Ready with your oxygen tank? Because we are going to Intrusion Detection pool, to dive, to swim, to know what is Intrusion Detection really is.

Based from Wikipedia, Intrusion Detection system is a system that will detects threats to computer system mainly come through the Internet. In early when the Internet is not well-known by peoples, this Intrusion Detection is not take serious by security expert. But when the Internet became popular, the implementation of this system is really important.

To know more about Intrusion Detection, there are many sources available on the Net but many of them are old and not cover nowadays threats. But one of IT Security staff had email me that they had published an article, Dive Into Intrusion Detection that cover every things about Intrusin Detection. Their article is easy to understand. [tags]intrusion detection, id, system[/tags]

For those who are using “illegal” Kaspersky license, now you can get free 3 months legal Kaspersky license key.

Go here (don’t bother with the langguage – german) and enter your email in the box and click the button below it. After awhile, check your inbox and you will get 3 months legal Kaspersky license key for free.

Btw do you even heard about Nod32 ? I moved from Kaspersky and currently using it right now. I think it is greater and lighter than Kaspersky. Check the comparison charts. Nod32 only use 4% of resources. Other than that, based on someone’s experience, Nod32 detection for zero-day attack is far better than other antivirus products. ;)[tags]antivirus, kaspersky, license, key, software, nod32[/tags]

Here is the situation. You just changed your Windows admin password. The next morning when you boot your PC, you can’t remember the password to login to your Windows. You got nervous and don’t know what to do. Every passwords you entered were wrong. But, be calm… Every problems have their solutions. :p

All you need is Ophcrack, a Windows password recovery tool. Borrow someone PC, download the tool and burn it in CD. Then boot your PC with the Live CD and Ophcrack will start do its work. But make sure to set your BIOS to 1st boot from CD or you will end up with boot in Windows. Launch the program and wait the password to be retrieved.

Or in 4 easy steps:

1. Download
2. Burn
3. Launch
4. and Wait :d

Cypher: Create a strong password but still can be remembered. For an example, you want to make a password with “cypherhackz”. You can change it into “cyph3rh4c|<z”. Or you can use this Password Chart to create your own strong password chart.

Ophcrack [via LifeHacker][tags]password, crack, recovery, windows, ophcrack[/tags]

Attention to all Firefox users. There are some Firefox entensions that you should avoid. This is because the extensions will collect data and uniquely identifying users without notifying them. To be safe, you should disable and remove the extensions from your Firefox usage.

List of extensions that you should avoid can be found at Mozillazine Forum. And I suggest you forward this post on your site too.

A software security researcher has warned that the password manager features of Mozilla’s open source, Firefox 2.0 and Microsoft’s (Nasdaq: MSFT), Internet Explorer (IE) Web browsers could be exploited, placing unsuspecting users at risk.

Users of Firefox or Explorer, both of which may be vulnerable to the attack known as “Reverse Cross Site Request” (RCSR), are not fooled directly by the password theft exploit. Instead, it provides a fake login site that fools a browser’s saved password feature into automatically providing the information, Robert Chapin, president of Chapin Information Services, reported.

Microsoft and Mozilla acknowledge about this probem. While waiting for the next update for this security issue, please disable Passwod Manager in your Firefox.

[via TechNewsWorld][tags]firefox, ie, security, vulnerable[/tags]

Cypher: Btw incase you don’t know yet, you also can discover saved passwords in Firefox. It is really dangerous if your computer use by multiple users.

According to The Times of London, a criminal gang in U.K was able to steal confidential banking data by bugging ATMs with a MP3 player.

The gang tapped the phone line between the targeted freestanding cash dispenser ATM and a wall soket by placing a two-way adaptor on it and connect it to a MP3. The electronic noise from the data traffic will be recorded into the MP3 player and will be interpreted by using a modem line tap or using special software program.

They managed to get copies of credit cards and make purchases worth $380 000 according to The Times.

[via CNET News] [tags]atm, mp3, player, hack, handphone[/tags]

Cypher: How about if we tapped the phone line by using handphone. Then we transfer the recorded noise to a software to interpret the data. Just an idea. :d

Starting 15th Jan 2007, AVG Free 7.1 version will no longer be free. So get AVG Free 7.5 instead.

GRISOFT is announcing a new version of the AVG Anti-Virus Free Edition. This new 7.5 version with improved performance and user interface is available. Users that are using AVG Free 7.1 will be provided with a specific dialog, within the next few weeks, with the opportunity to choose the right option fulfilling their needs. AVG Free 7.1 version will be discontinued on 15th of Jan 2007.

Link: AVG Free Advisor [tags]avg, avg free, avg free edition, antivirus[/tags]

Edit: This report is not accurate. For more info, read this news. [Thanks to aMer]

After few days Microsoft released Internet Explorer 7, new vulnerability has been found in this software. This vulnerability can be exploited by malicious people to disclose potentially sensitive information.

Secunia had make a demonstration tool which is you can check whether your IE7 is vulnerable or not. The test will try to read content from Google News in the context of your browser. This vulnerability is caused by due to an error in handling of redirections for URLs with the “mhtml:” URI handler. And this weak spot can be exploited to access documents served from another web site.

Right now, there is no patch for this vulnerability. But for the moment, you can disable active scripting to prevent from this exploit.

Cypher: Wondering how much new vulnerabilities will be discovered by “techie” guys… [tags]vulnerable, exploit, ie, ie7, microsoft[/tags]

Duh… Check out this screenshot below. My university, UTM has block access to FeedBurner. But it doesn’t block the whole domain, it only block access to feed reader counter only.

The script that blocking the page is WebMarshall. I think this is a new security script that UTM impliment to protect the network from malicious attacks. And I also noticed that they had tighten the security level on their server because last night I can’t access some of websites that I usually visits.

By the way, I must say that this is a good action taken by UTM. Because if they don’t install these security scripts, students computers will be in more vulnerable and danger. Before this, many computers in UTM got attacked by Brontok virus. And recently, virus Ravmon attacks are on the rise. By implimenting this security protection, atleast it can reduce the risk to get infect.

But anyway, please don’t block websites that are not harmful… Duh… [tags]utm, webmarshall, brontok, ravmon, malaysia[/tags]

Edit: Here is another screenshot from WebMarshall script.

Everyone hate spams and so do I. But if you don’t want more spams coming into your email, TURN OFF the Vacation Response setting in your email. [tags]spams protection, stop spams, spams[/tags]

Many email services include this options. By default it is turn off. But you can turn it on if you want to give auto-response to incoming emails while you are away or on a vacation.

Beware that turn this settings on will give spammers chance to keep spamming on you. How? Ok let say spammers send an email to you. Usually spam emails will directly send to Bulk/Spam Folder. If you turn on the Vacation Response setting, your email will automatically send a reply back to the spammers saying that you are away or something else that you have set it before. So when the spammers receive the email, they will know that your email is active and they will keep spamming on you.

So how to make sure your email has turn this setting off? Ok here how to do it in GMail and in Yahoo. Other email services I don’t know, but you can check their help page for more help. Anyway, I like GMail more because it include extra feature in Vacation Response setting. I’ll explain it below.

GMail

1. After login into your GMail account, click on Settings .
2. In General tab, scroll down to Vacation reponder.
3. Make sure that Vacation responder is off.
4. But if you still want to use Vacation responder, you can set it to Only send a response to people in my Contacts . So your email is less “vulnerable” to spammers. This is the extra feature that I told you before.

Yahoo

1. In Yahoo, after you login to your email account, go to Options.
2. Click on Vacation Reponse under Management.
3. If Auto Responder is set to off, you will see Turn Auto-Response On button at the below of the page.
4. And if you want to use Vacation Response, just simply click the button on.

Well I hope with this short post can help you to stop more spams coming to your inbox. If you like want to know more about how to setup Vacation Response, just follow these links:

• How do I set up an automatic vacation response?
• How do I create a vacation response?