Latest Post

How to hack a wifi network ?

Written By Unknown on Monday, 30 July 2012 | 14:54



You don't have to be an IT expert to be able to make use of your neighbour's security enabled Wifi network. Just watch one of the dozens of online videos that explains how."This vulnerability is mainly due to a lack of education on the part of the users"

Despite most of them being fitted with some kind of password (WEP, WPA etc.), Wifi networks are still relatively vulnerable. And by using another person's network, hackers can illegally download documents or attack websites without being traced.
If pirates should download paedophilic pornography, it's the owner of the home network, the person who pays the monthly wireless fee, who will find himself in court. In France, an anti-piracy law called Hadopi 2 enforces this by making it impossible to sentence a home network owner for having a poorly protected network


 



















This video, viewed over a million times, shows how, with the aid of software, you can get hold of the password to a wireless network. 
Emilien Girault is an IT security consultant for SysDream.
 A Wifi network is as safe as the person who installs it is knowledgeable. There are three basic levels of protection: WEP, WPA, and WPA2 keys. Most attacks target WEP keys, because they're the least secure. To hack a WPA key, more sophisticated material is sometimes necessary. Generally, the longer the password is, the harder it is to steal. 
First you have to spy on the network, which we call ‘sniffing'. You survey the traffic and try to find the password. To do that you can launch an attack by what's called the ‘dictionary'; a programme that tries out various names that exist in the dictionary. There's also a ‘brute force' attack, which tries all character combinations possible. To find a password that's more than eight characters long can take over a week to find.
It's sometimes the internet provider that is at fault. Just recently hackers realised that the default passwords given out by Bbox, [a three-way wireless box offered by French mobile telecoms company Bouygues Telecom], were automatically generated using the network name. As most people don't bother to change their password, it meant that their networks were left exposed. This vulnerability is mainly due to a lack of education on the part of the users, which is then taken advantage of by hackers, making their work all the more easy.
Open networks, or ‘hotspots' that you can log on to in airports or train stations, are also affected. Internet providers are setting up increasing numbers of these hotspots. And although they require identification, there are ways of getting around the checkpoint. One technique is to put in place a ‘fake hotspot' in order to trick users into entering their user details into the fake portal. It then saves the data, and enters it into a database owned by the hackers. They can then be used to connect to the internet, or share it with others.
If you put all of this in the context of the Hadopi law, which enforces, amongst other things, the punishment of individuals who do not secure their connection, you soon realise, that actually applying the law, is very difficult. Firstly, we need to define exactly what a secure computer or network is..." 

source :  http://observers.france24.com/

What Chinese Want.



We hear all about China and its inevitable rise, but how much do most of us know about the place? My answer to that question was virtually nothing, so it was a very nice surprise to receive this book some months ago. It's taught me a lot (subject to cross-referencing of course) and is a good mix of assertions and business and cultural examples.

I find it hard to believe that Chinese cultural hierarchy is incompatible with creativity and innovation, but perhaps that is just an example of my uninformed pre-conceptions. And if you don't challenge your assumptions about the markets you're targetting,  you end up making big mistakes. You can never know enough and you need to be sure you know anything.

Addendum: This is not business-related but as an insight into other people's lives (this time in the southern USA) it's remarkable.









UNISCAN V-6.1- WEB VULNERABILITY SCANNER

Written By Unknown on Friday, 27 July 2012 | 22:08

The Uniscan is a Web vulnerability scanner, aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3).


Uniscan characteristics -
Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests (HTTPS).
Proxy support.
Generate site list using Google.
Generate site list using Bing.
Plug-in support for Crawler.
Plug-in support for dynamic tests.
Plug-in support for static tests.
Plug-in support for stress tests.


The uniscan must be run from the command line. Example: perl uniscan.pl -u http://www.example.com/ -d


Other options:
OPTIONS:
-h help
-u example: https://www.example.com/
-f list of url's
-b Uniscan go to background
-q Enable Directory checks
-w Enable File checks
-e Enable robots.txt check
-d Enable Dynamic checks
-s Enable Static checks
-r Enable Stress checks
-i Bing search
-o Google search


changelog Uniscan V6.1 :
- Added -w 4 on ping command of Server information module.
- Small bugfix on crawler.
- Bugfix on SQL injection plugin.
- Bugfix on Blind SQL injection plugin.
- Added a new test on Blind SQL injecion plugin.
- Added option to show crawling ignored files.
- Removed fews extensions of “find Backup files” plugin.
- Added option to write all requests done by uniscan on requests.txt.
- Improved FCKeditor plugin.
- Improved checkBackup plugin.
- Added new plugin for crawler: timthumb vulnerability.
- Added new plugin for dynamic tests: timthumb vulnerability.
- Removed a bug that crashed the threads.


Platform : Unix/Linux
Download latest version -
Our previous post regarding uniscan -

Snorby Security Distribution - an open source IDS (Intrusion Detection System)

Snorby SSD is is an open source IDS (Intrusion Detection System) Linux distribution based on Snort and Snorby. Built on Ubuntu 8.04 LTS . With SSD it is possible to get a complete Intrusion Detection System running within a few minutes.

Download the Ssd Users Manual
Iso Image
Download
: spsa.1.5.iso.
Size Compressed: 446 MB
MD5: e72bff5a6f8124407c3bc4fc4e15776e
Download Statistics
Snorby interface: https://ipaddress:8080
Username: Snorby
Password: admin
Ssh login:
Username: root
Password: the password you have chosen during the installation
Snorby official web site: http://snorby.org
Snorby Issues: http://github.com/mephux/Snorby/issuesSnorby GoogleGroups: http://groups.google.com/group/snorby
IRC:
 #snorby – irc.freenode.net
Credits: 
(SSD) Snorby Security Distribution is developed by Phillip Bailey.
Snorby is developed by Dustin Webber .
Thanks to:
The TurnKey crew www.turnkeylinux.org . The snorby community .
Changelog
30-08-2010 – Spsa 1.5 Released
[*] Improvements and fixes
*Email reporting support enabled (Postfix Gmail relay or Snorby standalone mode)
*New snort start/stop script
*Added snort 2.8.6.1-1
*oinkmaster ssl certificates fixed
*emerging threats rules fixed
Visit Website -
http://sourceforge.net/projects/spsa/
http://bailey.st/blog/snorby-spsa/



Snort - A network intrusion prevention and detection system

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.

Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients. Snort has three primary uses: a straight packet sniffer like tcpdump, a packet logger, or a full network intrusion prevention system.


Features
  • Protocol analysis and content searching/matching
  • Uses a flexible rules language to describe traffic that it should collect or pass
  • Detection engine that utilizes a modular plug-in architecture
  • Real-time alerting capability
  • Detects buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more
Wednesday, July 18, 2012
Snort 2.9.3.0 has been released!
Snort 2.9.3.0 is now available on snort.org, at http://www.snort.org/snort-downloads/in the Latest Release section.

[*] New additions
* Update to flowbit rule option to allow for OR and AND of individual bits within a single rule, and allow flowbits to be used in multiple groups. See README.flowbits and the Snort manual for details.

* Dynamic output plugin architecture to provide an API that developers can write their own output mechanisms to log alert and packet data from Snort.

* Update to dcerpc2 preprocessor for improved accuracy and handling of different OSs for SMB processing. SeeREADME.dcerpc2 and the Snort manual for details.

* Updates to reputation preprocessor for handling of whitlelist and trustlists and zone information. SeeREADME.reputation and the Snort manual for details.

[*] Improvements

* Updates to http_inspect client PAF handling and server flow_depth handling.

* Logging updates to the smtp preprocessor.

* Added detailed documentation of unified2 logging configuration and logging.

* Removed --enable-decoder-preprocessor-rules configure option and hardened preprocessor and decoder rule event code. To enable old behavior such that specific preprocessor and decoder rules don't have to be explicitly added to snort.conf, add "config autogenerate_preprocessor_decoder_rules" to your snort.conf.

* Fixed SMTP mempool allocation for significant memory savings. Also tweaked memory required per stream5 session tracker.

* Force exact versioning match of running dynamic engine and dynamic engine used to build SO rules.

* User can now query reputation pp for routing table and management information.

* Update to return error messages through the control channel.

* Updates to the processing of email attachments for better handling of non-encoded attachments, and improved memory management for attachment processing.

* Improvements in HTTP Inspect for better performance with gzip decompression. Also improvements for handling simple responses, encoded query strings, transfer encoding and chunk encoding processing.

* Updates to the packet decoders to support pflog v4.

* Fix logging of multiple unified2 alerts with reassembled packets.

* Compiler warning cleanup across multiple platforms.

* Added 116:458 and 116:459 to cover fragmentation issues.

[*] Deletions
* Removed all database outputs.

Please see the Release Notes and ChangeLog for more details.
Snort Downloads

If you are using RHEL5, CentOS 5.5, or Fedora Core 11, please click here.

The Snort Engine is distributed both as source code and binaries for popular Linux distributions and Windows. It’s important to note that the The Snort Engine and Snort Rules are distributed separately.
Latest Release
We strongly recommend that you keep pace with the latest production release. Snort is evolving all the time and to stay current with latest detection capabilities you should always have both your Snort engine and ruleset up to date.


Name
Modified
Size
Status
Totals: 9 Items

17.9 MB
2012-07-19
4.9 MB
i8 downloads
2012-07-19
472.2 kB
i1 downloads
2012-07-19
4.9 MB
i1 downloads
2012-07-19
2.2 MB
i1 downloads
2012-07-19
455.6 kB
i1 downloads
2012-07-19
2.1 MB
i1 downloads
2012-07-19
148.1 kB
i1 downloads
2012-07-19
2.5 MB
i38 downloads
2012-07-19
147.3 kB
i1 downloads

PGP Information

Snort releases 2.9.0 and above are signed with this pgp key.
Trust Chain: This new key can be verified with this signature, signed by our previous key.
Snort releases 2.8.3 and above are signed with this pgp key.
Trust Chain: This new key can be verified with this signature, signed by our previous key.
Snort Official Documentation
The official documentation produced by the Snort team at Sourcefire
TitleAuthor
Snort Users ManualSnort Team
Snort FAQSnort Team
The Snort Manual (HTML)Snort Team

Snort Setup Guides

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author. Authors who want comments and feedback may be emailed by clicking on their names below.
If you have a document you’d like to contribute to the Snort community contact at snort-team@sourcefire.com.
TitleAuthor
Snort 2.9.3.0 on Debian 6.0.5PDF SmallJason Weir
Snort 2.9.3.0 on OpenSuSE 12.1PDF SmallWilliam Parker
Snort 2.9.3.0 on FreeBSD 8.2PDF SmallWilliam Parker
Snort 2.9.3.0 on OpenSuSE 11.4PDF SmallWilliam Parker
Snort 2.9.3.0 on Ubuntu 10.04 LTSPDF SmallDavid Gullett, Symmetrix Technologies
Snort 2.9.1.2 on Mac OS XPDF SmallChristoph Murauer
Snort 2.9.0.x with PF_RING Inline deploymentPDF SmallMetaflows Google Group
Snort on Amazon EC2PDF SmallEtay Nir, Sourcefire

Snort Deployment Guides

The following deployment guides have been contributed by members of the Snort Community for your use. If you have a document you’d like to contribute to the Snort community contact us at snort-team@sourcefire.com.
TitleAuthor
Comparison of Popular Snort GUIsPDF SmallJames Lay

Snort Related Whitepapers

The following Whitepapers have been written by Sourcefire employees and may help with your Snort deployment. For further information on these papers, please email snort-team@sourcefire.com
TitleAuthor
VRT Methodology WhitepaperPDF SmallSourcefire Vulnerability Research Team (VRT)
Improving your Custom Snort RulesPDF SmallLeon Ward
Inline Normalization using Snort 2.9.0PDF SmallRuss Combs
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and RulesPDF SmallSteven Sturges
HTTP Evasions RevisitedPDF SmallDaniel Roelker
Target Based Fragmentation ReassemblyPDF SmallJudy Novak
Target Based Stream ReassemblyPDF SmallJudy Novak


Visit website -
http://www.snort.org/
Documentation -
http://www.snort.org/docs
For more information -
http://screenshots.portforward.com/SnapGear/SG565/Intrusion_Detection_Snort.htm
Testing Snort with Windows Sp2The snort2pfsense shell script (snort to pfSense)Making snort a Service in Server 2008Snort Config files

Removable Devices Security System - REMSES - v1.0.0.3

REMSES protects your computer from threats hiding on USB devices: flash, hdd and other. 
Resident shield, on-demand protection and passive protection makes your work on PC more safety.

NOW AVALAIBLE RUSSIAN AND ENGLISH LANGUAGES!

REMSES v1.0.0.3 only Russian for few days

*Added: automatic autorun REMSES whyle installs
*Fixed: wrong detection after deleted threat
*Fixed: error whyle detected on drive, no view list was
*Fixed: wrong popup window after connecting device


Current Version - REMSES - v1.0.0.3

Download remses_v1003_ru.exe (1.1 MB) 
Download other versions -
http://sourceforge.net/projects/remses/files/

21/07/2012 - Updated REMSES v1.0.0.2
* Added: map drive letters in the pop-up window
* Added: Support for external USB hard drives
* Fixed: Optimized code (CPU, memory)

Visit website -http://sourceforge.net/projects/remses/
http://remses.narod.ru/
For more information -
http://www.brothersoft.com/remses-498697.html

Screenshot -



WinSync

Backup script for Windows based on robocopy Fast backup, syncs changed files only. Space efficient, all duplicate files are Hardlinked. Easy Overview of destination folder Structure: Computer Name > Date_Time > Drive > Folder > File


Features
  • Space efficient, Hardlinks duplicate Files
  • Fast backup, Syncs changed Files only
  • Very smart, secure and fast with simple overview

Visit website -

 
Support : Creating Website | Johny Template | Mas Template
Copyright © 2011. Turorial Grapich Design and Blog Design - All Rights Reserved
Template Created by Creating Website Published by Mas Template
Proudly powered by Blogger