Posted on

It is our 10th Birthday

 

 


10 years ago on the 27th of August 2001, we started our journey under the corporate identity of “Qadit Systems & Solutions Pvt Ltd”, to provide quality Information Security Assurance & Consultancy services.

 


Today as we enter our 11th year, we wish to Thank all our Clients, Associates, Partners and Well-Wishers for being part of this enjoyable journey and for

 


    your words of wisdom, encouragement and appreciation;

 


    the opportunities provided for helping us improve and expand our service offerings;

 


    your suggestions and honest opinions that have helped us ensure the quality of our service; and

 


    the constant support and strength that your association has provided us.

 

 

We look forward to your continued patronage and good wishes in our ongoing journey.

 

 

A Heartfelt

  

from The Team @ Qadit.
Posted on

Covert hard drive fragmentation embeds a spy’s secrets

GOOD news for spies. There is now a way to hide data on a hard drive without using encryption. Instead of using a cipher to scramble text, the method involves manipulating the location of data fragments.

The inventors say their method makes it possible to encode a 20-megabyte message on a 160-gigabyte portable hard drive. It hides data so well that its existence would be “unreasonably complex” to detect, they say.

Encryption should sometimes be avoided, says Hassan Khan at the University of Southern California in Los Angeles, because the gobbledegook it creates is a dead giveaway: it shows someone might have something to hide. That could spell disaster for someone trying to smuggle information out of a repressive country.

So “steganography”, hiding data in plain sight, is coming to the fore. Normally, data intended to be secret is added to the pixels in digital images, or used to change the transmission timing of internet packets. But these techniques are well known and easily detected, says Khan. So, with colleagues at the National University of Science and Technology in Islamabad, Pakistan, he has developed an alternative.

Their technique exploits the way hard drives store file data in numerous small chunks, called clusters. The operating system stores these clusters all over the disc, wherever there is free space between fragments of other files.

Khan and his colleagues have written software that ensures clusters of a file, rather than being positioned at the whim of the disc drive controller chip, as is usually the case, are positioned according to a code. All the person at the other end needs to know is which file’s cluster positions have been encoded.

The code depends on whether sequential clusters in a file are situated adjacent to each other on the hard disc or not. If they are adjacent, this corresponds to a binary 1 in the secret message. If sequential clusters are stored in different places on the disc, this encodes a binary 0 (Computers and Security, DOI: 10.1016/j.cose.2010.10.005). The recipient then uses the same software to tell them the file’s cluster positions, and hence the message. The researchers intend to make their software open source.

“An investigator can’t tell the cluster fragmentation pattern is intentional- it looks like what you’d get after addition and deletion of files over time,” says Khan. Tests show the technique works, as long as none of the files on the hard disc are modified before handover.

“The real strength of this technique is that even a completely full drive can still have secret data added to it – simply by rearranging the clusters,” adds Khan.

Others are impressed with the technique but see limitations.

“This type of steganography could be used by spies, police or informants – but the risk is that it requires direct contact to physically exchange the USB device containing the secret data,” says Wojciech Mazurcyk, a steganographer at Warsaw University of Technology in Poland. “So it lacks the flexibility of internet steganography. Once you embed the secret data on the disk it is not easy to modify it.”

But won’t making the covert hard disk software open source – as the group plans – encourage its use by criminals and terror groups?

“It’s how security vulnerability disclosure works,” says Khan. “We have identified that this is possible. Now security agencies can devise techniques to detect it.” He adds that his team have had no issues with either US or Pakistani security agencies over their development of this secret medium – despite current political tensions between the two nations.

“The use of steganographic techniques like this is likely to increase,” says Fred Piper, director of information security at Royal Holloway, University of London. “Eavesdroppers can learn much from the fact that somebody is encrypting a message.”

Posted on

Advanced Persistent Threats(APT)?

In this blog post we understand what is an APT and how it is different from a traditional targetted human-hacker attack.

Most people will immediately point to the “persistent” part of the definition as the key differentiator. The normal targeted attackers break in, look around, and immediately target the most valuable found assets. They figure that the faster they get in and out with the treasure, the more money and the less risk they face.

By contrast, APT attackers are there to stay as long as they can. The attackers aren’t trying to steal everything at once. Instead, they exploit dozens to hundreds of computers, logon accounts, and email users, searching for new data and ideas over an extended period of months and years.

Even the treasure taken by APTs is different. The traditional attacker seeks immediate financial gain. They will try to steal identities, transfer money to foreign bank accounts, and more. APT attackers, on the other hand, almost always take only information and leave money untouched. Their targets are corporate and product secrets.

APT often steals large amounts of information each week, collecting it at a centralized computer within the compromised network, before sending it all home in a single archive file (often a tar ball). Many networks run APT bots that collect every new folder, file, and email, then send it home. The victims have an online backup system that rivals what they could otherwise pay for with a legitimate company.

Worse yet, APTs are usually so ingrained into an environment that even if you know where they are, they can be difficult or impossible to move.

Google,Dupont, Walt Disney and the latest addition to this list -RSA Inc have all been hit by APTs

Posted on

RSA Security Inc Hacked-How it Happened

RSA, the security division of EMC and producer of the SecurID systems used by countless corporations (and the Department of Defense), has been hacked. The company sent out messages to its clients and posted an open letter stating that it’s been the victim of an “advanced” attack that “resulted in certain information being extracted from RSA’s systems” — information “specifically related to RSA’s SecurID two-factor authentication products.” The copy of the letter can be found at this link-https://www.rsa.com/node.aspx?id=3872


The worry is that source code to the company’s SecurID two-factor authentication product was stolen, which would possibly allow hackers to reverse-engineer or otherwise break the system.


Initially, it released no details about how the attack was carried out. Now, RSA–which is a unit of storage giant EMC–has gone into some detail concerning how its systems were breached, in a blog post by Uri Rivner, whose title is Head of New Technologies, Identity Protection and Verification. It all started with phishing emails.


Over the course of two days, two groups of emails were sent to a small group of employees, none of them high profile, nor apparently especially senior. Though RSA doesn’t spell out who received them, the emails may well have gone to the human resources department or some other quiet corner of the company. The emails contained an Excel spreadsheet attachment entitled “2011 Recruitment Plans.” Naturally it was created to look just believable enough that one of the employees who received it fished it out of the spam folder to which it was initially directed and opened it. You can probably fill in most of the blanks from here.


The spreadsheet contained a Zero-day exploit that took advantage of a weakness in Adobe Flash, which has since been patched. Through that hole, attackers were able to install anything they wanted on the target machine. They chose a version of a program called Poison Ivy RAT, and in this case RAT stands for “remote administration tool,” a program that is used to control one computer from another in a different location.


Still unexplained at this point: What information was taken, and does it in any way affect the integrity of its own security products? When the attack was first disclosed, the company said that some information about its SecureID products was taken by the attackers. This has led to a lot of questions and speculation by security pros who naturally have to think about the worst-case scenario, and frankly, there are many for which the adjective “worst” would apply.


The big looming question is whether or not the attacker gained access to the seeds–the random keys embedded in each token–that are used to generate the constantly changing numeric codes that appear on the device’s display.


Posted on

Evaluation of Anti-Virus Software-Some Commonly Used Criteria

Here is a list of commonly used evaluation criteria for anti-virus software

  • • Ability to produce new virus signatures quickly
  • • Dispersed/distributed manageability
  • • Unified client features
  • • Client transparency
  • • Support for all Windows OSes and Linux
  • • Web-based management console
  • • Company strength and overall AV strategy
  • • Ability to integrate with other solutions such as Cisco NAC
  • • Proactive notification on potential outbreaks and/or problems
  • • Ability to clean up after viruses and/or spyware have infected a system
  • • Ability to quickly prevent outbreaks while new virus signatures are not yet available

Each of the above criteria has been explained further

Ability to Produce New Virus Signatures Quickly

The period between when a virus is discovered “in the wild” and when a signature or pattern file is available for clients is extremely critical. The longer it takes to get and distribute new pattern files, the more likely it is to have clients getting infected.

Dispersed/Distributed Manageability

The ability to provide Unit Computing Specialists and/or departmental administrators access to manage their own clients was also an important feature. With the diversity in departmental IT policies, it is necessary to be able to give people the ability to set policies for their department differently than  what is defined at the global level. Furthermore, departments need the ability to provide customized reports on systems under their control to their management.

Unified Client Features

The ability for client software to provide antivirus, anti-spyware, SPAM filtering, and firewall support in a single package was very high on the list of requirements. Packaging all of these features together under a single client not only reduces desktop and system tray clutter but typically takes up fewer system resources in terms of CPU and memory.

Client Transparency

Another aspect that to consider is how the client itself performed while a system was under heavy usage. Real-time scanning and monitoring needed to be as unobtrustive as possible. This also meant that any error messages or warnings that popped up as viruses were found needed to be easy to understand and answer. It was very important that the client be as transparent and easy to use as possible to users.

Support for mulitple OSes

If there are a variety of operating systems is use it is important that any solution support the full range of Windows operating systems from Windows XP and2003 all the way back to Windows 98 and Windows 95. In addition, adding support for protecting the growing number of Linux desktops and servers may also be required.

Web-Based Management Console

Enterprise management tools needed to be web-based for ubiquitous access. Not all system administrators run Windows on their desktop, so use of a Windows client-based management system is not desired in our environment. Furthermore, the console needed to be able to provide granular control over systems being managed.

Company Strength / Overall AV Strategy

Another factor in selecting an antivirus solution is how strong the company itself was. Fiscally weak or unsound companies tend to get bought out by larger corporations who may then change the levels of service a product provides even during a contract.The availability of technical support for the anti-virus software is also relevant here. This particularly the case when using free anti-virus software.

Ability to Integrate with Other Solutions

Network security is another area of focus when selecting an antivirus solution. The ability of a solution to integrate with third party solutions such as Cisco’s Network Solution. It is therefore essential that anti-virus solution be able to integrate with the existing network infrastructure.

Proactive Notification of Potential Outbreaks and/or Problems

Limited human resources means that continuous monitoring of the system may not be possible. Therefore, it is critical that any solution be able to watch systems and automatically notify system administrators of possible outbreaks or issues on the network. The ability to email or page an administrator or administrators when there appears to be an anomaly on the network should be considered.

Ability to Clean Up after Viruses and/or Spyware

Obviously another factor that must be considered when evaluating antivirus solutions is how well the product is able to clean a system after an infection. If a solution simply detects a virus but doesn’t clean it up well, it doesn’t really save an administrator any time or effort. The solution should be able to successfully clean a majority of infections without having to rebuild the system.

Ability to Prevent Outbreaks Until New Virus Signatures Are Available

Many vendors have begun to discuss “zero-day” protection, but few actually do much about it. The ability to prevent an outbreak from occurring when there is no virus signature or pattern file available is extremely important. Hundreds of systems could potentially become infected in the time it takes a virus to be detected “in the wild” to the time a new pattern is available. A feature considered key was the ability for software to keep systems protected even though they were unable to detect the virus.