Posted by: Aamir Attaa on November 18, 2008 at 10:16 AM
Pakistan’s Telecommunication Authority has asked the government to pass a new law and permit imprisonment for up to 49 years for handling stolen mobile phones. The regulator has been trying to scale down, or even eleminate incidents of stolen mobile phone activities throughout the country.
“On approval of the suggested amendments the accused could be sentenced 49 years imprisonment, or with fine which may extend to ten million rupees [US$125,000] or with both,” Chairman PTA Dr. Muhammad Yasin told a Sub-Committee of Senate Standing Committee on Interior. Continue Reading This Story
No Comments
Posted by: Muhammad Ali Raza on November 18, 2008 at 10:05 AM
OGRA’s website was hacked last evening; I was in office when I heard this breaking news on Geo TV. At 
once, I searched for OGRA, and started looking for more information about this defacement. After little work I found that OGRA’s website was hacked by H M G group of script kiddies from India run by a guy call Sneak and they call themselves Guards of Hindustan and some define this group Hindu Militant Group.
I remember, it’s been a year when I spoke with the owner of this group for first time. He was just a kid then (in terms of hacking) He didn’t know much about hacking and security concerns. This guy had a group of friends, who were keen to know more and more about hacking and they intended to use their skills for fun purposes. Continue Reading This Story
6 Comments
Posted by: Aamir Attaa on November 14, 2008 at 9:20 AM
Telenor has introduced a service called “Telenor SecureAll” to backup mobile phone data including contacts, SMS and media files on web. Customers availing this service will be able to backup and restore their data stored on mobile phones, anytime – they can delete all data from their phones, remotely (in case mobile phone is lost), furthermore, phone can be (remotely) locked or unlocked as well.
This is a similar service provided by Mobilink “CellSecure” through a Singapore based common vendor, TenCube. It is a client application based service, meaning that – you will have to download a software on your phone in order to use this service.
Service Charges
A flat monthly rental of Rs. 30 + Tax with Free 14 days trial period. Continue Reading This Story
3 Comments
Posted by: Muhammad Ali Raza on October 23, 2008 at 2:50 AM
Few days ago, a friend of mine was looking around for someone’s mobile info; like he was interested in knowing his address details and some other basic information. Previously we had a combined friend in a Telecom company, so such little things were not big issues. However, now he is in Canada for a better job. Hence my friend asked me to figure out some way but I was left with no option. We kept on wondering about how to tackle this do or die situation.
After doing some research, I just found a very good way to find someone’s info. (I am sharing this to let you guys know how badly configured our online systems are, and how insecure our information is)
You can get someone’s name and city right? Its very easy, simply call helpline and plead a little, and they give away this info and its not hard part (I did this personally). Also name and city can be acquired by your cousin or cousin’s friend who is working in cellular company franchise. (Franchises can access to name and city of any number)
So now we have victim’s name and city and last name (last name is must here, as it is used to find address).
See, we can acquire complete details from this basic information, in fact you would be surprised that many online phone directories offer this very personal information like a duh!
I wonder, how this very private data of PTCL was stolen away, and above this, how daringly these websites are offering free online directories of this sensitive and private data. I am not promoting these website, but just wanted to share how insecure we are.
http://17.ptcl.net.pk/
check it out, PTCL’s online directory - taking advantage of such thing is not bad! Is it?
Here is magic string use it well boys
“http://17.ptcl.net.pk/subcsribeinfoResult.asp?txtname=NAME&txtadd=CITY&submit1=Search”.
Change NAME with the last name of victim - that we got from call center or franchise; while change NAME with city name.
Here you go, match your number with name and enjoy! There are good chances if name is rare one, as you will get less results for uncommon names. And in case of multiple results, and if you are not sure about your match, simply call the number from any PCO and act like TCS or DHL guy, and tell them “Sir we have a letter for you from XYZ bank, can you please confirm your address” you guys can give him same name address from that’s city he will confirm you this address, even if it was incorrect huh how much hard this was?
Lessons for us!
Please Immediately block all these services, as they are of no good. They are just used for ill means. Even, if there are some genuine inquires, they must be routed to PTCL’s helpline 1217, which should verify its legitimacy prior to revealing any details.
16 Comments
Posted by: Muhammad Ali Raza on October 16, 2008 at 9:07 AM
New attack method has been designed by hackers to get your system infected. We, very frequently, use Wi-Fi (wireless) access points in our offices, home, universities and public places such as restaurants and airports. Microsoft Windows actually tends to remember our previous Wi-Fi sessions, so that it can communicate with known Wi-Fi networks to connect your PC or laptop by sending synchronization packages, and all this happens without your approval.
Hacker used this function as a attacking method, as they send you requests to accept their networks as your Wi-Fi connections. These requests can be like “Hey it’s me your office access point connect here” or “This is your home network connect this”.
Normal users, like many of us, will connect these networks, but doing so will you get to bunch or attacks on your machine, as your operating system or application gives hackers unauthorized access to your system.
You cant skip these hacking requests, as they are carried away automatically. So you cant stop this but there are some ways to do some tweaking to keep such attacks busy for sometime and to put more effect to get them access to your system.
- Keep your wireless card (Wi-Fi) devices turned off when not in use
- Make sure what network you are connecting to
- Keep you WiFi cache data clean
- Use WPA2 with AES encryption method for your home or office networks.
1 Comment
Posted by: Reality Bites on October 16, 2008 at 6:50 AM
According to PTA’s very recent public stats, the total numbers of cellular subscriber in Pakistan are soon going to hit 90 million mark. The saturated Telco’s market of Pakistan is now asking for QoS (Quality of Service), Continuous improvement in network infrastructure and customer service & care programs.
If we randomly analyze the Pakistan Telco’s market, we will get the findings that almost all of the major factors have been utilized. Recently, we all have observed new launches of Mobile Telco, though market was expecting huge change in pricing structures and in some DATA services to be free, but results were not as anticipated.
According to an estimation, it has been observed that most of the cellular subscribers utilize these connections as the secondary choice (few people may have different opinion here) and they registers every number as a habitual behavior. Thus investing millions of dollars in the same arena for customer acquisition is no more tactful attitude as it was before.
As pricing competition in Pakistan’s cellular market has almost broken every global record. The cheaper products & Services offer to try and beat off rivals’ offers, it’s a profit killer.
Continue Reading This Story
1 Comment
Posted by: Muhammad Ali Raza on October 16, 2008 at 6:39 AM
Alaska Governor and republican Vice-presidential candidate Sarah Palin’s quasi-personal Yahoo Mail (~censerd~@yahoo.com) account was hacked by the infamous group called “Anonymous”. The hackers’ crew post her personal info on net to let every one see what her personal life is. This is very worst case - like most of the time hackers usually don’t post evidence of there attacks. She is denying the facts but we if assume that this is real then this can be archived by lots of method.
- Password guessing / brute force attacks
- Password recovery system flaw or website vulnerability
- Network sniffers
- Phishing scams
- Insider (rouge customer service representation or software backdoor)
- Operating System Malware/Spyware
- Stolen hardware
- Lost backup tape (hah, as if free WebMail providers have backups!)
- Use of a public computer or many other ways we can’t even think about
There is no solid, or say a perfect way to secure you critical information, yes, sadly its true - but what you can do is to follow few things very strictly while surfing on internet.
If a hacker wants to break in to your security, he/she will do this by any means - but its in your hand to give hacker a tough time.
Some steps you can follow are to Not to Post your personal info on Blogs - Don’t use weak passwords, here strong password doesn’t mean any special characters or 23 digits password, but don’t use your phone number, family name, school related information or id card number.
I have seen people using there mobile number as a password, or their name then mobile number.
I must tell you here that there are some software available that generates password list if you put info of target person, such as their name, phone numbers, their city name, family name etc.
Other very crucial thing is to not to put your resume on internet social networking websites.
Update your OS (Operating System) and applications to patch latest security threats. Do use anti-viruses and firewalls to keep your self away from this crap. You can’t stop hacker to break in but you can make them slow to break in change your password monthly or weekly.
4 Comments
Posted by: Muhammad Ali Raza on October 11, 2008 at 12:08 AM
Internet has become a play ground for hackers & crackers. These days they keep on flying around as they have gathered themselves into organized groups who work like a team.
These hackers remain busy in inventing new methods to damage/hack corporate entities and internet users. They are getting smarter with each passing day and I am afraid to narrate this that they are doing very smart things now.
Every day anti virus vendors face around 30,000 new Viruses, Worms, Trojans, etc and all their employees remain busy in identifying and creating anti-virus signatures into their database to get ready with updates. You may have seen your Anti-Virus application updating it every other day, if not daily. This means, there is no permanent solution to these viruses, Trojans, and other hacking codes that gets installed on your PC automatically.
Just think that about an email that you received from your Company or your bank and it says “Sir we have been reported hack attempt please update your personal information” or “We are upgrading our server or Database please click this link and move forward”. Many of innocent internet users like you click that link and here you go. You have been selected as bot (this is what they call hacked system) and you will be following unauthorized instructions on command of a hacker.
Most important thing to tell you guys is that by simply opening an HTML page, or at time just clicking a link, or opening a mail can risk you hacked attacks - this can be achieved with two approaches
- phpbot (same as ircd bot but this is work with HTTP so no more firewall blocking)
- exploit (Peace of code which is used to get advantage of poorly written program)
- Pack (more then one exploit for more effective result).
These phpbots, exploits, and Packs are sent via Emails, like when you get email and opens, it may contain piece of code to take advantage of your system. Additionally this email can have virus to take full authorized access your computer to collect Credit Card information, bank login, every user password you enter from that PC, and this virus can be capable of sending all this information back to hacker, using your PC.
They have more bad options to harm internet users, such as spreaders – these are viruses that spread it self not only by emails, but with USBs, MSN messenger, YAHOO messenger, P2P NETWORKs, Outlook email list etc.
This was just an introductory post to overview possible dangers that we face every day. I have tried to not to go into technical details, however, in future, I will discuss each of them with further details and way to protect yourself from such issues.
2 Comments
