†è¢h båbblè

My daily dose of rant & whine !

CentOS: Enterprise-class Linux

Friday, March 10, 2006
CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendors redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) CentOS is free. CentOS is now accepting donations via PayPal, please click the button for more information

You can download the ISO image files & find more information about the project from here

Linux Magazine has a detailed review of the same in its April 2006 Edition.
You can get the pdf of the article from here


Wednesday, March 08, 2006
Yesterday I downloaded the ISO image file of Accelerated Knoppix ver 1.0.As the name suggests,its a clone of the popular & useful Knoppix Live CD but which is faster in booting. i.e the time taken from the boot: prompt to the GUI is highly optimised.

I decided to give it a shot today.On my laptop the LiveCD upon booting of the optical drive took me to KDE(default GUI) in about a minute & a half approximately.But there was one simple problem.The default language with which the CD boots is not English :-P

This is easily solved by issuing knoppix lang=us at the boot: prompt.

I dont see any other advantage than the vanilla Knoppix LiveCD except that this one boots faster.So if you got no patience & feel that wasting 2-5 minutes could get you killed then this one should suit your taste :-P

The ISO image is 692.49MB in size & can be downloaded from here

Google Safe-Browsing Extension for Firefox

Monday, March 06, 2006
Phishing & Pharming attacks are getting common these days & more sophisticated to say the least.For the un-initiated the below para explains what phishing & pharming is all about:

What is Phishing and Pharming?
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers.

Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.

Just a couple of days back I was watching CNBC India,they were featuring a TV show about these new threats & their use in committing Internet fraud.
The show was quite alarming & shocking to me,the only reason was that two very well known & emerging banks ICICI & IDBI have fallen prey to phishing attacks resulting in bank fraud.

It was reported during the show that around 10 people from different parts of the country who did online banking fell for a specially crafted clone website made by the attacker which intercepted their banking ID's & password information.

Although the higher level officials from both the banks denied any financial loss except those 10 customers (which also wasnt clear on ther part,whether their money was used by the attacker or not).The fraud happened were recently in the month of January & quite interestingly IIRC the attacker was caught in month of February.The mistake he committed was making a online purchase from Ebay India from one of the stolen bank accounts credentials.

Here is the article Times of India featured about ICICI bank phishing attack: Times of India

Now this brings me to my latest post about ways of preventing phishing & pharming attacks.Google has brought out a new extension for Firefox(works on ver. 1.5 & above only)which will report about a phishing attack by displaying a warning about its authenticity.

As with most things in the security world,you cant expect it to report every phishing website but to give you a fair idea about its working,here is a screeny of the extension in action on a fake Ebay phishing website.

Free Image Hosting at www.ImageShack.us

I could only test this on one phishing website I stumbled upon through Neowin.But going by the extension's ability would be a disaster afaik.

/*No rants,ramblings please

Use whichever browser you like,people using Firefox 1.5 might find this handy & useful.If you dont use firefox,then search if there is a plugin or a extension which offers this functionality for your browser.If not then you are on your own :-P

Over n Out */

You can get the extension from here

Here are excellent tips right from the horse's mouth: Anti-Phishing Group

Last but not the least Common Sense & Good Eyesight always results in a Safer Browsing Experience !

Wireless Networking Need To Know 2006

Wednesday, March 01, 2006
Here is a useful piece of info regarding wireless products,technologies,things to look out for & some very useful tips when choosing wireless gear.

Wireless Networking Need To Know 2006