Agape Blog

VASCO Data Security Inc. announced DIGIPASS as a Service (DaaS) authentication model. The company expands its offering to Application Service Providers (ASP) and SaaS vendors. This newest service solution from VASCO offers a complete platform incorporating the user, the enterprise and e-commerce. Today many service providers face high costs to add strong authentication. DIGIPASS as a Service allows customers to secure access to their webmail, network, ERP and CRM systems with one DIGIPASS. The DaaS authentication service enables the user to access their online bank, credit cards, webmail, buy tickets over the Internet, play games and access his/her social network account with one DIGIPASS. DIGIPASS comes as a blessing because this service will exempt the user from remembering endless passwords for various online activities. With one DIGIPASS it will be possible for the user to access countless applications. For application owners and companies too, the benefits of DaaS are many. DIGIPASS as a Service offers on demand identity and transaction security. This application has a high value to the end user. VASCO believes, all online applications have the right to be protected with best-of-breed authentication.

A new tool has been developed by Scientists from Dependable Systems Lab at EPFL l that would help prevent bug manifestations in computer software. The latest version of Dimmunix is developed by a team led by Prof. George Candea at EPFL. It is available for free download. It enables entire networks of computers to cooperate in order to collectively manage bugs in the software. It enables programs to avoid future recurrences of bugs without any assistance from users or programmers. The approach, termed “failure immunity,” starts working the first time a bug occurs - it saves a signature of the bug, then observes how the computer reacts, and records a trace. When the bug is about to manifest again, Dimmunix uses these traces to recognize the bug and automatically alters the execution so the program continues to run smoothly. With Dimmunix, the Web browser learns how to avoid freezing a second time when bugs associated with, for example, plug-ins occur. The latest version uses cloud computing technology to take advantage of networks and thereby inoculating entire communities of computers. Dimmunix is able to safely protect programs from bugs, even in untrusted environments such as the Internet. This is indeed a boon for users as they can be confident that their system and files will be safe without additional effort.

This article is primarily for the aspirants and investigators of the IT forensic World. It is a fact that the technique of capturing the evidence from the crime site decides the course of an investigation. In order to make this process more effective and reliable keeping the parameters like significances and volatile nature of data in business. Here arises the need of an innovative technology that can be applied to capture “live” evidence on a computer at the scene of an investigation before it is powered down.

This article is written with a purpose to provide you the glance over the efficient software technologies which are especially innovated to craft investigating procedures trouble-free & absolute.

To facilitate & decipher the evidences collection procedure simple, Agape Python, which stands separate from the crowd of others, designed exclusively for law enforcement agencies. It provides fast, easy-to-use, comprehensive, cost effective forensic capabilities which require nominal computer knowledge to apply. It is integrated with number of commands which can considerably minimize the time to collect digital evidence at the crime site. It eliminates the necessity to seize a computer itself, which usually involves disconnecting from a network, potentially losing data. Instead, the investigator can scan for evidence on site. In view of the fact that the network data is so volatile this may be lost in a process of turning off the computer.

It is an all in one software that supports Index Hard Disks on the fly, decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer and much more…. with lighting speed.

And all these unique functionalities comes in a light weight, easy to carry, ready to use plug-in USB “thumb drive” to seize the data from the computer that may have been used in crimes without taking into the custody. So Just “PLUG IN & EXTRACT”

Jayesh Bellani
Executive: Fraud Management System
Agape Inc

AgapeMobiTool upgrades itself with some new features and high speed cell phone data acquisition. MobiTool acquires data from GSM/CDMA 3G SIM cards. It captures Text Messages, Phonebook, Call Logs, IMEI number, Battery Status, and Phone Information from GSM/CDMA 3G SIMCARDS even if it is deleted.

MobiTool acquires data from mobile phone memory including Pictures, Video’s, Audio’s and Themes. Some more features are it performs Physical and Logical Acquisition, Text, Hex & ASCII data viewing options is available and Generate report using XML style sheet.

Agape MobiTool reserved data integrity by MD5 & SHA1 & SHA512. AgapeMobiTool is forensically valid software for acquiring & decoding data stored in Mobile phone & SIM. It maintains chain of events to find information from a device for investigation purposes.

Below is the 10 day trail version download for Agape MobiTool Software

http://www.agapeinc.in/blue/agape-mobitool.php

Which one is better - wireless or wired network? In regard of Wireless Technology ,there is no need for cables automatically and that decrease the cost and cancelling the holing of walls also the repeater couldn’t used in the wireless network. One of the supreme advantage of the Wireless Technology is, it allows for roaming between one location to another to remain in contact with the electronic devices providing information to receive and send to the Internet uninterruptly. These additional benefits persuaded us to switch to wireless technology since it has enchanced comfort of using the technology.

The stark truth is that many wireless networks are left unsecured because people either don’t bother to set up security or don’t know how to set up security. The most familiar threat of wireless networks is doing attack by Active Software like Net Stumber(for Windows) and Dstumber (for Unix/Linux) which are usually used to find Access Point(AP). Some other threats to your Wireless Network include Spoofing Threads, Beacon Flood Threat, Authentication/ De Authentication Flood Threat, Jamming Threat. If you have a wireless network set up in your home or in your office, is it protected from your neighbours/Hacker who also have wireless networking capability?

However, if you do not make your connection secure your computer can be attacked by hackers. So How Do I Protect My Wireless Network? There are a few simple steps that you can take to deter unauthorised access to your network.

• The best practices for devices using WEP include: (a) enable 128 bit WEP encryption; (b) suppress SSID broadcast; and (c) filter by MAC address.
• Change the user names and passwords that come with your equipment.
• Enable encryption. You should follow the encryption procedures provided by your routing device. WEP and WPA2 are the two preferred encryption measures with WPA2 the preferred and most up to date option.
• Always scrub all hardware that is sold or disposed of. This eliminates the chance that a third party can discover sensitive data or passwords that can be used for identity theft, financial crime or to gain access to corporate systems.
• Use wireless security software. Whether you’re an individual or a corporation, this software has many benefits.
• Turn off your wireless router if you are not using it.
• You must also activate the router’s firewall to protect your Wi-Fi network.

Taking the time to plan and implement security measures prior to wireless use is the best way to protect yourself.

Jayesh Bellani
Executive: Fraud Management
Agape Inc

Not astonishingly, we found that most of the services we tested minimally did not provide us with the information that they claimed they would.

The majority of the services gave us little more than the name itself. often with an address that was obsolete or inaccurate. With claims of being able to provide us with full employment history, criminal records, credit history, and much more, we were sad to see that in most cases after all was said and done, we could have found the alike information in the local phone book!

Although most of the services we reviewed fell short of our expectations, we recommend you to choose a service that truly stood out from the crowd which would provide you nearly all the information you are looking for… including extensive contact info (email addresses, phone numbers, and both work and home addresses), criminal records, credit history, residential history, and extensive employment history. And basic information for:

When should you report the Cyber Crime?
• Spyware
• Phishing
• Spam
• Identity Theft
• Online Shopping Fraud

Spyware: Spyware can steal your credit card numbers and passwords. Switch your home page, or re-direct your web searches to unwanted sites. Display annoying ads, slow your PC to a crawl, or even control it remotely. If you think your computer has spyware, report cyber crime.

Phishing: Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Store e-mail spam that phish for information about your company, bank, or organization. Lodge your cyber crime & forward the respective email information.

Spam: Spam is unwanted, invasive Internet advertising, typically for get-rich-quick schemes, or probable scams. Spam consumes your resources. Networks of virus-infected computers, Botnets (number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions including spam or viruses to other computers on the Internet) are used to send about 80% of spam. E-mail addresses are collected from chartrooms, websites, newsgroups, and viruses which harvest users’ address books, and are sold to other spammers. Much of spam is sent to invalid e-mail addresses. Report your complain & forward the respective message.

Identity Theft: It is a term used to refer to fraud that involves someone pretending to be someone else in order to steal money or get other benefits. The term is relatively new and is actually a misnomer, since it is not inherently possible to steal an identity, only to use it. The person whose identity is used can suffer various consequences when he or she is held responsible for the perpetrator’s actions. If your information has been misused, file a report about your identity theft.

Online Shopping Fraud: If you have problems during a transaction, try to work them out directly with the seller, buyer or the website operator. If that does fails, file your complaint.

Jayesh Bellani
Executive: Fraud Management System
Agape Inc

Travelers are especially vulnerable to hackers because they often use computers and Wi-Fi networks in hotel lobbies, cafes and airports.

Here are some steps you can take to protect yourself:

Create a strong password. As e-mail is easier to hack with weak password.

Another solution is to create a dedicated e-mail account for use on the road, with a password that is different from passwords you use for bank and credit card information. Let your contacts know you’ll be using that account while on vacation. You can stay in touch, but if someone does hack into your account, they only get your vacation pictures.

If using a shared computer, try to cover your tracks. On Microsoft’s Explorer, when you log off, go to “Tools” and “Delete Browsing History” to remove traces of your passwords and the Web sites you’ve visited.

Sniffing a wireless network is really easy to do — any teen in junior high can do it. Such vulnerabilities can yield mayhem with attacks known as “Packet Sniffing,” ”Man in the Middle” attacks and “MAC Spoofing.”

Also when you are using your laptop in a public place, you obviously want up-to-date security programs.

You should also disable file-sharing on your laptop, and also a good idea to turn off Bluetooth, printer-sharing and disable ad hoc network connections.

You should not send any sensitive data while in travelling. That’s because many e-mail services and browser connections essentially broadcast in the clear, meaning someone can eavesdrop on information sent to and from your computer. If you want to be careful, that means avoiding banking, shopping and checking credit card accounts. Even though these sites usually encrypt your data, there are some workarounds a determined hacker could use.

If you want to take your computer security a step up, consider a VPN, or Virtual Private Network i.e. it’s a tunnel, where all your communication is encrypted. A passive attacker can’t intercept.

Anup Srivastava
Executive: Fraud Management Services
Agape Inc

Have you heard of this? A number of scams are coming to light now-a-days through the web. One of them is known as the Craigslist scam. Craigslist is a centralized network of online communities with free online classified advertisements like jobs, housing, personals, for sale, services, community, gigs, résumés, and great resource for selling things, finding apartments, locating services and meeting people etc. It is an upcoming and a great service but it never comes with some risk. If you deal with people you aren’t meeting face to face you risk getting scammed.

The buyer and seller on Craigslist are not alert to the danger or deception. Most of these scams follow the same pattern that we see on eBay and other online auction sites. Try posting some easily-mailed valuable item for sale and the first response you get will probably be someone trying to trick you into believing it’s true.

Advice on avoiding scams to people using Craigslist service-

• Deal locally with folks you can meet in
• Never wire funds online, money gram or any other wire service - anyone who asks you to do so is a scammer.
• Fake cashier checks & money orders are common, and banks will cash them and then hold you responsible when the fake is discovered weeks later.
• Never give out financial information (bank account number, social security number, eBay/PayPal info, etc.)
• Avoid deals involving shipping or escrow services and know that ONLY A SCAMMER WILL “GUARANTEE” YOUR TRANSACTION.

Michelle Mitra
Executive: Fraud Management System
Agape Inc

Fraudulent activities (Lottery Scam E-mail) on the Internet are increasing with an alarming rate. However, you must always be aware of the existence of fraudsters on the Internet - cunning operators completely focused on financial gain and their tactics vary.These are frequently circulated with the Purpose to :

1). Persuade the victim to part with personal information to allow the scammers to carry out Identity Theft.
2). Persuade the victim to part with money as an up front payment in order to release a winning Lottery prize which does not exist.

The following points are some tips to look for in order to identify and avoid lottery fraud and scams :
• You did not buy a ticket.
• You are asked to pay money up front for fees or taxes in order to release your “win.”
• You do not live in the country and you are not a citizen of the country of that lottery.
• You are normally asked to contact an “Agent” or “Processing Officer”
• Contact email addresses may be used that are obviously not from a company, such as blahblah- lotto@hotmail.com - How many legitimate companies do you think would use that type of email for their business?
• You are told you must reply within a given time or the money will be given to someone else.
• Spoof websites can be difficult to spot.
• To convince the recipient, emails attached with fake Winning Certificate on behalf of Beneficiary

The following are a few suggestions on how to protect yourself.
• Never provide personal or financial information.
• Don’t be drawn into making an ‘up front’ payment for a lottery prize that probably doesn’t exist.
• Beware of links which could lead you to so-called ‘spoof sites’ set up to extract information from you, like updating personal records which could provide the means to reach or even access your account.
• Whenever you want to discuss your account with e-lottery, we will always verify your identity by asking specific security questions. Our customer care team do not have access to your full password.

So if you ever have any doubts about an email – Be Careful. If you ever have concerns about lottery scams don’t hesitate to CONTACT US ON OUR 365*24*7 TOLL FREE NUMBER at 1800 209 6789 (For India Only) Or visit us at www.agapeinc.in. We are always here to help you.

Jayesh Bellani
Executive: Fraud Management System
Agape Inc

If you should ever be forced by a robber to withdraw money from an ATM machine, you can notify the police by entering your PIN in reverse. Though it hasn’t been tried in many places, this technology if present will help the banks and its customers.

Let’s say for example, if your pin number is 5678 then you would put in 8765. The ATM recognizes that your pin number is backwards from the ATM card you placed in the machine. The machine will still give you the money you requested, but unknown to the robber, the police will be immediately dispatched to help you.

Now the question arises that 1) what if the pin number happens to be a palindrome? Say 3333, 1221, 6226 and so on. 2) what if the ‘reversed’ pin happens to be somebody else’s pin. 3) Even if the police is dispatched for help, it would take them some time to get to the ATM and by then the harm would have been done. 4) ATM machines are not that intelligent to recognize whether a pin has been reversed entered; it only recognizes the correct pin matching the card.

Each card is paired with a unique pin number, entering the wrong pin would clearly not be matching with the card and therefore no transaction would go through.

Sherwin Azavedo
Manager: Cyber Crime Complaints
Agape Inc.