Friday, November 30, 2007
Interesting recent reasearch by Sunbelt disclose that while performing search we might be visiting a malware infectious website and downloading a virus or botnet agent which will be aiding attacker to generate traffic for their website or affiliates. Here is the article: Heads up - more Google poisoning on way.
When SOMEONE UTTERS the phrase "organized crime" these days, it's hard not to think first of Tony Soprano and his buddies. ADD "cyber" to the mix, and what pops to mind might be an image of Cyber Criminals Getting Organized with new technology.
Anatomy Of A Hit: Part 1
Step 1: Launch multiple, high-volume spam and phishing e-mails that direct recipients to malicious fake websites controlled by the attackers.
Step 2: Compromise the user's host through exploitation of Web browser vulnerabilities and install a downloader.
Step 3: Wait until the downloader, after a time delay, installs keystroke loggers, backdoor root kits and botnet agents to capture and aggregate thousands of credit card numbers with other banking data.
Step 4: Use "work from home" spam or similar ones and make fake websites to recruit a virtual army of mules.
Anatomy Of A Hit: Part 2
Step 5: Use stolen data to access indiviual back accounts and transfer funds into mules' accounts. Letting them to keep 10-20% of the transaction amount.
Step 6: Have miles convert remainder of funds intro electronic checks Incase they are caught at any time, cut them off from business and show no response.
Step 7: Deposit checks, typically into overseas holding accounts.
Step 8: Use that money to buy high volumes of hard-t-trace, easy-to-use gift cards.
Step 9: Use a different set of mules to purchase goods with gift cards at one large retailer and return them, for cash, at another OR sell it on ebay:)
Step 10: Repeat, Repeat, Repeat.............
Thursday, November 29, 2007
In a recent Keynote speech, IBM ISS General Manager Tom Noonan described the far-too-common reality of enterprises believing their security infrastructure is working when isn't. This creates an incredibly target-rich environment for today's cyber criminals.
CONSIDER THREE OF NOONAN'S EXAMPLES:
"In one engagement, our consultants penetrated the defenses of the national electric utility for Mexico through a rogue wireless access point. I asked our lead consultant how critical the situation was. He said, "Incredibly critical. I could set it up so you could be sitting in a cyber cafe in China and shut off all the electricity in Mexico. Give me a few days and I could spell my daughter's name in lights in Mexico City so it's visible from space."
"In an engagement we had with a county government in Florida, their security team swore up and down that their systems were completely protected. Within a day or two, our consultants penetrated the county's parole management system through application vulnerability. They had complete access to the system - to the point where they could have started discharging criminals from county jails."
"A municipal organization in Atlanta saw that their IT budget was skyrocketing year over year. They asked us to take a look at their data center to figure out why they kept running out of capacity. We found that one of the world's largest distributors of pornography had co-opted their servers and was running operations out of their data center."
These stories seem remarkable but they are really normal in security world. Security consultants and Pen-testers have hundred of stories like this. And the root cause of the problem is always the same - the customers are trying to protect themselves with defenses that are easily by passed by today's modern cyber criminals.
Wednesday, November 28, 2007
Playstation 3 can perform password cracking much faster
Recent research by a Nick Breese from New Zealand disclose that gaming console can perform password cracking 100 times faster then usual Intel hardware.
It’s interesting to know that with technology on rise is indirectly rise in security risk as well. Worth reading an article for more details: PlayStation a hacker's dream
Tuesday, November 27, 2007
I was reading an article on McAfee Avert Labs Blog and found a really interesting post from Seth Purdy. I would recommend everyone should read the post “Pay Up, Or The Computer Gets It! As it really gives us the inside story about Porn Websites terms and conditions as well as how there trial period works ;)
Before you read this post, I am assuming that you already understand what a yahoo booter is?, and how it works?. If you don’t even know anything about Yahoo Booter , you may describe Yahoo Booter as a program that uses some Yahoo ID that acts as BOTS to Flood a victim’s yahoo messenger ID by sending / bombing it with “BUZZ”, Private Messages , etc. The main reason for booters to do that is of course to make the victim’s IM CRASHED / or even cause the Computer system will be CRASHED.
Nowadays, many people start using IM on their Mobile Phone (such as HUTCH, etc) right? Ok, you must now have had a clue of what I amm trying to tell you in this article, the idea of this article is to try attacking a victim who uses mobile IM. Will Yahoo Booter just work as usual as it works on the PC? Well, my friend had it tried. And it totally worked! (in this article i won’t publish any cellphone’s Brand of what the victim was using) It didn’t only crash the IM software , but also the whole system of the mobile phone got Crashed! and it’s really hard to be fixed. OMG , that’s cruel .. don’t you ever try this sh*t.
Monday, November 26, 2007
Interesting, many organisations don’t actually care looking at auditing an oracle database. I was recently reading a simple oracle auditing article which really gives us a quite a bit of over view from Oracle gurus. Below is the few Interesting things to look at Oracle database.
system / manager (this use can change sys's password)
sys / man (highest privileged account)
scott / tiger
alter all_user klx identified by asdfafds
grant dba to userid
grant connect to userid
identified by password (new user)
select username, password from sys.dba_users
select * from profile DEFAULT
alter profile default invalid_logins unlimited
audit connect on default whenever successful
audit connect on default whenever not successful
audit update on default whenever successful
delete * from sys.aud$
select owner, table_name from sys.dba_tables
Here is a nice link with tutorials on how to Secure Oracle. Decrypting Oracle toplink workbench passwords. Oracle Tools such as the decryption of the Oracle toplink mapping workbench password algorithm.
Friday, November 23, 2007
A major upgrade to Gmail is getting the thumbs down from users who complain that the new version is extremely slow, often fails to load pages and even crashes their browsers.
People have flooded discussion forums with complaints since Google began "upgrading" users about two weeks ago to the new version, popularly referred to in the blogosphere as Gmail 2.0.
Ironically, Gmail 2.0, which features an upgraded contacts manager, is designed to be faster and more stable. Gmail 2.0 is based on what a Google spokesman calls "a major structural code change" upon which new features will be launched in coming months.
The most common complaint is that it is generally very slow, with delays of a minute or more when attempting to display the inbox upon logging on, to record keystrokes when typing text and to respond to mouse clicks. Often the tasks time out. Others report that Gmail 2.0 repeatedly crashes or freezes their browsers, in particular Firefox.
If these users switch to the "old" Gmail version, the problems go away. However, these users say they have to switch manually every time they log on, because Gmail 2.0 automatically became their default version once they got upgraded to it.
Thursday, November 22, 2007
Joel Esler, handler from Dshield posted a very good example of Social Engineering. It is worth looking at.
Social Engineering, just by asking!
Published: 2007-11-21,Last Updated: 2007-11-21 15:03:38 UTCby Joel Esler (Version: 1)
A reader wrote in to tell us about a spam he received that read like this:
"I'm a computer engineer at Islamic University of Gaza(IUG), the network of my university hacked in the last few months , now I design a secure model to repair the network security system in IUG but my experience still little, so I hope that I can obtain a diagram or flowchart or map of your university network security system to study it and see how can apply it in IUG system."
I guess that's a good way of getting information about your network innards instead of hacking it "hey, can you just send me your visio diagram!? That'd be great, kthnkx!"
Gotta watch out for that Social Engineering. It's the basis of all those bank, visa, mastercard, etc... spams. Phishes, and whatever other things are out there now-a-days. Counting on a "uneducated" user to click and fill out some information.
Wednesday, November 21, 2007
Many Windows error messages provide a hexadecimal error code, for example 0x8007267C. This code can provide helpful information. But how to translate it into a readable error message?
At least two commands can be used to decode an error code:
· certutil -error [Code]
· err.exe [Code]
certutil -error 0x8007267C
Certutil is part of all Windows server stock keeping units (SKU) and Windows Vista. The err executable is available from the Microsoft Download center.
Where can I find a list of Microsoft Security Blogs and Web Resources?
Feliciano Intini's (much of the site is in Italian) Microsoft Security Taxonomy 1.0 is a handy resource as it lists many of the Microsoft security team blogs and functional area web sites.. Visit: Microsoft Security Blogs