Skip to main content

Posts

Showing posts from February, 2006

Honeypots (Definitions and Value of Honeypots)

By Lance Spitzner Definitions and Value of Honeypots Lance Spitzner With extensive help from Marty Roesch and David Dittrich http://www.spitzner.net Over the past several years there has been a growing interest in honeypots and honeypot related technologies. Honeypots are not a new technology, they were first explained by a couple of very good papers by several icons in computer security, Cliff Stoll's book the Cuckoo's Egg", and Bill Cheswick's paper "An Evening with Berferd." This paper attempts to take their work further and discuss what honeypots are, how they can add value to an organization, and several honeypot solutions. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues. Also, few people realize the risk and issues...

Losing Trust In Search Engines

Privacy. It's a pretty simple concept, at least, for an individual. When you get a group of friends together, expecting your comments and actions to remain private is a little tougher to do. But what if one or two of your friends in the group told you that you could count on them to keep your comments secret? You could reasonably believe them, right? Well, if those friends were named Yahoo or Google, then no, you couldn't. A little background before I get started with the technical data. I run a website called www.gravito.com, I still intend to do something with it; most likely online IP tools for forum administrators, but for now the main page is blank. It's been that way since early 2004. At one point in my life, I had no job and thought I could run a little hosting/web design business right out of college. I think we all thought we could do that at some point in our lives, and some of you might do so now. You can see the Wayback Machine Archive of my hosting business her...

Two Way Authentication To Defeat Phishing

Phishing is becoming an increasingly big problem on the net. When the end user receives an email that for all purposes appears genuine and appears to originate from a trusted source, the psychological effect is to lower the levels of suspicion the user would normally have, when asked to provide sensitive information. There really is very little we can do to stop Phishers from making carbon copies of websites, spoofing email addresses and even buying ssl certificates to make their site appear more genuine. However, we can beat Phishing through implementing a process of two-way authentication. Under two-way authentiation, the customer is required to prove their identity to the bank's web site and the web site must prove its authenticity to the user. This ensures both parties can be confident that they are dealing with a legitimate source. If all financial institutions adopted this login procedure, phishing could be eliminated within the banking sector. The method is described in full...

Two New Windows Wmf Flaws Found

Microsoft announced on TechNet last night two new flaws in Windows, one in viewing WMF files with older versions (pre 6.0) of Internet Explorer, and a second related to priviledge escalation in Windows XP and 2003 systems without the latest service packs. The first flaw, which is vulnerable only to Internet Explorer 5.5 and 5.01, uses the now-familiar terminology that it "could allow an attacker to execute arbitrary code on the user's system" when they view a specially-crafted web page or email attachment. On the surface the flaw appears similar to the very critical WMF flaw discovered in late December, but is a different issue. The second flaw affects only Windows XP SP1 and prior, along with Windows Server 2003 without SP1. Systems with the latest service packs are not vulnerabile. The vulnerability permits priviledge escalation in default Windows services as well as third party applications set with overly permissive access controls. Patches for these two vulnerabiliti...

Anonymity mini HOWTO

Disclaimer: I strongly recommend that nobody attempts in anyway to gain unauthorized access to any sort of computer system, as any kind of attempt to gain unauthorized access sadly seems to be a serious criminal offense. I'm in no way responsible for any kinda offence. Its totally ethical stuff and there's even potential danger that you may even get logged and even chance to get sniffed. So stay alive. Happy Hacking :) Hey fellas don't get annoyed by the disclaimer. It's just a formality you know rules are always meant to be broken. So today's hot topic is about how anonymous you are. Let's see what anonymity on web really mean. In one line its nothing but how deep you can tunnel down the rabbit hole without being noticed. If you ain't anonymous, may be your first hack be your last one. Always cover your tracks, it's the basic thing one should ensure before planning to hack the box. There are loggers all the way. If you escape you ISP, there are routers ...

Overview of HTTP Authentication

The HTTP 1.x protocol has a built in mechanism for requiring a valid username/ password to gain access to web resources. This mechanism is known as HTTP Authentication and can be initiated by either a CGI script or by the web server itself. The overall purpose of this document is to provide the new user with a common sense definition and understanding of HTTP authentication at the HTTP Header Level. There are currently 2 modes of authentication built into HTTP 1.1 protocol, termed 'Basic' and 'Digest' Access Authentication. Basic Authentication transmits the username:password pair in an unencrypted form from browser to server and in such should not be used for sensitive logins unless operating over an encrypted medium such as SSL [1]. Digest Authentication sends the server a one way hash of the username:password pair calculated with a time sensitive, server supplied salt value. Here a couple definitions are in order: One way hash:? A mathematical calculation of a string...

Wmf Exploit Sold For $4,000

Russian hacker groups sold exploit code for the WMF exploit in early December, well before vulnerability research companies caught wind of the problem, mounting evidence is suggesting. A two-week window separated the development of the exploit and the discovery of suspicious activity, according to an eWeek article. During these two weeks the exploit code was available on underground websites -- at a $4,000 cost. Details regarding the first release of the exploit are still being discovered, however the eWeek article mentions an early relationship with a stock pump-and-dump scheme, where the WMF flaw was used quietly for quick financial gain. A BugTraq posting in late December was first to show a website actively implementing the WMF flaw, and the flurry of activity that followed sent the security community into overdrive -- over one thousand malicious WMF files were detected in the days following the post. Source : http://www.securityfocus.com/brief/126

New Bid To Tackle Spyware Scourge

Five computer security firms are collaborating on a common naming system for spyware and will co-produce tools to remove the malicious software. The initiative hopes to remove some of the current confusion caused by anti-spyware firms managing their own labelling and removal methods. The group said collaboration was needed as the amount of spyware in circulation was rising by 50-100% per year. The initiative will see ICSA Labs, McAfee, Symantec, Thompson Cyber Security Labs and Trend Micro join forces to tackle spyware.

Armoring Solaris

By Lance Spitzner Preparing Solaris 8 64-bit for CheckPoint FireWall-1 NG Lance Spitzner http://www.spitzner.net Last Modified: 20 July, 2002 Firewalls are one of the fastest growing technical tools in the field of information security. However, a firewall is only as secure as the operating system it resides upon. This article is a continuation of the original Armoring Solaris article, focusing on building a minimized Solaris 8 64-bit for CheckPoint FW-1 NG firewall. This article does not include an updated script for the automated securing of the new installation, as there was in Armoring Solaris. Instead, we will be using Solaris Security Toolkit (JASS). This is a new tool developed and rele...

Nmap 4.00 With Fyodor

After more than eight years since its first release in Phrack magazine, Fyodor has announced Nmap 4.00. Curious as usual, Federico Biancuzzi interviewed Fyodor on behalf of SecurityFocus to discuss the new port scanning engine, version detection improvements, and the new stack fingerprinting algorithm under work by the community. Could you introduce yourself? Fyodor: I'm a long-time network security enthusiast with a particular interest in full disclosure and the offensive side of security. I have gained a lot from the security community over the years, and try to contribute back by releasing free tools such as my Nmap Security Scanner and publishing useful content on my websites, Insecure.Org and Seclists.Org. I am also an active member of the Honeynet Project. Writing has been a major recent focus of mine. Last year I co-authored a technical security novel named Stealing the Network: How to Own a Continent, and I'm almost finished with a network scanning book. This is all on ...

Writing "hacker" Tools And Exploits Could Be Illegal In The Uk

"Proposed changes to the Police and Justice bill would make it an offense to make, adapt, supply, or offer to supply any article which is designed or adapted to impair the operation of a computer, prevent or hinder access to a computer, or impair the operation of any program or access to any data." Hell, you don't even have to write anything. If you know what it is/does, you could be found guilty! "knowing that it is designed or adapted for use in the course of or in connection with an offence under section 1 or 3" Spooky stuff there kids.