Justice is White|Because we walk the path of justice

Sorry for not updating the blog but we are facing some problems! Justice is moving to Florida, and needs some time, Decut is working a big project with his team… So right now i am the only one that is available! I will try to keep you informed!

Other subjects: One of my friends from Romania reported a vulnerability within a national website, and right now we are contacting the webmaster! Il soon post about it, and how did we help to fix it! Thats all for now!

Hey i got some interesting subjects to share with you guys! First of all i am blogging from a Web Fest that takes place near Barcelona(in a small town know as Esparraguera i think)! Well some interesting stuff just came up as soon as Julio(Meeting Organizer) toke the Mic! He started talking about MFA: Made for Ads, or in plain English: Sites that steal content only to get profit from your work! He started talking about this after he told us that a nasty little blog is making money from his tutorials! It seems that there are some “dark” search-engines out there that don’t just index content, they steal it and post it on other websites filled with Ads! So this way people get to their websites, after searching for content that should only be on your website, and the owners of those websites get traffic with your work! Now he gave some tips on what to do in order for you to recover some of the “loss”! Be sure to mask a link to your blog in your posts! This MFA’s copy the entire content and this means they also copy the link! Also be sure to use the entire address not just /category/post ! Well thats all i can say for now! Good luck guys! If anything more interesting stuff appears i’ll be sure to post!

Thanks for reading,
Admin

Going back hundreds and thousands of years, we find that hypocrisy was used by the majority of the humans: from the ancient times to the Middle Age and to our Era. Even the Christian Church used hypocrisy in the Middle and Dark Age to manipulate the Christianity into believing rules which were not found in the Holy Bible and saying that “it is the will of God”.

This article is about the strong relation between hypocrisy and social engineering (or the art of manipulation). Some of us may be very naive so we can end-up trusting everybody and thinking that everyone has good intentions. Wrong!

The problem that can appear is when we start trusting some not very well intentioned people and making them our friends. This is a big problem when it comes down to IT Security. That person will try to manipulate us and make us give him personal information. In this scenario you face not just social engineering, but an act of pure hypocrisy as that person is thought to be your friend.
Voltaire says:

May God defend me from my friends; I can defend myself from my enemies.

What is the solution for this scenario?

You can stop trusting that person if he asks you for personal information like: account passwords from work, personal account passwords etc. In many cases, if the victim gives up that information, the ending is not very pleasant, as the victim can lose access to her/his account.

Let’s take another scenario into account: you, the victim, work for a big company and the attacker wants to break the company’s security. The attacker can use social engineering, so he must start to find information about the employees of the company: names, phones, addresses, identity card numbers etc. When he is done, then he can phone the company requesting the password for the X account, for which he has information: the account belongs to Y, with the identity card Z etc. In the majority of cases, the victim will give up that information so the security has been broken.

What is the solution for this scenario?

As head of the security department in that company, you can set up a secret question in the company like: “what’s today’s color?” or “what’s X’s favorite book?”. The attacker doesn’t have access to the secret question nor to the answer of it so the victim mustn’t give the X account password.

The next scenario is about communities on the Internet. The administrators are often manipulated and they end up giving extra rights or ranks (for instance: moderator) to people which do not have good intentions. The community can then suffer a so called ”deface” which is not pleasant.

What is the solution for this scenario?

The administrator(s) must try to find extra information about that person talking to them or searching the Internet. One single doubt could be enough for the administrator to not give the attacker a new rank/right.

From these three presented scenarios the most dangerous one is the first because not only you can give account passwords (and so you can end-up having no money), but you also can give him intimate information which can be used to damage the way people think about you.

I am not saying you can’t trust anybody, just be careful when it comes down to IT Security!

I finally found enough time to look up Imagine Cup 2009 and to be honest it left me with a sour taste in my mouth! It seems that one could only participate at Game Development if he uses XNA Game Studio 3.0 and Visual Studio:

The object of the Game Development Invitational is to create a new game that uses both Microsoft’s XNA Game Studio 3.0 and Visual Studio.

Well i guess i have to take my game design skills somewhere else! I know that there are allot of talented, and yet unexploited, game developers that cannot participate because of this limitation! But to be honest i sure loved this years Theme:

Imagine a world where technology helps solve the toughest problems facing us today

To bad i never worked with XNA 3.0 and i don’t have the time to study it… But if could participate using what i want i would surely develop a Nintendo DS Games that evolves around the theme! Maybe something like, Megaman Battle Newtork but with less battles, and more puzzles!
For those interested in participating you can find details on categories here:
http://imaginecup.com/Competition/Overview.aspx

Justice just gave me an interesting article that shocked me! So if what Dan says is true then the best thing to do is get your own server… Now i really need to talk about this with the company that is hosting this blog!
Yes yes, i know i am getting my hopes up, and reaching more 500 visitors/day will take a while, but this is a matter that will affect us so it is better to “fix this problem” now, since we just started, then later on!

Today i finally got to talk to an old friend of mine who just came back from a trip to Bulgaria and he was dying to share his plan with me! What plan? Well he was thinking of opening some blogs and fill them up with tutorials! And he was thinking of buying different domains and hosting and then link them all together! Dunno why but i really really think this isn’t such a good idea, mainly because he would have to work allot to get some content up, and since he wanted to do this by himself it would prove to be impossible! Imagine having a blog with tutorials, made by yourself, about php, one filled with flash tutorials, one with Photoshop tutorials etc… Its hard enough to get some content on one of them, because, even tough he rocks at web design and coding, it would be hard to pull up 4 tutorials/day for each of his blog, and still go to work, and promote the blogs! Now about the seo part, he said he had it “fixed” because he would buy domains like php-tutorials.com and flash-tutorials.com so he would end up with a good position on google! To be honest i don’t know what to say, to me this seems like allot of work! I am having a rough times coming up with some good, and yet easy to understand, tutorials for white-truth… imagine him writing 4 tutorials a day for his blogs. Well its his choice after all and there is nothing i can’t do to change his mind!

A few minutes ago i read a comment submitted by a reader that gave me an idea! He asked me if i could make a page where i should add links to tutorials and other related articles made by White-Truth staff members so others could easily find what they want! Well wish granted!

Tutorials by Justice:
#1 Tips for Reducing Spam
#2 Break the habit of using pirated software
#3 Tips for avoiding scams

Tutorials by Decut:
#1 Basic IT Education

Thank you for reading,
Admin

According to Sunday Herald, a British newspaper, personal information of over 8 million people is now at stake! It is said that a previously unknown Indian hacker successfully breached the IT defense of the Best Western Hotel group’s online booking system and sold details of how to access it through an underground network operated by the Russian mafia. How did it happen? Not much is known but it seems the newspaper found out that it was an indian hacker, a newcomer to the world of cyber-crime, who had placed a trojan on one of Best Western Hotel machines used for reservations and then accessed the data by using one of the accounts used by staff members! The information stolen was then put up for sale on an underground website operated by the Russian mafia.

The original article can be found here:
http://www.sundayherald.com/news/heraldnews/display.var.2432225.0.0.php

“Comodo, a leading Certification Authority and Internet security company, announced today the availability of version 1.0 of SecureEmail“, a free-of-charge product that applies an encryption system to outgoing e-mails, thus eliminating the need for a public key cryptography system!
Secure Email comes in two editions: Regular and Pro but both of them are available for free and it can work with outlook(express or 2000 +), Thunderbird, Windows Mail and Incredimail.
The only sad part that i see in this article is that there is no Linux version of the program! Well maybe in the future it will be available!

For more details please read the original article:
http://www.comodo.com/news/press_releases/21_08_08.html

The problem of education can be observed in many countries of the world. Some of these countries may be even the ones which claim to be very developed among which we can mention United States. We try to fight with this problem and trying to develop poor countries, adding education even to the list of Millennium Goals but we can’t fight this problem in our own countries. The human way of thinking is full of clichés and can be seen as a negative factor which drives this world down.

History has proven us that the majority of humans were never even close to a good education. I, for one, keep the hope that one day, this thing will be solved and each one of us will have access to a good or maybe even very good education.

Because this article was created for the purpose of IT Education, I will focus on this in the following paragraphs, leaving the daily education in the hands of the so called (untrained) teachers.

IT and implicit the Internet is becoming more and more like a battlefield between the security analysts (or white hat hackers) and black hat hackers or hackers to whom the untrained computer users are the daily victims. The basic knowledge and methods to prevent attacks of the black hat hackers should be shown by the computer science teachers but as they are UNTRAINED that’s why our organization exists!

As a casual computer user you should know how to deal with the computer viruses problems. You should know what transfers to accept, which antiviruses to install and so on. I will focus on the Windows Operating System (a.k.a. Windows OS).

What to install?

An antivirus and a firewall are a must have.

Antivirus software are computer programs that attempt to identify, neutralize or eliminate malicious software. The term “antivirus” is used because the earliest examples were designed exclusively to combat computer viruses; however most modern antivirus software is now designed to combat a wide range of threats, including worms, phishing attacks, rootkits, trojan horses and other malware.

A firewall is a dedicated appliance, or software running on another computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules.

I recommend the Kaspersky Internet Security suite which includes an antivirus and a firewall (see here: http://www.kaspersky.com/homeuser). Also, for a fast way to scan a file use the online Kaspersky virus scanner: http://www.kaspersky.com/virusscanner .

What mustn’t you do?

It’s a long list so the focus will be on the main things:
-    Don’t accept any transfers of .exe, .scr, .bat, .vbs files from people you do not know or you do not trust! (for example: yahoo_password.exe, manykisses.exe, etc)
-    Don’t access the e-mails which end up in the Bulk/Spam folder or any e-mails which are suspicious (for example: they don’t contain any expeditor or you do not know or trust the expeditor).
-    Don’t give/type your account passwords in any UNOFFICIAL websites because those are not to be trusted. You have details here : http://white-truth.info/blog/tips/13/.
-    Avoid accessing unknown websites because they can harm your computer. This problem can be solved by installing AVG Free Edition 8 which contains the AVG Toolbar that monitors the websites you access. Download here: http://free.avg.com/.
-    Don’t keep your account passwords in your e-mail (just in case).

The psychopathic way of thinking of the black hat hackers will be discussed in another article.