Archive for category Operating System
Microsoft prepares 13 patches for Next Tuesday
Posted by Mourad Ben Lakhoua in Operating System, Software Security, Vulnerabilities on February 5, 2010
Microsoft announce that they are about to release a 13 security updates on next Tuesday, these new security patches are issued to fix 26 security vulnerabilities in windows operating system and Microsoft office suite.
According to the Advanced Notification five updates are critical and the 8 others are important. While we can find 11 of 13 patches are issued to fix vulnerabilities in one or more operating systems, and the remaining two patches are for Office XP and Office 2003 for windows and Office 2004 for Mac.
Among the patches we can find a fix for a 17 year old Bug in 32-bit windows version, and will close the loophole that involves the venerable DOS operating system. Internet Explorer two recent critical vulnerabilities will not be patched for this Tuesday updates.
You can find Microsoft Security Bulletin Advance Notification for February 2010 Here.
make sure you subscribe to my RSS feed!
Secure Live-CD Ubuntu Privacy Remix 9.04r3 is Out!
Posted by Mourad Ben Lakhoua in News, Operating System, Privacy & data protection on January 11, 2010
Ubuntu Privacy Remix (UPR) developers released a new modified version of the Linux Ubuntu operating system and now are available for download online.
UPR is a Live CD Destro that aims to provide users with an environment that allows to safely handling personal information, the system installed on the computer running UPR remains untouched.
The risk of theft of such private data arises not only from “conventional” criminals, trojans. rootkits, keyloggers etc. Ubuntu Privacy Remix is a tool to protect your data against unsolicited access.
To mitigate the risks Ubuntu Privacy Remix tries to create such a working environment on any PC with the following measures:
• The system resides on a read-only CD, Spyware and other malicious software cannot be installed permanently.
• The system completely ignores any potentially compromised local (S-)ATA hard disks.
• The system kernel is modified so that it cannot activate any network hardware. No LAN/WLAN/Bleutooth/Infrared etc.
• The system is based on free software which can be verified in source code.
• To ease working with a non-modifiable system, UPR introduces “extended TrueCrypt-Volumes”, which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume.
The OS software component, including the system kernel, has been updated to the latest versions and as a result the creators managed to get rid of some bugs and vulnerabilities. In addition to the CD version there is a special utility to create bootable USB-drive directly from the protected environment.
you can download Ubuntu Privacy Remix 9.04r3 here.
make sure you subscribe to my RSS feed!
Snow Leopard Bug Erases all User Data
Posted by Mourad Ben Lakhoua in News, Operating System, Vulnerabilities on October 13, 2009
A new serious problem has faced Mac OS X users with a strange errors face all new Apple operating system, this error is called Snow Leopard and can destroy all personal data on the OS.
According to Apple support site the problem exists when a user open the system as a guest and after closing the session he tries to enter his own personal account, at this case all OS settings will be reset to default and content, personal folders, documents, photos and music files will be destroyed.
This error appears in computers that have been updated there system from any previous version to the recent Mac OS X Snow Leopard Operating system. Currently the only way to recover the lost files is to restore them from Backup. On the other hand many users have lost their work document, personal files, videos and other files by this simple manipulation.
Apple has not yet commented on these Issue and they temporary advice as a workaround users to disable the guest account.
So you should never keep your sensitive information hang in the wind, a disaster can ever sleeps and can strike at any time. Security is a VERY important Issue, try to make your backup on regular bases.
Secure your Stuff and Keep Working!
make sure you subscribe to my RSS feed!
Windows 7 overall security improvement
Posted by Mourad Ben Lakhoua in Operating System on October 11, 2009
Microsoft are planning to make the new operating system Windows 7 available in the market in the common few days (Oct 22), but what Microsoft added to this operating system from the security scope?
Windows 7 has a very interesting security application which is AppLocker, the AppLocker helps users to control applications on the Operating System, and the OS Administrator can clearly define the programs allowed to be run by users. Controls all types of files that can harm the system including (exe,msi,msp) , scripts (bat,cmd,vbs,js) and libraries(dll,ocx). On previous operating system to make such restrictions we should involve complicated software controlling policies SRP (Software Restriction Policies). Customizing AppLocker can be made over the server Win2k8 R2 Group policy and you can specify the file path and digital signature.
Sharing computers with other is very often at the work environment or at the Cyber Coffee and you can find that users likes to change settings or to remove someone else files here Microsoft has integrated the PC safeguard, so by activating this service, when the user exit the session all setting changes performed will be cancelled and all new files will be deleted. Previously to have this functionality on the PC it was necessary to implement a separate tool SteadyState for Windows.
BitLocker , this is a fully system encryption, it was first introduced at Windows Vista SP1. During the Installation 2 partition are automatically created (Boot, System) and you can encrypt the system partition and pull there your sensitive files. BitLockerToGo also allows encrypting external storage devices after formatting (FAT/FAT32, ExFAT or NTFS). Data access is possible only to authorized users by performing authentication mechanisms like (password, smartcard…).
Now what about Windows Firewall?
The first Windows Firewall version was on WindowsXP SP1 and on SP2 it becomes by default. But many users have not find it useful because you can just enable or disable it nothing to monitor and a lot of vulnerability that allows an intruder to accede the system by exploiting WF Bugs,a very limited functionality by filtering only the inbound traffic. Vista updated the firewall that it calls “Windows Security Center”.
The main enhancement on WF includes:
- Outbound traffic filtering
- Detecting certain types of network attacks
- Network security access control programs
- Support for IPv6 and IPsec.
- Setting parameters via Group Policy Objects(GPO)
WF includes a three dynamic profiles (domain,private,public), the system automatically identifies the network and applies the appropriate profile, but here if you will connect to another network next time Windows will apply the same previous profile because there is the Network Location Awareness (NLA) service that holds the information about network in his database. So this can restrict your Internet connection.
On Windows 7 you can customize the profile as you wish. For example you can activate (Block all incoming connections, including those in the list of allowed programs) this will provide maximum protection and be notified about any program tries to access the Internet by activating (Notify me when Windows Firewall blocks a new program), so it is easy to configure.
To open a port on WF in vista you must specify multiple ports and be separated with comma but in widows 7 you can specify a range of ports this is very comfortable.
Now what about the Office UAC (User Account Control)?
In windows working with the Admin account makes your work very comfortable, all actions are allowed, does not require any additional permissions to install software updates, access to the hard disk partition… and here what about viruses?
Under the privileged mode the user intentionally can click on any icon open any webpage that may be infected and harm the system. With UAC user are invited to confirm any action lunched on the system, The mechanism is simple enough and at the same time effective, but it is annoying because system requests to accept the action for any new program installation or executable file to run.
To disable UAC take a look at TweakUAC a free software tool that you can use to quickly turn UAC (User Account Control of Windows Vista) on or off, or to make UAC operate in the quiet mode.
There are a lot of changes in Windows 7 that provides Simple users and Administrators more opportunities to organize a comfortable and safe environment.
make sure you subscribe to my RSS feed!
Computer’s could get owned by a USB device
Posted by Mourad Ben Lakhoua in Operating System, Password Security, Pentesting on September 21, 2009
USB Switchblade is a tool that can help you to be a king on the enemies’ land. Hack5 USB Switchblade is the second name for this tool but this does not change anything.
The project consists of several software packages that do a great job for password grabbing and pentesting:
Dump SAM is made for dumping the windows Security Account Manager.
IE/Firefox Password Grabber makes a good job for grabbing browser passwords.
VNC-Service is a hidden installer that helps to add users and monitor the network activity on the victim machine.
On the official sites there are several techniques for using this tool:
1. Max Damage Technique just Plug your U3 Drive in any computer with XP/2000/2003 (Requires Administrator account) and Wait about 20-45 seconds Eject U3 Drive, Go to “Run” in the start menu, Type in “X:\Documents\logfiles”(X = Flash Drive Letter) Press enter, Open the text file with the computer name you got into and you will find what you are looking for.
2. Amish Technique here you start by Downloading the Amish Payload 1.0, Extract the payload to the root of your flash drive, Plug your flash drive in to any computer, Go to “My Computer” double-click (autorun) the USB Drive, Select the “Open Files On Folder” option when inserted into a target computer, Wait about 20-45 seconds, Eject the flash drive, Go to “Run” in the start menu. Type in “X:\Dump”(X = Flash Drive Letter), Press enter , Open the text file with the computer name you got into and that’s it.
3. Gandalf’s technique: the advantage of this technique that you can use it on a USB drive, iPod, local computer, it doesn’t matter you just need to run start.vbs and then you can find the passwords and logs at $backup/%computername%.7z.
This brings a very important issue in the corporate security, disabling the usb ports is vital for the Information system but companies also need to pay attention on educating users about the potential security risks posed by USB flash drives. On the other hand it can be sometimes very useful 
.
make sure you subscribe to my RSS feed!
SANS: Rising numbers of zero-day vulnerabilities
Posted by Mourad Ben Lakhoua in Internet, News, Operating System, Vulnerabilities, Web Security on September 16, 2009
TippingPoint and Qualys two security companies have been involved in a study named “The Top Cyber Security Risks” revealed that more than half of all cyber attacks are targeting applications and websites. This report is based on information collected from March to August 2009 from customers that are using the Intrusion prevention system and network monitoring solutions from both company.
According to the report the numbers of vulnerabilities discovered in applications exceed those for operating systems. Bugs in Adobe PDF Reader, QuickTime, Adobe Flash, Microsoft Office and other popular Web browsers are frequently used to spread malicious code over the internet.
At the same period the study revealed that organizations are updating the network application two times longer than it in the operating system, even that vulnerabilities in OS are less number. However there were no wide spread worms for operating system detected except Conficker.
One of the most serious network threats in the report is that there are some major software companies are not focusing on providing fixes for several zero-day vulnerabilities as a result some bugs still remains update for more than two years.
Very interesting study you can find more details about it here.
make sure you subscribe to my RSS feed!
New Vulnerability in FreeBSD
Posted by Mourad Ben Lakhoua in News, Operating System, Vulnerabilities on September 15, 2009
New security vulnerability have been discovered in FreeBSD, this bug allow a limited right user to gain a complete control over the system (root privileges).
This Bug concerns FreeBSD version 6.0 to 6.4 while the last two versions that are widely used FreeBSD Version 7.1 and higher are not affected.
According to Przemyslaw Frasunek an independent security consultant the bug is the result of a race condition in the FreeBSD kqueue that leads to a NULL pointer dereference in kernel mode. Attackers can cause vulnerable systems to run malware by putting the code in a memory page mapped to address 0×0.
Here you can find the video demonstrating how to exploit this vulnerability by Frasunek.
make sure you subscribe to my RSS feed!
Microsoft leaves patches surprise
Posted by Mourad Ben Lakhoua in News, Operating System, Vulnerabilities on September 6, 2009
Microsoft announced lately that it will release five critical updates for windows, but at this time Microsoft did not provide the technical details regarding the patch list like the previous one.
However Andrew Storms nCircle’s Director of Security Operations, made a statement about the possible upgrade kit composition, In particular the expert suggested that we will see update for the Active Template Library (ATL) the vulnerability which has been disclosed publically in July while there is four to five updates concerning Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.
According to Storm the Tuesday patches will not include the IIS Web server vulnerability while Microsoft promised that it would patch IIS at some point.
Release of these bulletins is scheduled for Tuesday, September 8, so we are still looking for the surprise.
make sure you subscribe to my RSS feed!
New Service to Boot Operating System over Internet
Posted by Mourad Ben Lakhoua in Internet, Operating System, Webcasts on September 1, 2009
New service allows users to download and install any Linux operating system directly from Internet. Netboot.me is a website that provides a bootable image and burns it to a CD, USB memory stick, or floppy disk that displays a menu with the distribution list and some useful tools for system diagnostics, partition and recovery.
Basically Netboot.me uses open source loader gPXE. Which is significantly enhanced by expending new protocols including NFS, FTP and HTTP. You can find in the OS List: Tiny Core Linux 2.2, Micro Core Linux 2.2, Debian Lenny, Debian Testing, Fedora 11, openSUSE 11.1, Ubuntu 9.04 and 9.10, and FreeBSD 7.2.
Here you can find a screenshot demonstrating how to use it as a universal bootdisk and installer.
make sure you subscribe to my RSS feed!
Telnet Fingerprinting
Posted by Mourad Ben Lakhoua in Fingerprinting, Operating System on August 21, 2009
In some cases we fail to find the real information regarding a host on the network. NMAP can be a good scanner but it also can fail to give us the real OS version. Passive fingerprinting is another good way but now a day changing the OS fingerprint is very common by network/system administrators,To solve this problem and find host finger print there is many ways but we can try the following:
Download telnetrecon and make sure that the telnet port is open (TCP23), after running the application we start the negotiation with the targeted machine so for example if the machine is Microsoft Windows XP it will respond as follow:
ÿý%ÿûÿûÿý’ÿýÿýÿû
Those characters will be translated to their ASCII representation which is easier to analyze and compare them. This will generate the following fingerprint string:
255-253-37-255-251-255-251-255-253-92-39-255-253-255-253-255-251
3. Telnet specification can be found in RFC 854. Explanation response is described as follows:
255 – IAC data byte
253 – DO Code
37 – Authentication option (RFC 2941)
255 – and another IAC-byte
251 – Code WILL
This is a good approach for identifying a host remotely you can try it on your LAB.
make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for the Operating System category.
SUBSCRIBE
