feathers shaped like combs. The teeth of the combs lined the leading edge of the wing, and like the bumps on a whale's flukes, break up the stream of air moving over the wing. At the other side of the wing, the feathering is uneven, creating a fringe-like back edge. The combination takes the air that would all splash off the wing at the same time, and instead lets it out in isolated dribbles.
How owls developed stealth technology
The result? Evolutionary advantage. Silent death. The ninjas of the animal world. All kinds of ancient myths. Supernatural mystery. And David Bowie. I don't know how the last one fits in, either.

B-2 Stealth Bomber


Currently in action in Libya, we take a look at how this formidable member of the United States Air Force works

B-2 Stealth Bomber
The ‘flying wing’ shaped Stealth Bomber (nicknamed ‘Spirit’) is a unique aircraft that’s designed to make it as invisible as possible. Its shape means there are very few leading edges for radar to reflect from, reducing its signature dramatically. This is further enhanced by the composite materials from which the aircraft is constructed and the coatings on its surface. These are so successful that despite having a 172-foot wingspan, the B-2’s radar signature is an astounding 0.1 square metres.
The B-2’s stealth capabilities, and aerodynamic shape, are further enhanced by the fact its engines are buried inside the wing. This means the induction fans at the front of the engines are concealed while the engine exhaust is minimised. As a result, the B-2’s thermal signature is kept to the bare minimum, making it harder for thermal sensors to detect the bomber as well as lowering the aircraft’s acoustic footprint.
The design also means the B-2 is both highly aerodynamic and fuel efficient. The B-2’s maximum range is 6,000 nautical miles and as a result the aircraft has often been used for long-range missions, some lasting 30 hours and in one case, 50. The B-2 is so highly automated that it’s possible for a single crew member to fl y while the other sleeps, uses the lavatory or prepares a hot meal and this combination of range and versatility has meant the aircraft has been used to research sleep cycles to improve crew performance on long-range missions. Despite this, the aircraft’s success comes with a hefty price tag. Each B-2 costs $737 million and must be kept in a climate-controlled hangar to make sure the stealth materials remain intact. These problems aside though, the Spirit is an astonishing aircraft, even if, chances are, you won’t see one unless the pilots want you to…
Inside the Spirit
The B-2 is an unusual combination of complexity and elegance, the entire airframe built around the concept of stealth and focused on making the aircraft as hard to detect as possible.
B-2 Stealth Bomber
Windows
The B-2′s windows have a fine wire mesh built into them, designed to scatter radar.
Composite materials
Any radar returns are reduced by the composite materials used, which further deflect any signals.
Carbon-reinforced plastic
Special heat-resistant material near the exhausts mean the airframe absorbs very little heat.
Rotary launch assembly (RLA)
The RLA allows the B-2 to deploy different weapons in quick succession.
Bomb rack assembly (BRA)
The bomb rack assembly can hold up to eighty 500lb bombs.
Air Intakes
To further reduce the B-2′s signature, the engine intakes are sunk into the main body.
B-2 Stealth Bomber
Landing gear doors
The landing gear doors are hexagonal to further break up the B-2′s radar profile.
Crew compartment
The B-2 carries two crew, a pilot and a mission commander with room for a third if needed.
Flying wing
The B-2′s shape means it has very few leading edges, making it harder to detect on radar.
Fly-by-wire
The B-2′s unique shape makes it unstable, and it relies on a computer to stabilize it and keep it flying.
Engines
The B-2′s four General Electric F118s don’t have afterburners as the heat these generate would make the aircraft easier to detect. (IR signature)
The Statistics
B-2 Stealth Bomber
Manufacturer
Northrop Grumman

Armament
B-2 Stealth Bomber


----------------------------------------------


Password Guessing Attack

Posted by: , 0 comments


  • Password guessing attacks can be carried out manually or via automated tools.



  • Password guessing can be performed against all types of Web Authentication

  • The common passwords used are:
    root, administrator, admin, operator, demo, test, webmaster, backup, guest, trial, member, private, beta, [company_name] or [known_username]
    Passwords are the principal means of authenticating users on the Web today. It is imperative that any Web site guard the passwords of its users carefully. This is especially important since users, when faced with many Web sites requiring passwords; tend to reuse passwords across sites. Compromise of a password completely compromises a user.


    Attack Methods
    Often Web sites advise users to choose memorable passwords such as birthdays, names of friends or family, or social security numbers. This is extremely poor advice, as such passwords are easily guessed by an attacker who knows the user. The most common way an attacker will try to obtain a password is through the dictionary attack'. In a dictionary attack, the attacker takes a dictionary of words and names, and tries each one to see if it is the require password. This can be automated with programs which can guess hundreds or thousands of words per second. This makes it easy for attackers to try variations: word backwards, different capitalization, adding a digit to the end, and popular passwords.

    Another well-known form of attack is the hybrid attack. A hybrid attack will add numbers or symbols to the filename to successfully crack a password. Often people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month password is "site"; second month password is "site2"; third month password is "site2"; and so on. A brute force attack is the most comprehensive form of attack, though it may often take a long time to work depending on the complexity of the password. Some brute force attacks can take a week depending on the complexity of the password.

    Hacking Tool: WebCracker


    • WebCracker is a simple tool that takes text lists of usernames and passwords and uses them as dictionaries to implement Basic authentication password guessing.

    • lt keys on "HTTP 302 Object Moved" response to indicate successful guess.

    • lt will find all successful guesses given in a username/password.
    Webcracker allows the user to test a restricted-access website by testing id and password combinations on the web site.This program exploits a rather large hole in web site authentication methods. Password protected websites may be easily brute-force hacked, if there is no set limit on the number of times an incorrect password or User ID can be tried.WebCracker is a simple tool that takes text lists of usernames and passwords and uses them as dictionaries to implement Basic authentication password guessing.

    • It keys on "HTTP 302 Object Moved" response to indicate successful guess.

    • It will find all successful username/password given in the list.
    Hacking Tool: Brutus


    http://www.hoobie.net/brutus/

    • Brutus is a generic password guessing tool that cracks various authentication.

    • Brutus can perform both dictionary attacks and brute-force attacks where passwords are randomly generated from a given character.

    • Brutus can crack the following authentication types:

    • HTTP (Basic authentication, HTML Form/CGI); POP3; FTP; SMB; Telnet

    Brutus is an online or remote password cracker. More specifically it is a remote interactive authentication agent. Brutus is used to recover valid access tokens (usually a username and password) for a given target system. Examples of a supported target system might be an FTP server, a password protected web page, a router console a POP3 server etc. It is used primarily in two ways:

    • To obtain the valid access tokens for a particular user on a particular target.

    • To obtain any valid access tokens on a particular target where only target penetration is required.
    Brutus does very weak target verification before starting; in fact all it does is connect to the target on the specified port. In the context of Brutus, the target usually provides a service that allows a remote client to authenticate against the target using client supplied credentials. The user can define the form structure to Brutus of any given HTML form. This will include the various form fields, any cookies to be submitted in requests, the HTTP referrer field to send (if any) and of course the authentication response strings that Brutus uses to determine the outcome of an authentication attempt.

    If Brutus can successfully read forms of the fetched HTML page then each form will be interpreted and the relevant fields for each form will be displayed. Any cookies received during the request will also be logged here. Brutus handles each authentication attempt as a series of stages, as each stage is completed the authentication attempt is progressed until either a positive or negative authentication result is returned at which point Brutus can either disconnect and retry or loop back to some stage within the authentication sequence.

    Hacking Tool: ObiWan


    http://www.phenoelit.de/obiwan/docu.html

    • ObiWan is a powerful Web password cracking tool. It can work through a proxy.

    • ObiWan uses wordlists and alternations of numeric or alpha-numeric characters as possible as passwords.

    • Since Webservers allow unlimited requests it is a question of time and bandwidth to break into a server system.
    ObiWaN stands for "Operation burning insecure Web server against Netscape". It is called Project 2086 now, after 2068 the number of the RFC which describes the HTTP/1.1 protocol. 11.1 is the section which describes the basic authentication scheme. This is the mostly used authentication scheme for web server and used by ObiWaN.

    Web servers with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. Every user with a HTTP connection to a host with basic authentication can try username-password combinations as long as he/she like it. This allows the attacker to prod the system as long as he wants to.
    Like other programs for UNIX system passwords (crack) or NT passwords (lophtcrack) ObiWaN uses wordlists and alternations of numeric or alpha-numeric characters as possible passwords. Since web servers allow unlimited requests it is a question of time and bandwidth to break in a server system. The first way is to run ObiWaN more than once. The following example tries to crack username eccouncil on the intranet.
    ./ObiWaN -h intranet -a eccouncil -w list.txt 
    To run it with alphanumeric variation with a depth of 2
    ./ObiWaN -h intranet -a eccouncil -w list.txt -A 2 
    To run it in brute force loop mode
    ./ObiWaN -h intranet -a eccouncil -w list.txt -b 6 -B 8 

    Hacking Tool: Munga Bunga

    Munga Bunga's HTTP Brute Forcer is a utility utilizing the HTTP protocol to brute force into any login mechanism/system that requires a username and password, on a web page (or HTML form). To recap - A password usually only contains letters. In such a case the quantity of characters in a charset is 26 or 52, depending on usage of registers - both of them or just one. Some systems (Windows, for example) don't make any difference between lower-case and uppercase letters. With an 8-characters' long password the difference would amount to 256 times, which is really significant.

    Brute force method can sometimes be very effective when it is combined with the functionality of the program. Munga Bunga is a tool which can be used for breaking into emails, affiliate programs, web sites, any web based accounts, launching DoS attacks, flooding emails, flooding forms, flooding databases and much more; though DoS attacks and flooding activity are not supported or documented in the documentation. Apart from this, the attacker can write definition files. These are files ending in the .def extension, and contain information about a particular server, and the data to submit to it. They are used to extend the power and capability of the program, based on the user's own definitions. The software comes bundled with some definition

    The tool claims to be capable of brute forcing, any thing that can be entered via a HTML form with a password and username. The attack methodology goes as follows: The attacker uses a password file in order for the program to attempt and enter the account(s), with the specified passwords. In addition, he can write a definition file for the form he wants to crack into.

    Hacking Tool: PassList


    Passlist is another character based password generator.
    Passlist is a character based password generator that implements a small routine which automates the task of creating a "passlist.txt" file for any brute force tool. The program does not require much information to work. The tool allows the user to specify the generation of passwords based on any given parameter. For instance, if the user knows that the target system's password starts with a particular phrase or number, he can specify this. This makes the list more meaningful to the user and easier for the brute forcer. He can also specify the length required such as the maximum number of random characters per password, apart from the maximum number of random

    A partial list is given below.

    • Refiner is used to generate a wordlist containing all possible combinations of a partial password, which an attacker may have obtained by other means. Refiner will then generate a text file containing all possible combinations.

    • WeirdWordz allows the user to just select an input file and as an output file, makes all sorts of combinations of the lines/words in the input file.

    • Raptor 1.4.6 - creates words using many different filters from html files to create a wordlist.

    • PASS-PARSE V1.2 - Pass-parse will take any file and turn all the words into a standard type password list, while stripping anything that's not alphanumeric. The main idea behind it is that while trying to crack the password of a personal website, the password may appear on the site when the person describes their interests. This will parse through an html file and create a list of words from that page to try as passwords.


    Slideshow

     
    صفحات مبعــثرة كسرت حاجز الصمـت لتحكي
    متعة الحياة أن تعمل عملا لم يسبقك إليه أحد ولم يتوقعه الآخرون.................. Its just another way to unlock ur potential representing my internists with other. By sniffing the web u might see several info.,instructions and details. here i collect similar and simplify them to u, cutting out from my time, efforts even i create my unique posts