Review of various computer forensics tools
This article reports on the capabilities and limitations of various software tools available to the forensics practitioner to complete a forensically sound examination.
Monday, June 10, 2002
Wireless Phones To Be Made Secure, by Pentagon Standards
The lack of secure telephone communications between U.S. and allied military forces was an oft-heard complaint during the Persian Gulf War and subsequent operations involving multi-national coalitions.
Now, the Defense Information Systems Agency (DISA) is trying to get out the message that there is a relatively easy way to achieve secure voice communications among coalition partners. For about $4,000, U.S. government officials and selected military allies can purchase a wireless handset that meets National Security Agency encryption standards.
The lack of secure telephone communications between U.S. and allied military forces was an oft-heard complaint during the Persian Gulf War and subsequent operations involving multi-national coalitions.
Now, the Defense Information Systems Agency (DISA) is trying to get out the message that there is a relatively easy way to achieve secure voice communications among coalition partners. For about $4,000, U.S. government officials and selected military allies can purchase a wireless handset that meets National Security Agency encryption standards.
STUDENT CRACKS XBOX, OPENS GAME CONSOLE TO OTHER OSES
With three weeks of work and $50 in hardware, a graduate student at the Massachusetts Institute of Technology cracked the security protections of Microsoft's Xbox, making it possible to run competing software and operating systems on the popular video game console. In a paper posted on MIT's Web site last weekend, Andrew Huang described how he build hardware that read the Xbox's internal security system and crack the encrypted data exchanged between two chips that prevented the console from being exploited. Huang says he technique gives users the ability to turn the Xbox into a standalone computer that can run non-Microsoft software and OSes, including rival Linux. Huang says he also discovered a series of other vulnerabilities that could allow users to run the code of their choice on the box and identify users when the Xbox is connected to the Internet.
With three weeks of work and $50 in hardware, a graduate student at the Massachusetts Institute of Technology cracked the security protections of Microsoft's Xbox, making it possible to run competing software and operating systems on the popular video game console. In a paper posted on MIT's Web site last weekend, Andrew Huang described how he build hardware that read the Xbox's internal security system and crack the encrypted data exchanged between two chips that prevented the console from being exploited. Huang says he technique gives users the ability to turn the Xbox into a standalone computer that can run non-Microsoft software and OSes, including rival Linux. Huang says he also discovered a series of other vulnerabilities that could allow users to run the code of their choice on the box and identify users when the Xbox is connected to the Internet.
Top Secret Phone Debuts For Feds
General Dynamics today reveals its Type 1 Sectera Secure Wireless Phone for GSM systems, a handset it says can handle the stringent security expectations of the nation's top government officials. The Type 1 phone, which consists of a clip-in module designed for use with the Motorola Timeport, operates over commercial or private GSM systems in the 900, 1800 and 1900 MHz GSM bands.
General Dynamics today reveals its Type 1 Sectera Secure Wireless Phone for GSM systems, a handset it says can handle the stringent security expectations of the nation's top government officials. The Type 1 phone, which consists of a clip-in module designed for use with the Motorola Timeport, operates over commercial or private GSM systems in the 900, 1800 and 1900 MHz GSM bands.
Thursday, June 06, 2002
What is the Windows registry ?
I have always wondered on how the windows registry worked. The reason is that the Windows Registry is telling programs that it's registered or now, and the setting on your windows shell, personally information and security. The Windows Registry have been in windows since the beginning of windows 3.x I don't now about windows 286 but I guess that the Registry were there too....
I have always wondered on how the windows registry worked. The reason is that the Windows Registry is telling programs that it's registered or now, and the setting on your windows shell, personally information and security. The Windows Registry have been in windows since the beginning of windows 3.x I don't now about windows 286 but I guess that the Registry were there too....
XP Professional Security Features: An Introduction
I’m not sure if it was the uplifting backbeat of Madonna’s “Ray of Light” or the promise of the best security options yet in a Microsoft operating system that made the difference, but the overall development and marketing efforts of XP have paid off. With over 32 millions copies sold since it was released last October, Microsoft’s newest line of operating system products has caught the attention of both home and business users.
While XP Home has many new security features available for the home network, this article will focus on XP Professional (hereafter simply referred to as XP) and its use in the corporate LAN. This is not intended to be exhaustive dissertation of all the new features in XP; rather, the purpose is to highlight some of the new security features found in the product, and to provide those still considering an upgrade to XP with some insight into how doing so can help them administer their network. So let’s jump right in.
I’m not sure if it was the uplifting backbeat of Madonna’s “Ray of Light” or the promise of the best security options yet in a Microsoft operating system that made the difference, but the overall development and marketing efforts of XP have paid off. With over 32 millions copies sold since it was released last October, Microsoft’s newest line of operating system products has caught the attention of both home and business users.
While XP Home has many new security features available for the home network, this article will focus on XP Professional (hereafter simply referred to as XP) and its use in the corporate LAN. This is not intended to be exhaustive dissertation of all the new features in XP; rather, the purpose is to highlight some of the new security features found in the product, and to provide those still considering an upgrade to XP with some insight into how doing so can help them administer their network. So let’s jump right in.
Managing information security
Attacks on corporate information systems by hackers, viruses, worms and the occasional disgruntled employee are increasing dramatically--and costing companies a fortune. Last year, U.S. businesses reported 53,000 system break-ins--a 150 percent increase over 2000. Indeed, the true number of security breaches is likely to have been much higher because concerns about negative publicity mean that almost two-thirds of all incidents actually go unreported.
Attacks on corporate information systems by hackers, viruses, worms and the occasional disgruntled employee are increasing dramatically--and costing companies a fortune. Last year, U.S. businesses reported 53,000 system break-ins--a 150 percent increase over 2000. Indeed, the true number of security breaches is likely to have been much higher because concerns about negative publicity mean that almost two-thirds of all incidents actually go unreported.
Hacking and Security Strategies
A summary of all methods of attacking hosts on the internet, sorted by difficulty level. Short introduction to all known kinds of Internet attacks and an evaluation by difficulty.
A summary of all methods of attacking hosts on the internet, sorted by difficulty level. Short introduction to all known kinds of Internet attacks and an evaluation by difficulty.
Sniffer FAQ
This Sniffer FAQ will hopefully give administrators a clear understanding of sniffing problems and hopefully possible solutions to follow up with. Sniffers is one of the main causes of mass break-ins on the Internet today.
This Sniffer FAQ will hopefully give administrators a clear understanding of sniffing problems and hopefully possible solutions to follow up with. Sniffers is one of the main causes of mass break-ins on the Internet today.
FAQ and Guide to Cracking
Disclaimer:
This is a theoretical instruction to cracking and for informational purposes. It should be seen as an introduction to the methods and strategies used by crackers rather than a howto. The author is not suggesting to perform illegal actions and cannot be held liable for any actions of other individuals who perform any of the actions discussed in this paper and possible resulting damage.
Introduction:
I am going to describe the methods and strategies used to access various UNIX hosts among the internet unauthorizedly. This guide will not teach you how to hack, neither do you have to be a hacker to use the techniques described here. Hacking means finding your own way to do it, and finding new approaches to accomplishing something. I am only going to supply you with one possible approach to cracking.
Disclaimer:
This is a theoretical instruction to cracking and for informational purposes. It should be seen as an introduction to the methods and strategies used by crackers rather than a howto. The author is not suggesting to perform illegal actions and cannot be held liable for any actions of other individuals who perform any of the actions discussed in this paper and possible resulting damage.
Introduction:
I am going to describe the methods and strategies used to access various UNIX hosts among the internet unauthorizedly. This guide will not teach you how to hack, neither do you have to be a hacker to use the techniques described here. Hacking means finding your own way to do it, and finding new approaches to accomplishing something. I am only going to supply you with one possible approach to cracking.
Sensible Data Storage (in Windows)
This guide shows you where some popular programs store their data and how can you protect your privacy by deleting or modifying them. Also, these information can be useful if you want to back up your data.
This guide shows you where some popular programs store their data and how can you protect your privacy by deleting or modifying them. Also, these information can be useful if you want to back up your data.
EgoSurfer
EgoSurfer is a powerful tool that combine a few personal data you provide about yourself or someone else to look for information about it on the Internet through main search engines and directories.
EgoSurfer is a powerful tool that combine a few personal data you provide about yourself or someone else to look for information about it on the Internet through main search engines and directories.
BrowsInfo
This page shows all the information is possible to collect about the Browser, the System, the Document (and the User himself...) during an Internet session.
This page shows all the information is possible to collect about the Browser, the System, the Document (and the User himself...) during an Internet session.
Cloaking Your Movements in Cyberspace
MONITORED AND TRACKED. You might believe that no one cares about the harmless chatter in your messages. Yet whenever you browse the Web, it's likely that hundreds of marketers are tracking your every move using cookies -- tiny programs that hook onto your browser and track your surfing habits, reporting them back to the originating site.
MONITORED AND TRACKED. You might believe that no one cares about the harmless chatter in your messages. Yet whenever you browse the Web, it's likely that hundreds of marketers are tracking your every move using cookies -- tiny programs that hook onto your browser and track your surfing habits, reporting them back to the originating site.
The Visual, Step by Step netbios hack
This tutorial is intended for novice or intermediate computer users looking to exploit Microsoft printer and file sharing, also known as netbios (network basic input/output system). This tutorial will cover the steps in exploiting netbios if your using windows 9x or windows 2000/XP. To keep the interest of the reader and dumb people who cant understand text, screen shots will also be shown for every step in the procedure. Each step will show procedures in windows 9x and windows 2000. The assumption that you know basic DOS commands and the function of IP addresses and file sharing is recommended. You will not need any extra tools, they are all provided with a default windows installation.
This tutorial is intended for novice or intermediate computer users looking to exploit Microsoft printer and file sharing, also known as netbios (network basic input/output system). This tutorial will cover the steps in exploiting netbios if your using windows 9x or windows 2000/XP. To keep the interest of the reader and dumb people who cant understand text, screen shots will also be shown for every step in the procedure. Each step will show procedures in windows 9x and windows 2000. The assumption that you know basic DOS commands and the function of IP addresses and file sharing is recommended. You will not need any extra tools, they are all provided with a default windows installation.
Security through obsolescence
Here's an interesting way to secure an Internet-connected computer against intruders: Make sure the operating system and software it runs are so old that current hacking tools won't work on it. This was suggested by Brian Aker, one of the programmers who works on Linux.com, NewsForge, Slashdot, and other OSDN sites; he runs several servers of his own that host a number of small non-profit sites in the Seattle area. "I have one box still running a version of Solaris that's so old none of the script kiddies can figure it out," Brian says. "They tend to focus on the latest and greatest, and don't have the slightest idea how to handle my old Sun box."
Tuesday, May 28, 2002
Action Script Viewer
Action Script Viewer (ASV) is a Win32 application that lets you see the
actionscripts in SWF files (ASV is a SWF decompiler in other words)
while providing infomation about frames, instance names, symbols, movie clips etc. and a context sensitive preview. ASV has many features which are listed on this page and which you can experience by downloading the demo.
Action Script Viewer (ASV) is a Win32 application that lets you see the
actionscripts in SWF files (ASV is a SWF decompiler in other words)
while providing infomation about frames, instance names, symbols, movie clips etc. and a context sensitive preview. ASV has many features which are listed on this page and which you can experience by downloading the demo.
Sunday, May 26, 2002
So You've Been Hacked... Now What?
You've just discovered you've been hacked. How do you know? Because you are an unbelievably lucky person and you actually saw the hacker at work. You sat there, right at your screen and saw this guy (most hackers are guys) just waltz into your system and start to blatantly run programs and use your computer for purposes unknown.
What can you do? What help can you expect from law enforcement? You'll likely be shocked at the answers.
You've just discovered you've been hacked. How do you know? Because you are an unbelievably lucky person and you actually saw the hacker at work. You sat there, right at your screen and saw this guy (most hackers are guys) just waltz into your system and start to blatantly run programs and use your computer for purposes unknown.
What can you do? What help can you expect from law enforcement? You'll likely be shocked at the answers.
Friday, May 24, 2002
Hacking EFS
Learning how a product might be compromised is a good exercise. If we can learn how someone might get through our defenses, we can make our defenses better. Take Microsoft’s Encrypting File System (EFS). This free tool available with Windows 2000 and XP computers can be used to encrypt files. Can it be hacked? Should anything additional be done to harden it? Any security product can be compromised, what problems are there with EFS?
Learning how a product might be compromised is a good exercise. If we can learn how someone might get through our defenses, we can make our defenses better. Take Microsoft’s Encrypting File System (EFS). This free tool available with Windows 2000 and XP computers can be used to encrypt files. Can it be hacked? Should anything additional be done to harden it? Any security product can be compromised, what problems are there with EFS?
How-To Harden OpenBSD Using Packet Filter
Traditionally firewall software has run on computers with two or more network interfaces to control the flow of traffic between them. Increasingly firewall software is run on a single machine which it protects. I've tried to cover everything you need to know to use IP Filter or Packet Filter as a single host firewall on this page and discuss when such use may or may not be appropriate.
Traditionally firewall software has run on computers with two or more network interfaces to control the flow of traffic between them. Increasingly firewall software is run on a single machine which it protects. I've tried to cover everything you need to know to use IP Filter or Packet Filter as a single host firewall on this page and discuss when such use may or may not be appropriate.
The passphrase FAQ
This is The Passphrase FAQ for PGP. I tried to include everything I've seen asked on alt.security.pgp along with some extras to cover other things like passwords and different key lengths. Most people who have had college algebra or higher should be able to follow the math.
This is The Passphrase FAQ for PGP. I tried to include everything I've seen asked on alt.security.pgp along with some extras to cover other things like passwords and different key lengths. Most people who have had college algebra or higher should be able to follow the math.
Securing Web Based Corporate E-Mail Using Microsoft Exchange Outlook Web Access
In today’s hyper-connected environment, it is essential that the workforce remain in touch with their home office and clients. This is often at odds with the fact that a significant portion of the workforce is also a mobile one. To overcome this problem, a number of solutions have been employed such as cellular phones, personal digital assistants (PDA’s) such as Palm Pilots, Blackberry’s and iPaq devices. Each of these has restrictions on the amount of data that can be communicated. It is evident that the best system for communicating anything from brief "fyi’s" to long-term corporate strategy is still a reliable e-mail system. As such, many organizations have moved towards exposing their internal e-mail systems to the Internet in order to maintain those lines of communication and an immediate transmission of data. Of course, doing so unleashes a significant number of security risks that must be addressed before even the first e-mail is opened at any unsecured location. Failure to do so threatens the host organization’s mail server, network, corporate partners and even a corporation’s very existence.
One such solution is Microsoft’s Outlook Web Access (OWA), an extension of the Exchange 5.5 mail system, which allows a client access to basic e-mail features, public folders, and a personal calendar through a standard Web browser. As it is based on the notoriously insecure IIS web server, it may be supposed that this system cannot possibly be secured, bu
In today’s hyper-connected environment, it is essential that the workforce remain in touch with their home office and clients. This is often at odds with the fact that a significant portion of the workforce is also a mobile one. To overcome this problem, a number of solutions have been employed such as cellular phones, personal digital assistants (PDA’s) such as Palm Pilots, Blackberry’s and iPaq devices. Each of these has restrictions on the amount of data that can be communicated. It is evident that the best system for communicating anything from brief "fyi’s" to long-term corporate strategy is still a reliable e-mail system. As such, many organizations have moved towards exposing their internal e-mail systems to the Internet in order to maintain those lines of communication and an immediate transmission of data. Of course, doing so unleashes a significant number of security risks that must be addressed before even the first e-mail is opened at any unsecured location. Failure to do so threatens the host organization’s mail server, network, corporate partners and even a corporation’s very existence.
One such solution is Microsoft’s Outlook Web Access (OWA), an extension of the Exchange 5.5 mail system, which allows a client access to basic e-mail features, public folders, and a personal calendar through a standard Web browser. As it is based on the notoriously insecure IIS web server, it may be supposed that this system cannot possibly be secured, bu
Thursday, May 23, 2002
SerialSniffer
SerialSniffer is a tool to get more information about data, which is transmitted via a serial link.
You can either connect SerialSniffer to a single device, which transmits serial data and SerialSniffer will print out the data, which is received, in the ASCII an HEX-Display.
SerialSniffer is a tool to get more information about data, which is transmitted via a serial link.
You can either connect SerialSniffer to a single device, which transmits serial data and SerialSniffer will print out the data, which is received, in the ASCII an HEX-Display.
Securing a Win2K Webserver
This document serves as a checklist for securing a Windows 2000 webserver on the Internet. This document was created to help Sys Admins get started configuring security on their machines, and in no way should be considered the final word on Windows 2000 security. The alert reader will notice that securing a machine from hacking is an ongoing process.
This document serves as a checklist for securing a Windows 2000 webserver on the Internet. This document was created to help Sys Admins get started configuring security on their machines, and in no way should be considered the final word on Windows 2000 security. The alert reader will notice that securing a machine from hacking is an ongoing process.
Wednesday, May 22, 2002
Welcome to iJET Travel Intelligence
Welcome to iJET Travel Intelligence, the first "intelligence agency" specifically for the global travel industry. Our mission is to provide you with critical and up to the minute travel information specific to your needs. With our simple, customer-friendly services to assist you, worldwide travel has never been more worry-free.
The Cross Site Scripting FAQ
Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites have a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention.
Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites have a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention.
Tuesday, May 21, 2002
..ThinkPad TM supervisor password, hard drivepassword and power on password recovery or removal solutions
This site is dedicated to ThinkPad™ (TP) owners who find themselves locked out because for whatever reason, they don't know the Supervisor Password or Power On Password or Hard Drive Password.
This site is dedicated to ThinkPad™ (TP) owners who find themselves locked out because for whatever reason, they don't know the Supervisor Password or Power On Password or Hard Drive Password.
SpyFinder™
The SpyFinder™ is a small, lightweight, battery-powered device that allows the user to quickly identify and locate hidden cameras.
Since the SpyFinder™ works optically, no amount of electronic jamming or shielding can stop it from finding hidden cameras.
SpyFinder™ works against all types of cameras: Video cameras, Pinhole / spy cameras, Digital cameras, and Auto-focus cameras.
Anytime a camera can see you, the SpyFinder™ can see the camera. SpyFinder™ detects hidden cameras in a wide range of conditions -- inside covert packaging, in walls and ceilings, inside EM shielding -- even when camera is off.
Friday, May 17, 2002
Rooivalk secrets take wings
Thieves who broke into the closely guarded Denel complex in Kempton Park knew exactly what they wanted.
Only computer hard disks containing information of the Rooivalk attack helicopter were stolen in the burglary that shows signs of industrial espionage.
From evidence in the investigation thus far it appears the thieves knew exactly what they wanted and were not interested in computer equipment when they burgled the Denel aviation department.
The National Intelligence Agency (NIA) has joined police in the investigation, said NIA spokesperson Lorna Daniels on Wednesday.
Thieves who broke into the closely guarded Denel complex in Kempton Park knew exactly what they wanted.
Only computer hard disks containing information of the Rooivalk attack helicopter were stolen in the burglary that shows signs of industrial espionage.
From evidence in the investigation thus far it appears the thieves knew exactly what they wanted and were not interested in computer equipment when they burgled the Denel aviation department.
The National Intelligence Agency (NIA) has joined police in the investigation, said NIA spokesperson Lorna Daniels on Wednesday.
Thursday, May 16, 2002
Content-Based Image Retrieval from forensic Databases
The doctoral thesis "Content-Based Image Retrieval from forensic Databases", (public defense University Utrecht, 19 June, 10.30) in PDF format.
The doctoral thesis "Content-Based Image Retrieval from forensic Databases", (public defense University Utrecht, 19 June, 10.30) in PDF format.
PortSentry for Attack Detection, Part One
Portsentry by Psionic Technologies is a component of their TriSentry suite of attack detection tools: portsentry, hostsentry, and logsentry. This article is the first of a two-part series that will describe in detail how Portsentry works from both a theoretical and a technical point of view.The second article will discuss installing, configuring, and tailoring PortSentry for individual systems.
Portsentry by Psionic Technologies is a component of their TriSentry suite of attack detection tools: portsentry, hostsentry, and logsentry. This article is the first of a two-part series that will describe in detail how Portsentry works from both a theoretical and a technical point of view.The second article will discuss installing, configuring, and tailoring PortSentry for individual systems.
Tuesday, May 14, 2002
Feds Out-Hack Russian Hackers
"The Russians just sat down and entered their passwords. It couldn't have been any better than that." Richard Eaton, creator of WinWhatWhere Investigator program.
First Steps in Achieving Network Security
The security-aware manager will support hiring someone with specialized security expertise to work with the IT team to create a secure network.
The events of September 11th raised the public's awareness of the need for increased security in all aspects of life. Reports from the U.S. government that the next targets for terrorists might well be the country's information infrastructure have highlighted the need for improved network security .
At the same time, corporate end-users have been hit with viruses and worms that have disrupted and damaged computer systems. Words like "Code Red" and "Nimda" have become part of the corporate vernacular.
The heightened awareness within corporate America has led to the question, "What is network security?"
The security-aware manager will support hiring someone with specialized security expertise to work with the IT team to create a secure network.
The events of September 11th raised the public's awareness of the need for increased security in all aspects of life. Reports from the U.S. government that the next targets for terrorists might well be the country's information infrastructure have highlighted the need for improved network security .
At the same time, corporate end-users have been hit with viruses and worms that have disrupted and damaged computer systems. Words like "Code Red" and "Nimda" have become part of the corporate vernacular.
The heightened awareness within corporate America has led to the question, "What is network security?"
Monday, May 13, 2002
g4u - Harddisk Image Cloning for PCs
g4u ("ghost for unix") is a NetBSD-based bootfloppy that allows easy cloning of PC harddisks to deploy a common setup on a number of PCs using FTP. The floppy offers two functions. First is to upload the compressed image of a local harddisk to a FTP server. Other is to restore that image via FTP, uncompress it and write it back to disk; network configuration is fetched via DHCP. As the harddisk is processes as a image, any filesystem and operating system can be deployed using g4u.
g4u ("ghost for unix") is a NetBSD-based bootfloppy that allows easy cloning of PC harddisks to deploy a common setup on a number of PCs using FTP. The floppy offers two functions. First is to upload the compressed image of a local harddisk to a FTP server. Other is to restore that image via FTP, uncompress it and write it back to disk; network configuration is fetched via DHCP. As the harddisk is processes as a image, any filesystem and operating system can be deployed using g4u.
Top Secret Messenger (TSM)
Top Secret Messenger (TSM) is a powerful and secure public-encryption with fully and seamlessly integrated plugins for popular instant messengers and e-mail clients such as, ICQ (America Online), Outlook Express and Outlook (Microsoft), and Miranda MSN and ICQ clone (as well as many others currently in development)
Top Secret Messenger (TSM) is a powerful and secure public-encryption with fully and seamlessly integrated plugins for popular instant messengers and e-mail clients such as, ICQ (America Online), Outlook Express and Outlook (Microsoft), and Miranda MSN and ICQ clone (as well as many others currently in development)
Sunday, May 12, 2002
The art of gaining local access
Local hacking is, what I myself call, the way of gaining access to a computer while actually sitting at it. This article is a short listing of my experience in this area.
Local hacking is, what I myself call, the way of gaining access to a computer while actually sitting at it. This article is a short listing of my experience in this area.
An Indepth Guide in Hacking UNIX and the concept of Basic Networking
I believe that hacking into any system requires knowledge of the Operating system itself.Basically what I will try to do is make you more familiar with UNIX operation ,its usefull commands that will be advantageous to you as a hacker.This article contains in depth explainations.
I believe that hacking into any system requires knowledge of the Operating system itself.Basically what I will try to do is make you more familiar with UNIX operation ,its usefull commands that will be advantageous to you as a hacker.This article contains in depth explainations.
SSL Certificates HOWTO
A first hand approach on how to manage a certificate authority (CA), and issue or sign certificates to be used for secure web, secure e-mail, or signing code and other usages. This HOWTO will also deal with non-linux applications: there is no use to issue certificates if you can't use them... All applications won't be listed here, but please, send me additional paragraphs and corrections. As indicated in the introduction, this documents is an hand-on HOWTO, and it is therefore required that you consult the man pages of the OpenSSL software. You should as well read security books to learn how your security could be compromised. Certificates are meant to increase the security of your transactions, it is VERY important that you understand all the security implications of your actions and what security OpenSSL does not provide.
A first hand approach on how to manage a certificate authority (CA), and issue or sign certificates to be used for secure web, secure e-mail, or signing code and other usages. This HOWTO will also deal with non-linux applications: there is no use to issue certificates if you can't use them... All applications won't be listed here, but please, send me additional paragraphs and corrections. As indicated in the introduction, this documents is an hand-on HOWTO, and it is therefore required that you consult the man pages of the OpenSSL software. You should as well read security books to learn how your security could be compromised. Certificates are meant to increase the security of your transactions, it is VERY important that you understand all the security implications of your actions and what security OpenSSL does not provide.
Thursday, May 09, 2002
NFR BackOfficer Friendly
NFR is currently offering BackOfficer Friendly as a FREE download for personal use only.
NFR Security® BackOfficer Friendly is a useful little burglar alarm - simple, unobtrusive, and easy to install - which rings when someone rattles your doorknob. It identifies attacks from Back Orifice, one of the nastier hacking applications, as well as other sorts of scans.
BackOfficer Friendly Features
BackOfficer Friendly is a spoofing server application that runs on your Windows system, and actively notifies you whenever someone attempts to remotely control your system using Back Orifice. Basically, it pretends to be a Back Orifice server. BackOfficer Friendly gives the attacker false answers that look like they came from Back Orifice, while logging the attacker's IP address and the operations they attempted to perform.
Not only can BackOfficer Friendly pretend to be a Back Orifice server, it contains routines that allow it to selectively emulate a variety of other services, such as FTP (file transfer protocol), HTTP (used on the Web), and SMTP (used in transferring e-mail). When someone runs an automated probe such as a Ballista scan, ISS scan, or SATAN scan against your desktop, BackOfficer Friendly produces a string of alerts, making it quite obvious to you what occurred.
BackOfficer Friendly can interact with the hackers, pretending to be a Back Orifice server or server for other types of requests. Instead of silently discarding their commands, it sends them responses
NFR is currently offering BackOfficer Friendly as a FREE download for personal use only.
NFR Security® BackOfficer Friendly is a useful little burglar alarm - simple, unobtrusive, and easy to install - which rings when someone rattles your doorknob. It identifies attacks from Back Orifice, one of the nastier hacking applications, as well as other sorts of scans.
BackOfficer Friendly Features
BackOfficer Friendly is a spoofing server application that runs on your Windows system, and actively notifies you whenever someone attempts to remotely control your system using Back Orifice. Basically, it pretends to be a Back Orifice server. BackOfficer Friendly gives the attacker false answers that look like they came from Back Orifice, while logging the attacker's IP address and the operations they attempted to perform.
Not only can BackOfficer Friendly pretend to be a Back Orifice server, it contains routines that allow it to selectively emulate a variety of other services, such as FTP (file transfer protocol), HTTP (used on the Web), and SMTP (used in transferring e-mail). When someone runs an automated probe such as a Ballista scan, ISS scan, or SATAN scan against your desktop, BackOfficer Friendly produces a string of alerts, making it quite obvious to you what occurred.
BackOfficer Friendly can interact with the hackers, pretending to be a Back Orifice server or server for other types of requests. Instead of silently discarding their commands, it sends them responses
Applied Cryptography for Magnetic Stripe cards
The intention of this document is to provide a basic understanding of cryptography and techniques applied to magnetic stripe cards in the financial industry.
This subject is normally approached with some trepidation by the uninitiated, however it is reasonably straightforward once the basic principles are explained.
Cryptography is complex, but its practical application is less so. It is not necessary to understand the mathematics involved in order to successfully use and manage cryptography in a financial environment.
Because of the security implications of card cryptography, it is extremely hard to find information in any form explaining this application, which adds to the somewhat unnecessary shroud of mystery surrounding the topic. In early implementations, a measure of additional security was provided by ensuring that few people knew exactly how these mechanisms worked and this method of operation has permeated into today's implementations.
However, none of the information provided in this document will compromise security in any way.
Although other, more secure card tokens are becoming available, the magnetic stripe card is significantly cheaper than alternatives, and is by far the most common card type in use. Security techniques for magnetic cards have slowly but steadily improved, and properly implemented can provide perfectly adequate security for financial transactions in a very cost-effective manner.
The intention of this document is to provide a basic understanding of cryptography and techniques applied to magnetic stripe cards in the financial industry.
This subject is normally approached with some trepidation by the uninitiated, however it is reasonably straightforward once the basic principles are explained.
Cryptography is complex, but its practical application is less so. It is not necessary to understand the mathematics involved in order to successfully use and manage cryptography in a financial environment.
Because of the security implications of card cryptography, it is extremely hard to find information in any form explaining this application, which adds to the somewhat unnecessary shroud of mystery surrounding the topic. In early implementations, a measure of additional security was provided by ensuring that few people knew exactly how these mechanisms worked and this method of operation has permeated into today's implementations.
However, none of the information provided in this document will compromise security in any way.
Although other, more secure card tokens are becoming available, the magnetic stripe card is significantly cheaper than alternatives, and is by far the most common card type in use. Security techniques for magnetic cards have slowly but steadily improved, and properly implemented can provide perfectly adequate security for financial transactions in a very cost-effective manner.
Tuesday, May 07, 2002
Paris Labs
Knowledge is an unending adventure at the edge of uncertainty -- JacobBronowski
"Imagine a school with children that can read and write, but with teachers who cannot, and you have a metaphor of the Information Age in which we live." — Peter Cochrane.
Human Intelligence, or Lack Thereof? A Lesson in Social Engineering
It's been a while since I've written a decent article, mainly because there's a lot going on for me right now. But anywho, you've all heard about "social engineering" and how it can be done. Social engineering is my forte, most likely due to my curiosity in human beings. No matter the barrier, you'll always have a friend to get you what you want.
It's been a while since I've written a decent article, mainly because there's a lot going on for me right now. But anywho, you've all heard about "social engineering" and how it can be done. Social engineering is my forte, most likely due to my curiosity in human beings. No matter the barrier, you'll always have a friend to get you what you want.
Monday, May 06, 2002
Forensic Computing MSc/PgDip
Suitable for law enforcement officers, government staff, security consultants, corporate security personnel and members of associated agencies in the UK and elsewhere.
Takes you on to a new career or possible promotion. The majority of students are sponsored by their employers and will continue to work for them on completion of the MSc, perhaps at a more senior level. The course may also be used as a method of moving into these areas of work.
Course description
The student is helped to develop critical thinking and problem solving capabilities and material is included on criminal psychology and ethics. A business awareness is developed, providing accounting skills, exploring issues relating to corporate fraud and the preparation of evidence. Some training in courtroom skills is also provided.
The course is offered in part-time mode, with students attending a residential seven-day, full-time school, four times each year. Students have directed reading, research and coursework to complete between schools. Students must complete the equivalent of 12 modules and a dissertation in a relevant topic. Normally, students are required to take four modules each year for two years, and complete the individual dissertation during the third year.
Suitable for law enforcement officers, government staff, security consultants, corporate security personnel and members of associated agencies in the UK and elsewhere.
Takes you on to a new career or possible promotion. The majority of students are sponsored by their employers and will continue to work for them on completion of the MSc, perhaps at a more senior level. The course may also be used as a method of moving into these areas of work.
Course description
The student is helped to develop critical thinking and problem solving capabilities and material is included on criminal psychology and ethics. A business awareness is developed, providing accounting skills, exploring issues relating to corporate fraud and the preparation of evidence. Some training in courtroom skills is also provided.
The course is offered in part-time mode, with students attending a residential seven-day, full-time school, four times each year. Students have directed reading, research and coursework to complete between schools. Students must complete the equivalent of 12 modules and a dissertation in a relevant topic. Normally, students are required to take four modules each year for two years, and complete the individual dissertation during the third year.
Thursday, May 02, 2002
Ethernet Packet Sniffer "GreedyDog"
GreedyDog is the ethernet packet sniffer forLinux, FreeBSD, OpenBSD, NetBSD, Solaris, AIX, MacOSX, and Windows2000/Xp. GreedyDog keeps stream of each TCP session and writes to logfile. So, to make a session stream, it is not necessary to reconstruct the packets which are fragmented, logfile can be analysed very easily. This feature is useful to log the comparatively large session such as telnet. Administrator can watch the telnet session of remote user as one stream unit until the connection close, if cracker makes telnet session to other network by way of administrated network, gdd can log all activities of cracker as one stream that includes other network. Furthermore, gdd have IDS function based on "grep&action".gdd monitors session stream, if suspicious action is detected, gdd executes specified action.
GreedyDog is the ethernet packet sniffer forLinux, FreeBSD, OpenBSD, NetBSD, Solaris, AIX, MacOSX, and Windows2000/Xp. GreedyDog keeps stream of each TCP session and writes to logfile. So, to make a session stream, it is not necessary to reconstruct the packets which are fragmented, logfile can be analysed very easily. This feature is useful to log the comparatively large session such as telnet. Administrator can watch the telnet session of remote user as one stream unit until the connection close, if cracker makes telnet session to other network by way of administrated network, gdd can log all activities of cracker as one stream that includes other network. Furthermore, gdd have IDS function based on "grep&action".gdd monitors session stream, if suspicious action is detected, gdd executes specified action.
Step inside the world of hacking
The world of computer hackers is a constant cat-and-mouse game between “white hats” and “black hats.” Some white hats use “honeypots” to learn about their enemy. Honeypots look like normal Web servers to a black hat, but they are really traps with special software that allow white hats to track every step a computer vandal takes. Click above to see, step by step, a full-blown attack by a black hat aimed at a honeypot, through both the eyes of the hacker and the white hat stopping her.
The world of computer hackers is a constant cat-and-mouse game between “white hats” and “black hats.” Some white hats use “honeypots” to learn about their enemy. Honeypots look like normal Web servers to a black hat, but they are really traps with special software that allow white hats to track every step a computer vandal takes. Click above to see, step by step, a full-blown attack by a black hat aimed at a honeypot, through both the eyes of the hacker and the white hat stopping her.
Monday, April 29, 2002
Definitions and Value of Honeypots
Over the past several years there has been a growing interest in honeypots and honeypot related technologies. Honeypots are not a new technology, they were first explained by a couple of very good papers by several icons in computer security, Cliff Stoll's book the "Cuckoo's Egg", and Steve Bellovin and Bill Cheswick's paper "An Evening with Berferd." This paper attempts to take their work further and discuss what honeypots are, how they can add value to an organization, and several honeypot solutions. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues. Also, few people realize the risk and issues involved with honeypots. Though honeypots made add value, the time and resources involved may best focused on greater priorities.
Over the past several years there has been a growing interest in honeypots and honeypot related technologies. Honeypots are not a new technology, they were first explained by a couple of very good papers by several icons in computer security, Cliff Stoll's book the "Cuckoo's Egg", and Steve Bellovin and Bill Cheswick's paper "An Evening with Berferd." This paper attempts to take their work further and discuss what honeypots are, how they can add value to an organization, and several honeypot solutions. There are a variety of misconceptions on what a honeypot is, how it works, and how it adds value. It is hoped this paper helps clear up those issues. Also, few people realize the risk and issues involved with honeypots. Though honeypots made add value, the time and resources involved may best focused on greater priorities.
Computer Forensics - by Ibas
Electronic evidence and information gathering have become central issues in an increasing number of conflicts and crimes. In situations ranging from the suspicion of disloyalty by staff and information theft, to other serious crimes, Ibas can assist in gathering and documenting electronic evidence.
Ibas offer services to the police, prosecuting authorities, lawyers and public and private companies in cases involving seizure and analysis of data. Results and findings can be presented in written reports or through verbal testimony e.g. in legal proceedings. In the information age the field of Computer Forensics is experiencing strong growth. Computer Forensics from Ibas will leverage the expertise and technology built through more than 20 years of experience with Data Recovery and Data Erasure.
Electronic evidence and information gathering have become central issues in an increasing number of conflicts and crimes. In situations ranging from the suspicion of disloyalty by staff and information theft, to other serious crimes, Ibas can assist in gathering and documenting electronic evidence.
Ibas offer services to the police, prosecuting authorities, lawyers and public and private companies in cases involving seizure and analysis of data. Results and findings can be presented in written reports or through verbal testimony e.g. in legal proceedings. In the information age the field of Computer Forensics is experiencing strong growth. Computer Forensics from Ibas will leverage the expertise and technology built through more than 20 years of experience with Data Recovery and Data Erasure.
Thursday, April 25, 2002
Security Toolbox
The Security Toolbox is a collection of freeware tools related to Windows security. The tools are not based on anybody elses source code, and we will not give away the code or give explainations of how the tools are built, so please don't send any mails asking for either - we will ignore all such mails. Also, please note that using some of these tools against systems without permission from the system owner(s) may be illegal in your country! Although some of these tools can be used by unethical attackers we hope that these tools will do more good than bad overall.
The Security Toolbox is a collection of freeware tools related to Windows security. The tools are not based on anybody elses source code, and we will not give away the code or give explainations of how the tools are built, so please don't send any mails asking for either - we will ignore all such mails. Also, please note that using some of these tools against systems without permission from the system owner(s) may be illegal in your country! Although some of these tools can be used by unethical attackers we hope that these tools will do more good than bad overall.
Wednesday, April 24, 2002
Technology Pathways=
Welcome to the Technology Pathways Resource Center. In this area you will find documents we feel are beneficial to the computer security community.
Welcome to the Technology Pathways Resource Center. In this area you will find documents we feel are beneficial to the computer security community.
Tuesday, April 23, 2002
Forensic Acquisition Utilities
This is a collection of utilities and libraries intended for forensic or
forensic-related investigative use in a modern Microsoft Windows
environment. The components in this collection are intended to permit
the investigator to sterilize media for forensic duplication, discover
where logical volume information is located and to collect the evidence
from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
This is a collection of utilities and libraries intended for forensic or
forensic-related investigative use in a modern Microsoft Windows
environment. The components in this collection are intended to permit
the investigator to sterilize media for forensic duplication, discover
where logical volume information is located and to collect the evidence
from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
wepcrack
WEPCrack is a tool that cracks 802.11 WEP encryption keys using the latest discovered weakness of RC4 key scheduling.
WEPCrack is a tool that cracks 802.11 WEP encryption keys using the latest discovered weakness of RC4 key scheduling.
AirSnort
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
ELZA
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicing browser behavior almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool.
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicing browser behavior almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool.
TMAP
We have developed a CAPI based telephone network mapper (wardialer + more), that is capable of detecting analog peers as well as digital peers. We have released a non-commercial version that is free for personal use.
We have developed a CAPI based telephone network mapper (wardialer + more), that is capable of detecting analog peers as well as digital peers. We have released a non-commercial version that is free for personal use.
Monday, April 22, 2002
RING
The Intranode Research Team presents a new operating system detection method, based on temporal response analysis. As a proof of concept, we release the open source tool called RING – for Remote Identification Next Generation.
The Intranode Research Team presents a new operating system detection method, based on temporal response analysis. As a proof of concept, we release the open source tool called RING – for Remote Identification Next Generation.
Basic Steps in Forensic Analysis of Unix Systems
Instead of being a "cookbook" that you follow, consider this a collection of techniques that a chef uses to construct a fabulous and unique gourmet meal. Once learned, you'll discover there are plenty more steps than just those listed here.
Instead of being a "cookbook" that you follow, consider this a collection of techniques that a chef uses to construct a fabulous and unique gourmet meal. Once learned, you'll discover there are plenty more steps than just those listed here.
Honeypots
Just released, Honeyd. Honeyd is a OpenSource solution that can emulate thousands of computers at the same time. It can also emulate different operating system types, at both the application and IP stack level.
Just released, Honeyd. Honeyd is a OpenSource solution that can emulate thousands of computers at the same time. It can also emulate different operating system types, at both the application and IP stack level.
BUILDING A JUMP KIT
This document describes how to make a 'jump kit' for investigating Linux systems that are potentially compromised.
This document describes how to make a 'jump kit' for investigating Linux systems that are potentially compromised.
Sunday, April 21, 2002
Free NT Security Tools
Fortunately there are a few third party utilities that we can use with NT to make our life easier and help answer some of the questions. I believe that it is very important for us NT Administrators to be aware of these programs. They can certainly make securing our networks easier and they have the added benefit of being free. That is right they are free. Now there is no excuse for any of us not to download these programs and learn how to use them.
Fortunately there are a few third party utilities that we can use with NT to make our life easier and help answer some of the questions. I believe that it is very important for us NT Administrators to be aware of these programs. They can certainly make securing our networks easier and they have the added benefit of being free. That is right they are free. Now there is no excuse for any of us not to download these programs and learn how to use them.
Friday, April 19, 2002
M & G - Video and Audio Communications
M & G Technology (Europe) is a leading supplier of video and audio communications products for industrial, commercial, security, law enforcement and emergency services applications.
All of our products are built to the highest quality specifications and rigorously tested in live environments before being released to our customers.
Whether you are seeking a portable monitor for completing a microwave link, a miniature transmitter for a covert video transmission or a multi-channel telemetry control panel, first seek our advice on what we have available in our wide range of equipment - or what we can design to fit any unusual requirement.
Our pages regarding selection of equipment
M & G Technology (Europe) is a leading supplier of video and audio communications products for industrial, commercial, security, law enforcement and emergency services applications.
All of our products are built to the highest quality specifications and rigorously tested in live environments before being released to our customers.
Whether you are seeking a portable monitor for completing a microwave link, a miniature transmitter for a covert video transmission or a multi-channel telemetry control panel, first seek our advice on what we have available in our wide range of equipment - or what we can design to fit any unusual requirement.
Our pages regarding selection of equipment
International Journal of Digital Evidence
International Journal of Digital Evidence (IJDE) is a forum for discussion of theory, research, policy, and practice in the rapidly changing field of digital evidence.
Sunday, April 14, 2002
Authentication Tokens: Balancing the Security Risks with Business Requirements [pdf 137k]
Stolen passwords represent a significant threat to today's enterprise. It has become apparent that a simple username and static non-changing password combination to login to a system is not adequate to protect most business information. As the corporate network is increasingly used to store disparate levels of company confidential information, there is a need for user access control.
Authentication tokens are hardware or software devices that generate dynamic one-time passwords through the use of a mathematical function. This report examines the business needs, implementation/deployment strategies, and security risk scenarios of hardware vs. software-based token technologies. No single technology will provide the ultimate solution for every situation, and there are advantages and disadvantages to the use of each type.
Stolen passwords represent a significant threat to today's enterprise. It has become apparent that a simple username and static non-changing password combination to login to a system is not adequate to protect most business information. As the corporate network is increasingly used to store disparate levels of company confidential information, there is a need for user access control.
Authentication tokens are hardware or software devices that generate dynamic one-time passwords through the use of a mathematical function. This report examines the business needs, implementation/deployment strategies, and security risk scenarios of hardware vs. software-based token technologies. No single technology will provide the ultimate solution for every situation, and there are advantages and disadvantages to the use of each type.
Trace-Back: A Concept for Tracing and Profiling Malicious Computer Attackers [pdf 109k]
In the computer security arena, every now and then, a vulnerability comes along causing a significant impact. The impact of a vulnerability is based on factors such as popularity of the vulnerable platform and the ease of exploitation of the vulnerability. Lots of research gets done on a vulnerability, beginning from its origin to the various permutations and combinations of exploit code that come out subsequently. In recent years, we have seen self-propagating exploit code (in other words, worms) becoming quite popular.
Very little is known about the events taking place in the time period between the instance that a vulnerability gets discovered by an individual or a small group of individuals, and the moment when exploit code becomes publicly available on the Internet. To zero in on the origins of a particular piece of exploit code is quite a daunting task. Very little research has been done on the subject outside of government or military organizations. Tracing back origins is a very tricky task, especially if one has to reconstruct events backwards. This paper addresses this very issue - trying to roll the film reel backwards from the time the exploit code becomes widespread in public, and filling in the blank frames to the beginning of the movie. This may not be the ultimate "big-bang" theory of the exploit universe, but it provides us with new viewpoints on exploits and their originators.
In the computer security arena, every now and then, a vulnerability comes along causing a significant impact. The impact of a vulnerability is based on factors such as popularity of the vulnerable platform and the ease of exploitation of the vulnerability. Lots of research gets done on a vulnerability, beginning from its origin to the various permutations and combinations of exploit code that come out subsequently. In recent years, we have seen self-propagating exploit code (in other words, worms) becoming quite popular.
Very little is known about the events taking place in the time period between the instance that a vulnerability gets discovered by an individual or a small group of individuals, and the moment when exploit code becomes publicly available on the Internet. To zero in on the origins of a particular piece of exploit code is quite a daunting task. Very little research has been done on the subject outside of government or military organizations. Tracing back origins is a very tricky task, especially if one has to reconstruct events backwards. This paper addresses this very issue - trying to roll the film reel backwards from the time the exploit code becomes widespread in public, and filling in the blank frames to the beginning of the movie. This may not be the ultimate "big-bang" theory of the exploit universe, but it provides us with new viewpoints on exploits and their originators.
pdd: Memory Imaging and Forensic Analysis of Palm OS Devices [pdf 181k]
One goal of incident response is to preserve the entire digital crime scene with minimal or no modification of data. This paper introduces pdd or "Palm dd", a Windows-based tool for memory imaging and forensic acquisition of data from the Palm OS family of PDAs. pdd will preserve the crime scene by obtaining a bit-for-bit image or "snapshot" of the Palm device's memory contents. Such data can be used by forensic investigators, incident response teams, and criminal and civil prosecutors.
This paper also presents the Palm OS internals (hardware, file system, and debugger functionality), pdd details (usage, process, flowchart, and timing), and forensic analysis results (flash memory, record removal and deletion, retrieval of system passwords, and telephony applications).
One goal of incident response is to preserve the entire digital crime scene with minimal or no modification of data. This paper introduces pdd or "Palm dd", a Windows-based tool for memory imaging and forensic acquisition of data from the Palm OS family of PDAs. pdd will preserve the crime scene by obtaining a bit-for-bit image or "snapshot" of the Palm device's memory contents. Such data can be used by forensic investigators, incident response teams, and criminal and civil prosecutors.
This paper also presents the Palm OS internals (hardware, file system, and debugger functionality), pdd details (usage, process, flowchart, and timing), and forensic analysis results (flash memory, record removal and deletion, retrieval of system passwords, and telephony applications).
The Importance of Application Security [pdf 109k]
The demand for digital security has never been greater in the history of the field. Unfortunately, confusion around where to start and how to manage risk is also at an all time high. This paper outlines the importance of application security and how to tell if application security should be part of your company’s digital security strategy.
The demand for digital security has never been greater in the history of the field. Unfortunately, confusion around where to start and how to manage risk is also at an all time high. This paper outlines the importance of application security and how to tell if application security should be part of your company’s digital security strategy.
Friday, April 12, 2002
nemesis packet injection tool-suite
Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s), etc
Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s), etc
Cryptix
Cryptixtm is an international volunteer effort to produce robust, open-source cryptographic software libraries. Cryptix products are free, both for commercial and non-commercial use and are being used by developers all over the world. Development is currently focused on Java.
Cryptixtm is an international volunteer effort to produce robust, open-source cryptographic software libraries. Cryptix products are free, both for commercial and non-commercial use and are being used by developers all over the world. Development is currently focused on Java.
event log monitor for windows nt 2000 xp
EventReporter monitors Windows NT / 2000 / XP event logs and reports via syslog or email. Always know what is going on in your network. Automated monitoring helps detect problems before they manifest. If you own few server, email monitoring is probably best. For a larger number of servers, we recommend a centralized log via syslog. Syslog servers are available for Windows, Unix, Linux and other operating systems.
EventReporter monitors Windows NT / 2000 / XP event logs and reports via syslog or email. Always know what is going on in your network. Automated monitoring helps detect problems before they manifest. If you own few server, email monitoring is probably best. For a larger number of servers, we recommend a centralized log via syslog. Syslog servers are available for Windows, Unix, Linux and other operating systems.
Port Listing
PORT NUMBERS
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
PORT NUMBERS
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
LNX-BBC
Welcome to the LNX-BBC project. The LNX-BBC is a mini Linux-distribution, small enough to fit on a CD-ROM that has been cut, pressed, or molded to the size and shape of a business card.
LNX-BBCs can be used to rescue ailing machines, perform intrusion post-mortems, act as a temporary workstation, install Debian, and perform many other tasks that we haven't yet imagined.
Welcome to the LNX-BBC project. The LNX-BBC is a mini Linux-distribution, small enough to fit on a CD-ROM that has been cut, pressed, or molded to the size and shape of a business card.
LNX-BBCs can be used to rescue ailing machines, perform intrusion post-mortems, act as a temporary workstation, install Debian, and perform many other tasks that we haven't yet imagined.
Snake Oil Warning Signs:Encryption Software to Avoid
Good cryptography is an excellent and necessary tool for almost anyone. Many good cryptographic products are available commercially, as shareware, or free. However, there are also extremely bad cryptographic products which not only fail to provide security, but also contribute to the many misconceptions and misunderstandings surrounding cryptography and security.
Why ``snake oil''? The term is used in many fields to denote something sold without consideration of its quality or its ability to fulfill its vendor's claims. This term originally applied to elixirs sold in traveling medicine shows. The salesmen would claim their elixir would cure just about any ailment that a potential customer could have. Listening to the claims made by some crypto vendors, ``snake oil'' is a surprisingly apt name.
Superficially, it is difficult to distinguish snake oil from the Real Thing: all encryption utilities produce garbled output. The purpose of this document is to present some simple ``red flags'' that can help you detect snake oil.
For a variety of reasons, this document does not mention specific products or algorithms as being ``good'' or ``snake oil.''
Good cryptography is an excellent and necessary tool for almost anyone. Many good cryptographic products are available commercially, as shareware, or free. However, there are also extremely bad cryptographic products which not only fail to provide security, but also contribute to the many misconceptions and misunderstandings surrounding cryptography and security.
Why ``snake oil''? The term is used in many fields to denote something sold without consideration of its quality or its ability to fulfill its vendor's claims. This term originally applied to elixirs sold in traveling medicine shows. The salesmen would claim their elixir would cure just about any ailment that a potential customer could have. Listening to the claims made by some crypto vendors, ``snake oil'' is a surprisingly apt name.
Superficially, it is difficult to distinguish snake oil from the Real Thing: all encryption utilities produce garbled output. The purpose of this document is to present some simple ``red flags'' that can help you detect snake oil.
For a variety of reasons, this document does not mention specific products or algorithms as being ``good'' or ``snake oil.''
Thursday, April 11, 2002
IT Security Cookbook
This book is intended as a 'self help' guide to computer & network security, primarily for security managers, programmers and system administrators.
This book is intended as a 'self help' guide to computer & network security, primarily for security managers, programmers and system administrators.
CORE IMPACT
CORE IMPACT is a revolutionary risk assessment product developed to professionalize the Penetration Testing practice.
Although critical to security risk assessment, Penetration Testing has to date been a very manual effort requiring the use of disparate tools and informal knowledge. CORE IMPACT professionalizes the Penetration Testing process, automating many of the tasks required to deliver superior assessment results.
CORE IMPACT provides a comprehensive framework for performing Penetration Tests, making it possible to define and enforce a methodology, drastically increase productivity, reduce errors and leverage knowledge and expertise gained through successive engagements. This product revolutionizes the practice and elevates it to the new standards of quality required by today's organizations.
CORE IMPACT is a revolutionary risk assessment product developed to professionalize the Penetration Testing practice.
Although critical to security risk assessment, Penetration Testing has to date been a very manual effort requiring the use of disparate tools and informal knowledge. CORE IMPACT professionalizes the Penetration Testing process, automating many of the tasks required to deliver superior assessment results.
CORE IMPACT provides a comprehensive framework for performing Penetration Tests, making it possible to define and enforce a methodology, drastically increase productivity, reduce errors and leverage knowledge and expertise gained through successive engagements. This product revolutionizes the practice and elevates it to the new standards of quality required by today's organizations.
Outpost Firewall
FREE! Outpost Firewall is the most feature-packed Personal Firewall for Windows in the world. It gives peace of mind from any threats by Cookies, Ads, E-mail viruses, Backdoors, Spyware, Crackers, Adware and virtually every other Internet danger. This is the first firewall that supports plug-ins so its capabilities can easily be extended.
FREE! Outpost Firewall is the most feature-packed Personal Firewall for Windows in the world. It gives peace of mind from any threats by Cookies, Ads, E-mail viruses, Backdoors, Spyware, Crackers, Adware and virtually every other Internet danger. This is the first firewall that supports plug-ins so its capabilities can easily be extended.
Wednesday, April 10, 2002
Evidence Eliminator
Deletes a lot of temporary files. I wonder how safe the deletion is (wiping or deleting is a big difference!).
Are You Being Watched?
How private is your PC data? Thanks to the proliferation of Internet worms and hardware and software spying tools, the erosion of loyalty between corporations and their employees, and the 9/11 disaster (which has caused many to value security over privacy and civil rights), the likelihood is greater than ever that your computer is reporting your every move to a suspicious spouse, a government agency, an employer, or the entire world. In this article, we'll cover the most prevalent spying hardware and software and explain how it can be used, abused, and detected.
How private is your PC data? Thanks to the proliferation of Internet worms and hardware and software spying tools, the erosion of loyalty between corporations and their employees, and the 9/11 disaster (which has caused many to value security over privacy and civil rights), the likelihood is greater than ever that your computer is reporting your every move to a suspicious spouse, a government agency, an employer, or the entire world. In this article, we'll cover the most prevalent spying hardware and software and explain how it can be used, abused, and detected.
Design Of A Default Redhat Server 6.2 Honeypot
The following paper is a description of how I have designed and implemented a honeypot system. The paper describes how the honeypot is used to capture data in layers using different techniques. The aim of the honeypot is to discover the techniques and tactics used by blackhats (hackers) to compromise computer systems.
Firewall Tester
The Firewall Tester consists of two perl scripts, the client part (ftest) and the listening sniffer (ftestd). The client injects custom packets, defined in ftest.conf, with a signature in the data part while the daemon listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the 'connection spoofing' option. A script called freport is also available for automatically parse the log files.
The Firewall Tester consists of two perl scripts, the client part (ftest) and the listening sniffer (ftestd). The client injects custom packets, defined in ftest.conf, with a signature in the data part while the daemon listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the 'connection spoofing' option. A script called freport is also available for automatically parse the log files.
Blade
BLADE Software is the leading provider of Internet Security Application Testing Tools (ISATT), we provide IT Security Professionals with the products to independently check their security infrastructure and to validate the effectiveness of those defenses.
BLADE Software is the leading provider of Internet Security Application Testing Tools (ISATT), we provide IT Security Professionals with the products to independently check their security infrastructure and to validate the effectiveness of those defenses.
A look at whisker's anti-IDS tactics
Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?"
This paper is aimed at explaining the thought process and implementation behind various anti-IDS tactics whisker uses to avoid web scan detection. While I specifically have ID systems in mind, this also applies to monitors, sniffers, log parsers and anything else trying to interpret web traffic and/or requests. The methods, analysis and theories presented within this document can also be applied to other protocols and concepts--however, HTTP is my focus due to the implementation of whisker.
Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?"
This paper is aimed at explaining the thought process and implementation behind various anti-IDS tactics whisker uses to avoid web scan detection. While I specifically have ID systems in mind, this also applies to monitors, sniffers, log parsers and anything else trying to interpret web traffic and/or requests. The methods, analysis and theories presented within this document can also be applied to other protocols and concepts--however, HTTP is my focus due to the implementation of whisker.
Access Data
AccessData has been a leader in password recovery and applied cryptography since 1987. Since that time, AccessData has developed a trusted relationship with the Federal Government, state and local law enforcement, and corporate America.
To help keep government agencies and corporate security departments up to date with current computer forensic technology, AccessData has developed new forensic software and training seminars to help both the novice and expert computer specialists. Now your forensic team can gain access to AccessData's years of knowledge and experience.
Tuesday, April 09, 2002
Microsoft Baseline Security Analyzer
Microsoft has created a new tool, the Microsoft Baseline Security Analyzer (MBSA), to analyze Windows systems for common security misconfigurations. Version 1.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP.
Microsoft has created a new tool, the Microsoft Baseline Security Analyzer (MBSA), to analyze Windows systems for common security misconfigurations. Version 1.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP.
Hack In The Box
Hack In The Box is designed to facilitate discussions on security related topics, create security awareness, and to try and provide a comprehensive database of security knowledge and resources to the public. We aim to make HITB a single place, or community on the INternet where people and corporations can go to find security information and the latest news from the underground as well as from the computer technology sectors.
The site provides access to security links and resources, including news, books, mailing lists, tools, products and security services as well.
The staff at hackinthebox.org is committed to stimulation discussion between users and computer professionals to help Keep Knowledge Free. We hope you will find these resources useful.
Monday, April 08, 2002
14th Annual Computer Security Incident Handling Conference
The annual FIRST Conference is the only event of its kind. It focuses on the field of computer security incident handling and response. In recognition of the global spread of computer networks and the common problems faced by computer owners, the conference is held in different parts of the world. The presentations are international in scope and include the latest in incident response and prevention, vulnerability analysis, and computer security. Additionally, these events serve as the foundation for the improvement of computer security worldwide via the sharing of goals, ideas, and information.
The annual FIRST Conference is the only event of its kind. It focuses on the field of computer security incident handling and response. In recognition of the global spread of computer networks and the common problems faced by computer owners, the conference is held in different parts of the world. The presentations are international in scope and include the latest in incident response and prevention, vulnerability analysis, and computer security. Additionally, these events serve as the foundation for the improvement of computer security worldwide via the sharing of goals, ideas, and information.
Solving the Perfect Computer Crime
While the perfect computer crime is one that, by definition, will not be discovered, heightened awareness of cyber security has helped law enforcement keep up with the technologies and tactics used to compromise computers, networks and databases.
But cyber cops still struggle with such issues as the international reach of the Internet, an increasing number of combined threats and a wide spectrum of legal hurdles.
Sunday, April 07, 2002
remote-expoit.org
http://www.remote-exploit.org has finaly become to life. This website is mostly a platform to give something back to the community. All the texts, tools, links that we collect or will collect in the future will be collected in here if it's possible. The people behind remote-exploit.org are some in security interrested individuals that found each other :-) you all know what i mean i guess. Some may say we are just freaks...but hey...lets freakout! We try to bring exclusives when possible and try to bring some :-) and light into the dark world of hacking and security.
http://www.remote-exploit.org has finaly become to life. This website is mostly a platform to give something back to the community. All the texts, tools, links that we collect or will collect in the future will be collected in here if it's possible. The people behind remote-exploit.org are some in security interrested individuals that found each other :-) you all know what i mean i guess. Some may say we are just freaks...but hey...lets freakout! We try to bring exclusives when possible and try to bring some :-) and light into the dark world of hacking and security.
Friday, April 05, 2002
The draft Special Publication 800-45 Guidelines on Electronic Mail Security
The document is intended primarily for a technical audience. It provides detailed guidance on setting up and maintaining a secure email system, and includes pointers to related material.
The document is intended primarily for a technical audience. It provides detailed guidance on setting up and maintaining a secure email system, and includes pointers to related material.
Offline NT Password & Registry Editor
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying the crypted password in the registrys SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk. The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Note: It will now also work with SYSKEY, including the option to turn it off!
This is a utility to (re)set the password of any user that has a valid (local) account on your NT system, by modifying the crypted password in the registrys SAM file.
You do not need to know the old password to set a new one.
It works offline, that is, you have to shutdown your computer and boot off a floppydisk. The bootdisk includes stuff to access NTFS partitions and scripts to glue the whole thing together.
Note: It will now also work with SYSKEY, including the option to turn it off!
InterSect Alliance
InterSect Alliance is a team of leading information technology security specialists, with extensive experience in both the policy and technical aspects of IT Security.
InterSect Alliance is a team of leading information technology security specialists, with extensive experience in both the policy and technical aspects of IT Security.
- SNARE - System iNtrusion Analysis & Reporting Environment
- RazorBack - SNORT Intrusion Detection Front-End
- BackLog - a Windows NT service that facilitates the real time central collection and processing of Windows NT Event Log information
- BackLog for Solaris
- Windows 2000 - Graded Security Configuration Document
- Internet Information Server 4 - Graded Security Configuration Document
- Linux - Graded Security Configuration Document
- Apache - Graded Security Configuration Document
Privacy Bird
AT&T invites you to download the new AT&T Privacy Bird software for free. This software will help Internet users stay informed about how information they provide to Web sites could be used. The AT&T Privacy Bird automatically searches for privacy policies at every website you visit. You can tell the software about your privacy concerns, and it will tell you whether each site's policies match your personal privacy preferences. The software displays a green bird icon at Web sites that match, and a red bird icon at sites that do not.
Subscribe to:
Posts (Atom)
