Monday, 24 October 2011

Free Comodo Internet Security Pro 2012 one year license key

Comodo Internet Security Pro 2012 which is priced at $49.99. This promo will allow users to use the latest pro version completely free for a year.

Free Comodo Internet Security Pro 2012

Comodo Internet Security Pro comes with powerful cloud based Antivirus, Antispyware, and an excellent award winning firewall with defense plus technology that provides high-level of protection. The 2012 consumer products from Comodo is yet to be officially released, but users can start using the new version as the new installers has been already uploaded on the official Comodo servers.

Key Features of Comodo Internet Security Pro 2012:

Antivirus, Anti-Spyware, Anti-Rootkit & Bot protection
Defends your PC from Internet attacks
Detects and eliminates viruses
Prevents malware from being installed
Auto Sandbox Technology™
Easy to install, configure and use
Remote Security & System Support

Thanks to Downloadcrew they are currently running a 1 year promo of Comodo Internet Security 2011. The special installer offered by the promo has a built in serial number that can be used in the new 2012 version. Which will require below steps.

Follow below steps to get Free Comodo Internet Security Pro 2012 one year license key

Download Comodo Internet Security Pro 2011 Here -> one-year special installer
Install and start Comodo 2011. Navigate to “More” -> “About” -> Serial Number -> “Copy”.
Save the serial number on your PC, you will need this serial to activate the 2012 version.
Download and Install Free Comodo Internet Security Pro 2012. During installation, enter the serial number that you received from the 2011 version.

Note: The installer will connect to the internet and automatically activate your subscription for 1 year (365 days).

Official GNOME Shell Extensions

Official GNOME Shell Extensions Available In The WebUpd8 GNOME 3 PPA For Ubuntu 11.10

The latest official GNOME Shell Extensions (version 3.2.0) are now available in the WebUpd8 GNOME 3 PPA for Ubuntu 11.10 Oneiric Ocelot. This PPA is an attempt to have all the stable GNOME 3.2 packages that aren't available in the official Ubuntu 11.10 repositories in a single place. Please note that I did not package this. I'm only uploading these packages to a single PPA.

GNOME Shell Extensions is an official GNOME package that provides additional functionality for GNOME Shell, like a classic menu, restore the power-off entry in the user menu, the user theme extension which allows you to easily switch between GNOME Shell themes and more.

Install GNOME Shell Extensions pack in Ubuntu 11.10 Oneiric Ocelot

Important: an user has reported that using the Alternative Status Menu extension without having a profile picture crashes GNOME Shell. So set a picture (under User Accounts) before installing this extension.

Firstly, add the WebUpd8 GNOME 3 PPA:

sudo add-apt-repository ppa:webupd8team/gnome3
sudo apt-get update

Below you'll find a description on what each extension does and how to install it:

- Alternative tab extension: use the classic ALT + Tab. Install:

sudo apt-get install gnome-shell-extensions-alternate-tab

- Alternative Status Menu extension : adds "Power off" and "Hibernate" to the status menu, visible at all time (and not just when pressing the ALT key). Install:
es/THEME_NAME/gnome-shell or /usr/share/THEME_NAME/gnome-shell. This extension is especially useful when used with GNOME Tweak Tool. This way, you can install and switch between GNOME Shell extensions with a click. Install both User Theme extension and GNOME Tweak Tool:

sudo apt-get install gnome-shell-extensions-user-theme gnome-tweak-tool

- Workspace Indicator extension: displays the current workspace and lets you switch between workspaces (wither using its menu or by scrolling). Install:

sudo apt-get install gnome-shell-extensions-workspace-indicator

- Applications Menu extension: adds an regular (old-style) menu to the top GNOME Shell bar. Install:

sudo apt-get install gnome-shell-extensions-apps-menu

- Removable Drive Menu extension: adds a removable drive menu to the top GNOME Shell bar (on the right). Install:

sudo apt-get install gnome-shell-extensions-drive-menu

- SystemMonitor extension: adds two graphs to the GNOME Shell message tray, displaying the RAM and CPU usage. Install:

sudo apt-get install gnome-shell-extensions-system-monitor

- Places Status Indicator: adds a menu to the top bar in the old Places Menu style. Install:

sudo apt-get install gnome-shell-extensions-places-menu

- Dock extension: shows a dock-style task switcher

To customize the dock extension, install dconf-tools (sudo apt-get install dconf-tools), then launch "dconf-editor", navigate to org > gnome > shell > extensions > dock and here you can specify the dock position (left or right), enable or disable autohide, specify the hide effect or set the hide duration.

Install:

sudo apt-get install gnome-shell-extensions-dock

- Native Window Placement extension: uses a 'natural' (reflects more the position and size of the actual window) algorithm for displaying the thumbnails in the activities overview. Install:

sudo apt-get install gnome-shell-extensions-native-window-placement

- Xrandr Indicator (Monitor Status Indicator) extension: adds a systems status menu for rotating monitors (overrides what is currently provided by gnome-settings-daemon). Install:

sudo apt-get install gnome-shell-extensions-xrandr-indicator

- Auto Move Windows extension: this extension can be used to get some applications to always start on a specific workspace Install:

sudo apt-get install gnome-shell-extensions-auto-move-windows

- Gajim extension: Gajim integration for GNOME Shell. Install:

sudo apt-get install gnome-shell-extensions-gajim

- Windows Navigator extension: Allow keyboard selection of windows and workspaces in overlay mode: when you hold the ALT key, a number is assigned to each window (displayed in the top left corner) and you can then press the number to switch to that window. Install:

sudo apt-get install gnome-shell-extensions-windows-navigator

Or, install them all using the following command (will also install GNOME Tweak Tool) - yeah, there's no meta package yet:

sudo apt-get install gnome-shell-extensions-alternate-tab

gnome-shell-extensions-alternative-status-menu

gnome-shell-extensions-user-theme

gnome-tweak-tool

gnome-shell-extensions-workspace-indicator

gnome-shell-extensions-apps-menu

gnome-shell-extensions-drive-menu

gnome-shell-extensions-system-monitor

gnome-shell-extensions-places-menu

gnome-shell-extensions-dock

gnome-shell-extensions-native-window-placement

gnome-shell-extensions-gajim

gnome-shell-extensions-xrandr-indicator

gnome-shell-extensions-windows-navigator

gnome-shell-extensions-auto-move-windows

Once installed, reload GNOME Shell (press ALT + F2 and enter "r" or log out and log back in), then use GNOME Tweak Tool to easily enable/disable extensions or switch between GNOME Shell themes on the fly - there's no need to restart GNOME Shell anymore.

Bypassing Windows 7 Kernel ASLR

Windows 7 has a nice security about kernel space

Many checks of size, integrity controls and access restrictions are available.For example the “security check” protect our stack if a string is used, many functions like “strcpy()” are deprecated (and some are disallowed) to force developers to have a secure coding.This is why, some attacks were presented as heap overflows in local exploitations (recently Tarjei Mandt)but we don’t see any remote exploitation like we saw in SRV.SYS or other drivers.This lack of remote exploits occurs partially because an ASLR (randomization of memory spaces) is enabled in kernel land. If a hacker doesn’t have any possibilities to jump and execute a payload (ROP, Jmp Eax …) exploitation of the bug isn’t possible. Only a magnificent BSOD could appear in most of the cases.This paper will try to explain how to bypass this protection and improve remote kernel vulnerabilities research!For the use of this document we will consider a remote stack overflow as the main vulnerability

Download PDF

A Code Execution Vulnerability in Google App Engine SDK for Python

Google App Engine is a great technology allowing web developers to develop their own web applications,test them in their internal framework, and deploy them to Google’s appspot.com domain.The Google App Engine framework allows developers to write their web site logic in Python, and offers several frameworks specially created for this. In addition, Google App Engine provides an SDK Console via web that acts as an administration console for the newly written application.This advisory lists 4 different vulnerabilities, one in admin console and three others in the Google python API, which allow a remote attacker to gain full code execution on the developer’s machine. These severe issues have been communicated to Google, and a fix was released last month on Sep 12, 2012 (in version 1.5.4).

Download PDF

WebBackdoors , Attack, Evasion and Detection

This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. Paper explains few techniques that could be used to render undetectable and unnoticed backdoor inside web applications. This paper is mainly an update for an old paper of ours Effectiveness of Antivirus in Detecting Web Application Backdoors, which mainly questioned the effectiveness of AV with respect to web shells and analysis of a couple of web shells. Current paper takes this topic further and explains a couple of methodologies that could be used to make stealth application layer backdoors using web scripting languages .This paper explains various Web Backdoor attacks and evasion techniques that could be used to stay undetected.

Download PDF