Professional Documents
Culture Documents
d,
which against opens the gap between Microsoft providing updates and end users la
ck
of awareness on the topic.
[ U.N WARNS OF NUCLEAR CYBER ATTACK RISK ]
The United Nations' nuclear watchdog agency warned Friday of growing concern abo
ut
cyber attacks against nuclear facilities.
More information can be found at:
http://securityfocus.com/news/9592
Astalavista's comment:
We have previously seen such attempts, and such a scenario should be well taken
care
of, considering the obvious interest:
http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=nuclear%2Bhacker%2Bsecurity
[ SASSER AUTHOR GETS ITSECURITY JOB ]
Sven Jaschan,a self-confessed creator of the destructive NetSky and Sasser worms
,
has been hired by the German security company Securepoint. He's been offered
work as a trainee software developer working on security products, such as fire
walls,
even though he may go to prison for creating one of the most destructive compute
r
viruses to date. Jaschan was charged this month with computer sabotage. No trial
date has been set.
More information can be found at:
http://www.theregister.co.uk/2004/09/20/sasser_kiddo_offered_job/
Astalavista's comment:
Unbelieavable.On one hand we see Microsoft and the law enforcement agencies tryi
ng
to get those authors scared with huge rewards and prosecutions, while on the oth
er
hand, we see local companies "admiring" the "know-how" of malware creators with
the
idea to build better products. Who else sees the big picture here?
[ FEDS INVITE COMMENTS ON INTERNET WIRETAPS ]
The Federal Communications Commission (FCC) on Thursday launched a public commen
t
period on its plan to compel Internet broadband and VoIP providers to open
their networks up to easy surveillance by law enforcement agencies.
More information can be found at:
http://securityfocus.com/news/9582
Astalavista's comment:
It's time to see if an E-nation is as privacy-conscious as it should be.
http://gullfoss2.fcc.gov/cgi-bin/websql/prod/ecfs/upload_v2.hts?ws_mode=proc_nam
e&proc_id=04-295
[ PHISHING TAB TO REACH $500 MILLION ]
A new study weighs in with estimates as to how much online fraud, or phishing, i
s
costing consumers.Seventy-six percent of consumers are experiencing an increase
in spoofing
and phishing incidents, researchers found, and 35 percent said they receive fake
e-mails at least
once a week.
More information can be found at:
http://www.cio-today.com/story.xhtml?story_title=Phishing_Tab_To_Reach______Mill
ion&story_id=27279
Astalavista's comment:
Recently, we've seen an enormous activity on the phishing scene given the fact t
hat
a large number of companies had the chance to build trust-based relations with t
heir online customers, not
secured ones.
03. Astalavista Recommends
---------------------This section is unique with its idea and the information included within. Its
purpose is to provide you with direct links to various white papers covering
many aspects of Information Security. These white papers are defined as a "must
read" for everyone interested in deepening his/her knowledge in the Security fie
ld.
The section will keep on growing with every new issue. Your comments and suggest
ions
about the section are welcome at security@astalavista.net
" TX - THE SMALLEST VC++ CODED UNIVERSAL WINDOWS BACKDOOR "
The Smallest VC++ Coded Universal Windows Backdoor for all versions of Windows
NT/2K/XP/2003 with any service pack.B- ut not for Windows 98/ME! since Microsoft
stopped the sup- port for
them, I can't code for an unsupport Operating sy- stem. A Tini, Small, Petite ap
p that listens on a
fixed port and creates a command shell when it receives a conne- ction. Default
port of listening
is : 8080
http://www.astalavista.com/?section=dir&cmd=file&id=2872
" FWKNOP - FIREWALL KNOCK OPERATOR "
fwknop implements network access controls (via iptables) based on a flexible por
t
knocking mini-language, but with a twist; it combines port knocking and passive
operating
system fingerprinting to make it possible to do things like only allow, say, Lin
ux-2.4/2.6 systems to
connect to your SSH daemon.
http://www.astalavista.com/?section=dir&cmd=file&id=2879
" STRIKE OUT "
A beta version of the tool to automatically detect and index change tracking
information in a collection of Word documents published on a website (or stored
on a disk, mounted
via SMB/NFS, etc) is now available. This tool, written and used by Michal Zalews
ki, allowed him to
recover very interesting information off the Word file given out by Microsoft, a
s can be seen at:
http://lcamtuf.coredump.cx/strikeout/
http://www.astalavista.com/?section=dir&cmd=file&id=2836
" NETWORK WIRETAPPING AND THE GOVERNMENT'S ROLE "
The Internet is becoming a commonplace technology that everyone relies upon.
Consequently, we must also look at the policy concerns that the new medium thrus
ts upon us. This document
addresses the legal issues surrounding digital wiretaps. It is targeted at a com
puter-literateaudience. I briefly
explain the technical issues involved and explore their ramifications focusing o
n the role the government has played.
http://www.astalavista.com/?section=dir&cmd=file&id=2830
" MAIL NON-DELIVERY NOTICE ATTACKS "
Analysis of e-mail non-delivery receipt handling by live Internet bound e-mail
servers has revealed a common implementation fault that could form the basis of
a new range of
DoS attacks. Our research in the field of email delivery revealed that mail serv
ers may respond
to mail delivery failure with as many non-delivery reports as there are undelive
rable Cc:
and Bcc: addresses contained in the original e-mail.
http://www.astalavista.com/?section=dir&cmd=file&id=2884
04. Site of the month
-----------------Thawte Crypto Challenge - Crypto Vl - Be the first to crack the code and win!
http://ad.doubleclick.net/clk;10740215;10262135;j
05. Tool of the month
-----------------Spybot - Search&Destroy
Spybot - Search&Destroy is a freeware anti-spyware/anti-adware application that
has
a large database of malicious
ble
by anyone in the organization, thus protecting the internal assets and the sensi
tive
information contained within. Web filtering is useful when enforcing a company's
security policy;
namely that visiting online gambling or hacking related web sites is forbidden f
or example.
Web filters rely on IP blocking and keywords blocking. Although the second metho
d is
AI based, it doesn't yet provide perfect results, although a combination of both
will give remarkable results.
What are the disadvanates of web filtering?
In the majority of cases users spend a lot of time trying to bypass the restrict
ions
through using web proxies, online translators etc. thus wasting productivity in
the
process. The ones creating the filtering rules should also be aware that blockin
g popular
and heavily visited sites would result in your employees' anger. Make sure you h
ave clear rules and logical
understanding of why a certain site is considered forbidden.
What is the solution?
Educating the end users on various threats possed by their Internet usage at wor
k,
or establishing a "you're monitored" policy with the idea to restrict their(defi
ned by you)
forbidden activities at work. Mainly emphasize on the fact how expensive it is
for you to keep the company's current level of security, compared to
their insecure behaviour while using the company's systems.
09. Home Users' Security Issues
-------------------------Due to the high number of e-mails we keep getting from novice users, we have
decided that it would be a very good idea to provide them with their very
special section, discussing various aspects of Information Security in an
easily understandable way, while, on the other hand, improve their current level
of
knowledge.
If you have questions or recommendations for the section, direct
them to security@astalavista.net
- Getting the best search results Many of you are probably frustrated while a search engine or the majority of res
ults
you get are commercial ones. But why commercial pages appear whenever you're sea
rching?
Just because these sites have positioned themselves so that simple search techni
ques
which represent the majority of searches today will attract larger audience.
Let's assume that you use Google, probably because it's still the best and most
popular search engine our there.
We have decided to provide you with various resources that will help you get the
When recalling the last hundreds of worms we saw in the wild for the last
time, most of them were similar and much alike. Nearly no direct
destructive payload and not much innovation in regards to the used
methods. Just a mass mailer here or an IRC bot there.
That s why I think the motivation is a mixture of the easiness of doing
so and the mental kick suggested from the media, which pushes the bad
underground hacker image. (Even though the media uses the term hacker
seldom correctly in its original meaning.)
This seems to motivate many to code malware: just because they can.
In the future money might become a new motivation for malware writers,
when industrial parties get involved in it.
Astalavista: Where's the gap between worms in the wild and the large number of
infected computers? Who has more responsiblity, the system administrators
capable of stopping the threat at the server level, or the large number of
people who don't know how to protect themsvels properly?
Candid: As we all should know 100% security will never be reached, regardless of
what the sysadmin and the end user do. A good example for this is the
recent issue with the JPEG and TIFF malware, which sneaked through many
filters.
In my opinion the sysadmins have the easier task, as they can enforce
their restriction; often it s just a question of having the time to do it
properly. Don t get me wrong here. I know the whole patching issue may be
quite a pain sometimes. Of course, they have all the users and the
management complaining if the restrictions are (too) tight but that s
how it works, right :- )
Therefore I think often it is the end user who has not enough
protection or simply does not care enough about it. Many users still
think that no one will aim at them, as they are not an interesting
target, but DDoS attacks for example do exactly target such a user. Of
course, many end users don t have the possibilities of a sysadmin. In
general, it comes down to an AntiVirus and a personal firewall
application, which still leaves enough space for intruders to slip through.
So, as always, it should be a combination of an ISP, a sysadmin and an end user
working together to protect themselves.
Astalavista: We've recently seen a DDoS mafia, something that is happening even
now.
What is the most appropriate solution to fight these? Do you think this
concept is going to evolve in time?
Candid: DDoS attacks are quite hard to counter if they are performed in a clever
way. I have seen concepts for which I haven t seen a working solution yet.
Some can be countered by load balancing and traffic shaping or by simply
changing the IP address if it was hard coded.
More promising would be if you could prevent the DDoS nets from being
created, but this goes back to question number three.
Astalavista: Have you seen malware used for e-spionage, and do you think it's th
e
next trend in the field?
Candid: This is nothing new; malware has been used for industrial e-spionage for
years. Usually, it just isn't that well known as those attacks might
never get noticed or admitted in public. I have seen plenty of
such attacks over the last years. This for sure will increase in time as
more business relevant data gets stored in vulnerable environments. In
some sort you could even call phishing an art of espionage. But I think
the next big increase will be in the adware & spyware filed where
malware authors will start getting hired to write those applications as
it already happens today. Or are you sure that your favourite
application is not sending an encoded DNS request back somewhere?
11. Security Sites Review
--------------------The idea of this section is to provide you with reviews of various highly intere
sting
and useful security related web sites. Before we recommend a site, we make sure
that
it provides its visitors with quality and a unique content.
http://knowngoods.org/
The web interface is fairly straight forward, point your favorite web browser he
re,
choose an OS and enter an application name, or full path to the file.
http://johnny.ihackstuff.com/index.php?module=prodreviews
An inept or foolish person as revealed by Google. A recommended page.
http://openwall.com/
An open-source information security software.
http://worldwidewardrive.org/
The WorldWide WarDrive is an effort by security professionals and hobbyists to
generate awareness of the need by individual users and companies to secure their
access points
http://perlmonks.org/
For all the Perl geeks out there, one of the best community sites.
12. Astalavista needs YOU!
--------------------We are looking for authors that would be interested in writing security related
articles for our newsletter, for people's ideas that we will turn into reality w
ith
their help and for anyone who thinks he/she could contribute to Astalavista
in any way. Below we have summarized various issues that might concern you.
- Write for Astalavista What topics can I write about?
You are encouraged to write on anything related to Security:
General Security
Security Basics
Windows Security
Linux Security
IDS (Intrusion Detection Systems)
Malicious Code
Enterprise Security
Penetration Testing
Wireless Security
Secure programming
What do I get?
Astalavista.com gets more than 200 000 unique visits every day, our Newsletter h
as
more than 22,000 subscribers, so you can imagine what the exposure of your artic
le and you
will be, impressive, isn't it!
We will make your work and you popular among the community!
What are the rules?
Your article has to be UNIQUE and written especially for Astalavista, we are not
interested in republishing articles that have already been distributed somewhere
else.
Where can I see a sample of a contributed article?
http://www.astalavista.com/media/files/malware.txt
Where and how should I send my article?
Direct your articles to dancho@astalavista.net and include a link to your articl
e.
Once we take a look at it and decide whether is it qualified enough to be publis
hed,
we will contact you within several days, please be patient.
Thanks a lot all of you, our future contributors!
13. Astalavista.net Advanced Member Portal Promotion
------------------------------------------------Astalavista.net is a world known and highly respected Security Portal offering
an enormous database of very well-sorted and categorized Information Security
resources, files, tools, white papers, e-books and many more. At your disposal
are also thousands of working proxies, wargames servers where all the members
try their skills and most importantly - the daily updates of the portal.
- Over 3.5 GByte of Security Related data, daily updates and always working
links.
- Access to thousands of anonymous proxies from all over the world, daily update
s
- Security Forums Community where thousands of individuals are ready to share
their knowledge and answer your questions, replies are always received no matter
of the question asked.
- Several WarGames servers waiting to be hacked, information between those
interested in this activity is shared through the forums or via personal
messages, a growing archive of white papers containing info on previous
hacks of these servers is available as well.
http://www.astalavista.net/