Archive for category Internet
Hackers Target Internet Forum Database
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Internet, News on January 22, 2010
A popular Irish discussion forum, Boards.ie has been today forced to change all users’ passwords this is due to a security breach where hackers compromised a part of users database on the server.
Tom Murphy one of the portal founders has made an official statement that the site is “regularly the target for disruption and take continual actions to proactively protect data”.
During this attack hackers have gained access to part of the main Database server that stores usernames, email addresses and encrypted passwords for registered users. So as a security measure they started to change all users’ login and password and recommend all subscribers to not use the same accounts credentials on other websites to prevent any identity theft.
The site started life as a forum for the computer game Quake in 1998 and has more than 500 forums on a range of topics.
According to the most recent ABC internet traffic statistics in November, Boards.ie had more than 20m page views, averaging more than 1.1m page views a day.
make sure you subscribe to my RSS feed!
Sniffing/MITM Attacks on Tor network
Posted by Mourad Ben Lakhoua in Internet, hacking on January 1, 2010
Tor is wonderful tool to ensure your privacy on the Internet ,Tor software is a program that you can run on your computer to helps keep you safe on the Internet.Tor prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. but if you think that this is the only role than you are wrong, since this is just one function of the main purposes of Tor, because another good role of Tor is to create a server and make it available for other users to pass through it.
By installing a sniffer on the server you will be able to see all non encrypted traffic, and you will be able to gather data and sensitive information…
To start you have to get Linux distribution like Backtrack or Ubuntu on a virtual machine it is free and available online. Next download the latest Tor version (currently O.2.1.20). After installing the packages it is better to create a new user on the system trouser: uid=111(toruser) gid=10(wheel) groups=0(wheel),10(wheel). Now Tor use to store the config file .tor in the home directory (/home/toruser) so you need to open this file on the text editor.
In the setting we customize the following:
ControlPort – this is the port used for the remote management of Tor server. Most use the value of 9051.
DirPort – Advertise the directory service on this port. The value is 9030.
ControlPort 9051
DirPort 9030
ExitPolicy – determines what traffic we will receive and forward. By default the policy is as follows:
reject *: 25 , reject *: 119 ,reject * :135-139 , reject *: 445, reject *: 563, reject *: 1214
reject * :4661-4666 ,reject * :6346-6429 ,reject *: 6699 ,reject * :6881-6999 ,accept *: *
here we need to choose the services that we need to receive on our Node and forward (HTTP,HTTPS,POP3,IMAP,IMAPS, POP3S) .so it will be as follows:
ExitPolicy
accept *: 80, accept *: 443, accept *: 110, accept *: 143,accept *: 993, accept *: 995, reject *: *
HashedControlPassword – this to configure the password for remote Tor server configuration and to not allow a malicious user control the server.
Nickname – the server name.
ORPort – port to connect with other nodes 9001.
SocksListenAddress – this will be the localhost (127.0.0.1)
Save the changes and close the file. Now the server is ready to lunch:
$ Tor-f /home/toruser/.tor/torrc
You will take approximately 20 minutes to check the system and ports. Than you can go to http://moria.seul.org:9032/tor/status/authority and you will find our server among other server names.
So Excellent our server is working and it’s time to choose the favorite sniffer Wireshark , Wireshark is already exists in the Backtrack4 select the interface and enable packets capturing. Wireshark will give you all non encrypted traffic like website browsing and other HTTP navigation while it’s in clear. Not bad so far.
Now what about the encrypted traffic, here it’s time to use SSLStrip to get it you go to the official Moxie Marlinspike website and download the last version there is already an update released 2 days ago.
Run the command:
$ Python sslstrip.py-a-l 8080-w today.log
If we are not the last node the traffic will be transmitted in an encrypted form so to decrypt this traffic before it goes to the final destination we need to pass it over the sslstrip by adding this rule to iptable:
$ Iptables-t nat-I OUTPUT-p tcp-m owner-uid-owner 111 – dport 80-j DNAT – to-destination 127.0.0.1:8080
This will make all outdoing HTTP-traffic from user toruser pass through sslstrip automatically, and at this point we need just to wait till that we collect some logs and check the log file.
On next post we will explain the way to perform scanning for Blackbox peneteration testing behind a Tor Proxy.
It is important to note that all programs are used just for educational purposes.
make sure you subscribe to my RSS feed!
Twitter Was Owned.. No it was a Compromised DNS trick!
Posted by Mourad Ben Lakhoua in Internet, News, hacking on December 18, 2009
Today Morning Twitter website was out of service for two hours and the reason of this service disruption is a DNS-attack. Many users thought that the website was compromised by hackers from “Iranian cyber army” by exploiting WordPress vulnerabilities but that was not the case, the attack was made on the DNS server by redirecting users attempting to enter Twitter website to Hackers Website IP address.
The Twitter Team posted the following on their Blog:
As we tweeted a bit ago, Twitter’s DNS records were temporarily compromised tonight but have now been fixed. As some noticed, Twitter.com was redirected for a while but API and platform applications were working. We will update with more information and details once we’ve investigated more fully.
This is not the first DNS attack we read about in the news there were a big number of incidents that are related to the DNS record and it is now very important to start using and implementing the DNSSec to protect the DNS servers.
make sure you subscribe to my RSS feed!
Hacking Cocktail for the Halloween!
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, Internet, News on October 31, 2009
Cybercriminals are not leaving any chance or event without trying to gain more illegal incomes or distribute their Malware. Here there are some cases of Internet scam and other mail tricks are detected by viruslist regarding the Halloween. Cheap software:
Emails not from legitimate sources for advertising costumes and personalized gifts:
E-cards for the Halloween:
Another case which is unusual that this site provides a browser utility you need to install on your browser to send a wishing card, if the victim in US, Canada or other countries than the spammer will be paid by the toolbar developer, here the toolbar can be any kind of malicious code which can be used to take control over the pc:
If the victim is coming from Russian IP he will be redirected to a lottery site:
This is actually fully expected, Hackers are always optimizing thier website links by spam’s and website redirection accompanied with text intended to attract interest. These kinds of attack are intended to spread malicious software or gain more illegal money or to have more personal credentials. Happy Halloween!
Screen shot sources from Viruslist website.
make sure you subscribe to my RSS feed!
BrightCloud: Web Filtering URL Database
Posted by Mourad Ben Lakhoua in Internet, Web Security on October 25, 2009
Every day more and more people begin to store and process Data using Internet services or on servers over the Internet connection, Internet connection is used by all corporate and it is very important to make the usual work checking email searching for resources or updating your applications..
Well here there is a big threat from visiting infected website that can damage all systems and applications and using an integrated web security solution is very important to check that the visited URL is safe.
BrightCloud® offers Web Filtering Services for Security Applications, it has powerful data base that includes a huge list of infected website it can benefit the firewall to block any black listed websites so by integrating this solution with your current firewall you can eliminate a big risk to get infected.
Comparing to Google Safe Browsing API BrightCloud has 15x as many known malware sites which mean more 15x protection, updates its malware list with over 100,000 entries daily.
The most important that BrightCloud use a lot of sources, mechanisms and engines to monitor, detect, and update security categories. Some of them include honeypot (for spam and botnet’s), others can be gathered over a fake open proxies …
After collecting this information, security software or devices companies can take benefit from these advanced Data and make their solution more effective.
As a reference you can find Microsoft ISA firewall is using BrightCloud database and Palo Alto Networks is also using BrightCloud for their Firewall device.
Here is a link that provides the difference between BrightCloud API and Google Safe Browsing API, while you can find at this page latest Internet threat detected.
Now this is very important for any company to have such a solution because this work needs a lot of effort, knowledge and time to implement honeypot and detect malware and identify spams, while you can have all that by adapting BrightCloud to your Network.
make sure you subscribe to my RSS feed!
Malware Scam on Microsoft Outlook Web Access
Posted by Mourad Ben Lakhoua in Internet, News on October 16, 2009
Websense has warned recently of a serious attack concerning Microsoft Outlook Web Access network service.
Security experts have reported that they had founded emails that contain links to download malicious software, they already detected about 30,000 of these mails daily.
Here is a screen shot of the malicious message:
This is very frequent attack and provides hacker a high level of customization, because the page looks very credible with Microsoft logo and other details, here you can find the screen shot for the website:
Hackers can at this webpage insert any malicious file that can contains Trojan for building botnet and enable them to control the system remotely.
Screen shot sources from Websense security lab website.
make sure you subscribe to my RSS feed!
Google Plug-in Boost IE speed 10 Times
Posted by Mourad Ben Lakhoua in Browser, Internet on September 26, 2009
A New test has been conducted by Computerworld researchers concluded that Chrome Frame plug-in improves JavaScript performance 9.6 times in Internet Explorer 8 (IE8). During the test it was used Sunspider Javascript for three times to show the speed improvement in Microsoft Internet browser.
This plug-in is already embedded in Google chrome while on last Tuesday they added the support of Internet explorer, This adds an extra speed and support to several standards like HTML 5.
Google has been focusing over the last years in providing a clear and highly effective solution for the online working application, so this plug-in can help IE users to work on online application such as Google Wave and others with the same performance like on Google chrome.
Chrome Frame is available now for IE6, 7 and IE8, running under Windows XP and Windows Vista operating system, So get your copy now It’s free and installs in a few seconds..
make sure you subscribe to my RSS feed!
SANS: Rising numbers of zero-day vulnerabilities
Posted by Mourad Ben Lakhoua in Internet, News, Operating System, Vulnerabilities, Web Security on September 16, 2009
TippingPoint and Qualys two security companies have been involved in a study named “The Top Cyber Security Risks” revealed that more than half of all cyber attacks are targeting applications and websites. This report is based on information collected from March to August 2009 from customers that are using the Intrusion prevention system and network monitoring solutions from both company.
According to the report the numbers of vulnerabilities discovered in applications exceed those for operating systems. Bugs in Adobe PDF Reader, QuickTime, Adobe Flash, Microsoft Office and other popular Web browsers are frequently used to spread malicious code over the internet.
At the same period the study revealed that organizations are updating the network application two times longer than it in the operating system, even that vulnerabilities in OS are less number. However there were no wide spread worms for operating system detected except Conficker.
One of the most serious network threats in the report is that there are some major software companies are not focusing on providing fixes for several zero-day vulnerabilities as a result some bugs still remains update for more than two years.
Very interesting study you can find more details about it here.
make sure you subscribe to my RSS feed!
New Service to Boot Operating System over Internet
Posted by Mourad Ben Lakhoua in Internet, Operating System, Webcasts on September 1, 2009
New service allows users to download and install any Linux operating system directly from Internet. Netboot.me is a website that provides a bootable image and burns it to a CD, USB memory stick, or floppy disk that displays a menu with the distribution list and some useful tools for system diagnostics, partition and recovery.
Basically Netboot.me uses open source loader gPXE. Which is significantly enhanced by expending new protocols including NFS, FTP and HTTP. You can find in the OS List: Tiny Core Linux 2.2, Micro Core Linux 2.2, Debian Lenny, Debian Testing, Fedora 11, openSUSE 11.1, Ubuntu 9.04 and 9.10, and FreeBSD 7.2.
Here you can find a screenshot demonstrating how to use it as a universal bootdisk and installer.
make sure you subscribe to my RSS feed!
Vulnurability makes eBay Developers Program accounts at Risk
Posted by Mourad Ben Lakhoua in Internet, News, Password Security, Vulnerabilities & attacks, Web Security on August 13, 2009
eBay security specialists asked developer program members to change their passwords. This is due to a new vulnerability discovered that can allow an attacker to intercept important accounts details.
Kumar Kandaswamy eBay Developers program manager has reported on the guidance published that the company has found a way in which an outsider can access users account information at eBay Developers program, so as a preventive measures it is highly recommended to change all user passwords.
The vulnerability does not allow attackers to grab financial information such as credit card or bank account information or Social Security numbers.
But in 2007 a hacker called Vladuz has managed to bypass all the protection measures and to obtain eBay unauthorized accesses which are intended to be just for employees as a result the hacker was arrested in Romania.
eBay developers program helps users to work with its API and develop online application for web resources. Now when you click join and you want to select a new password there is a strict safety standards for creating password “ Your password must be 8 characters or longer, and contain at least 1 upper case letter (A-Z), 1 lower case letter (a-z), 1 number (0-9), and 1 special character (!@#$%*+-_.?). For example, Cool_devel0per.” That’s good for user’s security 
.
make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for the Internet category.
SUBSCRIBE
