Monday, September 29, 2008

Get trained to create secure software

New certification to create secure software

The movement to create secure software received a boost with the launch of a new certification from (ISC)2, called the Certified Secure Software Lifecycle Professional, designed to validate secure software development practices.

The certification, called the Certified Secure Software Lifecycle Professional (CSSLP), is designed to validate secure software development practices and build expertise to address the increasing number of application vulnerabilities.

The certification program takes a holistic approach to software security. It is code-language neutral, and applicable to anyone involved in software lifecycles. It's designed to ensure that software developers can prove they can write secure code and eliminate code vulnerable to hacker attacks.

In a statement, Howard A. Schmidt, president of the Information Security Forum, said, "All too often, security is bolted on at the end of the software lifecycle as a response to a threat or after an exposure.

New applications that lack basic security controls are being developed every day, and thousands of existing vulnerabilities are being ignored."

W. Hord Tipton, executive director for (ISC)2, added, "The CSSLP will be a key component in better critical infrastructure protection, reducing the risk of software malpractice suits and enabling stricter adherence to industry and government regulations."

Subject areas covered by the CSSLP exam include the software lifecycle, vulnerabilities, risk, information security fundamentals and compliance.
The seven domains of the CSSLP compendium of secure software topics are:

* Secure Software Concepts

* Secure Software Requirements

* Secure Software Design

* Secure Software Implementation/Coding

* Secure Software Testing

* Software Acceptance

* Software Deployment, Operations, Maintenance and Disposal

The first CSSLP exam is scheduled for the end of June in 2009.

Sunday, September 28, 2008

Is the GPS network vulnerable to hackers?

GPS network vulnerable to hacks claim researchers at Cornell

A Cornell University research team has demonstrated that it is, and that it is not that difficult to do. The Cornell team’s apparent ease at fooling a GPS receiver, a process termed “spoofing”, was presented in a paper at a meeting of the Institute of Navigation, Sept. 19 in Savannah, Ga.

The researchers demonstrated how their briefcase-size GPS receiver, used in ionospheric research, had been programmed to send out fake signals and when placed in the proximity of a navigation device, was able to track, modify, and retransmit signals being transmitted from the GPS satellite constellation. Gradually, the “victim” navigation device would take the counterfeit navigation signals for the real thing.

A government-led research team at Los Alamos National Laboratory addressed the issue of GPS spoofing in a report detailing seven “countermeasures” against such an attack. According to the Cornell team, such countermeasures would not have successfully guarded against the signals produced by their reprogrammed receiver. ”We’re fairly certain we could spoof all of these, and that’s the value of our work,” claimed paper author Todd Humphreys.

GPS is a U.S. navigation system of more than 30 satellites circling Earth twice a day in specific orbits, transmitting signals to receivers on land, sea and in air to calculate their exact locations. Handheld GPS receivers are popular for their usefulness in navigating unfamiliar highways or backpacking into wilderness areas. But GPS is also embedded in the world’s technological fabric. Such large commercial enterprises as utility companies and financial institutions have made GPS an essential part of their operations.

“GPS is woven into our technology infrastructure, just like the power grid or the water system,” said paper author Kintner, Cornell professor of electrical and computer engineering and director of the Cornell GPS Laboratory. “If it were attacked, there would be a serious impact.”

By demonstrating the vulnerability of receivers to spoofing, the researchers believe they can help devise methods to guard against such attacks.

“Our goal is to inspire people who design GPS hardware to think about ways to make it so the kinds of things we’re showing can be overcome,” said Psiaki, Cornell professor of mechanical and aerospace engineering.

Full story from Cornell Chronicle, via

Is Chrome a security risk?

Good post about Google Chrome

My lovely bride of 30 years worked from home yesterday, hoping to save our city some gas.

An e-mail came in from her administrator around mid-day which she decided to share with me. It told all users to shut down Chrome.

The e-mail called Chrome a security risk. It told all users within the company to use Firefox or Internet Explorer, to shut Chrome down. I don’t know how serious those concerns are. Without identifying my wife’s employer I will say it’s a conservative company, very security conscious, and often proactive. But this is a good time to ask how well Chrome is doing. Google Analytics says 1 in 40 visits to ZDNet Open Source are now done with Chrome. It’s currently on build 2200, Version (Click the wrench, then the About tab.)

Refer here to read full post on ZDnet Blog.

Wednesday, September 24, 2008

Fake Facebook 'Add Friends' E-Mail Adds Malware

Spammers are not targetting Facebook users by using Fake Facebook Scam..

Social networking sites like Facebook and MySpace give scam artists and virus writers new ways to package tried-but-true tricks. The latest example of this making the rounds is an e-mail that appears to be an invitation from Facebook to add a friend: A recipient who opens an attached image to take a look at their new friend instead opens the door for hackers to compromise his PC.

Internet security firm Websense warns about this latest scam, which takes advantage of common notifiers sent by Facebook to alert users when another user adds them as a friend on their social network.

The message also includes a login form to the Facebook home page. While there are countless examples of scam e-mails that try to steal Facebook usernames and passwords using a fake login page, any credentials entered into the form are sent directly to Facebook, logging the user into his or her actual page. Websense says this is probably a ruse to make the message appear more authentic, but in reality the scammers could have easily intercepted those credentials as well.

Please refer here to read full details.

My advice is to use little bit of common sense. Don't click links from your emails, make sure you go to Facebook through internet browser and type yourself. Little bit of protection will help you to defeat spammers and protect your sensitive personal details.

Monday, September 22, 2008

Double your browser's speed in just five minutes

8 hacks to make Firefox ridiculously fast

The right settings could make your FireFox browser faster , more than doubling your speed in some situations, all for about five minutes work and for the cost of precisely nothing at all. Here's what you need to do.

1. Enable pipelining

Browsers are normally very polite, sending a request to a server then waiting for a response before continuing. Pipelining is a more aggressive technique that lets them send multiple requests before any responses are received, often reducing page download times. To enable it, type about:config in the address bar, double-click network.http.pipelining and network.http.proxy.pipelining so their values are set to true, then double-click network.http.pipelining.maxrequests and set this to 8.

Keep in mind that some servers don't support pipelining, though, and if you regularly visit a lot of these then the tweak can actually reduce performance. Set network.http.pipelining and network.http.proxy.pipelining to false again if you have any problems.

2. Render quickly

Large, complex web pages can take a while to download. Firefox doesn't want to keep you waiting, so by default will display what it's received so far every 0.12 seconds (the "content notify interval"). While this helps the browser feel snappy, frequent redraws increase the total page load time, so a longer content notify interval will improve performance.

Type about:config and press [Enter], then right-click (Apple users ctrl-click) somewhere in the window and select New > Integer. Type content.notify.interval as your preference name, click OK, enter 500000 (that's five hundred thousand, not fifty thousand) and click OK again.

Right-click again in the window and select New > Boolean. This time create a value called content.notify.ontimer and set it to True to finish the job.

3. Faster loading

If you haven't moved your mouse or touched the keyboard for 0.75 seconds (the content switch threshold) then Firefox enters a low frequency interrupt mode, which means its interface becomes less responsive but your page loads more quickly. Reducing the content switch threshold can improve performance, then, and it only takes a moment.

Type about:config and press [Enter], right-click in the window and select New > Integer. Type content.switch.threshold, click OK, enter 250000 (a quarter of a second) and click OK to finish.

4. No interruptions

You can take the last step even further by telling Firefox to ignore user interface events altogether until the current page has been downloaded. This is a little drastic as Firefox could remain unresponsive for quite some time, but try this and see how it works for you.

Type about:config, press [Enter], right-click in the window and select New > Boolean. Type content.interrupt.parsing, click OK, set the value to False and click OK.

5. Block Flash

Intrusive Flash animations are everywhere, popping up over the content you actually want to read and slowing down your browsing. Fortunately there's a very easy solution. Install the Flashblock extension ( and it'll block all Flash applets from loading, so web pages will display much more quickly. And if you discover some Flash content that isn't entirely useless, just click its placeholder to download and view the applet as normal.

6. Increase the cache size

As you browse the web so Firefox stores site images and scripts in a local memory cache, where they can be speedily retrieved if you revisit the same page. If you have plenty of RAM (2 GB of more), leave Firefox running all the time and regularly return to pages then you can improve performance by increasing this cache size. Type about:config and press [Enter], then right-click anywhere in the window and select New > Integer. Type browser.cache.memory.capacity, click OK, enter 65536 and click OK, then restart your browser to get the new, larger cache.

7. Enable TraceMonkey

TraceMonkey is a new Firefox feature that converts slow Javascript into super-speedy x86 code, and so lets it run some functions anything up to 20 times faster than the current version. It's still buggy so isn't available in the regular Firefox download yet, but if you're willing to risk the odd crash or two then there's an easy way to try it out.

Install the latest nightly build (, launch it, type about:config in the address bar and press Enter. Type JIT in the filter box, then double-click and javascript.options.jit.content to change their values to true, and that's it - you're running the fastest Firefox Javascript engine ever.

8. Compress data

If you've a slow internet connection then it may feel like you'll never get Firefox to perform properly, but that's not necessarily true. Install ( and this clever Java applet will re-route your web traffic through its own server, compressing it at the same time, so there's much less to download. And it can even compress JPEGs by allowing you to reduce their quality. This all helps to cut your data transfer, useful if you're on a limited 1 GB-per-month account, and can at best double your browsing performance.

All I.E fans, have some patience - i will be posting similar tricks about I.E 6 and 7 soon.

Sunday, September 21, 2008

How to catch Linux system intruders

Secure your Linux box by locking it down and posting a guard to watch for intruders

"Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.

There's no doubt that Linux is a secure operating system. However, nothing is perfect. Millions of lines of code are churned through the kernel every second and it only takes a single programming mistake to open a door into the operating system. If that line of code happens to face the Internet, that's a backdoor to your server.

Patches are often released quicker and more often for Linux systems than they are for proprietary products. This is because anyone can take a look at the code – and thousands of developers regularly do. This 'many eyes' approach, which was advanced by Linus Torvalds, means that problems like back doors are usually found quickly. It also means that fixes are released just as quickly.

There's been a very vocal debate on the Linux kernel mailing list recently, with developers arguing about whether security bugs that are fixed should be formally announced and documented. Torvalds believes that making a big song and dance about security patches attracts the attention of miscreants like bees to honey. Others believe that anything but complete openness goes against the philosophy of Free Software.

The debate is still burning, but while the overlords of the Linux kernel are deciding which way to swing, there's a great deal you can do to protect your system, even if an Internet facing service is compromised in some way.

Watching for traps with Tripwire

Tripwire generates checksums from all the essential binaries that are running on your system. Every file has a completely unique checksum. If a single bit of data changes in the file, the checksum it generates will be completely different.

These checksums can't be cracked or duplicated because they rely on a tried and tested method of encryption. Using this database of checksums, Tripwire will periodically recheck the value of each binary file in its database. If any file has changed, the wire is tripped and an alarm is signalled.

This system is incredibly effective, because the first thing a hacker usually does when they gain access to your system is replace important system files with their own version. This is known as a 'rootkit', and it means that the hacker can always access your system – even after you locate and update the original 'back door' security problem.

There are various tools that look for the tell-tale signature of a rootkit installation, but Tripwire pre-empts these tools by catching changes to the file system – hopefully before the rootkit can even be used. For this reason, you can find Tripwire in the package repository of nearly every Linux distribution we can think of. Just search for it and install.

Tripwire defence has been so successful that a proprietary company has been launched on the back of the original Tripwire product; both are confusingly called Tripwire. Thankfully, however, the opensource version of the software is still popular, despite the fact that, like all Linux security tools, it takes a considerable effort to get it working.

Make sure everything that needs to be installed is installed. If you add more packages after the Tripwire installation, you'll have to go through a rather convoluted reconfiguration routine. For this reason, it's more straightforward to install Tripwire after you've configured and set up the server exactly as you need it.

You can download Tripwire from here.

Only 35% Of Oracle Users Continuously Monitor For Suspicious Activity

A recent Unisphere survey found 20% of respondents anticipated some kind of data security breach over the coming year.

Who's watching the database? Not every DBA is as diligent as he or she should be, according to a study released this week.

Oracle (NSDQ: ORCL) and the International Oracle Users Group commissioned Unisphere to survey the user group's members in July and August and, out of 316 respondents, found 20% anticipated some kind of data security breach over the coming year.

Six acknowledged some kind of violation over the last year. Three out of four acknowledged they do not consider all of their database systems to be "locked down." It wasn't clear whether by "security breach" they meant a small, inadvertent viewing of payroll or other sensitive data by an internal employee or the loss of 94 million records, as occurred at TJX (owner of T.J. Maxx, Marshalls, and other retailers) in January 2007. Survey participants acknowledged both insiders and outsiders pose significant risks.

Refer here to read full details.

Friday, September 19, 2008

Iphone Virus is out already

"Penguin Panic" trojan targets Windows iPhone users

iPhone-toting Windows users should keep an eye out for a trojan targeting their somewhat specific demographic. Spam e-mails advertising iPhone games—often with subject lines of "Virtual iPhone games!," "Take a break!," and "Apple: The most popular game!"—have begun circulating around the web toting a zip file called When opened, the Troj/Agent-HNY trojan is released and will wreak havoc on Windows systems.

The trojan was brought to light by security firm Sophos yesterday, although it appears as if this particular trojan has been going around in other forms for some time. It doesn't actually affect the iPhone itself; only iPhone users who happen to be running Windows. There are no versions yet that run on Mac OS X or any mobile devices.

"Hackers, it seems, are jumping on the bandwagon of the iPhone phenomenon and using it as a springboard to infect innocent users," writes the security firm. "Many people might have played Penguin Panic on their Apple iPhone or another portable device, and be keen to have it on the desktop of their Windows work PC too."

Apple products have increasingly been targeted by all sorts of scammers. A number of phishing emails targeting MobileMe and iTunes users have already gone out this year, and now this! Although most of us Mac users might like to point and giggle at our Windows-using friends for this one, becoming victim of a trojan is never fun. As usual, exercise careful judgment when opening e-mail attachments, especially when they come from people you don't know.

Tuesday, September 16, 2008

Secure your Wifi Network Security

Wifi Networks Unsecured - Act now or regret later!

I have blogged heaps of time such as
"Zlob" trojan OR DNSChanger - Same thing, DNSChanger Hack, Wireless Security, Welcome To Untrusted Computing, Wireless Security Settings and many other posts on Wireless Security but people don’t seem to seriously care about Wi-Fi security impact yet. Inspite of often repeated posts, warnings and security news people are still not thinking about it. What they fail to understand is that by doing so, they can become unwitting accessory to cyber crime.

Instead of scouring for anonymous proxies to stay faceless on the internet, cyber criminals are increasingly targeting unsecured Wi-FI networks to get the job done. A combination of war driving tools such as NetStumbler along with a listing of default router usernames and passwords is all it takes to freely connect to unsecured Wi-FI networks. Especially since most Wi-Fi routers use default security settings that come pre-installed by the vendor rather than it having being configured by the end user.

SOHO routers log every connection and DHCP lease but these logs are flushed once the router is rebooted. If an attacker has access to the administrative console of the router (thanks to the default password), once their nefarious actives have been carried out, a simple restart of the router will erase all tracks.

The extent to which an unsecured Wi-Fi connection can be abused is purely left to imagination of the attacker. Putting on my Dr.Evil hat, here are couple of wicked acts a Wi-Fi hacker could commit and get away undetected using an unsecured network.
  • Download child pornography
  • Download copyrighted movies and music via P2P
  • Download Warez and abuse your bandwidth
  • Send bomb hoaxes, terror or threatening emails.
  • Send spam (sexual aids, pharmacy or money laundering scams)

Any of the above acts could lead to law enforcement authorities knocking on your door. This is not mere speculation and many unsuspecting people have fallen victim. To quote a high profile example, in the recent serial bomb blasts in India, terror emails that took responsibility for the blasts were sent from unsecured Wi-Fi connections. And it was the unfortunate owners of the unsecured Wi-Fi connection that were subjected to police questioning and house arrest.

In addition to using an unsecured Wi-Fi network for malicious purposes, an attacker can also use it to steal personal information for identity theft. For example:

  • Infiltrate and break into internal machines
  • Modify DNS settings on the router to point to a rouge server.
  • Sniff Wi-Fi traffic for usernames and passwords

The above discussed scenarios are neither speculation nor an exhaustive listing of different ways for abusing unsecured Wi-Fi networks. These scenarios are being enacted by criminals everyday around the world.

Now why would want to be an unwitting host to criminal activities emanating from your IP address or make yourself vulnerable to identity theft? Be a responsible Netizen and please secure your Wi-Fi connection now!

Friday, September 12, 2008

New site promises no-nonsense security advice

The site,, promises non-technical tutorials on common IT security threats, easy access to a pool experts and a collaborative learning environment.

A new site dedicated to providing non-technical computer users with plain-English explanations of internet security risks has been launched today. brings together a range of resources including podcasts, videos and white papers.

A number of experts from organisations such as AVG, Software Security Solutions and Theft Protect will also be on hand to answer questions and provide tutorials.

The material promises to be comprehensive yet easily accessible. The site was built on Web 2.0 principles, and has been designed to be as user-driven as possible.

IE8 Beta 2 contains Google-style keystroke logger

Browser records keystrokes, transmits them to Microsoft; data retention an issue

Microsoft's Internet Explorer
8 (IE8) browser includes a keystroke-logging search suggestion tool similar to the one that Google modified Monday after coming under fire from consumers.

Unlike Chrome, IE8 Beta 2 does not enable the feature -- which some have compared to a keylogger -- by default. One privacy expert said that was a "huge difference."

According to IE8's revised privacy
statement, Microsoft's beta browser contains a new feature, dubbed "Suggested Sites," that sends the addresses of visited sites and other information to the company's servers. Suggested Sites is similar to the "Google Suggest" tool in Google's Chrome browser, and is designed to recommend the most likely destination sites based on what the user types, the popularity of sites and Microsoft's own algorithm.

On Monday, Google reacted to criticism of the feature by promising it would render the data it collects anonymous within 24 hours.

By comparison, Microsoft's privacy statement does not spell out how long the Suggest Sites data is kept, and when, if at all, the company "anonymizes" that data.

Please refer here to read full article.

SCADA Attack code released

Threat to computers for industrial systems now serious

A security researcher has published code that could be used to take control of computers used to manage industrial machinery, potentially giving hackers a back door into utility companies, water plants, and even oil and gas refineries.

The software was published late Friday night by Kevin Finisterre, a researcher who said he wants to raise awareness of the vulnerabilities in these systems, problems that he said are often downplayed by software vendors. "These vendors are not being held responsible for the software that they're producing," said Finisterre, who is head of research with security testing firm Netragard. "They're telling their customers that there is no problem, meanwhile this software is running critical infrastructure."

Finisterre released his attack code as a software module for Metasploit, a widely used hacking tool. By integrating it with Metasploit, Finisterre has made his code much easier to use, security experts said. "Integrating the exploit with Metasploit gives a broad spectrum of people access to the attack," said Seth Bromberger, manager of information security at PG&E. "Now all it takes is downloading Metasploit and you can launch the attack."

The code exploits a flaw in Citect's CitectSCADA software that was originally discovered by
Core Security Technologies and made public in June. Citect released a patch for the bug when it was first disclosed, and the software vendor has said that the issue poses a risk only to companies that connect their systems directly to the Internet without firewall protection, something that would never be done intentionally. A victim would have to also enable a particular database feature within the CitectSCADA product for the attack to work.

These types of industrial SCADA (supervisory control and data acquisition) process control products have traditionally been hard to obtain and analyze, making it difficult for hackers to probe them for security bugs, but in recent years more and more SCADA systems have been built on top of well-known operating systems like Windows or Linux making them both cheaper and easier to hack.

IT security experts are used to patching systems quickly and often, but industrial computer systems are not like PCs. Because a downtime with a water plant or power system can lead to catastrophe, engineers can be reluctant to make software changes or even bring the computers off-line for patching.

This difference has led to disagreements between IT professionals like Finisterre, who see security vulnerabilities being downplayed, and industry engineers charged with keeping these systems running. "We're having a little bit of a culture clash going on right now between the process control engineers and the IT folks," said Bob Radvanovsky, an independent researcher who runs a SCADA security online discussion list that has seen some heated discussions on this topic.

Citect said that it had not heard of any customers who had been hacked because of this flaw. But the company is planning to soon release a new version of CitectSCADA with new security features, in a statement (PDF), released Tuesday.

That release will come none too soon, as Finisterre believes that there are other, similar, coding mistakes in the CitectSCADA software.

And while SCADA systems may be separated from other computer networks within plants, they can still be breached. For example, in early 2003, a contractor reportedly infected the Davis-Besse nuclear power plant with the SQL Slammer worm.

"A lot of the people who run these systems feel that they're not bound by the same rules as traditional IT," Finisterre said. "Their industry is not very familiar with hacking and hackers in general."

Wednesday, September 10, 2008

BeCareful before adding any application to your Facebook profile

Researchers Build Malicious Facebook App

Researchers at Foundation for Research and Technology in Heraklion, Greece - that hotbed of Facebook research - have created a small Facebook application that causes a DDOS on a certain website. The application masquerades as a “picture of the day” app and shows an image from National Geographic. When someone clicks on it, however, it makes a request to a victim’s website, ultimately pulling down about 248 gigabytes of malicious data a day and essentially shutting down the server.
Obviously this application needs a perfect storm to be useful: you need to have a target and create a popular enough application that would encourage multiple installs. While one or two clicks won’t take down a site, the entire population of Facebook clicking on something definitely could.

The researchers wrote about the application in a detailed paper [PDF] and, by extrapolation, were able to tell how hard they could hit target servers provided, of course, the application was as popular as Super Wall or Bumper Sticker. They also recommend shoring up Facebook’s API to prevent this sort of mischief in the future.

Tuesday, September 9, 2008

Google issues first patches for Chrome

They're aimed at multiple security vulnerabilities; browser updates automatically

Just days after it rolled out Chrome, Google Inc. issued an update after Vietnamese security researchers reported a critical vulnerability in the beta browser.

According to Le Duc Anh, a researcher at Bach Khoa Internetwork Security (BKIS), which is housed at the Hanoi University of Technology, the Chrome beta posted last week contained a buffer overflow bug that could be used by attackers to hijack PCs.

The flaw can be triggered when the user saves a Web page -- using Chrome's "Save page as" command -- with a very long name. That, in turn, creates a stack-based buffer overflow that hackers can leverage to introduce additional malicious code.

"To exploit the vulnerability, a hacker might construct a specially-crafted Web page, which contains malicious code," said a security advisory issued by BKIS on Friday. "[The hacker would] then trick users into visiting his site and convince them to save this page. Right after that, the code would be executed, giving him the privilege to make use of the affected system."

Chrome is affected by the vulnerability. BKIS maintained that, of several Chrome bugs reported last week, this is the only one that could be used to compromise a computer.

Google patched the vulnerability Sunday and released an updated beta, Version, the same day. "We've released an update to Google Chrome that fixes many of the issues reported here," said someone identified only as "Simon" in a Chrome support forum yesterday.

Refer here for another flaw in Google Chrome on Roger's Blog.

5 cool hacks for your entertainment gadgets

Add external storage to your TiVo, beef up your Xbox 360, rip DVDs to your media player, play your ITunes purchases on any devices, and use your standard cable remote to skip commercials.

When you're serious about entertainment, you don't want to settle for the standard features. You want more storage, more options, and more convenience. But most consumer electronics come with built-in limitations that can prevent you from getting maximum use out of them.

We have some tricks for getting around such technology roadblocks. These five hacks will let you take greater control over your entertainment experience. Not satisfied with the puny hard drive in your TiVo or Xbox 360? We'll tell you how to upgrade your device's storage on the cheap. Tired of sitting through commercials with your lousy Comcast cable box? We have the code that lets you skip right past them. We'll show you how to play DVD movies and iTunes purchases on any media player, too.

Please click here to read full article.

Monday, September 8, 2008

Wireless Intrusion Detection Tool

AirSnare - Another must-have wireless security tool

AirSnare is another tool to add to your Wireless Intrusion Detection Toolbox. AirSnare will alert you to unfriendly MAC addresses on your network and will also alert you to DHCP requests taking place. If AirSnare detects an unfriendly MAC address you have the option of tracking the MAC address's access to IP addresses and ports or by launching Wireshark upon a detection.

A quick walkthrough using Airsnare

* Install Airsnare, then run the Airsnare Update and download the latest drivers for your wireless adaptor. If the software reports a missing COMDLG32.OCX, download it from here and save it in C:\windows\System32\

* Once AirSnare is up and running, check the Network Adaptors list, right-click on the adaptor you use to connect to your network and select Start. AirSnare will scan your network to compile a list of Unfriendly MAC addresses and mark them with a sjull and crossbones.

* To add known devices to the Friendly list, close Airsnare, open c:\Program Files\AirSnare\TrustedMAC.txt and add the MAC addresses, decriptions and the last two digits of the IP address for each device.

* Save the file, relaunch, and you will see a list of Friendly MAC addresses. You can also add a trusted device by right-clicking on an Unfriendly MAC address. At first it might be easier to leave one of your computers off the friendly list, so you get an idea of what Unfriendly traffic looks like.

* By default AirSnare also installs Wireshark - a network protocol analyser that provides a lot more detail as to what's happening on your network.

* If you want to keep a record of network activity you can right-click on the top right window to write the current session to a text file, although all Unfriendly activity is automatically logged to Watch1.txt.

Please click here to download and refer here for complete user guide.

Friday, September 5, 2008

VoIP Infrastructure Security Testing Tool


XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C and freely available to anyone, under the GPLv3 license.
Why XTest?

XTest was developed with the specific aim of improving the security of environments that use 802.1x to protect IP Phone endpoints and their supporting VoIP Infrastructure. With the increasing prevalence of 802.1x Supplicant support in wired hard Phones, 802.1x will be increasingly used to ensure that remote IP Phones placed in areas with low physical security will have their directly connected ethernet switch ports secured against unauthorized access.


  • 802.1x Supplicant: XTest can test the username and password against an 802.1x Authenticator (Ethernet Switch), and supports re-authentication. This is a simple and easy method of comparing the password against a valid 802.1x Supplicant running on an IP Phone or a PC.

  • Offline pcap dictionary attacK: If you capture a valid 802.1x authentication sequence into a pcap file, XTest will run a dictionary attack against the pcap using a supplied wordlist. XTest will elicit the password from the pcap if the dictionary file containst the valid password.

  • Shared Hub unauthorized access: Using a shared hub, XTest can use the successful authentication of a valid 802.1x supplicant to gain unauthorized access to the network
You can download XTest here Or read more here.

Tuesday, September 2, 2008

Employees Misuse or Hackers?

Employee misuse of the corporate network is bigger security threat than hackers

According to a recent survey conducted by LSI, 41% of organisations see employee misuse of the corporate network as their biggest security threat.

The survey of 250 IT Directors and board-level decision makers, found that after employee misuse, 21% of organisations saw traditional hacking attacks as the biggest security threat to their organisation, closely followed by widening network perimeters (15%) and finally terrorist threats and lack of encryption in data centres.

John Bromhead, Tarari Content Processors Product Marketing, LSI commented: “The above figures show that staff education is key when it comes to security. Organisations need to make sure that staff are fully aware of the risks they can bring to an organisation when downloading images or leaving passwords around the office.”

Education, however, is only half of the solution; this needs to be backed up by a robust security system, especially when considering the growing amount of data crossing an organisation’s network. Threats such as Trojan Horses, spam and hackers are evolving year-on-year and failure to invest in the latest security runs the risk of being affected by any or all of the above.

Further findings showed that the most common reason for organisations not investing in network security is cost which comes as little surprise when considering the current economic climate. Furthermore, in view of the ever-growing environmental awareness, manufacturers will need to look to solutions that not only reduce cost and increase performance, but also reduce power output.

Bromhead continued: “Cost is always one of the biggest pain points when it comes to security and it is no surprise that this was highlighted as the main reason for businesses not investing in security technology. LSI is addressing this with its silicon-based Tarari® content inspection processors which will drive down the overall cost of adding greater intelligence, control and security into the network.”

The Tarari T1000 series, developed for networking OEMs facilitate the creation of multifaceted security procedures in the form of unified threat management applications that take care of information security, intrusion detection and virus control.

“Perceptions of security need to change so that organisations realise the benefits it can bring, not only threat protection, but also greater efficiency and corporate compliance. Security doesn’t have to cost the earth; there are evolving technologies out there, which really do offer strong cost and power savings. Gone are the days when this level of protection was only for the large enterprise,” concluded Bromhead.