How the Secret Service polices the Net
Trained in martial arts, sworn to secrecy, famous for high-tech earplugs and icy stares, the oldest law enforcement agency in the federal government, the U.S. Secret Service, is now protecting our national interests online.
Wednesday, June 26, 2002
FTP Dumpsites: A primer
Well, Ok a dumpsite would consist of a FTP Server in which you can store and download files that you may want to download or upload too. Now, these pubs/dumpsites are usually private and only a few knows about it.. BUT, if the word is out that someone found a pub with many, many sources of software you just HIT THE JACKPOT!! it's usually hard to find pubs/dumpsites like this because usually the dumpsite is from a "legitimate" company that stores this kind of warez very deep deep deep underground materials that no else is suppose to know, you know what I'm saying? cause if these companies get caught with any kind of underground warez, these companies could loose there business or even go to jail for storing illegal copies of softwares in there company server..... Now, I'll add a little bit more this post if I may. To scan for dumpsites and pubs that you may want to check out.. but, be careful.. you "yourself" can get caught also.. - Just a bit of warning...
Well, Ok a dumpsite would consist of a FTP Server in which you can store and download files that you may want to download or upload too. Now, these pubs/dumpsites are usually private and only a few knows about it.. BUT, if the word is out that someone found a pub with many, many sources of software you just HIT THE JACKPOT!! it's usually hard to find pubs/dumpsites like this because usually the dumpsite is from a "legitimate" company that stores this kind of warez very deep deep deep underground materials that no else is suppose to know, you know what I'm saying? cause if these companies get caught with any kind of underground warez, these companies could loose there business or even go to jail for storing illegal copies of softwares in there company server..... Now, I'll add a little bit more this post if I may. To scan for dumpsites and pubs that you may want to check out.. but, be careful.. you "yourself" can get caught also.. - Just a bit of warning...
Tuesday, June 25, 2002
Early Bird: Realtime HTTP Worm Intrusion Attempt Notification Utility
After seeing innumerable HTTP worm exploit attempts on several non-IIS systems I maintain (and after tiring of generating reports to send off to multiple ISPs regarding multiple breaches on their networks, only to see the scans continue unabated days later), I decided to automate the notification process on a transactional basis. Early Bird is the end product of that goal.
After seeing innumerable HTTP worm exploit attempts on several non-IIS systems I maintain (and after tiring of generating reports to send off to multiple ISPs regarding multiple breaches on their networks, only to see the scans continue unabated days later), I decided to automate the notification process on a transactional basis. Early Bird is the end product of that goal.
Honeypots: Definitions and Value
Over the past several years there has been a growing interest in honeypots and honeypot related technologies. Honeypots are not a new technology, they were first explained by a couple of very good papers by several icons in computer security, Cliff Stoll's book the Cuckoo's Egg", and Bill Cheswick's paper "An Evening with Berferd." This paper attempts to take their work further and discuss what honeypots are, how they can add value to an organization, and several honeypot solutions. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues. Also, few people realize the risk and issues involved with honeypots. Though honeypots can add value, the time and resources involved may best focused on greater priorities.
Over the past several years there has been a growing interest in honeypots and honeypot related technologies. Honeypots are not a new technology, they were first explained by a couple of very good papers by several icons in computer security, Cliff Stoll's book the Cuckoo's Egg", and Bill Cheswick's paper "An Evening with Berferd." This paper attempts to take their work further and discuss what honeypots are, how they can add value to an organization, and several honeypot solutions. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues. Also, few people realize the risk and issues involved with honeypots. Though honeypots can add value, the time and resources involved may best focused on greater priorities.
Monday, June 24, 2002
How to Find Encryption Code in a Target (A Heuristic Approach)
Here's a little piece on how to recognize crypto code when you see it. This can help whether you're trying to break password protection, write a keygen, or understand a protocol.
Here's a little piece on how to recognize crypto code when you see it. This can help whether you're trying to break password protection, write a keygen, or understand a protocol.
Using OpenLDAP For Authentication
User authentication for logins is generally a no brainer. You setup users on the local system and off you go... nothing to it. However, if you're on a LAN and you want to have a centralized "repository" of users, you will likely be looking at some method of distributing user information across the LAN. This has a few distinct advantages, the primary being all user authentication is centralized. This means that users have the same password on each system in the LAN, and if they change their password, the password is seamlessly changed everywhere. This provides the advantage of giving consistency to user authentication on the LAN. Users retain the same userid, groupid, password, and other information. This can be problematic if you assign users different levels of access on different machines, but if you permit the same access on all systems, this is an easy way to do it. Regardless, with sudo, you can fine-tune privileged access on a host-by-host basis as well.
User authentication for logins is generally a no brainer. You setup users on the local system and off you go... nothing to it. However, if you're on a LAN and you want to have a centralized "repository" of users, you will likely be looking at some method of distributing user information across the LAN. This has a few distinct advantages, the primary being all user authentication is centralized. This means that users have the same password on each system in the LAN, and if they change their password, the password is seamlessly changed everywhere. This provides the advantage of giving consistency to user authentication on the LAN. Users retain the same userid, groupid, password, and other information. This can be problematic if you assign users different levels of access on different machines, but if you permit the same access on all systems, this is an easy way to do it. Regardless, with sudo, you can fine-tune privileged access on a host-by-host basis as well.
Evil Tips and Tricks
Working as a desktop technician in the computer industry for a few years gives you a pretty good insight about what the average user knows and doesn't know. On the other hand, you get to learn what the other technicians you work with know and don't know as well. Since the day-to-day PC fixes get rather boring and repetitive after a certain amount of time, you must do something that still makes the job fun. Where I work, we would play evil computer tricks on each other to help make everyone's day just a little brighter. Not only is it fun to watch people squirm trying to figure out what has been done to their PC, it's also a very educational process for the person that has to fix it.
I am going to list some of the tricks we have played on each other over the years. The tips and tricks listed in this article are for informational and educational purposes only.
Working as a desktop technician in the computer industry for a few years gives you a pretty good insight about what the average user knows and doesn't know. On the other hand, you get to learn what the other technicians you work with know and don't know as well. Since the day-to-day PC fixes get rather boring and repetitive after a certain amount of time, you must do something that still makes the job fun. Where I work, we would play evil computer tricks on each other to help make everyone's day just a little brighter. Not only is it fun to watch people squirm trying to figure out what has been done to their PC, it's also a very educational process for the person that has to fix it.
I am going to list some of the tricks we have played on each other over the years. The tips and tricks listed in this article are for informational and educational purposes only.
Mind Games - Social Engineering
This small article is a brief overview on social engineering. It talks a bit about the psychology of social engineering, the security threat it imposes and about the methods used for it. Basically, this article is a summary that covers the important facts (from my point of view) about social engineering.
This small article is a brief overview on social engineering. It talks a bit about the psychology of social engineering, the security threat it imposes and about the methods used for it. Basically, this article is a summary that covers the important facts (from my point of view) about social engineering.
Warning over password security
Computer users are being urged to change their passwords regularly to avoid becoming a victim of internet fraud. Experts say that passwords used to log onto the internet and access confidential information such as bank details should be altered at least once a month, both at home and at work.
iSafeguard Security Suite for Windows
"iSafeguard Security Suite for Windows is a software product that brings the latest PKI technologies to you to protect your files stored on your computer or on an Internet storage, to protect the privacy of your electronic mail, and to sign your documents with tamper-proof digital signature to prevent someone from forging a document and then claiming that you are the author of it, or from modifying a document after you’ve signed it and then claiming that the modified document is really the original that you signed.
"The following is a list of features: 1. Create your own digital certificates; 2. Digitally sign and encrypt your files; 3. Digitally sign and encrypt your emails; 4. Verify digital signatures; 5. Secure text editor; 6. Securely wipe files; 7. Securely wipe disk free space; 8. Creating and extracting PKI. protected archive files 9. Creating and extracting password protected self extracting archive files; 10. Creating and extracting standard ZIP archive files; 11. And more..."
"iSafeguard Security Suite for Windows is a software product that brings the latest PKI technologies to you to protect your files stored on your computer or on an Internet storage, to protect the privacy of your electronic mail, and to sign your documents with tamper-proof digital signature to prevent someone from forging a document and then claiming that you are the author of it, or from modifying a document after you’ve signed it and then claiming that the modified document is really the original that you signed.
"The following is a list of features: 1. Create your own digital certificates; 2. Digitally sign and encrypt your files; 3. Digitally sign and encrypt your emails; 4. Verify digital signatures; 5. Secure text editor; 6. Securely wipe files; 7. Securely wipe disk free space; 8. Creating and extracting PKI. protected archive files 9. Creating and extracting password protected self extracting archive files; 10. Creating and extracting standard ZIP archive files; 11. And more..."
Sunday, June 23, 2002
WORKING WITH DONGLES
Well, here we are going to crack a dongle, better the dongle check. the dongle itself is normally very good protected -> so it's not a good idea to try to crack the dongle itself. that means to patch the dongle driver or to emulate the dongle is something for very advanced crackers :)
Well, here we are going to crack a dongle, better the dongle check. the dongle itself is normally very good protected -> so it's not a good idea to try to crack the dongle itself. that means to patch the dongle driver or to emulate the dongle is something for very advanced crackers :)
BIOS hacking 4 all
This document will tell all those interested how to get into the BIOS ,extract its password,reset it or exploit it to cause possible hardware damage or a non bootable computer . It has been written for user's with very less knowledge of computers so here it goes ...
This document will tell all those interested how to get into the BIOS ,extract its password,reset it or exploit it to cause possible hardware damage or a non bootable computer . It has been written for user's with very less knowledge of computers so here it goes ...
How to find hidden cameras
The following link is for a recent and interesting 36 page essay on how to find hidden cameras.
The following link is for a recent and interesting 36 page essay on how to find hidden cameras.
SANS Institute: Information Security Reading Room
Welcome to the SANS Institute's Information Security Reading Room, featuring over 1300 articles in 63 different categories.
Welcome to the SANS Institute's Information Security Reading Room, featuring over 1300 articles in 63 different categories.
Subscribe to:
Posts (Atom)
