Thursday, December 27, 2007

Security Trends to Watch Out in 2008

Symantec Security Trends in upcoming year...

Inching close to year end as we are, security companies are focusing on the year to be, telling us what virus threats we need to watch out for, and what will be the security scenario in the coming year. Security major, Symantec, has come up with a list of such security trends to look out for in 2008.

First on the list is "election campaigns". With political candidates increasingly turning to the World Wide Web, it is important to understand the associated security risks. Which include things like diversion of online campaign donations, dissemination of misinformation, fraud, phishing, and invasion of privacy.

Symantec claims to have analyzed 17 well-known candidate domain names in the course of the US 2008 elections, to reveal that a large number of typo and cousin (correctly spelt with additional wording) domain names have been registered by parties other than the candidates' own campaigners. A lot of these Web sites are registered for driving traffic to advertising Web sites.

The second trend to keep an eye on is "bot evolution". Symantec is expecting bots to diversify and evolve. For instance, phishing sites hosted by bot zombies. Bots tend to be 'early adopters' of new functionality, and as a result, they can be used as test environments for using newer malicious functionalities on a variety of targets before actually using these. Bots may be used in client-side phishing attacks against the legitimate owner or user of an infected computer, which allows phishers to bypass traditional phishing protection mechanisms, or they may be used to artificially increase apparent traffic to certain Web sites by hijacking browsers.

Bots may also give attackers specific access to infected PCs, which they can use to their advantage. Say if bot owners advertised their controls on PCs within an organization, parties interested in the organization may pay these guys for access to that control.

The third suspect, according to Symantec, is "advanced Web threats". With increase in the number of available Web services, and with browsers continuing to converge on uniform interpretation standards for scripting languages like JavaScript, Symantec expects the number of new Web-based threats to continue to rise. Symantec also warns against "user-generated content", which the company says can be used to host browser exploits or distribute malware/spyware, or host links to malicious Web sites. Completing Symantec's list of security trends for 2008 are "mobile platform", "spam evolution", and "virtual worlds".

Symantec says 'Mobile' security has never been a high priority. And with phones becoming more complex and interesting and connected, hackers will increasingly rely on mobile transactions offered by banks and other money transfer agents.

Similarly, Symantec expects 'spam' to evolve in trying to evade newer blocking systems and finding newer ways to trick users into reading messages. Newer attachment files in the form of mp3 and flash, or guised as social networking sites might come into play.

Last but not the least, Symantec expects that with the growing use of persistent virtual worlds (PVWs) and massively multiplayer online games (MMOGs), newer threats will emerge as criminals, phishers, spammers, and other anti-social elements turn their attention to these avenues.

Friday, December 21, 2007

Social Networking Websites

Using of FaceBook, MySpace and other Social Network Websites during Work Hours?

I was quite surprised to see the stats of a recently surveyed carried out by Microsoft showing that 4.17% of people stay connected throughout the working day to their favourite Social Networking Website. 42.50% of the people are joining the network without knowing all the members of that network. For example, People are joining London when they don't know all the members in London. Mind you, all members in London can get access to your profile if you haven't set any special privacy settings.

I was reading a post by Steve Lamb in regards to a recently surveyed and would like to share with my viewers.

What are the UK trends in the corporate use of Social Networking sites like Facebook, LinkedIn and MySpace?

Microsoft recently surveyed nearly four hundred IT Professionals to find out their approaches to Social Networking. You can view the full results here.

I think the findings are interesting as the results suggest that social networking sites are more popular with IT Pros than end users by a factor of nearly two to one.40% of IT Pros do not see any security concerns in using social networking sites and 46% of companies are not monitoring their use.

I AM concerned that 35% of respondents publish their address and date of birth on these sites.16% of respondents stated they have downloaded an application without checking it's safe - I would love to know what steps they took to verify the "safety" of a suspect application...

The whole idea of "downloading" an application in Facebook is quite different to the "traditional approach" as code is not actually downloaded to the client machine - it's simply enabled on the Facebook website/backend. Rogue applications DO pose a threat to the privacy of both those who install them AND their friends. They DO NOT pose a threat of compromising the security of the client machine as code is not installed there.

I would like to see all organisations providing guidance to their employees regarding the threat to privacy that thoughtless use of social networking sites can lead to. Only 17% of respondents state they have provided guidance to employees and fewer than 5% of the workforce actually say they have received advice.

Tuesday, December 18, 2007

MUST-HAVE Free Security Utilities

Ten free security utilities you should already be using:

  1. Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine. It can be used to scan all the installed applications on the PC to determine which programs are missing security patches/updates.

  2. OpenDNS is a must-have free service (there's no software to install) that speeds up Web surfing, corrects domain typos on the fly and protects you from phishing scams. All you do is change your DNS settings (instructions here) to the OpenDNS servers: and

  3. America Online's Active Virus Shield, powered by Kaspersky Lab, is one of the better free anti-virus packages available for Windows users. The program installs smoothly, pulls down hourly virus definition signatures from Kaspersky Lab and features real-time protection (including e-mail scanning).

  4. Haute Secure is a browser plug-in currently available for Microsoft's Internet Explorer that does real-time blocking of drive-by malware downloads. The tool, the brainchild of for ex-Microsoft staffers, fits behaviour-based profiling algorithms into the browser (Firefox support is coming soon) to identify and intercept malicious files in real-time.

  5. GMER, a free rootkit scanning tool built by Polish Windows internals guru, is widely hailed as the best at ferreting out stealth rootkits from PCs. GMER does an excellent job of finding hidden processes hidden services, hidden files hidden registry keys, hidden drivers and all kinds of driver hooking.

  6. Netcraft Toolbar is effectively a giant neighbourhood watch that helps you spot phishing and other identity theft schemes. It provides a direct glimpse at the hosting location and Risk Rating of every site you visit.

  7. File Shredder is a must-have privacy tool that wipes/destroys documents beyond recovery. With File Shredder, you can choose between 5 different shredding algorithms, each one gradually stronger than the previous one to get rid of files forever.

  8. CCleaner can remove unused files, temporary files, URL history, cookies from the three main Web browsers (IE, Firefox and Opera). It can also be used to delete temp files and recent file lists for all those third-party applications sitting on your PC.

  9. PC Decrapifier does exactly that -- removes crapware that comes pre-installed on Windows computers. This program will not remove crapware from older computers but is perfect for new machines that ships with trialware.

  10. NoScript for Firefox must-have Firefox extension does pre-emptive blocking malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

Sunday, December 16, 2007


Send Message Keep Secret

Cryptograf is a mobile based software which helps you to encrypt your SMS and MMS.Allows users to send encrypted and digitally signed SMS and MMS on widely available Symbian smartphones. User experience of mobile messaging with CryptoGraf is simple when encrypting messages to send...or when decrypting received messages. Users generate their own private encryption key and save the corresponding public key (for distribution) as a standard secure digital certificate.

The Art and Science of Ensuring the Security and Integrity of Messages

In Greek "grafo" means write.

Cryptography related technologies, for privacy protection, have been available for use on computers for a long time. People have been sending encrypted email messages for more than 10 years. It's about time for technical innovations to make cryptography usable on the mobile phone. Currently, use of crypto for business and trade has overtaken the volume of crypto used by governments and military combined. Crypto is now used to encode satellite television signals, protect banking and ATM networks, and almost every purchase done over the internet.

More Information: CryptoGraf and Software Download: CryptoGraf Download

Friday, December 14, 2007

First Crucial Hour

When Your Security Is Compromised, Panic May Be Your Biggest Enemy.

We always here from people that whenever there is danger or problem first thing you should do is calm down and don't get panic. Even more important is a calm response. Your initial and frantic reaction may be to fix the breach, but that is counterproductive. Instead, do three things:

  • Assessn what's really taking place. Look at the situation holistically. Is it a system error? A hardware issue? A software issue? Which system is affected? Which network is affected? Can you segment the affected networks so that unaffected networks can continue to function?
  • Diagnose the problem. Just as emergency responders do, conduct triage, a method of screening and classification. Sometimes security or network devices can send out false positives that can me misdiagnosed. Did someone make a configuration change the night before that wasn't properly documented and is affecting the network? Is there a new patch to an application that no one knew about?
  • Preserve logs that indicate what happened. Sometimes in the haste to bring a system back online, staff will use backup data to restore the system. Unfortunately, that can erase important data that helps trace and analyze the problem, so be sure someone is responsible for finding and preserving system logs that will offer vital insight into the event. In certain situations relating to complaince, companies are required to maintain records of what happened and how they resolved the problem.

Wednesday, December 12, 2007

10 Security Trends and Predictions

A Snapshot of the X-Force team's annual report

  1. The VOLUME OF SPAM DOUBLED from 2005 to 2006. The U.S., Spain and France are the three largest originators of spam.
  2. Local-Language spam will grow as cyberprowlers increasingly target specific countries. Currently, 93 PERCENT OF SPAM MESSAGES are written in English.
  3. FOUR OF THE TOP FIVE COUNTRIES targeted by phishing scams are also part of the top 10 countries hosting shopping and banking websites. These include the U.S., U.K., Germany and Canada.
  4. The quantitiy of "unwanted" Web content such as VIOLENCE, CRIME, PORNOGRAPHY AND SEX NEARLY DOUBLED IN 2006. The U.S. is the top hosting site for this content, followed by South Korea.
  5. Image-based spam techniques will grow increasingly sophisticated. In 2007, NEW FORMS OF IMAGE-BASED SPAM likely will evade exisitng protection solutions.
  6. Much like a biologic virus, MALWARE WILL CONTINUE TO EVOLVE and change characteristics. The classic malware groups (virus, rootkit and spyware) will blend, making stand-alone security products less relevant in 2007.
  7. Web exploit obfuscation and encryption technologies are increasingly popular, making it dificult for signature-based INTRUSION DETECTION and prevention products to detect attacks.
  8. HACKERS ARE INCREASINGLY TARGETING WEB BROWSERS. Managed exploit providers are purchasing exploit code from the underground, encrypting it so that it cannot be pirated, and selling it for the top dollar to spam distributors. As a result, signatured-based protection systems will become less effective in 2007.
  9. NEW OPERATING SYSTEM RELEASES - coupled with new applications for those operating systems - will likely push the number of vulnerabilities higher in 2007.
  10. Vulnerabilities are not a Windows- or Microsoft-specific problem. In fact NEARLY 97 PERCENT OF VULNERABILITIES don't involve Microsoft's software.

Tuesday, December 11, 2007

Cross-Site Request Forgery

CSRF Hacking Database & Tutorial
What is CSRF? How does it work?

Well, CSRF is also known as Cross-site request forgery works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls allowing specific actions to be executed when it’s requested. If a user is logged into the site and an attacker will be able to trick their browser into making a request to one of these task urls, then the task is performed and logged as the logged in user. The CSRF vulnerability lies in most every Website, but it has remained mostly under the radar for nearly a decade — it’s not even included in the Web Security Threat Classification, OWASP Top 10 or Mitre Corp.’s. One of Indonesian security expert, zoiz even says that CSRF’s able to cause DOS attack against web server by manipulating the amounts of GET request. Well, it’s really horrible…

The only way to prevent yourself to be the victim of CSRF is to keep clearing cookies or ensure you’re properly logged off to all sites before you visit another. (I hope that’s not all)
A Step By Step Tutorial on CSRF can be read here , it’s a very nice walkthrough on CSRF I think. Well, if you’re familiar enough with Google Hacking Database , which is made by Johnny, right now I’ll introduce you the CSRF Hacking Database which is made by hackerswebzine. It’s definitely the same as Google Hacking Database, but it’s specialized on CSRF dorks.

Monday, December 10, 2007

SWF Intruder

Testing Security in Flash Movies

Today I have been reading a lot about Web Application Malware / Web Application Worm that spreads through social networking site, like Friendster and Myspace. Embed a malicious Flash SWF movie, is one of the most used technique to hack friendster account or hack myspace account as well. In the dumbest way, you could embed a malicious Flash swf movie script into your friend’s testimonial box, and make it to be redirected to a fake login page, and let them entry their login data , it’s only one of many dumb way to hijack friendster account or to hijack myspace account.
According to the condition specified above, a useful tool called SWFintruder has been developed, and known as the first tool for testing security in Flash movies. The major features of this tool are:

1. Basic predefined attack pattern
2. Highly customizable attacks
3. Highly customizable undefined variables
4. Semi automated Xss check

· Download the SWFintruder source code from GoogleCode.
· Extract the source code into the root of your web server.
· Browse to your
· Download some flawed swf files, and put it on your web server too.
· Fill the “Flash Movie” with your desired flawed swf movie, and then click “Load”.
· If some XSS was found, it will be listed in the Xss area click on it to get the result on a new browser window.

The other video tutorial on SWFintruder can be downloaded here. Other previews about this application can be read on: , , and .

Thursday, December 6, 2007

Can Consumers’ Infected Systems Harm you?

Buyer at your website can infect your system…

Who knows what evil lurks in the heart of computers? If you have an e-commerce server, your system could be in infected by malware from a consumer’s machine. Hackers can plant what’s called a bot on a machine that activates when the computer begins an SSL connection. Once the bot is in process, it is able to hijack the session or conduct a “man in the middle” attack, which would mean the hacker could execute remote code on the server.

The results can vary, from instigating denial-of-service attacks to stealing passwords. The solution is simple, however when you want to protect sensitive data such as employee records or bank account information, build a tiered architecture. That way, even if a hacker has access to a Web server, safeguards prevent it from communicating with the next machine in the hierarchy. You can solve most of those problems with perimeter controls.

Wednesday, December 5, 2007

Information Security - Basic Understanding

Immutable Laws of Security

I just came across a beautiful article while reading a blog of Steve Lamb. As mention by Steve, this article is fairly old but it is still worth reading it. Article tells the basic of Information Security and tells us what are the important facts we need to take in consider when talking about Information Security. See: 10 Immutable Laws of Security

Tuesday, December 4, 2007

Google is asking for help finding malicious Web sites

Google is asking everyday Web surfers to help with its efforts to stamp out malicious Web sites.

The company has created an online form designed to make it easy for people to report sites they suspect of hosting malicious code. It's the latest step by Google to expand its database of the bad Web sites it knows about, as those sites continue to proliferate.

The simple form has an entry box for the Web site's URL and a space to provide additional information. Users also fill out a "captcha" to prevent software robots from reporting sites automatically.

Security vendor Sunbelt Software said hackers appeared to be using various tricks to ensure their malicious sites appear high in Google's search results. Sunbelt said it turned up 27 different domains hosting malware, each with up to 1,499 malicious pages, or some 40,000 pages in total.

Why Can't We Get The BAD Guys?

What can be done...?

In the face of growing organized malfeasance online, what can and should individual organizations, local and national law enforcement, and the greater global cyber-community do? Stay vigilant on the micro level and get organized on the macro level.

That means enacting state-of-the-art security practices: harden your network, defend your perimeter to the death, adopt a layered approach to security internally, continue with filtering best practices, consider data-level encryption where appropriate (both in transit and at rest) and get a better picture of your networks' true reach.

Bigger picture, companies need to begin working within their respective industries and with local, state and national law enforcement to share information that can help detect organized activities.

"Right now the problem is that the bad guys talk with one another better than the good guys do. We need to share resources and information a lot better way than we do."

Monday, December 3, 2007

Adding Applications in your FACEBOOK account!

Always be careful of adding applications and what information you are giving....

FACEBOOK - no doubt is fast growing social networking website, which let users to add applications to their account to have bit of more fun while using their account. Unfortunately, most of the users doesn't even read message and just install application which could reveal their personal information and could affect their privacy information.

Detail information was recently published by Dshield handler John Bambenek in his recent post.
See: Facebook, pr0n and privacy

Friday, November 30, 2007

Be careful Doing Googling!

You might be visiting Malware infected website and you are not aware...

Interesting recent reasearch by Sunbelt disclose that while performing search we might be visiting a malware infectious website and downloading a virus or botnet agent which will be aiding attacker to generate traffic for their website or affiliates. Here is the article: Heads up - more Google poisoning on way.

Cyber Criminals Get Organized

Malicious and hard to detect, they are making a good living doing bad things

When SOMEONE UTTERS the phrase "organized crime" these days, it's hard not to think first of Tony Soprano and his buddies. ADD "cyber" to the mix, and what pops to mind might be an image of Cyber Criminals Getting Organized with new technology.

Anatomy Of A Hit: Part 1

Step 1: Launch multiple, high-volume spam and phishing e-mails that direct recipients to malicious fake websites controlled by the attackers.

Step 2: Compromise the user's host through exploitation of Web browser vulnerabilities and install a downloader.

Step 3: Wait until the downloader, after a time delay, installs keystroke loggers, backdoor root kits and botnet agents to capture and aggregate thousands of credit card numbers with other banking data.

Step 4: Use "work from home" spam or similar ones and make fake websites to recruit a virtual army of mules.

Anatomy Of A Hit: Part 2

Step 5: Use stolen data to access indiviual back accounts and transfer funds into mules' accounts. Letting them to keep 10-20% of the transaction amount.

Step 6: Have miles convert remainder of funds intro electronic checks Incase they are caught at any time, cut them off from business and show no response.

Step 7: Deposit checks, typically into overseas holding accounts.

Step 8: Use that money to buy high volumes of hard-t-trace, easy-to-use gift cards.

Step 9: Use a different set of mules to purchase goods with gift cards at one large retailer and return them, for cash, at another OR sell it on ebay:)

Step 10: Repeat, Repeat, Repeat.............

Thursday, November 29, 2007


What kind of Havoc can cyber criminals can wreak?

In a recent Keynote speech, IBM ISS General Manager Tom Noonan described the far-too-common reality of enterprises believing their security infrastructure is working when isn't. This creates an incredibly target-rich environment for today's cyber criminals.


"In one engagement, our consultants penetrated the defenses of the national electric utility for Mexico through a rogue wireless access point. I asked our lead consultant how critical the situation was. He said, "Incredibly critical. I could set it up so you could be sitting in a cyber cafe in China and shut off all the electricity in Mexico. Give me a few days and I could spell my daughter's name in lights in Mexico City so it's visible from space."

"In an engagement we had with a county government in Florida, their security team swore up and down that their systems were completely protected. Within a day or two, our consultants penetrated the county's parole management system through application vulnerability. They had complete access to the system - to the point where they could have started discharging criminals from county jails."

"A municipal organization in Atlanta saw that their IT budget was skyrocketing year over year. They asked us to take a look at their data center to figure out why they kept running out of capacity. We found that one of the world's largest distributors of pornography had co-opted their servers and was running operations out of their data center."

These stories seem remarkable but they are really normal in security world. Security consultants and Pen-testers have hundred of stories like this. And the root cause of the problem is always the same - the customers are trying to protect themselves with defenses that are easily by passed by today's modern cyber criminals.

Wednesday, November 28, 2007

Gaming Console Can Aid in Brute Force…

Playstation 3 can perform password cracking much faster

Recent research by a Nick Breese from New Zealand disclose that gaming console can perform password cracking 100 times faster then usual Intel hardware.

It’s interesting to know that with technology on rise is indirectly rise in security risk as well. Worth reading an article for more details:
PlayStation a hacker's dream

Tuesday, November 27, 2007

Watch Out, Before Signing Up On Porn Websites:)

Porn Industry Making Millions – No Wonder how?

I was reading an article on
McAfee Avert Labs Blog and found a really interesting post from Seth Purdy. I would recommend everyone should read the post “Pay Up, Or The Computer Gets It! As it really gives us the inside story about Porn Websites terms and conditions as well as how there trial period works ;)

Yahoo Booters Can Crash Your Mobile Phone!

How Is It Possible through Yahoo! Messenger? Well, It is possible..

Before you read this post, I am assuming that you already understand what a yahoo booter is?, and how it works?. If you don’t even know anything about Yahoo Booter , you may describe Yahoo Booter as a program that uses some Yahoo ID that acts as BOTS to Flood a victim’s yahoo messenger ID by sending / bombing it with “BUZZ”, Private Messages , etc. The main reason for booters to do that is of course to make the victim’s IM CRASHED / or even cause the Computer system will be CRASHED.

Nowadays, many people start using IM on their Mobile Phone (such as HUTCH, etc) right? Ok, you must now have had a clue of what I amm trying to tell you in this article, the idea of this article is to try attacking a victim who uses mobile IM. Will Yahoo Booter just work as usual as it works on the PC? Well, my friend had it tried. And it totally worked! (in this article i won’t publish any cellphone’s Brand of what the victim was using) It didn’t only crash the IM software , but also the whole system of the mobile phone got Crashed! and it’s really hard to be fixed. OMG , that’s cruel .. don’t you ever try this sh*t.

Monday, November 26, 2007

Oracle Security Auditing

Simple Oracle Security Steps....

Interesting, many organisations don’t actually care looking at auditing an oracle database. I was recently reading a simple oracle auditing article which really gives us a quite a bit of over view from Oracle gurus. Below is the few Interesting things to look at Oracle database.

Default Accounts

system / manager (this use can change sys's password)
sys / man (highest privileged account)
scott / tiger

Interesting tables


Interesting queries

alter all_user klx identified by asdfafds
grant dba to userid
grant connect to userid
identified by password (new user)
select username, password from sys.dba_users
select * from profile DEFAULT
alter profile default invalid_logins unlimited
audit connect on default whenever successful
audit connect on default whenever not successful
audit update on default whenever successful
delete * from sys.aud$
select owner, table_name from sys.dba_tables

Here is a nice link with tutorials on how to
Secure Oracle. Decrypting Oracle toplink workbench passwords. Oracle Tools such as the decryption of the Oracle toplink mapping workbench password algorithm.

Friday, November 23, 2007

Users give new Gmail thumbs down

Users complain new Gmail version slow, crashes browsers

A major upgrade to
Gmail is getting the thumbs down from users who complain that the new version is extremely slow, often fails to load pages and even crashes their browsers.
People have flooded discussion forums with complaints since
Google began "upgrading" users about two weeks ago to the new version, popularly referred to in the blogosphere as Gmail 2.0.
Ironically, Gmail 2.0, which features an upgraded contacts manager, is designed to be faster and more stable. Gmail 2.0 is based on what a Google spokesman calls "a major structural code change" upon which new features will be launched in coming months.

The most common complaint is that it is generally very slow, with delays of a minute or more when attempting to display the inbox upon logging on, to record keystrokes when typing text and to respond to mouse clicks. Often the tasks time out. Others report that Gmail 2.0 repeatedly crashes or freezes their browsers, in particular Firefox.

If these users switch to the "old" Gmail version, the problems go away. However, these users say they have to switch manually every time they log on, because Gmail 2.0 automatically became their default version once they got upgraded to it.

Thursday, November 22, 2007

Social Engineering, Always a Problem!

Joel Esler, handler from Dshield posted a very good example of Social Engineering. It is worth looking at.

Social Engineering, just by asking!

Published: 2007-11-21,Last Updated: 2007-11-21 15:03:38 UTCby Joel Esler (Version: 1)

A reader wrote in to tell us about a spam he received that read like this:
"I'm a computer engineer at Islamic University of Gaza(IUG), the network of my university hacked in the last few months , now I design a secure model to repair the network security system in IUG but my experience still little, so I hope that I can obtain a diagram or flowchart or map of your university network security system to study it and see how can apply it in IUG system."

I guess that's a good way of getting information about your network innards instead of hacking it "hey, can you just send me your visio diagram!? That'd be great, kthnkx!"


Gotta watch out for that Social Engineering. It's the basis of all those bank, visa, mastercard, etc... spams. Phishes, and whatever other things are out there now-a-days. Counting on a "uneducated" user to click and fill out some information.

Joel Esler

Wednesday, November 21, 2007

Decrypting PKI Codes

How to decode Windows errors?

Many Windows error messages provide a hexadecimal error code, for example 0x8007267C. This code can provide helpful information. But how to translate it into a readable error message?

At least two commands can be used to decode an error code:

· certutil -error [Code]
· err.exe [Code]

For example
certutil -error 0x8007267C

Certutil is part of all Windows server stock keeping units (SKU) and Windows Vista. The err executable is available from the
Microsoft Download center.

Microsoft Security Blogs

Where can I find a list of Microsoft Security Blogs and Web Resources?

Feliciano Intini's (much of the site is in Italian) Microsoft Security Taxonomy 1.0 is a handy resource as it lists many of the Microsoft security team blogs and functional area web sites.. Visit: Microsoft Security Blogs