Sunday, October 18, 2009

IMAM & 3 ORANG SAHABAT

Imam & 3 Orang Sahabat...
Di sebuah kampung ada 3 orang remaja yg suka melepak. Sorang tu nama dia Ali,
sorang tu Budin dan sorang lagi Ciko. Aktiviti seharian depa ni
menyebabkan tok imam tak senang duduk. Pada satu hari tok imam tu datang dengan
niat nak tarbiyah depa ni. Maka berlakulah beberapa insiden cabar-mencabar.
Tok imam tu cabar 3 orang sahabat tu ke surau waktu Maghrib nanti. Si Ali
pun berkata, "Tok imam ingat kami ni jahil sangat ke? Takpa, nanti kami
buktikan yg kami bukan la jahil sangat seperti yang disangkakan" .

Maka apabila hampir masuk waktu Maghrib pergilah 3 orang sahabat tu ke
surau. Tok imam pun suruh Ali azan. Tanpa berlengah terus je Ali azan,
"Allah Ta'ala... Allah Ta'ala..." Dengan segera tok imam merampas mikrofon daripada
Ali & menyuruh tok bilal azan semula. Terserlah lah kejahilan Ali.

Selepas iqamat, masa nak sembahyang tok imam pun mengangkat
takbiratul ihram. Angkat sekali tak khusyuk, angkat 2x pun
x khusyuk jugak lagi.. Masuk je kali ketiga, Budin panggil tok imam. "Tok,
tok duduk kat belakang, biar saya jadi imam." Tok imam pun undur le ke belakang.

Budin pun angkat le takbiratul ihram. "Allahu akbar!" Maka para
makmum pun ikut angkat takbiratul ihram & memulakan solat. Tiba2 je si Budin
ni pusing ke belakang dan berkata, "Aa, tengok! Sekali jee tokkkk!!"
lalu batallah solat Budin. Yg lain2 pun ikut berenti sambil ketawa terbahak2.

Tok imam pun mintak pulak si Ciko jadi imam. Si Ciko pun terus ke
depan jadi imam solat tersebut bermula dari takbir sampai le habis
sembahyang. Siap dg wirid2nya sekali. Punyalah respek tok imam kat si Ciko
niii... Lepas solat, tok imam pun puji-memuji leee si Ciko ni... Tapi dengan
bongkaknye si Ciko berkata, "He hee, itu belum ambil wuduk lagi tu.
Kalau tak, lagi dassat aku semayang. He heee..." Tok imam pun terkedu
dan terpana...

Jasadnya Tidak Diterima Bumi

BACA DARI MULA SAMPAI ABIS...

KALO X ANDA MENYESAL...

Kisah ini berlaku di sebuah perkampungan kecil di Pahang pada tahun 1973.

Ia nya diceritakan oleh Salleh kepada penulis untuk pedoman semua pembaca budiman.

Kisah berlaku di sebuah Pekan yang bernama Kampung Pulau Tawar, Jerantut .

Seorang lelaki yang bernama Omar (nama sebenar dirahsiakan bagi menjaga nama baik keluarga tersebut). Omar adalah seorang bomoh di kampung tersebut.

Beliau merupakan seorang bomoh yang agak disegani oleh kerana setiap kali apabila beliau mengubati setiap penyakit yang pelik, beliau akan berjaya.

Satu hari diwaktu senja ada seorang budak melalui rumah Omar budak itu adalah Salleh pencerita kisah ini. Salleh terdengar seseorang sedang bercakap dalam bahasa yang agak pelik dan tidak pernah didengarinya sebelum ini.

Salleh cuba mengintai dari celah lubang dinding yang agak usang.

Beliau melihat Omar bercakap mengadap sekeping cermin. Oleh kerana lubang tersebut agak kecil Salleh tidak nampak keseluruhan cermin tersebut.Salleh cuba mencari lubang yang agak besar.

Akhirnya dia menjumpai lubang yang lebih besar.

Melalui lubang tersebut, Saleh dapat melihat bayangan pada cermin tersebut bukanlah Omar tetapi sekujur tubuh yang sungguh ngeri wajahnya.

Matanya kelihatan tersembul dan pipinya kelihatan berlubang. Tubuh makhluk itu dibaluti oleh kain putih yang sudah berwarna coklat seperti warna tanah.

Tiba-tiba Salleh melihat mahkluk itu seperti memandang kearahnya. Bulu romanya meremang. Tanpa membuang masa Salleh terus melarikan diri.

Sampai saja dirumah beliau terus menemui bapanya dan menceritakan kepada bapanya. Bapanya sekadar tersenyum seraya memberitahu ramai orang kampung sudah lama mengetahui perihal Omar.

Bapanya mengatakan bahawa Omar menggunakan han tu peliharaannya untuk merasuk orang dan apabila orang tersebut sakit beliau akan datang dan mengubati orang tersebut.

Dengan cara ini beliau akan lebih mendapat duit dan orang kampung akan menghormatinya. Mereka hanya menunggu masa untuk membuktikan pada orang kampung.

Pada malam tersebut Salleh berasa seperti tidak sedap badan, tubuhya seperti merasa lemah. Mungkin kerana terkejutkan peristiwa yang dilihatnya tadi membuatkan dia rasa begitu. Selepas makan malam,

Salleh terus masuk tidur. Apabila dia cuba hendak melelapkan mata dia terbau seperti bau bangkai di dalam biliknya. Dia cuba membuka matanya tetapi kelopak matanya berasa amat berat sekali. Salleh cuba menjerit untuk memanggil bapanya tapi suara tersekat dikerongkong sahaja.

Dia cuba membaca ayat suci yang diingatinya.

Akhirnya beliau berjaya juga menjerit memanggil bapanya, Sebelum jatuh pengsan.

Apabila Salleh membuka matanya didapati rumahnya penuh dengan orang
dan mendengar orang menyebut nama Omar.

Dia memandang ke arah bapanya
yang sedang menghampirinya sambil tersenyum dan meminta dirinya supaya
bertenang kerana segalanya telah berakhir.

Dia kembali terlelap.

Pagi besoknya apabila dia tersedar Salleh melihat bapanya berjalan
diiringi ibunya dengan pakaian seperti orang ingin ke masjid.

Dia
bertanya bapanya apa yang berlaku. Bapanya menyuruh salled bersiap2
utk pergi menziarahi kubur Omar.

Salleh terkejut mendengarnya dan
penuh dengan persoalan bermain dibenaknya sambil mengorak langkah
kebilik mandi.

Sesampainya di tanah perkuburan Salleh melihat orang sedang menggali
kubur.

Tiba-tiba dia tedengar orang didalam lubang bertempik apa ni!!! Salleh
berlari untuk melihat dengan lebih dekat tetapi dihalang oleh bapanya.

Salleh melihat beberapa orang dewasa seperti mengangkat sesuatu yang
berat dari lubang tersebut.

Sebaik sahaja objek tersebut berjaya dikeluarkan dari lubang tersebut,
Mereka semua terpegun melihat UBI KAYU yang sangat besar. Jadi sesiapa
yang ingin beli UBI tersebut bolehlah menghubungi saya di talian bebas tol :
1-800-88-88- 88

Kerepek Ubi Pedas - RM 2.00 sebungkus
Kerepek Ubi Masin - RM 2.30 sebungkus
Kerepek Ubi - RM 1.50 sebungkus
Kerepek Ubi Mentah - RM 0.50 sebungkus

Penghantaran akan dibuat kepada kawasan di Lembah Kelang sahaja. Cukai
perkhidmatan sebanyak 2% akan dikenakan. UBI...... UBI... SAPER NAK
BELI UBIIIII..

kui kui kui kui hihihihihi

Authentication And Access Control

Introduction

In the past, authentication was almost synonymous with password systems, but today's authentication system must do more. For instance, in a distributed client server environment, a user might have several client programs running on her desktop, which access, which access server programs on remote computers across a network which is not trusted. In such an environment the server must authenticate that hte client run on behalf of a legitmente user. Further the authentication system should provide "single logon" so that the user does not have to repeatedly enter passwords. An authentication service for computer networks, is an increasingly popular system for meating these coals. While authentication provides proof of identity, it does not describe the privileges an entry processes. So for instance, you are authenticated before you access a database system, but this does not tell the database system which data you are entitle to access. This later function is known as the authorization or access control.

Authentication

Modern computer systems provide services to multiple users and require the ability to accurately identify the user making request. In traditional systems, the user's identity is verified by checking a password typed during the login; the system record the identity and use it to determine what operations may be performed. The process of verifying the user's identity is called authentication. Password-based authentication is not suitable for use on computer networks. Password send across the networks can be intercepted and subsequently used by eavesdroppers to impersonate the user. In addition to the security concern, password based authentication is inconvenient; user does not want to enter password each time they access the network service. this has led to the use of the even weaker authentication on computer networks. To over come these problems we need a stronger authenticatin methods based on cryptography are required. When using authentication based on cryptography, an attacker listing to the network gain no information that would enable it to falsely claim another's identity. Kerberos is the most commonly used example of this type of authentication technology.

How Kerberos Works

The Kerberos Authentication system uses a series of encrypted messages to prove to a verifier that a client is running on behalf of a particular user. The Kerberos protocall is based in part on the Needham and Schroeder authentication protocall, but with changes to support the needs of the environment for which it was developed Amongs these changes are the use of timestamps to reduce the number of messages needed for basic authentication, the addition of "ticket-granting" service to support subsequent authentication without re-entry of a principal's password, and a different approach to cross-relem authentication.

Authentication is critical for security of of computer systems. Without the knowledge of the identity of a principal requesting an operation, it is difficult to decide weather the operation should be allowed. Traditional authentication methods are not suitable for use in computer networks where attacker monitor network trafflc to intercept passwords. The use of strong authentication method that do not disclose password is imperative. The Kerberos authentication system is well suited for authentication of user in such environments.

What is Biometrics !!!!!!!..... ?

Biometrics refers to an automated system that can identify an individual by measuring their physical and behavioral uniqueness or patterns, and comparing it to those on record. In other words, instead of requiring personal identification cards, magnetic cards, keys or passwords, biometrics can identify fingerprints, face, iris, palm prints, signature, DNA, or retinas of an individual for easy and convenient verification. With the boom in Internet-based business and the increased need for accurate verification when accessing accounts, biometrics is the simplest and most convenient the solution. Its universal, unique, permanent and measurable features ensures security of information in E-commerce, such as on-line banking and shopping malls. Biometrics can also provide you with convenience and security, by enabling a machine to verify the individual by itself and to respond to the individual’s requests. Through the use of such physical controls as access control, and punch card maintenance, user restrictions on certain apparatus can be made possible with an automated verification system.

Biometric Advantages

No more forgotten or stolen passwords.
Positive and accurate Identification
Highest level of security
Offers mobility
Impossible to forge
Serves as a Key that cannot be transferred.
Safe & user friendly

Common Human Biometric Characteristics

Biometric characteristics can be divided in two main classes, as represented in figure on the right:

physiological are related to the shape of the body. The oldest traits, that have been used for more than 100 years, are fingerprints. Other examples are face recognition, hand geometry and iris recognition.
behavioral are related to the behavior of a person. The first characteristic to be used, still widely used today, is the signature. More modern approaches are the study of keystroke dynamics and of voice.

Facial Identification Technology

Facial biometrics is one of the fastest growing areas of biometrics. With growing technologies facial recognition can convert a photograph or a video image into a code that describes a face’s physical characterizes. This can be used to identify the common person from a distance, without intruding into their personal space. Computer software for facial identification reads the peaks and valleys of an individual’s facial features; these peaks and valleys are known as nodal points. There are 80 nodal points in a human face, but the software needs only 15-20 to make an identification. Specialists concentrate on the golden triangle region between the temples and the lips. This area of the face remains the same even if hair and a beard is grown, weight is gained, aging occurs, or glasses are put on.

Fingerprint Identification Technology

A fingerprint is made of a a number of ridges and valleys on the surface of the finger. Ridges are the upper skin layer segments of the finger and valleys are the lower segments. The ridges form so-called minutia points: ridge endings (where a ridge end) and ridge bifurcations (where a ridge splits in two). Many types of minutiae exist, including dots (very small ridges), islands (ridges slightly longer than dots, occupying a middle space between two temporarily divergent ridges), ponds or lakes (empty spaces between two temporarily divergent ridges), spurs (a notch protruding from a ridge), bridges (small ridges joining two longer adjacent ridges), and crossovers (two ridges which cross each other). The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the minutiae points. There are five basic fingerprint patterns: arch, tented arch, left loop, right loop and whorl. Loops make up 60% of all fingerprints, whorls account for 30%, and arches for 10%. Fingerprints are usually considered to be unique, with no two fingers having the exact same dermal ridge characteristics.

Hand Geometry

Hand geometry is a biometric that identifies users by the shape of their hands. Hand geometry readers measure a user's hand along many dimensions and compare those measurements to measurements stored in a file. Viable hand geometry devices have been manufactured since the early 1980s, making hand geometry the first biometric to find widespread computerized use. It remains popular; common applications include access control and time-and-attendance operations.

Iris recognition

Iris recognition is a method of biometric authentication that uses pattern recognition techniques based on high-resolution images of the irides of an individual's eyes. Not to be confused with another less prevalent ocular-based technology, retina scanning, iris recognition uses camera technology, and subtle IR illumination to reduce specular reflection from the convex cornea to create images of the detail-rich, intricate structures of the iris. These unique structures converted into digital templates, provide mathematical representations of the iris that yield unambiguous positive identification of an individual.

Iris recognition efficacy is rarely impeded by glasses or contact lenses. Iris technology has the smallest outlier (those who cannot use/enroll) group of all biometric technologies. The only biometric authentication technology designed for use in a one-to many search environment, a key advantage of iris recognition is its stability, or template longevity as, barring trauma, a single enrollment can last a lifetime.

DNA Identification technology

Deoxyribonucleic acid (DNA) Biometrics could be the most exact form of identifying any given individual (Baird, S., 2002). Every human being has its own individual map for every cell made, and this map, or ‘blueprint’ as it more often is called, can be found in every body cell. Because DNA is the structure that defines who we are physically and intellectually, unless an individual is an identical twin, it is not likely that any other person will have the same exact set of genes (Philipkoski, K., 2004).

DNA can be collected from any number of sources: blood, hair, finger nails, mouth swabs, blood stains, saliva, straws, and any number of other sources that has been attached to the body at some time. DNA Biometrics is not a fool proof method of identification. If forensic scientists to not conduct a DNA test properly, a person’s identification code can be skewed. Another problem is matching prior DNA samples to new samples; this is a bigger problem in DNA fingerprinting.

Mathod to be Strong Passwords

One of the easiest ways for someone to gain access to your account is to determine your password. Here are some suggestions for creating passwords:

Use at least 8 characters when creating a password.
Include letters, numbers, and special characters such as @, #, *, $.
Use upper and lower case letters.
Don’t use commonly spelled words. For example, instead of using “sunshine” you might use “L3tTh3$$hIne” instead.
Don’t write your password down – memorize it. You might easily remember the phrase “Let the Sun Shine” to remember L3tTh3$$hIne.
Don’t give your password to anyone else.
Change your passwords routinely – at least every 60 days.

How Fast Can Someone Guess Your Password?

The table below is calculated by assuming 100,000 encryption operations per second. This is a plausible number for a desktop PC today. Password lengths from 5 to 12 are shown. The numbers at the top, 26, 36, 52, indicate the number of characters from which the passwords are formed. The times shown are the times to process the entire set of passwords thus the average time to crack passwords would be one half of the listed times.

Strong Passwords

Strong passwords cannot be guessed easily. Hackers often use automated tools to help them guess or crack passwords, and the easier a password is to guess, the faster a hacker can break into a system. Here are some guidelines to assure your passwords are strong:

Many people write down their secret password, and tape it to the monitor or tuck it into a desk drawer next to their computer. The following are a few recommendations for handling your passwords more safely:

DO THIS:	DON'T DO THIS:
Keep your password secret	Write down your password
Use different passwords for different web sites	Use the "remember my password" features on the web
Change your passwords at least every six months	Keep the same password for a long time or keep reusing old passwords

Tuesday, October 13, 2009

Vigenère Ciphers

Overview

The Vigenere Cipher Applet shown here on this web page is capable of encrypting and decrypting a message using the Vigenere algorithm as well as breaking or finding the key for a message encrypted using that algorithm.

The only restriction this applet has is that only letters may be used for the plaintext message, the ciphertext, and the key. Using any other characters such as punctuation and numbers will cause the applet to function improperly. Spaces or uppercase letters may be used. The applet will strip the message of any spaces and convert uppercase letters to lowercase letters before encrypting, decrypting, or breaking the message.

Encrypting a message

To encrypt a message:

1) Make sure that the plaintext message contains only letters and spaces -- no punctuation, numbers, or other characters.

2) Enter the message into the “PlainText:” text field.

3) Choose a key consisting of only letters -- no punctuation, numbers, or other characters.

4) Enter the key into the “Key:” text area.

5) Click on the “Encrypt” button to encrypt the message. The encrypted message will appear in the “CipherText:” text field.

For more information about encrypting a plaintext message, see the section called “Encryption & Decryption Explained.”

Decrypting a message

To decrypt a message:

1) Make sure that the ciphertext message contains only letters and spaces -- no punctuation, numbers, or other characters.

2) Enter the message into the “CipherText:” text field.

3) Make sure the key contains only letters and spaces -- no punctuation, numbers, or other characters.

4) Enter the key into the “Key:” text area.

5) Click on the “Decrypt” button to decrypt the message. The decrypted message will appear in the “PlainText:” text field.

For more information about decrypting a plaintext message, see the section called “Encryption & Decryption Explained.”

this link will show you more about vigenere ciphers http://islab.oregonstate.edu/koc/ece575/02Project/Mun+Lee/VigenereCipher.htmlSlide 44

Caesar cipher

In cryptography, a Caesar cipher, also known as a Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B would become E, and so on. The method is named after Julius Caesar, who used it to communicate with his generals. The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the Vigenère cipher, and still has modern application in the ROT13 system. As with all single alphabet substitution ciphers, the Caesar cipher is easily broken and in practice offers essentially no communication security.

Example

The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using a left rotation of three places (the shift parameter, here 3, is used as the key):

Plain:   ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher:  DEFGHIJKLMNOPQRSTUVWXYZABC

When encrypting, a person looks up each letter of the message in the "plain" line and writes down the corresponding letter in the "cipher" line. Deciphering is done in reverse.

Plaintext:  the quick brown fox jumps over the lazy dog
Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ

The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A = 0, B = 1,..., Z = 25.^[1] Encryption of a letter $x$ n can be described mathematically as,^[2] by a shift

$E_n(x) = (x + n) \mod {26}.$

Decryption is performed similarly,

$D_n(x) = (x - n) \mod {26}.$

(There are different definitions for the modulo operation. In the above, the result is in the range 0...25. I.e., if x+n or x-n are not in the range 0...25, we have to subtract or add 26.)

The replacement remains the same throughout the message, so the cipher is classed as a type of monoalphabetic substitution, as opposed to polyalphabetic substitution. this info from http://en.wikipedia.org/wiki/Caesar_cipher

and a to help you to be more understanding about how Caesar cipher work you can't use this link

Symmetric and Asymmetric ciphers

In a symmetric cipher, both parties must use the same key for encryption and decryption. This means that the encryption key must be shared between the two parties before any messages can be decrypted. Symmetric systems are also known as shared secret systems or private key systems.

Symmetric ciphers are significantly faster than asymmetric ciphers, but the requirements for key exchange make them difficult to use.

In an asymmetric cipher, the encryption key and the decryption keys are separate. In an asymmetric system, each person has two keys. One key, the public key, is shared publicly. The second key, the private key, should never be shared with anyone.

When you send a message using asymmetric cryptography, you encrypt the message using the recipients public key. The recipient then decrypts the message using his private key. That is why the system is called asymmetric.

Because asymmetric ciphers tend to be significantly more computationally intensive, they are usually used in combination with symmetric ciphers to implement effect public key cryptography. The asymmetric cipher is used to encrypt a session key and the encrypted session key is then used to encrypt the actual message. This gives the key-exchange benefits of asymmetric ciphers with the speed of symmetric ciphers.

DES and AES / Rijndael are symmetric ciphers. RSA and Diffie-Hellman are asymmetric ciphers.

What is SHA-1

SHA stands for Secure Hash Algorithm. It consists of five hash functions designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST). The five algorithms are SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. SHA-1 is the most commonly used of the SHA series.

Hash algorithms are called secure when

1. It is impossible to find a message that corresponds to a given message digest.
2. It is impossible to find two different messages that produce the same message digest.
3. If a message is changed even by a single character, the result will be a completely different message digest.

SHA-1 has these properties and is therefore referred to as secure. It is designed to work with the Digital Signature Algorithm (DSA). SHA-1 is a one-way hash function. One-way functions are characterized by two properties. The first is that they are one-way. This means that you can take a message and compute a hash value, but you cannot take a hash value and recreate the original message. It is also collision-free and, thus, no two messages can hash to the same value.

SHA-1 produces a 160-bit message digest with a maximum length of 264 ?1. The message M to be hashed must have a length of l bit, where 0 l 264. The message digest is the fixed-length output of a message. The message digest is then input to the DSA, which will then generate the signature for the message. Signing the message digest instead of the message offers improved performance because the message digest will be much smaller than the message. The recipient of the message will then use the same hash algorithm to verify the signature. Any change that occurs during transit will result in a different message digest and, thus, the signature will not verify. Once it is verified as true, the recipient is able to unlock the message. This method prevents unauthorized users from viewing messages that are not intended for them.

When computing a message digest, SHA-1 processes blocks of 512 bits. The total length of the message digest will be a multiple of 512. This process is known as padding of the message.

SHA-1 differs from SHA-0 only by a single bitwise rotation in the message schedule of its compression function.

Cryptanalysis is the method of obtaining encrypted information without using the hash value. Breaking a hash function implies showing that the one-way property does not hold for it. Cryptographers have demonstrated that it just might be possible for the SHA-1 hash algorithm to be broken. Some have presented a collision for 58-round SHA-1, found with 233 hash operations. A brute force search would require 280 operations. However, experts argue that this might not happen for some time. Nevertheless, attacks always get better, and the National Institute of Standards and Technology (NIST) already has standards for longer - and harder-to-break - hash functions: SHA-224, SHA-256, SHA-384, and SHA-512.

Applications of SHA-1

SHA-1 can be used in a variety of applications:

1. Security applications that require authentication
2. E-mail
3. Electronic funds transfer
4. Software distribution
5. Data storage

what is DES

DES

DES (Data Encryption Standard) is a symmetric cipher defined in Federal Information Processing (FIPS) Standard Number 46 in 1977 as the federal government approved encryption algorithm for sensitive but non-classified information. DES was developed by IBM and was based upon IBM's earlier Lucifer cipher. DES utilizes a 56-bit key. This key size is vulnerable to a brute force attack using current technology.

Triple DES

A variant of DES, Triple DES, provides significantly enhanced security by executing the core DES algorithm three times in a row. The has the effect of making the DES encryption much more difficult to brute force. Triple-DES is estimated to be 2 to the 56th times more difficult to break than DES. Triple DES can still be considered a secure encryption algorithm. Triple DES is also written as 3-DES or 3DES.

What is a Digital Signature

A digital signature is a message digest used to cryptographically sign a message. Digital signatures rely on asymmetric, or public key, cryptography. To create a digital signature, you sign the message with your private key. The digital signature then becomes part of the message.

This has two effects:

* Any changes to the message can be detected, due to the message digest algorithm.
* You can not deny signing the message, because it was signed with your private key.

These two features, message integrity and non-repudiation, make digital signatures a very useful component for e-commerce applications.

Cryptography Terminology

Asymmetric Algorithm
An algorithm in which the key used for encryption is different from that used for decryption. Also known as public key cryptography.

Block Cipher
An algorithm that encrypts data in blocks, commonly of 64 bits each.

Cipher
A cryptographic algorithm, i.e. a mathematical function used for encryption and decryption.

DES
Digital Encryption Standard. A symmetric block cipher using a 56-bit key which was originally developed by the US National Institute of Standards and Technology (NIST) in 1977 as a standard encryption algorithm. In 1999, the Electronic Frontier Foundation (USA) developed a machine to demonstrate that DES could be broken in a few hours with a brute-force attack. Encryption using single DES is generally no longer considered to be secure. (See Triple DES)

Digital Signature
An encrypted message digest which is appended to a plaintext or encrypted message to verify the identity of the sender. The signature is encrypted with the user's private key and can only be decrypted with the corresponding public key. The same key pairs may be used for signature and encryption purposes but separate key pairs for each purpose are usually recommended.

PGP
A complete public-key cryptosystem for electronic messaging that has been released to the public domain. It was originally designed by Phil Zimmerman. It uses IDEA, CAST or Triple DES for actual data encryption and RSA (with up to 2048-bit key) or DH/DSS (with 1024-bit signature key and 4096-bit encryption key) for key management and digital signatures. The RSA or DH public key is used to encrypt the IDEA secret key as part of the message.

Private Key
The secret part of a a private key/public key pair used in public key cryptography. The Private Key is normally known only to the key owner. Messages are encrypted using the Public Key and decrypted using the Private Key. For digital signatures, however, a document is signed with a Private Key and authenticated with the corresponding Public Key.

Public Key Cryptography
A concept first proposed by Diffie and Hellman in 1975 that has been largely responsible for opening up the science of cryptography for commercial use. The encryption key is made public but only the person who holds the corresponding private key can decrypt the message.

RSA
The best known public key algorithm, named after its inventors: Rivest, Shamir and Adleman. RSA uses public and private keys that are functions of a pair of large prime numbers. The algorithm is best known for its application in PGP. It is patented in the USA only.

Steganography
A method of hiding a secret message in another message, e.g. within a graphic image.

Symmetric Algorithm
An encryption algorithm where the encryption key is the same as the decryption key, or where one key is easily calculated from the other. The sender and receiver have to agree on a key before they can communicate securely.

Triple DES
A method of vastly increasing the security of DES by encrypting 3 times with different keys.

Security Functions

Requirements

Cryptography provides:

Confidentiality - Being sure the message cannot be read and understood by intruders. Requires a cypher algorithm.
Authentication - The receiver of the message should be able to be sure of the origin of the message. Requires a digital signature (One way hash, public key algorithm, and symmetric algorithm) or a public key algorithm.
Integrity - The receiver of the message should be able to tell the message was not modified. Requires key exchange.
Nonrepuditation - There is proof that the sender sent the message. Digital signatures may be used for nonrepuditation.

Secure Systems require:

Authentication - In order to authenticate a user, most of the time a password is used. Several methods may be used to store and transmit the password depending on the security algorithm and system being used.
Key exchange/management
Cypher algorithms (Public key and symmetric)

Types of Security Functions

One way hash - A fixed length output string is generated from a variable length input. The reverse of the function is almost impossible to perform. A one way hash is also called a message digest, cryptographic checksum, message integrity check (MIC), and manipulation detection code (MDC).
Message Authentification Code (MAC) - One way hash with addition of a secret key. Only a person with the key can verify the hash.
A digital signature is when a private key is used to encrypt a message. If the receiver can decrypt it with that person's public key, the signature is authentic. Signatures are done on a one way hash of the message. If a person performs a one way hash on a message and encrypts it with their public key, when the receiver gets the message, they can perform a one way hash on it and compare it to the decrypted one way hash sent to tell if it is authentic. The document cannot be changed without detection after being signed. (Cannot be repudiated). The hash of the document is usually signed.
Key Certification Authority - Also called a key distribution center. It is a third party who signes distributed public keys with their own private key.
Interlock Protocol - Used to foil the man in the middle attack
Key exchange
- With symmetric cryptography.
- With Public-key cryptography.
- With Digital Signatures.
Salting - The act of combining a user password with a random value as a countermeasure to a dictionary password attack. The combined values are encrypted and stored on the system along with the salt value.
Secret sharing systems are algorithms that do not allow a single person or a certain number of persons to violate the secret.
Time stamping services
Blind signatures - Are similar to a notary who validates the fact that a document was signed without caring about the contents of the document.

Password Storage and Transmission

On some systems the actual user password is not stored on the system. The host may store a one way function (Hash) of the users' passwords rather than the actual password. Sometimes the system will add additional random characters (salt) to the password and perform the hash function on the salt value with the password. The salt value is also stored on the system. When the host receives the transmitted user password, it will run the one way hash function on it (with the salt value if appropriate) and if the results match, the user is authenticated. The password should be sent using some type of encryption so eavesdroppers cannot read the password.

Network Security Attacks

Network security attacks aren’t some theoretical concept that can be put into the background and dealt with later, you know like the IT strategy document you’ve always been meaning to write.

Attacks of various types happen every day out in the wilds, on networks just like yours.

The recent attacks perpetrated against SCO over the past month or two hasn’t happened in isolation. In order for such a huge denial of service (DoS) attack to take place, literally thousands of networks worldwide must have been compromised. The people who perpetrate such attacks don’t use their own bandwidth. Using your own network would mean that they’d be caught pretty quickly. It doesn’t take long to tie an IP address to a name and address.

Many people believe that network security attacks are things that happen to somebody else. Well, they don’t. Every day we get a number of trojan emails, so we are under daily attack. You probably are too. Trojan emails are network security attacks just the same as the recent SCO DoS attack.

So, you’ve heard the bad news, we are under a constant stream of network security attacks. But, there is some good news, if you take sensible precautions you’ll probably be OK.

Top security attacks have many type like...

Client-side Vulnerabilities in:

Web Browsers
Office Software
Email Clients
Media Players

Server-side Vulnerabilities in:

Web Applications
Windows Services
Unix and Mac OS Services
Backup Software
Anti-virus Software
Management Servers
Database Software

Security Policy and Personnel

Excessive User Rights and Unauthorized Devices
Phishing/Spear Phishing
Unencrypted Laptops and Removable Media

Application Abuse

Instant Messaging
Peer-to-Peer Programs

for more info http://www.sans.org/top20/

Ulangtahun ke-40 Kelahiran UNIX

sedar tidak sedar sudah 40 tahun komputer dibuat dan selama itu jugalah sistem pengoperasia berasaskan UNIK muncul. komputer merupakan salah satu kejayaan yang sangat penting tercatat dalam kalendar sains dan teknologi dunia di abad ke 20. Kita juga perlu berterima kasih kepada pencipta transistor, litar bersepadu (Integrated Circuit), dan teknologi semikonduktor yang menjadi komponen asas komputer. Kemunculan Hukum Moore juga telah meningkatkan lagi keupayaan komputer disamping sumbangan ribuan pengaturcara komputer yang telah melahirkan komputer dan perisian yang sofistikated untuk dinikmati pengguna pada masa kini.

Melihat jauh sejarah awal komputer, 40 tahun dahulu telah muncul satu Sistem Operasi (Operating System) yang dikenali sebagai UNIX. Sehingga kini UNIX masih digunakan dengan meluas sebagai satu Sistem Operasi yang paling kebal dan stabil berbanding sistem operasi yang lain. anda boleh mendapat maklumat lebih lanjut di laman web berikut.

http://majalahsains.com/2009/08/ogos-2009-ulangtahun-ke-40-tahun-kelahiran-unix/

What is Firewall?

A firewall protects your network from unwanted Internet traffic. The primary functions of a firewall are to let good traffic pass through while traffic gets blocked. The most important part of a firewall is its access control features that distinguish between good and bad traffic.

When installed, a firewall exists between your computer(s) and the Internet. The firewall lets you request web pages, download files, chat, etc. while making sure other people on the internet can not access services on your computer like file or print sharing. Some firewalls are pieces of software that run on your computer. Other firewalls are built into hardware and protect your whole network from attacks.

Everyone connected to the Internet should be running some sort of firewall. Programs can be downloaded on the Internet that can scan huge ranges of IP address for vulnerabilities like file sharing services. These programs are easy to download and run. Almost no network knowledge is needed to use these programs to exploit or harm your computer. Any kind of firewall will keep you safe from these types of attacks.

Software Firewall
Software firewalls are programs that run on your computer and nestle themselves between your network card software drivers and your operating system. They intercept attacks before your operating system can even acknowledge them. Many free firewalls of this type exist on the Internet. Here are some free firewalls.

Simple NAT firewall
The firewalls that are built into broadband routers and software like Microsoft ICS are very simple firewalls. They protect your LAN by not letting anyone figure out how to 慸irectly� talk to any of the computers on your LAN. This level of protection will keep out almost all kinds of hackers. Advanced hackers may be able to take advantage of certain inadequacies of NAT based firewalls, but they are few and far between.

Firewalls with stateful packet inspection
The new trend in home networking firewalls is called stateful packet inspection. This is an advanced form of firewall that examines each and every packet of data as it travels through the firewall. The firewall scans for problems in the packet that might be a symptom of a 慸enial of service� (dos) attack or advanced attacks.

Most people are never subject to these types of attacks, but there are some areas of the Internet that invite these kinds of attacks. Most often, these attacks come from being involved in certain kinds of competitive on-line gaming or participating in questionable mIrc channels.

VMware Workstation

Run Windows, Linux, and More Side by Side on the Same Computer

Discover the true power and flexibility of your desktop or laptop computer with VMware Workstation. Reduce hardware costs by 50% or more by running multiple operating systems simultaneously on a single physical PC. Automate and streamline tasks to save time and improve productivity. Join the millions worldwide who use Workstation to:

Host legacy applications and overcome OS migration issues.
Configure & test new software or patches in an isolated environment for easier application migration and updates
Take your desktop with you for secure mobile computing

Use Multiple Operating Systems Concurrently on the Same PC

VMware Workstation makes it simple to create and run multiple virtual machines on your desktop or laptop computer. You can convert an existing physical PC into a VMware virtual machine, or create a new virtual machine from scratch. Each virtual machine represents a complete PC, including the processor, memory, network connections and peripheral ports.

VMware Workstation lets you use your virtual machines to run Windows, Linux and a host of other operating systems side-by-side on the same computer. You can switch between operating systems instantly with a click of a mouse, share files between virtual machines with drag-and-drop functionality and access all the peripheral devices you rely on every day.

list of video tutorial to install os on vmaware

Sun Solaris10 Booting Inside Windows Vista on Vmware Workstaion 6 Everything Working!

How to install Fedora 10 in VMware!!!

Installing Windows XP SP3 on VMware Workstation 6

Its too hard for Snake to use Computer

Bill Gates- After Death

Well, Bill," said God, "I'm really confused on this one. I'm not surewhether to send you to Heaven or Hell! After all, you helped societyenormously by putting a computer in almost every home in the world andyet you created that ghastly Windows. I'm going to do something I'venever done before. I'm going to let you decide where you want to go!"

Mr. Gates replied, "Well, thanks, Lord. What's the difference between the two?"

Godsaid, "You can take a peek at both places briefly if it will help youdecide. Shall we look at Hell first?" "Sure!" said Bill. "Let's go!"

Billwas amazed! He saw a clean, white sandy beach with clear waters. Therewere thousands of beautiful women running around, playing in the water,laughing and frolicking about.

The sun was shining and the temperature was just perfect!

Bill said, "This is great! If this is Hell, I can't wait to see Heaven!"

Towhich God replied, "Let's go!" and off they went. Bill saw puffy whiteclouds in a beautiful blue sky with angels drifting about playing harpsand singing.

It was nice, but surely not as enticing as Hell. Mr. Gates thought for only a brief moment and rendered his decision.

"God, I do believe I would like to go to Hell."

"As you desire," said God.

Twoweeks later, God decided to check up on the late billionaire to see howthings were going. He found Bill shackled to a wall, screaming amongthe hot flames in a dark cave. He was being burned and tortured bydemons.

"How ya doin', Bill?" asked God. Bill responded with anguish and despair.

"This is awful! This is not what I expected at all! What happened to the beach and the beautiful women playing in the water?"

"Oh, THAT!" said God.
"That was the screen saver"!

Saturday, October 10, 2009

VMware Workstation

VMware Workstation is a virtual machine software suite for x86 and x86-64 computers from VMware, a division of EMC Corporation. This software suite allows users to set up multiple x86 and x86-64 virtual computers and to use one or more of these virtual machines simultaneously with the hosting operating system. Each virtual machine instance can execute its own guest operating system, such as Windows, Linux, BSD variants, Mac os or others. In simple terms, VMware Workstation allows one physical machine to run multiple operating systems simultaneously. Other VMware products help manage or migrate VMware virtual machines across multiple host machines.

Besides bridging to existing host network adapters, CD-ROM devices, hard disk drives, and USB devices , VMware Workstation also provides the ability to simulate some hardware. For example, it can mount an ISO file as a CD-ROM, and .vmdk files as hard disks; and can configure its network adapter driver to use network address translation (NAT) through the host machine rather than bridging through it (which would require an IP address for each guest machine on the host network).

VMware Workstation also allows the testing of live CDs without first burning them onto physical discs or rebooting the computer. One can also take multiple successive snapshots of an operating system running under VMware Workstation. Each snapshot allows you to roll back the virtual machine to the saved status at any time. The ability to use multiple snapshots makes VMware

The Snapshot Manager in VMware Workstation 6

Workstation useful as a tool for salespersons demonstrating complex software products, and for developers setting up virtual development or test environments. VMware Workstation includes the ability to designate multiple virtual machines as a team which administrators can then power on and off, suspend, and resume as a single object — making it particularly useful for testing client-server environments.

Comparison of platform virtual machines http://en.wikipedia.org/wiki/Comparison_of_platform_virtual_machines

Friday, October 9, 2009

What Is Network Security and How Does It Protect You?

After asking What is network security?, you should ask, What are the threats to my network?

Many network security threats today are spread over the Internet. The most common include:

Viruses, worms, and Trojan horses
Spyware and adware
Zero-day attacks, also called zero-hour attacks
Hacker attacks
Denial of service attacks
Data interception and theft
Identity theft

How Does Network Security Work?

To understand What is network security?, it helps to understand that no single solution protects you from a variety of threats. You need multiple layers of security. If one fails, others still stand.

Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.

A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.

Network security components often include:

Anti-virus and anti-spyware
Firewall, to block unauthorized access to your network
Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks
Virtual Private Networks (VPNs), to provide secure remote access

for more info http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/secure_my_business/index.html

Network security concepts

Network security starts from authenticating any user, commonly with a username and a password. With two factor authentication something you have is also used or with three factor authentication something you are is also used (e.g. a fingerprint or retinal scan). Once authenticated, a stateful firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component fails to check potentially harmful content such as computer worms being transmitted over the network. An intrusion prevention system (IPS) helps detect and inhibit the action of such malware. An anomaly-based intrusion detection system also monitors network traffic for suspicious content, unexpected traffic and other anomalies to protect the network e.g. from denial of service attacks or an employee accessing files at strange times. Communication between two hosts using the network could be encrypted to maintain privacy. Individual events occurring on the network may be tracked for audit purposes and for a later high level analysis.

Honeypots, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network being protected by the honeypot.

A useful summary of standard concepts and methods in network security is given by in the form of an extensible ontology of network security attacks.

for more information read http://en.wikipedia.org/wiki/Network_security

Network Security ........???!

Apa itu network dan bagaimana network itu berfungsi.... dan bagaimana cara yang terbaik utk kt menjaga network daripada memberi masalah kepada kita... perkara ini perlu difikirkan oleh sesiapa sahaja yang terlibat dengan network.. termasuk pengguna internet.

Adakah kita tertanya2 apa itu network? dan apa itu security yg terdapat pada network.

Network

network ialah komputer network yang menggunakan public dan private ip sebagai penghubung komunikasi antara perniagaan, kerajaan dan individual. network mengandungi node yang berfungsi sebagai client (terminal) dan server. contoh yang terbaik ialan aplikasi internet, yang membolehkan ia berkomunikasi sesama pengguna.

Network Security

Network Security satu aktiviti yang dilakukan untuk melindungi aset atau data yang sangat berguna atau bernilai daripada pihak luar... sepaya tidak diceroboh.

Threats to network security

Viruses
Trojan horse programs
Vandals
Attacks
Data interception
Social engineering

Network security tools

Antivirus software packages
Secure network infrastructure
Virtual private networks
Identity services
Encryption
Security management