26.2.09

complete password attack :

Thanks from F.security :

Types of attack on Password

It always seems to be very simple when we type our credentials to get into banking sites to do some transaction or commercial sites for purchasing some stuff but in this post I am trying to explain some of the types of attacks on password which can make you bankrupt, I am no kidding read on:



1) Hardware Device: When we talk about hardware we think that it will take time to install and only experts will be able to use this attack but NO this hardware device is very simple to install and can be installed by a kid in 10 seconds or less. See the below image to get an idea how simple it could be. Criminals have installed this device on bank machines to get the bank credentials which has costed millions of pounds to banks. Students installed them on there teachers system to get an access to the exam papers. there could be lot of other instances where these simple plugs can be installed and exploited.



2)Software Malware - Keyboard logger: We all enjoy free stuff and now and then we tend to use free softwares available on the internet. These softwares can save couple of dollars in your pocket but may cost you a lot. Imagine a scenario in which you down-loaded some free software and that software has a malware which modifies the OS kernel to get your credentials when you login to the system. These malwares can also capture the credentials when you access different banking sites. They can store these passwords locally and send them to there servers where attackers can use your bank credentials to transfer money to there bank or play in casino. Be very careful when you use free softwares.



3) Dictionary Attack: We all use dictionary and know that most of our password comes from one or the combination of words from dictionary. Yes you got me what I am going to talk. Smart people have written softwares which can be hooked in a PC to try all the possible combinations of password on a system. One solution to this problem which many organizations/banks have already implemented are locking the account after N number of unsuccessful password attempts.



4) Social Engineering Attack: If you get a call from a person saying that he is from the security team and they got an alert that your account is having some problem and it may lead to delete all of your data from the box. They can fix that for you if you can just let them know your account password, there are chances that some of us will agree to this and simply give it. I have seen many organizations where users give there choice of password to the help-desk persons and ask them to reset there password to the one they want. Users don't realize that this can give open door for other person to access to the secure stuff they should not be looking into.



5) James Bond Attack: Research institutes are challenging that they can listen to the keystrokes and guess the users password with 90% of accuracy. This is one of the reason that very confidential rooms does not let even a single voice go out of the room.

24.2.09

Top 5 Antivirus

Worldsecure team recommend :
1- Total Security Bit Defender 2009 : High Secure , Medium cpu and memory load , Auto virus definition update , low price
( Bad issue : it has serious problem with bootup operating system , mostly with VISTA )


2-
Kaspersky 2009
: High Secure , medium cpu and memory load , auto virus definition update , low price .
( Bad issue : There is some logs for cpu and memory load with normal pc , not recommend for normal pc )
( Best issue : Best anti-virus has been known with ISA - 2006 )

3- Eset NOD 32 :
Secure , low cpu and memory load , auto virus definition update , low price
( Bad issue : Some issues after bootup a system or scan anti virus is not working anymore )

4-AVG 8.0 : Secure , low cpu and memory load , auto virus definition update , normal price

5-WEBROOT : Secure , low cpu and memory load , auto virus definition update , normal price

Note : every comment in this weblog are usable for professionals , so we dont mention about normal issue same as easy to use or etc .

We let you know bad issues about these anti viruses daily . check it out tommorow .
Worldsecure

23.2.09

Password Attacks


Four types of password attack :
- Password online attack
- Active online attack
- Ofline attack
- Non electronic attack



Password online attack :

Man in the middle and Reply attacks
* Get access to communication and wait until authinetication sequence (there is no need to brute force )
Notice :
Sometimes hard to access - must be trusted on both side - tools widely available - can be broken by invalidating traffic
Sniffing
*Access and record network traffic , wait for authentication request and reply , brute-force credentials ... The best way for finding password

Active online attack : Password guessing

*Try different password until you find .. do not suggest çaz it will be easily detected and it needs huge amount of network traffic .

Offline Attacks :

* Times consuming , web service available , password cracking available , LM has is vulnerable
Dictionary attack
Make your own list or Use default A-Z , 0-9 .
Hybrid attack
Same to dictionary attack and append symbols

Non Technical attacks

Shoulder surfing
Watching someone types his password .... and ... enjoy :D
Keyboard sniffing
Using hardware or software to find ( Key-logger ) , realy hard to detect .. most successful way !
Social engineering
We will discuss next..

Some notification:

Microsft uses different ways to protect passwords : LM , NTLM v1 , NTLM v2 and KERBEROS
We will discuss about these protocols next .

Tools :
Rainbow crack ( Hash cracker ) , Kerbcracker ( Sniffing and password cracking ) , Netbios DOS attack ( Mostly used for windows 2000 ) , John the ripper ( One of the most powerful using to crack unix and windows password ) , Lophtcrack , ScoopLM , SMBRelay ( Man In The Middle attack by eavesdropping or redirecting a connection ) , SMBDie ,

How to Disable LM hash ?
*Best way : Editing registry by locating the following key :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa make a key type Nolmhash .
*Second chance : Implement a security Policy by using group policy by disabling : Network Security : Do not store hash value on next password change .
*Last chance: Use a password with at least 15 characters .

15.2.09

Denial Of Service


A DOS attack is an attack through which a person can render a system unusable . or significantly slow it down for legitimate users , by overloading its resources . ( most likely crash)

Goals of attacker :

- Flood a Network
- Disrupt a connection
- Disrupt a service to a specific system

Impacts :

- Disabled Network
- Disabled organization
- Financial loss

Types:

- DOS
- DDOS ( Distributed Denial Of Service )


Classification:

- Smurf
- Buffer over flow
- Ping of death
- Teardrop
- SYN attack

Smurf

Spoofed source IP set a large amount of ICMP echo traffic to a victim host and caused overwhelm the network victim connection .

Buffer overflow

Some programmes write more information into the buffer than it has allocated in the memory . e.g. Sending an email message that have attachments with 256 – character file names can cause .

Ping Of Death

The attacker sends an IP packet larger than the 65535 allowed by IP protocol. The identity of attacker can be easily spoofed.

Teardrop

It is a UDP attack which uses overlapping offset fields to bring down hosts. If the receiving system cannot aggregates the packets it can crash the system.

SYN attack

The attacker send TCP SYN request to victim , so host allocates memory to the connection. This attack exploit the tree-way handshake. When host A receive a SYN request from host B it tracks connection and port partially opened at least for 75 seconds.


Tools

TARGA – NEMESY –CRAZY PINGER – PANTHER 2 – UDP FLOOD and etc.

2.2.09

Google Malfunction Tagged All Internet Websites As Malware Infected


Google’s main search engine mistakenly identified every site on the web as malware, according to reports in US and the UK. Following any search query, Google’s search engine tagged each result with the words: “This site may harm your computer.
Attempts to visit any website through a search link popped up Google’s usual malware warning.

Google has been warning again use of the web for at least 45 minutes in the US and the UK. No comments were made by Google but the problem got fixed in an hour, after 7:30am Pacific time.
Update: Google posted an explanation in their official blog:
What happened? Very simply, human error. Google flags search results with the message “This site may harm your computer” if the site is known to install malicious software in the background or otherwise surreptitiously. We do this to protect our users against visiting sites that could harm their computers. We maintain a list of such sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list.
We periodically update that list and released one such update to the site this morning. Unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.