Hacking the hash - Hacking Windows 2000 and XP Passwords
Hacking windows 2000 and XP passwords is really easy... All ya need is the
right tools and the knowledge to use them...
Friday, July 12, 2002
Hacking - It will never happen to me
Hacking has entered the internet mainstream and thousands of companies are turning a blind eye to the phenomenon. Paran Chandrasekaran, of internet security specialist Indicii Salus, mulls the consequences.
While hacking has traditionally been the domain of ‘internet geeks’ and pranksters, the ‘skill’ has now entered the mainstream and is increasingly being used as a day-to-day weapon to gain competitive edge.
Hacking is now so widespread that there are thousands of people working in UK businesses today with the knowledge to break into the email systems and secret files of both their own companies and their competitors.
Hacking has entered the internet mainstream and thousands of companies are turning a blind eye to the phenomenon. Paran Chandrasekaran, of internet security specialist Indicii Salus, mulls the consequences.
While hacking has traditionally been the domain of ‘internet geeks’ and pranksters, the ‘skill’ has now entered the mainstream and is increasingly being used as a day-to-day weapon to gain competitive edge.
Hacking is now so widespread that there are thousands of people working in UK businesses today with the knowledge to break into the email systems and secret files of both their own companies and their competitors.
Tips for NT Administrators in the area of Penetration Testing, Hacking, and Intrusion Detection
The focus and goal is to provide information to help NT / W2K / XP administrators protect their domains.
The focus and goal is to provide information to help NT / W2K / XP administrators protect their domains.
Incident Analysis of Compromised OpenBSD 3.0 Honeypot
This was the first honeypot I've ever decided to run. I had long drawn out plans for implementing the perfect honeynet, but sadly some of the hardware that was donated to me at the time was given in non-working condition so I wasn't able to implement the honeynet of my dreams. It seems likely there would be other people out there interested in running a sophisticated honeynet, but who lack all the desired equipment and so they think it cannot be done. This paper has been written to show you otherwise!
This was the first honeypot I've ever decided to run. I had long drawn out plans for implementing the perfect honeynet, but sadly some of the hardware that was donated to me at the time was given in non-working condition so I wasn't able to implement the honeynet of my dreams. It seems likely there would be other people out there interested in running a sophisticated honeynet, but who lack all the desired equipment and so they think it cannot be done. This paper has been written to show you otherwise!
Thursday, July 11, 2002
iOpus STARR Computer and Internet Monitoring
So how do you know what intruders, your staff (or family) are doing on your PCs? Is confidential data stolen, manipulated or accidentally deleted? The award-winning iOpus STARR surveillance software can tell you exactly who is doing what on which PC at any time during the day or night.
So how do you know what intruders, your staff (or family) are doing on your PCs? Is confidential data stolen, manipulated or accidentally deleted? The award-winning iOpus STARR surveillance software can tell you exactly who is doing what on which PC at any time during the day or night.
Wednesday, July 10, 2002
XML security: A who's who
When a standard is deployed as openly as XML, businesses are bound to have security concerns.
The need to control content’s distribution and ensure its integrity keeps many companies from deploying XML without an extranet. Proposed standards will address security issues, and these standards are being further developed to allow for granular control over XML content. This article introduces and explains five proposed XML standards that deal with security issues
When a standard is deployed as openly as XML, businesses are bound to have security concerns.
The need to control content’s distribution and ensure its integrity keeps many companies from deploying XML without an extranet. Proposed standards will address security issues, and these standards are being further developed to allow for granular control over XML content. This article introduces and explains five proposed XML standards that deal with security issues
The Keys to a More Secure Future
What are the factors that will determine how safe our world can be made? Here's a look at several, including some basic human qualities
Sometime in July, a team of hackers will try to break into the computer networks that run key utilities around the U.S. The strikes won't come from Islamic cyberterrorists -- who in recent days have been rumored to be planning such attacks themselves -- but rather from friendly teams of security analysts the Electric Power Research Institute has hired to find chinks in the armor of conventional power plants.
EPRI's "Red Teams," as they're called, are just one element in an urgent campaign to shore up the security of U.S. infrastructure so as to safeguard the homeland from terrorist attacks -- both virtual and physical.
What are the factors that will determine how safe our world can be made? Here's a look at several, including some basic human qualities
Sometime in July, a team of hackers will try to break into the computer networks that run key utilities around the U.S. The strikes won't come from Islamic cyberterrorists -- who in recent days have been rumored to be planning such attacks themselves -- but rather from friendly teams of security analysts the Electric Power Research Institute has hired to find chinks in the armor of conventional power plants.
EPRI's "Red Teams," as they're called, are just one element in an urgent campaign to shore up the security of U.S. infrastructure so as to safeguard the homeland from terrorist attacks -- both virtual and physical.
Detecting and Containing IRC-Controlled Trojans:
This paper discusses IRC-based trojans as a distinctly underestimated class of malicious activity, and how real time security event monitoring is the key to identifying and containing similar compromises. It discusses the general methodology used to discover, track, and stop such malicious activity by presenting a real-world case study.
This paper discusses IRC-based trojans as a distinctly underestimated class of malicious activity, and how real time security event monitoring is the key to identifying and containing similar compromises. It discusses the general methodology used to discover, track, and stop such malicious activity by presenting a real-world case study.
Is your storage encrypted?
You're exposing yourself to significant risk as long as the data on your network (data in transit) and in your storage (data at rest) is not encrypted. That's what a paranoid security specialist will tell you.
Is it true? That depends on the sensitivity of your data and on any government regulations that require the data to be encrypted--in the healthcare industry, for example.
You're exposing yourself to significant risk as long as the data on your network (data in transit) and in your storage (data at rest) is not encrypted. That's what a paranoid security specialist will tell you.
Is it true? That depends on the sensitivity of your data and on any government regulations that require the data to be encrypted--in the healthcare industry, for example.
Building Your Appropriate Certificate-based Trust Mechanism for Secure Communications
The central issue facing the Internet today can be summarized in one word: trust. A number of companies endeavor to provide services to answer the question of trust – most commonly in the form of digital certificates – which are issued to both individuals and companies in various degrees of security. Certificates represent the concept of a “trusted third party” that is partly a software company, partly notary public and partly a local records office.
The central issue facing the Internet today can be summarized in one word: trust. A number of companies endeavor to provide services to answer the question of trust – most commonly in the form of digital certificates – which are issued to both individuals and companies in various degrees of security. Certificates represent the concept of a “trusted third party” that is partly a software company, partly notary public and partly a local records office.
Devise an intrusion response policy
Putting devices and software in place to protect networks from viruses and intrusions is the first and sometimes the easiest part of securing a network. But many admins overlook the next and more difficult step in the overall security process: establishing a policy for handling vulnerabilities, threats, and especially intrusions--attempted or successful.
In our Technical Q&A forums, TechRepublic member TomW recently asked for advice on what to do upon discovering a network intrusion: "Are there any templates or guidelines that would be useful to develop a policy/procedure(s) for what to do if and when an intrusion or intrusion attempt has been detected?"
Putting devices and software in place to protect networks from viruses and intrusions is the first and sometimes the easiest part of securing a network. But many admins overlook the next and more difficult step in the overall security process: establishing a policy for handling vulnerabilities, threats, and especially intrusions--attempted or successful.
In our Technical Q&A forums, TechRepublic member TomW recently asked for advice on what to do upon discovering a network intrusion: "Are there any templates or guidelines that would be useful to develop a policy/procedure(s) for what to do if and when an intrusion or intrusion attempt has been detected?"
LaBrea - The Tarpit
LaBrea is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
LaBrea is a program that creates a tarpit or, as some have called it, a "sticky honeypot". LaBrea takes over unused IP addresses on a network and creates "virtual machines" that answer to connection attempts. LaBrea answers those connection attempts in a way that causes the machine at the other end to get "stuck", sometimes for a very long time.
TUCOFS - The Ultimate Collection of Forensic Software
TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation. TUCOFS can be used as an index pointing you to various resources, allowing you to quickly find exactly what you are looking for.
TUCOFS, or T.U.C.O.F.S., stands for The Ultimate Collection of Forensic Software. This site places all Law Enforcement Personnel in touch with the latest and greatest Internet based resources for High Tech Law Enforcement purposes. Resource types include files, sofware, websites and documentation. TUCOFS can be used as an index pointing you to various resources, allowing you to quickly find exactly what you are looking for.
International Organisation on Computer Evidence
Proceedings of the IOCE 2002 Conference in Orlando, Florida and important links will be available shortly.
Proceedings of the IOCE 2002 Conference in Orlando, Florida and important links will be available shortly.
Part II: Advanced Encipherment Techniques
The previous paper in this series, Simple Encipherment Techniques, showed some elementary methods by which text messages could be enciphered. There are several weaknesses to these approaches as anyone who attempted the sample transpositions can appreciate. One of the chief weaknesses in any simple scheme is that all languages have charecteristics
The previous paper in this series, Simple Encipherment Techniques, showed some elementary methods by which text messages could be enciphered. There are several weaknesses to these approaches as anyone who attempted the sample transpositions can appreciate. One of the chief weaknesses in any simple scheme is that all languages have charecteristics
Encryption and Security Requirements for IETF Standard Protocols
It is the consensus of the IETF that IETF standard protocols MUST make use of appropriate strong security mechanisms. This document describes the history and rationale for this doctrine and establishes this doctrine as a best current practice.
It is the consensus of the IETF that IETF standard protocols MUST make use of appropriate strong security mechanisms. This document describes the history and rationale for this doctrine and establishes this doctrine as a best current practice.
Tuesday, July 09, 2002
Block ad/porn servers
This site contains a listing of many different Internet servers that can be placed into your hosts file for blocking ads and other means of unknowingly tracking you while you surf the net.
This site contains a listing of many different Internet servers that can be placed into your hosts file for blocking ads and other means of unknowingly tracking you while you surf the net.
Details of OpenSSH Vulnerability Revealed
On June 26, 2002, Internet Security Systems (ISS) revealed the details of a serious vulnerability in the OpenSSH security software. The disclosure comes several days earlier than expected. As reported in an earlier ExtremeTech article ("OpenSSH Hole Exposes Servers"), the OpenSSH project wanted to give administrators of vulnerable systems until July 1 to install a workaround before complete information about the vulnerability was released.
Had the timetable, proposed by OpenSSH developer Theo de Raadt, been followed, systems could have been "immunized" over the weekend before would-be intruders knew how to exploit the bug. But ISS jumped the gun, insisting upon releasing full details of the vulnerability half a week earlier. This puts unpatched systems at immediate risk.
On June 26, 2002, Internet Security Systems (ISS) revealed the details of a serious vulnerability in the OpenSSH security software. The disclosure comes several days earlier than expected. As reported in an earlier ExtremeTech article ("OpenSSH Hole Exposes Servers"), the OpenSSH project wanted to give administrators of vulnerable systems until July 1 to install a workaround before complete information about the vulnerability was released.
Had the timetable, proposed by OpenSSH developer Theo de Raadt, been followed, systems could have been "immunized" over the weekend before would-be intruders knew how to exploit the bug. But ISS jumped the gun, insisting upon releasing full details of the vulnerability half a week earlier. This puts unpatched systems at immediate risk.
Monday, July 08, 2002
Camera/Shy
Camera/Shy, a browser-based steganography application from HACKTIVISMO, will be released at the H2K2 Convention in New York City on July 13th. Camera/Shy was developed for democracy activists operating from behind national firewalls. It allows users to trade in banned content across the Internet. Camera/Shy is the debut release from Hacktivismo, a special operations group sponsored by the CULT OF THE DEAD COW. Hacktivismo offers technical solutions to the human rights community, and has over thirty associates from North America, Europe, Russia, Israel, Australia, Taiwan, and Korea.
"I’m really proud of everyone in the group", said Hacktivismo founder, Oxblood Ruffin. "They’ve made a commitment to bringing a Constitutional Toolkit to the Internet. And although not all of us are Americans, we share the fundamental ideals of the Constitution of the United States, especially freedom of speech. Camera/Shy is a small first step in sharing that privilege".
Camera/Shy will be released open source under the GNU General Public License. It is dedicated to the memory of Wang Ruowang, former doyen of the Chinese dissident community, a study in courage, and a lamp unto our feet.
CAMERA/SHY OVERVIEW
Sometimes hiding the truth is the best way to protect it, and yourself. Designed with the non-technical user in mind, Camera/Shy’s "one touch" encryption process delivers banned content across the Internet in seconds. Utilizing LSB steganographic techniques and AES-256 bit encryption
Camera/Shy, a browser-based steganography application from HACKTIVISMO, will be released at the H2K2 Convention in New York City on July 13th. Camera/Shy was developed for democracy activists operating from behind national firewalls. It allows users to trade in banned content across the Internet. Camera/Shy is the debut release from Hacktivismo, a special operations group sponsored by the CULT OF THE DEAD COW. Hacktivismo offers technical solutions to the human rights community, and has over thirty associates from North America, Europe, Russia, Israel, Australia, Taiwan, and Korea.
"I’m really proud of everyone in the group", said Hacktivismo founder, Oxblood Ruffin. "They’ve made a commitment to bringing a Constitutional Toolkit to the Internet. And although not all of us are Americans, we share the fundamental ideals of the Constitution of the United States, especially freedom of speech. Camera/Shy is a small first step in sharing that privilege".
Camera/Shy will be released open source under the GNU General Public License. It is dedicated to the memory of Wang Ruowang, former doyen of the Chinese dissident community, a study in courage, and a lamp unto our feet.
CAMERA/SHY OVERVIEW
Sometimes hiding the truth is the best way to protect it, and yourself. Designed with the non-technical user in mind, Camera/Shy’s "one touch" encryption process delivers banned content across the Internet in seconds. Utilizing LSB steganographic techniques and AES-256 bit encryption
TCPIP: A Mammoth Description
TCPIP or Transmission Control Protocol Internet Protocol is a stack or collection of various protocols. A protocol is basically the commands or instructions using which two computers within a local network or the Internet can exchange data or information and resources.
TCPIP or Transmission Control Protocol Internet Protocol is a stack or collection of various protocols. A protocol is basically the commands or instructions using which two computers within a local network or the Internet can exchange data or information and resources.
Backround information on email security
This white paper provides useful background information on email security issues. It will help you examine the security threats facing your corporate email system and determine what kind of email security solution your company needs.
This white paper provides useful background information on email security issues. It will help you examine the security threats facing your corporate email system and determine what kind of email security solution your company needs.
Nikto
Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 1500 potentially dangerous files/CGIs, versions on over 110 products/CGIs, and reports details on over 160 products/CGIs. Scan items are updated multiple times per week and can be automatically updated (if desired).
Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 1500 potentially dangerous files/CGIs, versions on over 110 products/CGIs, and reports details on over 160 products/CGIs. Scan items are updated multiple times per week and can be automatically updated (if desired).
Subscribe to:
Posts (Atom)