What is Email Header ? View email header in Gmail.

Monday, October 28, 2019
Many people open there inbox in-order to check their email or send a email and then sign-out but what we do not know that there are indeed lot of things are carried out when we simply send or receive a email.

There is a detail report/history of all those things  that are carried out and are attached with the email.

Yes, I am talking about email headers.They are kept hidden from normal user but we can certainly view it.

These headers comes very handy when tracing email, filtering spams, recording the Ip address of the sender etc. So, let's see what email header is all about and later in the post we will see how to get email header.


What is Email Header?

It is a record/report/history of  the email which covers the path from the sender to the receiver and also contains the vital information about the email servers that it has encountered in its path.

Few emails also contain digital signature to detect the tampering of the email in the path.

What information we can get from Email headers?

As i mentioned above we can get the history of the email and the information on the path the email has traveled to reach us.Lets see what information we can get from it.....
                               
            1.When the sender has composed the message(Date,Time)
            2.When the email was sent from the sender's PC to the email server.(Date,Time)
            3.When the email was sent from the email server to the intended receiver.(Date,Time)
            4.The type of protocol used in the entire path.
            5.The PC of the sender can be identified from the Header.
            6.The IP address of the sender but not always.
            7.The type and the number of digital signatures on the email I mean the type of algorithm.
            8.What type of email-client the sender has used to send the email
            9.The ISP of the sender. 
           10.If any third party is using any tracking means.

How to view Header of an Email?

Here I have listed out not all but few of the web mail providers and email client using which you can get email header.

Web mail providers:

1.Gmail: Login in a standard version >Open email of your choice >Click the down arrow next to reply >Then select show original.

2.Yahoo: Login >Select the desired email >Click on action drop down menu >Select view full header.

3.Hotmail: Login >Select Inbox >Right click on the desired email >Select view message source.

Email Desktop Clients:

1.Outlook Express: In order to view email header in outlook Open it >Select  the desired email from Inbox >Right click on it and select Properties >Details.

2.Mozilla:Open it >Open the desired email > Click view menu >Message source.

How to read an Email Header.

Here I have taken the example of my Gmail account to explain, we will see how to view email header in gmail.

As mentioned above we first need to open up the header of  any desired email as shown below.
What is an Email Header
(Click on the image to zoom it.)
 This is what you will get in a new window as shown below.
What is an Email Header
(Click on the image to zoom it.)
As you can see i have divided the whole header into 3 sections.It is worth mentioning that a header is always analyzed in bottom to top approach.This is because most of the vital informations about the sender is there at the bottom.You can say in the above image section1 is for destination mostly and section3 is for source mostly.

Section 3:
What is an Email Header
(Click on the image to zoom it.)
MIME-Version:1.0:MIME stands for Multipurpose Internet Mail Extension. It tells about the types of attachments in the email.It allows to send sound,graphics etc.Here the Mime-Version field shows that it is currently in 1.0.

Received:by :It show the time and date the email reached the Gmail server.

In-Reply-to: and References : Both are same,as the name shows it means whether the sender has sent an reply to the past message or is a direct new message.If it is a reply message then it contains the reference of the past message.This is an unique number.

Message-ID:This show the system from which the email has originated,I mean the senders's PC.It can be changed or forged easily.This is also a unique number.

To: and From: It gives the sender's and receivers email-id.

Content type:What type of content is there in the email ie. text or image or anything else.

Section 2:
What is an Email Header
(Click on the image to zoom it.)
What is DKIM-Signature?

DKIM(DomainKeys Identified Mail) is a digital signature put on every email we send or receive through email servers.It is used because the emails cannot be tampered or altered in its path.This mechanism is also used in spam filters as spam do not have any digital signature.

In the above image there are certain values let me explain.
                  v=Version
                  a=The algorithm used by Sender or Originating Web mail provider.
                  c=canonicalization algorithm of header and body.
                  d=Sender or Originating Web mail provider.
                  s=Selector
                  h=Contains the list of all the digital signature done on this email.
                  bh=Body hash
                  b=Digital signature of header and body.

Section 1:
What is an Email Header

Delivered-To:It contains the email-id of the receiver.

Received:by : You can see there is a  2 second difference in time between the "received by:" in section 3 and section 2.It shows the time and date the email reaches the gmail server.

Return-Path: The sender's email-id.

Received :from :Specifies the Ip address of the sender generally in "[ ]" but in gmail it is masked by the gmail server address.

This video explain in detail the insights into what is Email Header using Mozilla Thunderbird client.



If you find this post worth reading then do drop a comment,it will be appreciated.
What is Email Header ? View email header in Gmail. What is Email Header ? View email header in Gmail. Reviewed by Satyajit (Admins,a.k.a Satosys) on Monday, October 28, 2019 Rating: 5

10 Steps to take after Cyber Security Breach 2019

Thursday, October 24, 2019
While a major part of preventing all massive potential data intrusion damage or cyber security breaches lies in the preventative measures of secure code, updated security software, use of frequently updated applications and strong passwords for all access points to your data; sometimes cyber security breaches happen no matter how well you have protected yourself. When this happens, prevention no longer matters for the moment and purely defensive and sanitary measures are your best friend.

Top 10 after do of a cyber breach


Definition of Data Breach.

In today's world we have huge amount of data available and that is a lot of information.

Having said that the data can be categorized broadly into private , public etc. These groups can be sub divided further into financial,medical,educations,military intelligence and so on.

Any kind of data that comes into the category that is restricted to public access and is to some extent confidential is  called as private data.These are the kind of data that are commonly hacked by hackers.When these private and confidential data are either made public or accessed by someone who is not authorized for it then this situation or scenario is called as data breach.

Example of social security identity theft and medical data theft is also of high concern.If you remember the Office TV show dialogue,"Identity theft is not joke,Jim".This truly hold good and should taken very seriously.

Example:data breach at experian

Now let’s cover some of these, as applied to assorted systems, including computers, hosting servers and your internal networks.At the end of this post we will also see the recent security breaches of 2019.
1.Make Sure you have been Hacked

Not all strange system behavior is a sign of third party or malware intrusion. Sometimes the complex systems we operate go haywire because of changes we ourselves have made to them without being aware of the consequences.

If your website, computer or network is behaving strangely, not loading properly or giving you blank displays where data or a visual interface should be visible, first think back to any recent changes you might have made that could be responsible for the differences.

In a website hosting system, for example, changing so much as a single parameter within a site’s MySQL database template can lead to a completely downed website even though all the internal data is perfectly safe.

So in other words be very sure that there is cyber security breach and need to prompt enough to take the actions, a minute late in this may result in serious repercussions.

2.Speak to your Support Team

As a follow up to step one above and as a part of general policy, you should speak to your technical support team as soon as you have noticed strange things about your system. If you’re a website owner, this could be the people who manage your IT and hosting servers and if you’re the owner of a business or organizational network, this could be your IT support staff.
They can not only tell you about any changes they may have done to provoke a system failure, they can also help you investigate the wider scope of the intrusion you may be suffering.

3.Image your Servers or Drive

Imaging software for computer hard drives and the same sort of software for servers should always be close at hand. In case of a breach, before proceeding with cleanup and removal of all malicious factors, you should first image your drives or servers immediately in the condition they have at the time of their hack.

This will preserve a large body of evidence which can later be examined through digital forensics techniques, and this evidence vitally needs to be preserved so that you can formulate a better future intrusion response. Knowing if you were the victim of a genuine virus, entry by a human hacker who’s been modifying your code or something as simple as some spyware is crucial.

4. Disconnect from the Web (if possible)

As soon as you have imaged your servers, hard drives and all data or code collections, you should immediately disconnect your servers or computers from the wider web if at all possible.

This may cause chaos and disruptions for clients if you’re running a business website, but as a preventative step it’s vital. By keeping your machines and servers connected, you’re allowing the malware or human intruders who have breached them to continue maintaining malicious access, keep stealing data or causing further damage.

Unless you’re running security scans that require a web connection to work, your systems should be offline while you recover.

5. Change all Passwords

In addition to imaging of all data storage media and disconnection from external access, you should also be moving quickly to change all of your access passwords. They may have been the cause of your security breach and by leaving them as they are, you’re inviting future attacks even after you repair and reinstall everything.

Your machine itself, your hosting server access, your MySQL databases and your FTP should all have their passwords and the passwords of any sub-accounts on them reset immediately.

6. Perform Security Scans

Antivirus software, anti-malware programs and network intrusion protection software should all be tools that you keep close at hand for intrusion incidents. Once your intrusion has been detected and the above steps taken, perform scans that cover all the major bases against malware, spyware, intruders and scripting attacks.

7.Remove all Malicious Files and Code

Through the assistance of your IT support team, your service providers and the security software you have been running, you can start slowly identifying and destroying all the malicious code you find on your network, servers or computer itself. This can be a tedious process and if you’re not sure that you have successfully removed everything, you probably need to do a full re-install.

8. Back up Everything

Back up all of your valuable data as soon as possible after a data breach. You may have already performed a full scale imaging process on your entire servers or drives but specific section backups of key databases and data volumes are also a good idea because they allow you to compartmentalize valuable information for later analysis through digital forensics.

9. Re-install as much as Necessary

If the breach was very severe and especially if the breach affected a lot of data or code, you might have to perform a full scale re-installation of all your software. In a computer, this will require you to format your entire hard drive and re-install your operating system.

On your website hosting servers, you’ll almost certainly need to re-install all o your database management software, LAMP (Linux, Apache, MySQL and PHP) applications along with any other third party software you were running for your website.

Always re-install to the newest versions of whatever software you need to replace.

10. Document Everything

Finally, document everything. Document all of the steps you took, the processes you followed and the files you erased, re-installed and used to clean your machine. Documentation is useful for future digital forensics (if needed) and it preserves a chain of evidence that can be used as a future prevention reference.

11.Report Identity theft to Police.
In case of any identity theft , the first thing we should do is freeze all the confidential information and if needed and possible  reset the information.Then reporting identity theft to Police is of foremost importance so that if in case those confidential information are misused then we have a police report in place.

10 Steps to take after Cyber Security Breach 2019 10 Steps to take after Cyber Security Breach 2019 Reviewed by Satyajit (Admins,a.k.a Satosys) on Thursday, October 24, 2019 Rating: 5

Ramnit : Worm that loves Facebook

Friday, January 20, 2012
ramnit malware
 "Ramnit"  the worm with multifaceted spreading capabilities,first detected on 2010 for infecting local systems. Now the hackers behind it have redesigned it into a more advanced kind of worm.The worm has already stolen 45000 facebook credentials and still on move.





It is also confirmed that this worm is able to bypass the two level authentication used by banking organizations and online money transfer.Below I have taken the snapshot of the code of the worm that was detected in 2010.
 It comes from online malicious sources and   creates infected .html files through that it infects the executable and .dll files. As,depicted in the video below.





But as the worm has spread its root to financial and social media so it a big concern.Users are advised to change there credentials in every 14 days.
Ramnit : Worm that loves Facebook Ramnit : Worm that loves Facebook Reviewed by Satyajit (Admins,a.k.a Satosys) on Friday, January 20, 2012 Rating: 5

A Beginner's Guide to Android Rooting | Easy Reference

Saturday, October 22, 2011
Android in the one of the widely accepted OS in devices(phones,Tabs etc) these days because of its largely managed apps and control it give to its users.Where is honey so bears are there......
android root software
I mean because of its popularity it is one of the hotspot for attacker these days.So,I thought of sharing few security tips with my readers,for that the apps we need to work with will be functional on certain criteria that is we need to have root access on the device.Before going into the security part of it I would like to give my readers a basic idea about rooting.

What is Rooting in Android?

"Root" as you all may be knowing is related to Linux and it is analogous to administrator in Windows.So rooting an Android device means we get the full access and freedom on the functionality of the device,in windows language we can say we have the admininstrative previlage.So,the process by which we get the root access/previlage is called "Rooting".

Why we need Rooting?


1. Full access and control over the device.(Superuser access)

2. Make your device fast to your wish.

3. Add more apps of your choice.(Will be covered in the next Post)

4. Use the OS version of your choice.

Disclaimer: Root may cancel/void your warranty.Carry out the process at your own risk,the author will not be held responsible for any damage caused to your device.
How to root an Android device?

Instead of giving a detailed tutorial I will cover the basic overview of how this is exactly done and the tools and software associated with it.Here it is worth mentioning that all the android based devices do not have excatly the same rooting procedure.So,here I have listed out all the possible methods.

Note:Install Microsoft .Net Framework version 2.0 or greater.
         Enable USB debugging in device settings.
         Need USB drivers for your device and install it.
The first and foremost thing is to find the method which is compatible with your device(just Google it)

1.Rooting Android devices with SuperOneClick.

2.Rooting Android devices with Universal Androot

3.Rooting Android devices with Z4Root.

4.Rooting Android devices with flashRec

5.Rooting Android device using Easy Root.

6.Unrevoked Method:
If the above mentioned methods are not compatible with your device then you may try this method.This method is mostly used for HTC devices.You may download Unrevoker here.

 A Reference of how to "Root a HTC wildfire(Video Tutorial)".

You may need the below mentioned help before working with Unrevoker.

     * S-off tool  Revolutionary (Download)
    
     * You may need a Rom to get downgrade(Download)
   
     * Need to find the HBOOT version,as we may need it.


7.Rooting Android 2.3 Gingerbread devices with GingerBreak.

If the Android is 2.3 then no need to downgrade it to 2.2 and start rooting,you may see if your device is compatible with GingerBreak exploit.Follow the reference here as this may help you carry out the steps.

After you are done with rooting then you may install the desired OS version and add your custom ROM.

I hope this post will come to your help.If you feel that I need to add any thing else then feel free to drop a comment. :) 
A Beginner's Guide to Android Rooting | Easy Reference A  Beginner's Guide to Android Rooting | Easy Reference Reviewed by Satyajit (Admins,a.k.a Satosys) on Saturday, October 22, 2011 Rating: 5

Yersinia | Analyze and Test Deployed Networks

Sunday, October 16, 2011
"Yersinia" a type of bacteria but here in context to this site it is  a  Network tool designed to analyze,test and monitor  the weakness in different network protocols listed with it.

Attack on the following Network Protocol are possible as listed below.

yersinia
Recently Cisco VTP Dos exploit  included in the latest version:0.7.1
yersinia
Home Page : http://www.yersinia.net
Yersinia | Analyze and Test Deployed Networks Yersinia | Analyze and Test  Deployed  Networks Reviewed by Satyajit (Admins,a.k.a Satosys) on Sunday, October 16, 2011 Rating: 5

winAUTOPWN V2.7 | Windows Interactive exploit framework Tool

Wednesday, September 21, 2011
winAUTOPWN is a simple tool which works on windows platform and is quick in systems vulnerability exploitation.This is tool which takes less information from your side and does more effective work.

winAUTOPWN V2.7


Why you should use this tool?

1. It takes simple inputs like IpAddress,Hostname,CMS Path

2. It also does a smart multi-threaded port scan (1 to 65535).

3. Exploits written by other writers can be added to it to evoke a remote shell from target box.

4.It helps the attacker to check the no of exploits it has used on the target box.

In the new version this tool has added few extra features like
  • Commandline parameters for Reverse Shell URL 
  • Mail-to,mail-from(Email server exploit)
Download
winAUTOPWN V2.7 | Windows Interactive exploit framework Tool winAUTOPWN V2.7  | Windows Interactive exploit  framework Tool Reviewed by Satyajit (Admins,a.k.a Satosys) on Wednesday, September 21, 2011 Rating: 5

Katana | A portable multi-boot security suite

Wednesday, February 09, 2011
Katana a tool which holds over 100 applications under it which can be run a USB/flash drive.As the new v2 has come up with a major addition called "Forge",which helps in further addition of new applications to the booting list.
Katana security

>>>>>Learn how to use portable applicaions from your PC.

Portable Applications:

1.BackTrack
2.Computer Aided Investigative Environment(CAINE)
3.Ultimate Boot CD for Windows
4.Ophcrack Live

and many more......Find more portable applications here... :)

(Download)
Katana | A portable multi-boot security suite Katana | A portable multi-boot security suite Reviewed by Satyajit (Admins,a.k.a Satosys) on Wednesday, February 09, 2011 Rating: 5
Powered by Blogger.