Remote Code Execution Vulnerability in Adobe Flash Player

2/24/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxDu6dlxotmtqUKRXqJ1hEft2l0sZCmBKrCleKtNKvkF2ge1HONG_i0F9odi6uhH9vrBooZCBQoV1531Fy79_tU_Jfydvx5UaDv4wHPsSO0iGuwVOBZLDJ_p-L13HlWaPZb1h64aMzfmc/s1600/adobe-flash-remote-code-execution.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Remote Code Execution Vulnerability in Adobe Flash Player" border="0" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxDu6dlxotmtqUKRXqJ1hEft2l0sZCmBKrCleKtNKvkF2ge1HONG_i0F9odi6uhH9vrBooZCBQoV1531Fy79_tU_Jfydvx5UaDv4wHPsSO0iGuwVOBZLDJ_p-L13HlWaPZb1h64aMzfmc/s1600/adobe-flash-remote-code-execution.png" title="Remote Code Execution Vulnerability in Adobe Flash Player" width="400" /></a></div>
<br />
A <a href="http://www.hackerschronicle.com/search/label/Remote%10Code%20Execution">remote code execution</a> <a href="http://www.hackerschronicle.com/search/label/Vulnerability">vulnerability</a> has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful <a href="http://www.hackerschronicle.com/search/label/Exploit">exploitation</a> would allow an attacker to take complete control of the affected system.<br />
<strong>CVE number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0498">CVE-2014-0498</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0499">CVE-2014-0499</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502">CVE-2014-0502</a><br />
<br />
<h3>
Vulnerable Versions</h3>
Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh <br />
Flash Player 11.2.202.336 and earlier for Linux <br />
Flash Player 12.0.0.44 and earlier for Chrome (Windows, Macintosh and Linux) <br />
Flash Player 12.0.0.44 and earlier in Internet Explorer 10 for Windows 8.0 <br />
Flash Player 12.0.0.44 and earlier in Internet Explorer 11 for Windows 8.1 <br />
AIR 4.0.0.1390 and earlier for Android <br />
AIR 4.0.0.1390 SDK & Compiler <br />
AIR 4.0.0.1390 SDK<br />
<br />
<h3>
Solution</h3>
Adobe recommends users update their software installations by following the instructions below:<br />
<ul>
<li>Adobe recommends users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh update to the newest version 12.0.0.70 by downloading it from the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.</li>
<li>Adobe recommends users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux update to Adobe Flash Player 11.2.202.341 by downloading it from the Adobe Flash Player Download Center.</li>
<li>For users of Flash Player 11.7.700.261 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 12.0.0.44, Adobe has made available the update Flash Player 11.7.700.269, which can be downloaded here.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Macintosh and Linux.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.</li>
<li>Users of the Adobe AIR 4.0.0.1390 SDK should update to the Adobe AIR 4.0.0.1628 SDK.</li>
<li>Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1680 SDK & Compiler.</li>
<li>Users of the Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628 by browsing to Google play on an Android device.</li>
</ul>
</div>

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful exploitation would allow an attack…

EC-Council Hacked 2014

2/23/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVpEVrcUO4OpsfbflvKpSEgGK_TfXw369QEYatc34ZeHtYxH9BoKTtHIpphafIpFTehtCaw0xU3ZJ2GhAwoV-bKU8AXIQtWgJLV1gw5_P98xgQ5ewRcjdfdbJRk7wu4XJt-MMRL8DXLrk/s1600/EC-Council+Hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="EC-Council Hacked 2014" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVpEVrcUO4OpsfbflvKpSEgGK_TfXw369QEYatc34ZeHtYxH9BoKTtHIpphafIpFTehtCaw0xU3ZJ2GhAwoV-bKU8AXIQtWgJLV1gw5_P98xgQ5ewRcjdfdbJRk7wu4XJt-MMRL8DXLrk/s1600/EC-Council+Hacked.png" title="EC-Council Hacked 2014" /></a></div>
<br />
The security company <a href="http://www.eccouncil.org/" rel="nofollow" target="_blank">EC-Council</a> which provides multiple certificates like the Certified Ethical Hacker has been hacked by a hacker that claims to be a 'certified unethical software security professional'. The hacker hacked the EC-Council website and left the Passport of <a href="http://en.wikipedia.org/wiki/Edward_Snowden" target="_blank">Edward Snowden</a>. on the website.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmoj9TLvGRpKDwGRdOQWS_V5ZI__QvNXixk76VLtN2NTLZrLS0M_FI_8QaG1X8W_CCHMj1TYawSolQSoOod12JpDBqL20Wj0oPJz3KFlAmHcA07d79wvkU2qdgfESIRCZT2Wb6E6YYYHY/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="EC-Council Hacked 2014" border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmoj9TLvGRpKDwGRdOQWS_V5ZI__QvNXixk76VLtN2NTLZrLS0M_FI_8QaG1X8W_CCHMj1TYawSolQSoOod12JpDBqL20Wj0oPJz3KFlAmHcA07d79wvkU2qdgfESIRCZT2Wb6E6YYYHY/s1600/Capture.PNG" title="EC-Council Hacked 2014" width="400" /></a></div>
<br />
As you can see in the image above, the website of EC-Council has been defaced by an hacker. The hacker left the name of 'Eugene Belford' on the website, this refers to the movie 'Hackers'. The hacker also left a copy of Edward Snowden his passport on the Ec-Council website.<br />
<a href="http://www.cyberwarzone.com/" rel="nofollow" target="_blank">Source</a></div>

Defacement EC-Council Hacking News News EC-Council Hacked 2014

The security company EC-Council which provides multiple certificates like the Certified Ethical Hacker has been hacked by a hacker that claims to be a 'certified unethical software security professional'. The hacker hac…

Top 10 Open Source security tools

2/22/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjm-nT14QyLjY-ZaKOLwHBCQzpGFHbLvWYOk6khndJoXJ2AqRP-uEUxw4y6HH7yVbakzAGlHKDE5ivpQWvUZyYfXpKZ3JXC3sooY3Xaxr0CH_fIdCBSYmj5CSYOOPHxYt5JQk2vlRyfE8/s1600/10-open-source-tools.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Top 10 Open Source security tools" border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjm-nT14QyLjY-ZaKOLwHBCQzpGFHbLvWYOk6khndJoXJ2AqRP-uEUxw4y6HH7yVbakzAGlHKDE5ivpQWvUZyYfXpKZ3JXC3sooY3Xaxr0CH_fIdCBSYmj5CSYOOPHxYt5JQk2vlRyfE8/s1600/10-open-source-tools.jpg" title="Top 10 Open Source security tools" width="320" /></a></div>
<br />
The layered-security approach centers on maintaining appropriate security measures and procedures at five different levels within your IT environment: Data, Application, Host, Network and Perimeter. Implementing security at each level is very important to ensure end-to-end security and selecting top 10 tools from large group of open source projects was very difficult as the tool selection vary based on requirements. However I have selected the most popular security tools to provide security at each level. The selection based on feature set, simplicity and active among the community development for enhancing the tools better and better to match current IT standards and requirements.<br />
<br />
<h3>
Data security</h3>
This section covers encryption tools for providing security at the data level. Encrypting data which resides in local system and even when it travels across your network is a recommended best practice because, if all other security measures fail, a strong encryption scheme protects your data.<br />
<br />
The following are some of the tools provide security at the data level:<br />
<h3>
GnuPG</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2s62Oi4AxTp0fPTNhAyzTERJKeDOaipHMfVnkpZlnFdDM2b-1ButZR4De7Hj9EOMle4_Pq4bytMUIFeYX4srTv2cRWDjeqdHjigKFY62sHUclmNFTPVWAMWD0_gjrDQxx7res5wC2CFc/s1600/logo-gnupg-light-purple-bg.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em; text-align: center;"><img border="0" height="108" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2s62Oi4AxTp0fPTNhAyzTERJKeDOaipHMfVnkpZlnFdDM2b-1ButZR4De7Hj9EOMle4_Pq4bytMUIFeYX4srTv2cRWDjeqdHjigKFY62sHUclmNFTPVWAMWD0_gjrDQxx7res5wC2CFc/s1600/logo-gnupg-light-purple-bg.png" width="320" /></a><br />
<div style="text-align: justify;">
 GnuPG/GPG (<a href="http://www.gnupg.org/" target="_blank">GNU Privacy Guard</a>) is a GNU project and it’s used for file and email encryption. This project is mainly created to provide an alternative solution to PGP (Pretty Good Privacy) and it complies with OpenPGP standards. GPG is a command line tool and its part of all the major Linux distributions (Fedora, CentOS, openSUSE, Ubuntu).</div>
<br />
<br />
One simple use case: Taking data backup is a common task and most of the time we store the data with un-encrypted format. Using GPG, generate public and private key in your backup server and import the public key to all data servers from where you want to take backup and encrypt it. This way, your backup infrastructure fulfills the IT security policy.<br />
<h3>
Truecrypt</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsI1oStKeFGr7_1jYTqHgECmhdUDiy7XhBTPGkpE0_THQmvVxnWOiBdx3mFMIYr_J07TSRoEy0-_nCzrhPDa5c9VYQa-wAWXM5GI8C0_F8fJxsR-tHndCumHvm_FEh1dpAoMNBXjLe8ZA/s1600/Truecrypt+logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsI1oStKeFGr7_1jYTqHgECmhdUDiy7XhBTPGkpE0_THQmvVxnWOiBdx3mFMIYr_J07TSRoEy0-_nCzrhPDa5c9VYQa-wAWXM5GI8C0_F8fJxsR-tHndCumHvm_FEh1dpAoMNBXjLe8ZA/s1600/Truecrypt+logo.png" /></a><br />
<div style="text-align: justify;">
There are many open source utilities out there for disk level encryption. I have considered <a href="http://www.truecrypt.org/" target="_blank">Truecrypt</a> for disk level encryption. It’s an open-source security tool used for on-the-fly disk encryption. Truecrypt encrypts the data automatically right before it is saved to the disk and decrypts right after it is loaded from the disk, without any user intervention.</div>
Application security<br />
Application security is as important as other levels of security. Now a day’s web presence and web development companies are increasing drastically. Similar way, web vulnerabilities are also increasing and most of the vulnerabilities are discovered after deployment. The main reason for application security threats are as security aspects are not considered during the application design and development.<br />
The following project helps application developer to design and develop secure application.<br />
<h3>
OWASP</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx5SwIbDF5_VHn_S1nRnevh74MSTzqlu1KQgySEwfrxRToKAY_kzT-SozLfbsuKpwi2aYGxDGKX2a7dQpdC3OZ7-fsUllawxN4uAcXUFVh_4wH9T1PrGmZl5psTCvXMf6_K9mO8y3Irm0/s1600/owasp_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx5SwIbDF5_VHn_S1nRnevh74MSTzqlu1KQgySEwfrxRToKAY_kzT-SozLfbsuKpwi2aYGxDGKX2a7dQpdC3OZ7-fsUllawxN4uAcXUFVh_4wH9T1PrGmZl5psTCvXMf6_K9mO8y3Irm0/s1600/owasp_logo.png" width="193" /></a><br />
<br />
<div style="text-align: justify;">
The Open Web Application Security Project (<a href="http://www.owasp.org/" target="_blank">OWASP</a>) is an open-source web application security project and it provides best practices, tools, guidelines, testing procedures and code review steps that software developers, architects and security practioners can follow to design and develop design secure software. OWASP chapters are available all over the world. You can join to the chapter which is local to you and start learning and contributing to the project.</div>
<h3>
Host security</h3>
The host level security protects the individual devices, such as servers, desktops, laptops etc., on the network. The tools which are discussed in this section provide excellent protection at the host level because they are designed to meet specific characteristics of a single device.<br />
The following are some of the tools provide security at the host level:<br />
<h3>
ClamAV</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdLuT59bOxKiflj4YR_ZJhfkGnoYLnHcUWb6He1qGrEBmiGu9GPTrJ7i2me5tM0QppzLEEDQA6p4y52A2iECcapPGbUrq54jZ9RUxneg6i0kpS-V5DhyxUQfWVyF_S7FHNlXgUo9V_N6g/s1600/Clam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdLuT59bOxKiflj4YR_ZJhfkGnoYLnHcUWb6He1qGrEBmiGu9GPTrJ7i2me5tM0QppzLEEDQA6p4y52A2iECcapPGbUrq54jZ9RUxneg6i0kpS-V5DhyxUQfWVyF_S7FHNlXgUo9V_N6g/s1600/Clam.png" width="200" /></a><br />
<div style="text-align: justify;">
Securing the data by encrypting it is not enough to make sure that our data is secure. <a href="http://www.clamav.net/" target="_blank">ClamAV</a> is considered as antivirus engine to scan all our data which is coming from various sources. ClamAV is an open-source antivirus engine which is designed for detecting Trojans, viruses and malwares, to prevent the unauthorized access of the data. It acts as mail gateway scanner, thus scanning all the incoming emails before they are sent to the user mailbox.</div>
<br />
<h3>
OSSEC</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA1qyLOVSwmpBUe_Zt9g-LidLzhtgB6QNBEWWC1QsT2aXkUjhNCJ2p1q2WM7ek77Tc0QUUAX7_l5iFUjOCZimo-RWjHZDhJGPtO74eQXj2dT9PHN6tr8bO5sPQcxQBuO_n4vMJokNO32g/s1600/ossec-hids.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA1qyLOVSwmpBUe_Zt9g-LidLzhtgB6QNBEWWC1QsT2aXkUjhNCJ2p1q2WM7ek77Tc0QUUAX7_l5iFUjOCZimo-RWjHZDhJGPtO74eQXj2dT9PHN6tr8bO5sPQcxQBuO_n4vMJokNO32g/s1600/ossec-hids.png" /></a><br />
OSSEC (<a href="http://www.ossec.net/" target="_blank">Open Source SECurity</a>) is an open source Host based <a href="http://rahlabs.blogspot.in/search/label/Intrusion%20Detection" target="_blank">Intrusion Detection System</a> (HIDS) that provides log monitoring and SIM/SEM solution.<br />
<br />
Most of the banking customers primarily look for compliance requirements such as Payment Card Industry Data Security Standard (PCI DSS), HIPPA etc.  OSSEC helps customers to meet such standards and it helps to integrate with existing infrastructure such as Security Incident Management/Security Event Management (SIM/SEM). Adoption of OSSEC by the IT industry is growing very rapidly.<br />
<br />
The key features of OSSEC,<br />
<br />
<ul>
<li>File integrity checking</li>
<li>Log monitoring</li>
<li>Rootkit detection</li>
<li>Active response</li>
<li>Network security</li>
</ul>
The network level security refers to your internal LAN and WAN. Your network may include desktops, servers, laptops and other devices which are required for internal and external communication. Unlike host level security tools, the network security tools are extended to communicate with the hosts connected to the network and provides consolidated vulnerable information.<br />
The following are some of the tools provide security at the network level:<br />
<h3>
Snort</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBPehn75NvkTIq_iKBk8VLxHFh82bndEAo6eHS10xKLFrF7cyRh3n275STR1qJObUiCkEvBDWkZzafFHOTBWIGBlkpZrwnYfqc5O_QV1Mh3LJsrB5ii8cSj_B8EMEbJ3dn_rc8q0w3Nlk/s1600/Snort_ids_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBPehn75NvkTIq_iKBk8VLxHFh82bndEAo6eHS10xKLFrF7cyRh3n275STR1qJObUiCkEvBDWkZzafFHOTBWIGBlkpZrwnYfqc5O_QV1Mh3LJsrB5ii8cSj_B8EMEbJ3dn_rc8q0w3Nlk/s1600/Snort_ids_logo.png" /></a><br />
<div style="text-align: justify;">
<a href="http://www.snort.org/" target="_blank">Snort</a> is an open source network Intrusion Detection and Prevention System (IDS/IPS). It performs detection and analysis of network traffic moving across your network in much greater detail than your firewall. Similar to anti-virus engine, IDS and IPS tools analyze traffic and compare each packet to a database of known attack profiles.</div>
 IDS tools alert your IT staff that an attack has occurred; IPS tools go a step further and automatically block the harmful traffic. It takes major role in most company security architectures.<br />
<h3>
OpenVAS</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXKpoeHC95ZyP9jXDOmBeyx1MhmG0e6i_32XMDEFrVaBs9yUoiuKBRaDvMj0gzWDsXyUCdjV6ix_wKG2xAS-OQH9s-TMCHAF1M2D0X3UUYSAGYjZqWb-1nLKDihAkFa3wShFGGJJXQNJc/s1600/openvas_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="121" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXKpoeHC95ZyP9jXDOmBeyx1MhmG0e6i_32XMDEFrVaBs9yUoiuKBRaDvMj0gzWDsXyUCdjV6ix_wKG2xAS-OQH9s-TMCHAF1M2D0X3UUYSAGYjZqWb-1nLKDihAkFa3wShFGGJJXQNJc/s1600/openvas_logo.png" width="320" /></a><br />
Open Vulnerability Assessment System (<a href="http://www.openvas.org/" target="_blank">OpenVAS</a>) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and management system.<br />
 It’s an alternative system to Nessus.<br />
Vulnerability management is a security practice designed to proactively prevent the exploitation of vulnerabilities that exist within organization. Vulnerability management alone does not fix vulnerabilities. Patch and configuration management and antivirus software to block or eliminate identified malware.<br />
<h3>
Backtrack</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqB0lTCtIiC-ffKz9hp_wNb-aV2euzaem1UHmX0m9fuuzyjRmdYj3x37RVBbgDrYXc7W1sDFOv7eHW_WOrbgtoJwS1TTIyFuE43fRwfuUG_Ikzx44S5RrZA8aisEtwGLch88LIJXXfLss/s1600/Backtrack_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqB0lTCtIiC-ffKz9hp_wNb-aV2euzaem1UHmX0m9fuuzyjRmdYj3x37RVBbgDrYXc7W1sDFOv7eHW_WOrbgtoJwS1TTIyFuE43fRwfuUG_Ikzx44S5RrZA8aisEtwGLch88LIJXXfLss/s1600/Backtrack_logo.png" width="200" /></a><br />
<a href="http://www.backtrack-linux.org/" target="_blank">Backtrack</a> is a well-known Linux based security distribution used for penetration testing. It’s a one stop solution for security professionals and includes more than 300 open source security tools. The tools are neatly categorized into different areas.<br />
<br />
<h3>
OSSIM</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr8YeG9WANBoetPKGyQyjTYHqTZF4wIi8lF9Q_rrR1p0p5XCo-4_MgEWcza7qHnZZK6eE1d_jQH2o_celdnbfhwPoecEQrlpyfRsqcgh-ViVwvdinKJFrWFLoGq7MvQhR63RZ9ebv0cJ8/s1600/AlienVault_OSSIM_Software_Logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="89" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr8YeG9WANBoetPKGyQyjTYHqTZF4wIi8lF9Q_rrR1p0p5XCo-4_MgEWcza7qHnZZK6eE1d_jQH2o_celdnbfhwPoecEQrlpyfRsqcgh-ViVwvdinKJFrWFLoGq7MvQhR63RZ9ebv0cJ8/s1600/AlienVault_OSSIM_Software_Logo.png" width="200" /></a><br />
<div style="text-align: justify;">
Open Source Security Information Management (<a href="http://sourceforge.net/projects/os-sim/">OSSIM</a>) provides a Security Information and Event Management (SIEM) solution. It is a one-stop solution and integrated the open source software’s NTOP, Mrtg, Snort, OpenVAS, and Nmap. OSSIM is a cost effective solution in the area of monitoring network health and security of network/hosts compared to other propriety products.</div>
Perimeter security<br />
Perimeter is the area where your network ends and the Internet begins. The perimeter consists of one or more firewalls to protect your network. The following is one of tool that provides perimeter security:<br />
<h3>
IPCop</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrbKVr5yI9X1N92SJpfEFVyGtbvO_fRDq1s86PdKjb_iXaCfVe_rvirk3iXcr66CMqjDPxjHmSGpZ_wsSJH8y2nAoRi5GCkC1Y0qK3dO3_vDCaRVEx2Xgc0FSqGVvpv0X9SlKGs6_9hh0/s1600/IPCOP.gif" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="64" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrbKVr5yI9X1N92SJpfEFVyGtbvO_fRDq1s86PdKjb_iXaCfVe_rvirk3iXcr66CMqjDPxjHmSGpZ_wsSJH8y2nAoRi5GCkC1Y0qK3dO3_vDCaRVEx2Xgc0FSqGVvpv0X9SlKGs6_9hh0/s1600/IPCOP.gif" width="320" /></a><br />
<div style="text-align: justify;">
<a href="http://www.ipcop.org/" target="_blank">IPCop</a> is a Linux based firewall distribution and it’s configured and made ready to protect your network. It can be run on a standalone machine or deployed at edge network i.e. </div>
behind ISP network. IPCop also offers DHCP server, DNS server, Proxy server and Intrusion Detection functionalities.</div>

Hacking Tools IPCop Open Source Open VAS OWASP Snort Top 10 Open Source security tools

The layered-security approach centers on maintaining appropriate security measures and procedures at five different levels within your IT environment: Data, Application, Host, Network and Perimeter. Implementing securit…

How to detect a hacker attack

2/21/2014 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVO9MiHoA2BShqxOQ9TrA8TP83EYUyW5W2GSitvqe6PpbI-Alo8Qs4ReMfq3R4iUKT5Aqrs_lHPjUw8w_fxxC-6sxFEfh5z85DI_ORvpfXpqgWcpl8FLjfB_1E03NPqlidDsNzozyzfgJf/s1600/Hackers-attack.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Detect a hacker attack" border="0" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVO9MiHoA2BShqxOQ9TrA8TP83EYUyW5W2GSitvqe6PpbI-Alo8Qs4ReMfq3R4iUKT5Aqrs_lHPjUw8w_fxxC-6sxFEfh5z85DI_ORvpfXpqgWcpl8FLjfB_1E03NPqlidDsNzozyzfgJf/s1600/Hackers-attack.jpg" title="How to detect a hacker attack" width="400" /></a></div>
<br />
Most computer <a href="http://rahlabs.blogspot.in/search/label/Vulnerability" target="_blank">vulnerabilities</a> can be exploited in a variety of ways. Hacker attacks may use a single specific <a href="http://rahlabs.blogspot.in/search/label/Exploit" target="_blank">exploit</a>, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.

Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.
<br />
<h3>
Windows machines:</h3>
<ul>
<li><i>Suspiciously high outgoing network traffic</i>. If you are on a dial-up account or using <b>ADSL</b> and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.</li>
<li><i>Increased disk activity</i> or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.</li>
<li><i>Large number of packets which come from a single address</i> being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.</li>
<li>Your resident antivirus suddenly starts reporting that <i>backdoors or trojans</i> have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.</li>
</ul>
<h3>
Unix machines:</h3>
<ul>
<li><i>Suspiciously named files</i> in the <span class="system pop">/tmp folder</span>. Many exploits in the Unix world rely on creating temporary files in the <span class="system pop">/tmp</span> standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the <span class="system pop">/tmp</span> folder and use it as 'home'.</li>
<li><i>Modified system binaries</i> such as '<span class="system pop">login</span>', '<span class="system pop">telnet</span>', '<span class="system pop">ftp</span>', '<span class="system pop">finger</span>' or more complex daemons, '<span class="system pop">sshd</span>', '<span class="system pop">ftpd</span>' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.</li>
<li>Modified <span class="system pop">/etc/passwd</span>, <span class="system pop">/etc/shadow</span>, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.</li>
<li><i>Suspicious services</i> added to <span class="system pop">/etc/services</span>. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying <span class="system pop">/etc/services</span> as well as <span class="system pop">/etc/ined.conf</span>. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port. </li>
</ul>
<a href="http://securelist.com/">Source</a>
</div>

Hacking Hacking Tutorials Intrusion Detection Tutorials How to detect a hacker attack

Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a back…

Ubuntu 13.10 Kernel Exploit

2/21/2014 rahlabs 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUzKdvFGwYsPPLYutyQUQA5WqqWeneoTubm7ajR6GHLDx2fDjpWtdMVFfw0r0IiaoPWwrL18QXYDrLJuXY86Q4DupDSK1fXUR1wIh8RHJRib4C0e5B1JejWU7kH-8PG786QANPh5yxS8Xt/s1600/ubuntu+kernel+exploit.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Ubuntu 13.10 Kernel Exploit" border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUzKdvFGwYsPPLYutyQUQA5WqqWeneoTubm7ajR6GHLDx2fDjpWtdMVFfw0r0IiaoPWwrL18QXYDrLJuXY86Q4DupDSK1fXUR1wIh8RHJRib4C0e5B1JejWU7kH-8PG786QANPh5yxS8Xt/s1600/ubuntu+kernel+exploit.jpg" title="Ubuntu 13.10 Kernel Exploit" width="400" /></a></div>
<br />
A security issue affects Ubuntu 13.10 releases of Ubuntu and its derivatives<br />
<b>Saran Neti</b> reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (<div class="highlight pop">CVE-2013-4563</div>)<br />
<b>Mathy Vanhoef</b> discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing attack.  (<div class="highlight pop">CVE-2013-4579</div>
)<br />
<b>Andrew Honig</b> reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (<div class="highlight pop">CVE-2013-4587</div>) Various other issues were also addressed.<br />
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (<div class="highlight pop">CVE-2013-6367</div>)<br />
Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash).<br />
Source:<a href="http://www.ubuntu.com/usn/usn-2117-1/" target="_blank">Ubuntu</a> </div>

Exploit Hacking Kernel Linux News OS Ubuntu Vulnerability Ubuntu 13.10 Kernel Exploit

A security issue affects Ubuntu 13.10 releases of Ubuntu and its derivatives Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause…

Google is monitoring Wikipedia

2/20/2014 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgknqOI-N3IeaHx9v-_fDQLy5XS6Ba0Q1Nl77Izt2_JPJb2DXY89OgVyB0c-l8hvxfzz-Zj4B-WZqqkbgJv7rkqEaUDyIgFKsoumHsv_gBNZz-XRbHooZq8rxRo2nWmZlGdw65xZjhnKRIj/s1600/google+monitoring+wikipedia.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img alt="Google is monitoring Wikipedia" border="0" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgknqOI-N3IeaHx9v-_fDQLy5XS6Ba0Q1Nl77Izt2_JPJb2DXY89OgVyB0c-l8hvxfzz-Zj4B-WZqqkbgJv7rkqEaUDyIgFKsoumHsv_gBNZz-XRbHooZq8rxRo2nWmZlGdw65xZjhnKRIj/s1600/google+monitoring+wikipedia.jpg" title="Google is monitoring Wikipedia" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><br /></td></tr>
</tbody></table>
<br />
Thomas Steiner, a Customer Solutions Engineer at <a href="http://rahlabs.blogspot.in/search/label/Google" target="_blank">Google</a> Germany GmbH, Hamburg has created an application that shows in a very clear way, how much of Wikipedia entries are being created or edited by <a href="http://rahlabs.blogspot.in/search/label/Bots" target="_blank">bots</a>, versus humans. He's also written a paper describing his efforts and posted it on the preprint server arXiv.<br />
Many people may not realize it, but some of the information appearing on Wikipedia is put there by bots, rather than human beings. This is because Wikipedia has grown too large to be managed by people alone, especially when noting it's still mostly a volunteer effort.<br />
To keep entries coming and to keep them updated, bots have been created—they grab information from one place and post them into another, thus, they're not actually writers or composer, they're more like auditors updating files automatically. Also, many people may not know that the folks at Wikipedia have also created another information repository—Wikidata—it's a database whose sole purpose is to share data amongst the difference language versions of Wikipedia. If a user in the U.S. enters information about the results of the New York Marathon into a Wiki entry, for example, that data can be automatically ported to Wikidata, where other bots can retrieve it, convert it to the pertinent language and post it to another language version of Wikipedia—all rather seamlessly to readers.<br />
Because of all the automation, some have begun to wonder what portion of Wiki pages are generated by humans versus bots. That's where Steiner comes in—he's written an application that can be <a href="http://wikipedia-edits.herokuapp.com/" target="_blank"><b>accessed and used</b></a> by anyone to see—in real time—what percentage of pages are being written by humans, versus bots.<br />
The application also allows for noting other aspects of Wikipedia—a quick glance, for example reveals that bots are doing a lot more of the work adding information to pages in non-English speaking countries, which suggests that the majority of Wikipedia content is still being created by real human beings in the U.S. and the U.K. The application also monitors activity on Wikidata, for those who are interested and also displays the data for both in a way that shows which bots are most active.<br />
Steiner has also published the code for the application, making it open source. That should allow those who are interested in the murky world of bots to gain an insider's perspective, and perhaps, to add to the applications utility.<br />
<br />
<b>More information:</b> Bots vs. Wikipedians, Anons vs. Logged-Ins, arXiv:1402.0412 [cs.DL] <a href="http://arxiv.org/abs/1402.0412">arxiv.org/abs/1402.0412</a><br />
Abstract <br />
Wikipedia is a global crowdsourced encyclopedia that at time of writing is available in 287 languages. Wikidata is a likewise global crowdsourced knowledge base that provides shared facts to be used by Wikipedias. In the context of this research, we have developed an application and an underlying Application Programming Interface (API) capable of monitoring realtime edit activity of all language versions of Wikipedia and Wikidata. This application allows us to easily analyze edits in order to answer questions such as "Bots vs. Wikipedians, who edits more?", "Which is the most anonymously edited Wikipedia?", or "Who are the bots and what do they edit?". To the best of our knowledge, this is the first time such an analysis could be done in realtime for Wikidata and for really all Wikipedias—large and small. Our application is available publicly online at the URL this http URL, its code has been open-sourced under the Apache 2.0 license.<br />
Source: <a href="http://phys.org/" target="_blank">Phys</a></div>

Google News Wikipedia Google is monitoring Wikipedia

Thomas Steiner, a Customer Solutions Engineer at Google Germany GmbH, Hamburg has created an application that shows in a very clear way, how much of Wikipedia entries are being created or edited by bots, versus humans. …

Millions of Vulnerable Android Devices Exposed

2/20/2014 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFSeEUslTWF_FPNY8QRBlfYEWBqI3biHqeSj8sY52EGYd6y7xYKq2qTAzeIEUBBAM1fokSkJ_1dfEr8f7heqeuU0xtODAX1sGX-WoyyxPpsmsG7WFodo7p8TrPe1jk8rYPDN_qgnBENcAs/s1600/android-malware.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFSeEUslTWF_FPNY8QRBlfYEWBqI3biHqeSj8sY52EGYd6y7xYKq2qTAzeIEUBBAM1fokSkJ_1dfEr8f7heqeuU0xtODAX1sGX-WoyyxPpsmsG7WFodo7p8TrPe1jk8rYPDN_qgnBENcAs/s1600/android-malware.jpg" width="400" /></a></div>
<br />
Android devices prior to version 4.2.1 of the operating system—70 percent of the phones and tablets in circulation—have been vulnerable to a serious and simple remote code execution vulnerability in the Android browser for more than 93 weeks.<br /><br />Metasploit recently added an exploit module that targets the vulnerability, which was patched in 4.2.2 released one year ago. However, with carriers and device makers reticent to be quick with updates and security patches, close to three-quarters of the Android user base is at risk for attack. For some perspective, Android Central reports that KitKat, the latest version of Android, has yet to hit 2 percent adoption.<br /><br />“I did a quick survey of the phones available today on the no-contract rack at a couple big-box stores, and every one that I saw were vulnerable out of the box,” said Rapid7 senior manager of engineering Tod Beardsley. “And yes, that’s here in the U.S., not some far-away place like Moscow, Russia.”<br /><br />The exploit module, built by contributors Joe Vennix and Joshua Drake, could enable access to the device camera, location data, information stored on a SD card and even the user’s address book. Drake said he was recently able to get code execution on Google Glass using the exploit.<br /><br />The attack exploits a vulnerability that was <a href="http://50.56.33.56/blog/?p=314" target="_blank">disclosed</a> in December 2012. The problem lies with the addJavascriptInterface in WebView. Applications are able to inject Java objects into WebView, including malicious JavaScript which can cause unwanted behavior such as sending expensive SMS messages to premium numbers or giving attackers access to data on the phone. JavaScript can also get around browser security controls, said researcher Neil Bergman, a security consultant who disclosed the vulnerability.<br /><br />Rapid7 said an attacker would need to be man-in-the-middle on a device in order to exploit it, something its new exploit module simplifies. The company demonstrates the exploit in a <a href="https://community.rapid7.com/community/metasploit/blog/2014/02/13/weekly-metasploit-update" target="_blank">video</a>, which is triggered in this case by a malicious QR code the victim scans with their Android smartphone and opens a command shell for the attacker.<br /><br />The best mitigation is to update Android to 4.2.2 or higher, but that isn’t always feasible for users. Device manufacturers and carriers control when updates are rolled out, despite the fact that Google is generally prompt with patches and updates.<br /><br />The carriers and manufacturers have been under fire from privacy and security experts and even the U.S. Federal Trade Commission. Last April, the American Civil Liberties Union asked the FTC to investigate four major carriers, accusing them of deceptive business practices and knowingly selling defective phones to consumers that are shy on security updates and patches. The ACLU requested that the FTC force carriers to warn customers about unpatched vulnerabilities, allow customers with vulnerable phones to escape their contracts without early termination penalties, and provide that customers may exchange at no cost their phones for another that receives regular security updates, or return the phone for a full refund.<br /><br />Last February, the FTC reached a damning settlement with device makers HTC America. The FTC forced HTC to enact expensive security enhancements that included regular security patches for Android devices, establish a security program that focuses on developer security, and submit to security assessments.</div>

Android Malwares Metasploit Vulnerability Millions of Vulnerable Android Devices Exposed

Android devices prior to version 4.2.1 of the operating system—70 percent of the phones and tablets in circulation—have been vulnerable to a serious and simple remote code execution vulnerability in the Android browser …