Monday, June 14, 2010

Malware: The Positive Aspect

Consider a life - Rules decided by the authority, People following them, Vigilant Guards at work 24X7... Too good a life to live. The future of such world -
Fools, crippled generation being born - quickly followed from law of Use and Disuse of the organ by Lamarck:
"In every animal which has not passed the limit of its development, a more frequent and continuous use of any organ gradually strengthens, develops and enlarges that organ, and gives it a power proportional to the length of time it has been so used; while the permanent disuse of any organ imperceptibly weakens and deteriorates it, and progressively diminishes its functional capacity, until it finally disappears".[source: Wikipedia-]

Now consider our life - Struggle for existence onfile as well online, thanks to corrupt security government officials and ever enthusiastic and sharp hackers, Rules decided by the authority along with a backdoor!, People follow them as per convinience, Vigilant guards causing inconvinience...
Future - Evolved humans take birth, world civilises, OPtimisation of survival factor!!!

Clearly, the above pure world which is very nicely planned, a perfect dream world - is only fit for a dream as it is stagnant and therefore has almost negligible information and 0 entropy. Our world, on the other hand, may seem too messy, too problematic and disturbing but it is the one which is vivid, lively and bound to improve in existence level as there is always a scope of refinement to the current status. This is analogous to the river water, which keeps flowing indefinitely. It gets polluted on the way but it is pure where it emerged first and when it finally merged in the sea! The journey is its life and disturbance on the way is the spice of its otherwise monotonous flow...

Similar to this is our security professionals vs. Hackers game. The game is on only until hackers find another way to circumvent the current policies or find some vulnerability to exploit in the current setup. The malwares, worms, virus etc. may seem a nuisance on face but they are the driving force for all this security hype. Mind it the security professionals have a job only until hackers are interested in playing ;)
Therefore its a sort of win-win game. The security professionals are on a constant hunt for a best fit policy, secure software and the hackers are in constant search of vulnerability in the software and the trapdoor in the policy. You remove one cog the wheel stops and the future which we were imagining to be a storehouse of opportunities suddenly ceases to exist! All this malicious stuff is therefore the spice of a security profs food and the vulnerability in the operational system are the driving force for the hacker. Mind it a challenge interests only when it is difficult to crack.

With the limited knowledge i have of the field, I am fascinated by the way these people circumvent the rules and the policies to bring down the weak and vulnerable system and work constantly for improving it!

Tuesday, June 8, 2010

Unusual Redirections

The link as well as are both redirecting to a truckexplorersite. Since yesterday, these two links are both redirecting to the one site
No exploit or anything unusual happening has been detected yet.

Monday, June 7, 2010

Anomaly Detection

Anomaly detection is a unique approach to find the odd one out or malicious value. The approach basically involves learning the normal behavior and then detecting variation from this established behavior, which is called a profile. The variation is found based on a model. A model supports in learning as well as detecting. The crux of the approach is "the model".
A basic understanding of the approach can be had from the following program which learns A, an arbitrary integer variable. This model learns that A normally lies between the minimum and maximum values input during the learning mode. It also learns a threshold as 10% of the mean of the entered values. After successfully learning the values of A the model switches to the detection mode. In this mode the difference of the entered value and the mean is compared to the threshold. A difference greater than the threshold is marked anomalous and the value is put in the anomaly list else it is appended to the normal list of values. This is a very naive but working implementation of anomaly detection approach.
The original python implementation is here:

class learna(object):

    def learnA(self):
        """a function to learn a"""

        print "average is",avg

    def learn(self):
        print "learning mode"
        for i in range(5):
            al=int(raw_input("enter integer value for a."))
        print lower,"<",upper
        return alearned

    def detect(self,low,high,avg):
        print "running in detection mode."
        for i in range(5):
            ae=int(raw_input("enter current integer value."))
            if (aehigh):
            if (abs(ae-avg)>threshold):
        print "total anomalous value",len(anomaly)
        print "total normal values",len(normal)
        print "total entered values", len(aentered)
        print "total detected anomalous values",len(anomalous)