Archive for October, 2009
Hacking Cocktail for the Halloween!
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Internet, News on October 31, 2009
Cybercriminals are not leaving any chance or event without trying to gain more illegal incomes or distribute their Malware. Here there are some cases of Internet scam and other mail tricks are detected by viruslist regarding the Halloween. Cheap software:
Emails not from legitimate sources for advertising costumes and personalized gifts:
E-cards for the Halloween:
Another case which is unusual that this site provides a browser utility you need to install on your browser to send a wishing card, if the victim in US, Canada or other countries than the spammer will be paid by the toolbar developer, here the toolbar can be any kind of malicious code which can be used to take control over the pc:
If the victim is coming from Russian IP he will be redirected to a lottery site:
This is actually fully expected, Hackers are always optimizing thier website links by spam’s and website redirection accompanied with text intended to attract interest. These kinds of attack are intended to spread malicious software or gain more illegal money or to have more personal credentials. Happy Halloween!
Screen shot sources from Viruslist website.
make sure you subscribe to my RSS feed!
Cisco Intended to purchase ScanSafe, Leading SaaS Web Security Provider
Posted by Mourad Ben Lakhoua in Cloud Computing Security, News, Web Security on October 29, 2009
Cisco is about to purchase ScanSafe a web security company for a 183 million dollars. This step will allow Cisco to increase the competition with other big companies in this industry such as Symantec and McAfee.
ScanSafe provides products in the web filtering security services to protect corporate workstations and networks from hackers. You will already notice on the home page a message shows that “Cisco to acquire ScanSafe”.
Symantec and McAfee are the leaders in Computer security software field and are offering already a bunch of advance Cloud based security software with a high growth in sales that exceeds the traditional antiviruses.
This step will help Cisco to expand their security services to include Web security and email security services that are already provided by Ironport, so we expect a Total space security by Cisco.
make sure you subscribe to my RSS feed!
US CERT Warns of PhoneSnoop Attack Against BlackBerry
Posted by Mourad Ben Lakhoua in Tools, Vulnerabilities & attacks, hacking on October 28, 2009
US-CERT Issued a new warning concerning a free application that allows a hacker to spy on phone conversation, the program should be installed on the victim device and after the installation a hacker will be able to listen to all victims call.
This free application called PhoneSnoop and despite the fact that this application provides a similar functionality as FexiSPY, this is the first free program of its kind. Chirashi Zensay the creator of this tool posted on his Blog: “PhoneSnoop demonstrates how a BlackBerry can be used to spy on its owner. While the BlackBerry remains one of the more secure devices out there, user awareness and education is paramount to remaining completely safe from spyware. I tweaked the application since my first post now allowing anyone to download, install and try it. PhoneSnoop now has the ability for a user to customize the ‘trigger number’; rather than me having to give out customized versions.”
This program has been released to demonstrate how it is easy to exploit vulnerability on the BlackBerry devices and currently there is an effort to release new software that can rout SMS over a hacker.
US-CERT currently encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.
make sure you subscribe to my RSS feed!
DisCryptor Protects Your Privacy
Posted by Mourad Ben Lakhoua in Privacy & data protection, Software Security, Tools on October 26, 2009
DisCryptor is a complete software for protecting your privacy by providing a free personal product to save sensitive data, send important documents via E-mail and transfer folders on USB memory in an easy and very fast way.
After the installation you will have a very rich dashboard that provides tab for creating new virtual or physical drive so it only needs to click to start encrypting the disk.
You can also creat a traveler disk this functionality will help you encrypt your usb drive so your entire content will be encrypted with a very high security level , the interesting point that later when you are looking to open your files on any PC it is possible even if you have no DisCryptor on it , by choosing Travel disk functionality and you burn an autorun soft to a CD/DVD , and you just need to have the CD and the USB device or external hard drive to open your file.
it is also possible to use this software package to encrypt your files, Encrypted file in software DisCryptor will always has a .DCF extension and icon of DisCryptor logo.
Maybe the biggest panic for any person is to remember passwords. You can imagine how a person will remember thousands of passwords or to write them on a sheet of paper this all is very risky and easy to be lost. Here this software solved the issue by providing a solution to manage passwords and store them in an encrypted way (Hash function includes SHA-256, SHA-384 a SHA-512..), even when you create a password it automatically show the security Level of this password according to the chosen security profile and it is recommended to use the strongest password as possible and keep you tracking your passwords.
Currently there are three types of license a free personal edition, a Business edition and an Enterprise edition you can read more details about Discryptor Here.
make sure you subscribe to my RSS feed!
BrightCloud: Web Filtering URL Database
Posted by Mourad Ben Lakhoua in Internet, Web Security on October 25, 2009
Every day more and more people begin to store and process Data using Internet services or on servers over the Internet connection, Internet connection is used by all corporate and it is very important to make the usual work checking email searching for resources or updating your applications..
Well here there is a big threat from visiting infected website that can damage all systems and applications and using an integrated web security solution is very important to check that the visited URL is safe.
BrightCloud® offers Web Filtering Services for Security Applications, it has powerful data base that includes a huge list of infected website it can benefit the firewall to block any black listed websites so by integrating this solution with your current firewall you can eliminate a big risk to get infected.
Comparing to Google Safe Browsing API BrightCloud has 15x as many known malware sites which mean more 15x protection, updates its malware list with over 100,000 entries daily.
The most important that BrightCloud use a lot of sources, mechanisms and engines to monitor, detect, and update security categories. Some of them include honeypot (for spam and botnet’s), others can be gathered over a fake open proxies …
After collecting this information, security software or devices companies can take benefit from these advanced Data and make their solution more effective.
As a reference you can find Microsoft ISA firewall is using BrightCloud database and Palo Alto Networks is also using BrightCloud for their Firewall device.
Here is a link that provides the difference between BrightCloud API and Google Safe Browsing API, while you can find at this page latest Internet threat detected.
Now this is very important for any company to have such a solution because this work needs a lot of effort, knowledge and time to implement honeypot and detect malware and identify spams, while you can have all that by adapting BrightCloud to your Network.
make sure you subscribe to my RSS feed!
TippingPoint and Qualys Together To Mitigate Network Security Risks
Posted by Mourad Ben Lakhoua in News, Vulnerabilities & attacks on October 25, 2009
TippingPoint and Qualys Network security companies are about to develop and deliver a Network security software, to provide their customers a full package for corporate Network security.
Both companies are looking to build a business partnership to enhance their customer protection from the current threats and to be able to identify the New Network Vulnerabilities.
Under this agreement Intrusion prevention system from TippingPoint will be integrated with QualysGuard Vulnerability Management platform, In order to provide a full environment protection.
Here there were a recent report by SANS Institute found that there is a huge vulnerabilities in the application layer like web application that can be exploited from an unpatched user-side Application like Acrobat reader.
QualysGuard Vulnerability Management can help to monitor the network and TippingPoint IPS will provide an active vulnerability protection through its Digital Vaccine service and as a result we receive a combined vulnerability vision with a virtual patching by the Digital Vaccine filters and mitigate the risk against latest viruses and worms.
Here you can find more details about this partnership.
make sure you subscribe to my RSS feed!
TrueCrypt 6.3 Free Open-Source Disk Encryption Software
Posted by Mourad Ben Lakhoua in Encryption, Software Security, Tools on October 23, 2009
TrueCrypt one of the popular tools for encrypting and hiding partition under Linux, MacOS and Windows system has released a new version.
The new features at this release include:
• Full support for Windows 7.
• Full support for Mac OS X 10.6 Snow Leopard.
• The ability to configure selected volumes.
TrueCrypt is an open-source, multi-platform application that allows you to create secure, encrypted folders for your data.
It is always recommended to use Truecrypt instead of other built in encryption system because it can hide your volumes and make it impossible for anyone to note the file existing on the HD, plus it provides a flexible way to choose encryption algorithms.
With TruCrypt your data remains encrypted until you need it.More details about the release can be found Here.
make sure you subscribe to my RSS feed!
Microsoft Security Essentials First Week
Posted by Mourad Ben Lakhoua in Anti-Viruses, News, Tools on October 20, 2009
Microsoft security Essential the new antivirus solution has been downloaded during the first week by 1.5 million users.
The Free Antivirus has been able to detect 4 million malicious software during the period of 29 September to 6 October on 535,752 PC. Majority of these infected computers are running Windows XP while we find less infection on Windows Vista and Windows7.
According to Microsoft AV computers reporting the most common Infections at the United states were Trojans, while in China computers are more infected by several Malicious application including Adware, spyware and in Brazil the main Malware are worms especially Conficker.
Here you can find Microsoft presentation that lists the malware statistics but at AV-Test.org which is an independent organization has listed Microsoft Security Essentials in better position among other free antiviruses including AVG and Avast in terms of scanning speed and level of threat detection .on the other hand the AV still require improvement on the Malware behavioral analysis.
make sure you subscribe to my RSS feed!
Cain & Abel New Release
Posted by Mourad Ben Lakhoua in News, Pentesting on October 20, 2009
A new version of Cain& Abel has been released yesterday, this tool is a solid tool for password recovery on a various Microsoft Operating Systems, super fast flexible Password Cracker with Network Sniffing.
The Tool allows penetration tester to easy recover several kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
The 4.9.34 version of this program includes a number of new features:
- Adding Support for Windows2008 Terminal server APR-RDP sniffer which enables sniffing on switched LANs and Man-in-the-Middle attacks.
- Adding Abel64.exe and Abel64.dll for 64 bit operating system.
- The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms.
- ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security.
- Support for windows Live Mail (Windows 7) password recovery POP3, IMAP, NNTP, SMTP and LDAP.
You can download Cain & Abel v4.9.34 Here.
make sure you subscribe to my RSS feed!
SSLStrip : HTTPS stripping attack
Posted by Mourad Ben Lakhoua in Vulnerabilities & attacks, Web Security on October 17, 2009
Moxie Marlinspike demonstrated another way to compromise SSL based website at the BlackHat DC 2009,which is the HTTPS stripping tool called SSLStrip.
For example if we are looking to check our email on Gmail, we open our browser and we start typing the address: mail.google.com or gmail.com, and we don’t care about the page if it starts http:// or https://, because we know that it turns out automatically. Switching to protected resources is carried out through the normal http-protocol and it is possible to intercept it.
Moxie Marlispike has presented his second program called SSLStrip, the Idea behind the SSLStrip is that it can help attacker to intercept the request for a secure connection from the victim and force him to communicate over non secure http connection.
The tool is developed with python and it replaces secure links to non secure. So the picture is wonderful a server sends the entire content in secure channels for all clients, and the victim does not receive any warning or even suspect that he is using an unsecured connection. All traffic is not encrypted and in clear.
Moxie Marlinspike has run his tool SSLStrip on Tor proxy and in 24 hours he managed to get the following number of authentication credential:
- login.yahoo.com – 114
- Gmail – 50
- ticketmaster.com – 42
- rapidshare.com – 14
- Hotmail – 13
- paypal.com – 9
- linkedin.com -9
- facebook.com – 3
Actually SSLStrip is a very advanced way that combines homographic attack to create a Man In The Middle, this type of attack is based on user confusion to make him believe that the website is legitimate.
make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for October, 2009
SUBSCRIBE
Latest Comments