AIR-GAP

HOW DO YOU remotely hack a computer that is not connected to the internet? Most of the time you can’t, which is why so-called air-gapped computers are considered more secure than others.

Air-gap refers to computers or networks that are not connected directly to the internet or to any other computers that are connected to the internet.

The name arises from the technique of creating a network that is physically separated (with a conceptual air gap) from all other networks.

Air gaps generally are implemented where the system or network requires extra security, such as classified military networks, the payment networks that process credit and debit card transactions for retailers, or industrial control systems that operate critical infrastructure. To maintain security, payment and industrial control systems should only be on internal networks that are not connected to the company’s business network, thus preventing intruders from entering the corporate network through the internet and working their way to sensitive systems.

A true air gap means the machine or network is physically isolated from the internet, and data can only pass to it via a USB flash drive, other removable media, or a firewire connecting two computers directly. But many companies insist that a network or system is sufficiently air-gapped even if it is only separated from other computers or networks by a software firewall. Such firewalls, however, can be breached if the code has security holes or if the firewalls are configured insecurely.

Although air-gapped systems were believed to be more secure in the past, since they required an attacker to have physical access to breach them, recent attacks involving malware that spread via infected USB flash drives have shown the lie to this belief. One of the most famous cases involving the infection of an air-gapped system is Stuxnet, the virus/worm designed to sabotage centrifuges used at a uranium enrichment plant in Iran. Computer systems controlling the centrifuges were air-gapped, so the attackers designed Stuxnet to spread surreptitiously via USB flash drives. Outside contractors responsible for programming the systems in Iran were infected first and then became unwitting carriers for the malware when they brought their laptops into the plant and transferred data to the air-gapped systems with a flash drive.

MjIyMTQzMg

The techniques of hacking air gap computers include:

  • AirHopper that turns a computer’s video card into an FM transmitter to capture keystrokes;
  • BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;

 

 

Researchers in Israel showed how they could siphon data from an air-gapped machine using radio frequency signals and a nearby mobile phone. The proof-of-concept hack involves radio signals generated and transmitted by an infected machine’s video card, which are used to send passwords and other data over the air to the FM radio receiver in a mobile phone.

The method is more than just a concept, however, to the NSA. The spy agency has reportedly been using a more sophisticated version of this technique for years to siphon data from air-gapped machines in Iran and elsewhere. Using an NSA hardware implant called the Cottonmouth-I, which comes with a tiny embedded transceiver, the spy agency can extract data from targeted systems via RF signals and transmit it to a briefcase-sized NSA relay station up to eight miles away.

  • Stealing the secret cryptographic key from an air-gapped computer placed in another room using a Side-Channel Attack.This is the first time when such attack have successfully targeted computer running Elliptic Curve Cryptography (ECC).

Elliptic Curve Cryptography is a robust key exchange algorithm that is most widely used in everything from securing websites to messages with Transport Layer Security (TLS).

Source: thehackernews, spectrum.ieeewired.com

Interesting Facts About Bitcoin and Blockchain

Bitcoin is a cryptocurrency, but the blockchain protocol behind it can be used for a variety of non-currency purposes. people are using the blockchain to develop everything from ride-sharingservices to voting applications to cloud storage. Let’s take a closer look at how the blockchain protocol works and how it’s being used.

The most exciting thing about Bitcoin is not Bitcoin at all.People at who is hosting this have created an interesting infographic regarding Blockchain and Bitcoin in general.

blockchain

Source: securityzapwhoishostingthis

File System Check Error in FortiGate

File System Check Error in FortiGate 5.2.3 and above

In FortiOS 5.2 patch3, the file system check dialogue was introduced in the GUI and it offers the options to restart the unit and perform a file system check or, if desired, to be reminded later for performing the action in a maintenance window.

FortiGate error

File System check is a feature that is checking if the device was not shutdown properly. It will do a disk scan when the system boots up to avoid any potential file system errors.  In fact, if the unit was shut down without using the proper command (#execute shutdown), during the booting sequence, the FortiGate will check internal files for this log event and, if it cannot find it, the message will be shown.

This behavior is by design and there is no option to disable this message.

The message should no longer be seen once the following actions have been completed:

– Check of the file system.
– Reboot of the device.

source:itzecurity

How to Remove Password from PDF Files

We receive password protected bank statements, credit card statements, mobile bills and salary slips every month. It’s quite OK to have passwords for PDF files that we rarely use but the situation changes as we use the file more frequently. It can be monotonous and tiresome to type the password each time you need to open the PDF file. Even sometimes we need to share these PDF files, in such cases, we can remove the password protection from a PDF file by decrypting it. PDF decryption is very easy but requires specialized software to do that. In this tutorial, we will see how to remove password from PDF file in a distinct method. The easiest and recommended way to remove password is using the Google Chrome browser.

  1. Drag and drop password protected PDF file into Google Chrome browser.
  2. Google Chrome will now prompt you to enter the password of the file. Enter the password and hit Enter to open the file.
  3. Now go to the File menu in Google Chrome and choose Print (or press Ctrl+P on Windows or Cmd+P on Mac). Choose the destination printer as “Save as PDF” and click the Save

Google Chrome will now save the PDF to your PC but without the password protection. If you re-open this PDF , it will open without  prompting password.

source: sandeep singh, Codegena

How to enable Administrator account in Windows 8.1 & Windows 10 Home Single Language

Use the following steps to active administrator account.

  1. Open the command prompt as Administrator

Normally, the command prompt can be opened as a regular user to run commands that don’t require administrative rights. However, if you need to run a command that requires administrative rights, you must open the command prompt window as administrator.

  • The first method of accessing the command prompt as administrator is to right-click on the Start button  1  in the lower-left corner of the screen and select the Command Prompt (Admin) option from the  User menu.

You can also press the Windows key + X to access this menu.

2

–  The second method involves the Start screen. If you are currently on the Desktop, click the Start button in the lower-left corner of the screen.

63

On the Start screen, start type “command prompt” (without the quotes). The Search panel displays on the right side of the screen and results of the search display as you type. Right-click on Command Prompt and select Run as administrator from the popup menu.

23

So now you are opened the command prompt in administrator mode.

2. Type below given command to see the users list:

C:\WINDOWS\System32>net user

3. Unlock the administrator account.

C:\WINDOWS\System32>net user administrator /active: yes

  1. Give a password.

C:\WINDOWS\System32>net user administrator *

(* – type the password)

Source: howtogeek

 

How to: Determine Which .NET Framework Versions Are Installed

Users can install and run multiple versions of the .NET Framework on their computers. When you develop or deploy your app, you might need to know which .NET Framework versions are installed on the user’s computer.

Note that the .NET Framework consists of two main components, which are versioned separately:

  • A set of assemblies, which are collections of types and resources that provide the functionality for your apps. The .NET Framework and assemblies share the same version number.
  • The common language runtime (CLR), which manages and executes your app’s code. The CLR is identified by its own version number.

To get an accurate list of the .NET Framework versions installed on a computer, you can view the registry.

To find .NET Framework versions by viewing the registry (.NET Framework 1-4)

  1. On the Start menu, choose Run.
  2. In the Open box, enter regedit.exe.

You must have administrative credentials to run regedit.exe.

3. In the Registry Editor, open the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP

The installed versions are listed under the NDP subkey. The version number is stored in the Version entry. For the .NET Framework 4 the Version entry is under the Client or Full subkey (under NDP), or under both subkeys.

1 Frame work

To find .NET Framework versions by viewing the registry (.NET Framework 4.5 and later)

  1. On the Start menu, choose Run.
  2. In the Open box, enter regedit.exe.

You must have administrative credentials to run regedit.exe.

3. In the Registry Editor, open the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\V4\Full

Note that the path to the Full subkey includes the subkey Net Framework rather than .NET Framework.

2 Framework

Check for a DWORD value named Release. The existence of the Release DWORD indicates that the .NET Framework 4.5 or newer has been installed on that computer.

IC664979

The value of the Release DWORD indicates which version of the .NET Framework is installed.

Net Frame work

Source: Microsoft