Sunday, February 13, 2011

Interesting story behind Trojan Horse

We all have heard about the viruses named Trojan Horse, Trojan Horse is a kind of virus which appears to perform it’s intended tasks, But silently steals all the information from your computer or harms your computer in a way which may be difficult to recover.

Interestingly I got to know a story about the name Trojan Horse virus, Here it goes…



In Greek Mythology they believe there was a city called, City Of Troys & there was other kingdom of Greeks. They fought for about 10 years and the war was called the Trojan War. After 10 years of fight the greeks still had nothing in their hands, it was a fruitless siege , So the greeks declared that they quit from the War.

Now the greeks built a giant horse made of wood & gave it as a trophy of victory to the citizens of Troy called TROJANS. The trojans happily took the horse inside the city. On the same night the trojans were busy celebrating their victory while 30 soldiers who were hiding inside the Giant Wooden Horse came out & opened the city gates for the Greek Army. The Greek army then destroyed the entire troy city.

Since then everything that causes the target to bring a vulnerable object in to a secured area is referred as a Trojan Horse. Hence the name Trojan Horse is given to viruses that pretend to be something else, but once they are inside the system they start messing up the entire system.

Thursday, March 11, 2010

QuickStudy: System Development Life Cycle

Once upon a time, software development consisted of a programmer writing code to solve a problem or automate a procedure. Nowadays, systems are so big and complex that teams of architects, analysts, programmers, testers and users must work together to create the millions of lines of custom-written code that drive our enterprises.
To manage this, a number of system development life cycle (SDLC) models have been created: waterfall, fountain, spiral, build and fix, rapid prototyping, incremental, and synchronize and stabilize
The oldest of these, and the best known, is the waterfall: a sequence of stages in which the output of each stage becomes the input for the next. These stages can be characterized and divided up in different ways, including the following:

* Project planning, feasibility study: Establishes a high-level view of the intended project and determines its goals.

* Systems analysis, requirements definition: Refines project goals into defined functions and operation of the intended application. Analyzes end-user information needs.

* Systems design: Describes desired features and operations in detail, including screen layouts, business rules, process diagrams, pseudocode and other documentation.

* Implementation: The real code is written here.

* Integration and testing: Brings all the pieces together into a special testing environment, then checks for errors, bugs and interoperability.

* Acceptance, installation, deployment: The final stage of initial development, where the software is put into production and runs actual business.

* Maintenance: What happens during the rest of the software's life: changes, correction, additions, moves to a different computing platform and more. This, the least glamorous and perhaps most important step of all, goes on seemingly forever.

But It Doesn't Work!

The waterfall model is well understood, but it's not as useful as it once was. In a 1991 Information Center Quarterly article, Larry Runge says that SDLC "works very well when we are automating the activities of clerks and accountants. It doesn't work nearly as well, if at all, when building systems for knowledge workers -- people at help desks, experts trying to solve problems, or executives trying to lead their company into the Fortune 100."

Another problem is that the waterfall model assumes that the only role for users is in specifying requirements, and that all requirements can be specified in advance. Unfortunately, requirements grow and change throughout the process and beyond, calling for considerable feedback and iterative consultation. Thus many other SDLC models have been developed.

The fountain model recognizes that although some activities can't start before others -- such as you need a design before you can start coding -- there's a considerable overlap of activities throughout the development cycle.

The spiral model emphasizes the need to go back and reiterate earlier stages a number of times as the project progresses. It's actually a series of short waterfall cycles, each producing an early prototype representing a part of the entire project. This approach helps demonstrate a proof of concept early in the cycle, and it more accurately reflects the disorderly, even chaotic evolution of technology.

Build and fix is the crudest of the methods. Write some code, then keep modifying it until the customer is happy. Without planning, this is very open-ended and can by risky.

In the rapid prototyping (sometimes called rapid application development) model, initial emphasis is on creating a prototype that looks and acts like the desired product in order to test its usefulness. The prototype is an essential part of the requirements determination phase, and may be created using tools different from those used for the final product. Once the prototype is approved, it is discarded and the "real" software is written.

The incremental model divides the product into builds, where sections of the project are created and tested separately. This approach will likely find errors in user requirements quickly, since user feedback is solicited for each stage and because code is tested sooner after it's written.

Big Time, Real Time

The synchronize and stabilize method combines the advantages of the spiral model with technology for overseeing and managing source code. This method allows many teams to work efficiently in parallel. This approach was defined by David Yoffie of Harvard University and Michael Cusumano of MIT. They studied how Microsoft Corp. developed Internet Explorer and Netscape Communications Corp. developed Communicator, finding common threads in the ways the two companies worked. For example, both companies did a nightly compilation (called a build) of the entire project, bringing together all the current components. They established release dates and expended considerable effort to stabilize the code before it was released. The companies did an alpha release for internal testing; one or more beta releases (usually feature-complete) for wider testing outside the company, and finally a release candidate leading to a gold master, which was released to manufacturing. At some point before each release, specifications would be frozen and the remaining time spent on fixing bugs.

Both Microsoft and Netscape managed millions of lines of code as specifications changed and evolved over time. Design reviews and strategy sessions were frequent, and everything was documented. Both companies built contingency time into their schedules, and when release deadlines got close, both chose to scale back product features rather than let milestone dates slip.

Thursday, November 26, 2009

Black hat or White hat! Computer Hacking Explained

A Brief History
One might not suspect that the art, or scourge, of computer hacking was created at one of the havens for technological excellence. True, at MIT (Massachusetts Institute of Technology), a group of students developed the technique and borrowed their name from the "hackers" of the late 1800s who found amusement in pranking the emerging telephone companies.Getting their laughs and skills from hacking and cracking into primitive computers and exploiting the Arpanet (predecessor to the internet), they created a novelty that would become the target of federal crackdown in years to come. To define hacking in short, we can say that an artistic criminal offense of breaking into another remote system without the owner's consent for the purpose of stealing information is what is hacking.

However, the act of hacking started out innocently, and was basically a method of trying to figure out how computer systems worked. The 1970s saw the rise in "phreaking," or phone hacking, headed by John Draper. This method allowed the user of a "blue box,", when used with a Captain Crunch whistle of 2600 hertz which accessed the AT&T long distance system, to make free long distance calls. Hackers initiated with accessing the free phone calls through a varied range of sources, thereby managing to circumvent into the nation's radio system and the phoning system resulting in a tremendous phone fraud nationwide.

After the age of "phreaking," computers became not only the target, but also the forum, for a growing hacker population to communicate. The creation of bulletin board systems (BBS) allowed this communication and the technological possibility of more serious government and credit card hacking became possible. At this time in the early 80's, hacking groups such as the Legion of Doom began to emerge in the United States, giving organization, and thus more power to hackers across the country.

Once this happened, breaking into the computers became a legitimate activity, with its own groups and soon its own voice with the 2600 magazine, launched in 1984. The effects of computer hacking were serious. Two years later, inevitably, Congress launched the Computer Fraud and Abuse Act that outlawed hacking. Over the years, there was a series of noticeable occurrences as the worst consequential effect of computer hacking on more high profile cases, such as the Morris Worm, responsible for infecting government and university systems, and the Mitnick case in 1995, which captured Kevin Mitnick, steeling as many as 20000 credit card numbers.

In 1999, security software became widely known by the public, and with the release of new Windows programs, which were littered with security weaknesses, they became successful because of necessity. This fraudulent act of computer hacking is perhaps the major problem, confronting the rapidly expanding population of Internet users today, with the systems still trying to battle online hackers.

Wednesday, November 25, 2009

Cell phones - Hackers Next Target!

It was bound to happen - they have hacked just about everything else. Now it's the cell phones. Cellphone hacking has just recently surfaced and been made public ever since some one did some cellular phone hacking on Paris Hilton's cell phone. This article will give you some information about what is going on out there and what you can do to better protect your cell phone information.

What Does It Involve
The fact of someone hacking cell phone became public knowledge when Paris Hilton's cell phone, along with her information was recently hacked. Unfortunately for her, all her celebrity friends and their phone numbers were also placed on the Internet - resulting in a barrage of calls to each of them.

Cell phone hackers have apparently found a glitch in the way the chips are manufactured. The good news, though, is that it only applies to the first generation models of cell phones that use the Global System for Mobile communications (GSM). Another requirement is that the hacker must have physical access to the cell phone for at least three minutes - which is a real good reason not to let it out of your sight. Currently, although the problem has been remedied (at least for now) in the second and third generation phones, it seems that about 70% of existing cell phones fall within the first generation category.

Another way that mobile phone hacking can take place is for a hacker to walk around an area with people that have cell phones and a laptop that has cellphone hacker programs on it. Through an antenna, and a little patience, his computer can literally pick up your cell phone data - if it is turned on. This is more applicable to cell phones that use Bluetooth technology.
What Can A Hacker Do?
Surprisingly, there are quite a number of things that can be accomplished by the hacker. Depending on their intent here are a few of them.
Steal Your Number
Your phone number can be accessed and obtained by cellphone hacking. This allows them to make calls and have it charged to your account.
Take Your Information
Mobile hacking allows a hacker to contact your cell phone, without your knowledge, and to download your addresses and other information you might have on your phone. Many hackers are not content to only get your information. Some will even change all your phone numbers! Be sure to keep a backup of your information somewhere. This particular technique is called Bluesnarfing.