Cisco offers $300k for security solutions

3/04/2014 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhashm6UT7AhyoNKmAs8M88GEusoYGA41n4_tQ_Z5XtJIcSX8qJCHp8jyUYXKcGsFyJ7YOT-EnaMXcd6sGZ_GHk2Ht-GW61_SYb8anWDElQT_P2jVI_XAWW7qjDsNBXt1fEEfsCiOcSpbkp/s1600/Cisco.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Cisco offers $300k for IoT security solutions" border="0" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhashm6UT7AhyoNKmAs8M88GEusoYGA41n4_tQ_Z5XtJIcSX8qJCHp8jyUYXKcGsFyJ7YOT-EnaMXcd6sGZ_GHk2Ht-GW61_SYb8anWDElQT_P2jVI_XAWW7qjDsNBXt1fEEfsCiOcSpbkp/s1600/Cisco.jpg" title="Cisco offers $300k for IoT security solutions" width="400" /></a></div>
<br />
Cisco has launched a new competition and is calling on "visionaries, innovators, and implementers" to propose practical solutions for issues affecting security of the Internet of Things.<br />
"We’re connecting more of our world every day through smart, IP-enabled devices ranging from home appliances, healthcare devices, and industrial equipment. These new connected devices are offering new ways to share information and are changing the way we live," says Christopher Young, senior VP for the security group at <a href="http://www.hackerschronicle.com/search/label/Cisco">Cisco</a>.<br />
"Yet, as our connected lives grow and become richer, the need for a new security model becomes even more critical. It requires that we work together as a community to find innovative solutions to make sure that the IoT securely fulfills its potential and preserves the convenience that it represents."<br />
Young announced the Challenge last week in his keynote address at the <a href="http://www.net-security.org/event/rsaconference2014" target="_blank">RSA Conference</a>, and has offered more details in a <a href="http://blogs.cisco.com/security/join-the-challenge-secure-the-internet-of-things/" target="_blank">blog post</a>. <br />
<a href="http://www.ninesights.com/community/cisco" target="_blank">The Internet of Things Security Grand Challenge</a> has a prize pot of $300,000 - a maximum of 6 winners will receive awards from $50,000 to $75,000. Also good to know that all participants will have an opportunity for additional collaboration with Cisco beyond the challenge.<br />
The proposals' feasibility, scalability, performance, and ease of use will be assessed by an evaluation panel consisting of five Cisco engineers and scientists, including Dave Evans, the company's Chief Futurist.<br />
The deadline for submissions is June 17, 2014, and the winners will announced and their solutions showcased at the Internet of Things World Forum this fall.
</div>

Cisco has launched a new competition and is calling on "visionaries, innovators, and implementers" to propose practical soluti...

Tor develops its own anonymous Messenger

3/02/2014 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJzH6v0uRoXN15MFZggZepo4zm0mGk5KG2yYIm9aTnP-lqdVTdn1IeqQ1fZsKJmMhCI1QaUcm8uN7BdJRqZKzobT5SY2tsYHlErxF3srXaNBWJkJSrYUoVqSwh7nXPJ8lO4azOoLx6L9Do/s1600/TOR-Messenger.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="The Instantbird IM tool will be the basis of the Tor Project's new anonymizing IM client." border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJzH6v0uRoXN15MFZggZepo4zm0mGk5KG2yYIm9aTnP-lqdVTdn1IeqQ1fZsKJmMhCI1QaUcm8uN7BdJRqZKzobT5SY2tsYHlErxF3srXaNBWJkJSrYUoVqSwh7nXPJ8lO4azOoLx6L9Do/s1600/TOR-Messenger.jpg" title="Service will force instant message traffic over Tor's network to evade surveillance." width="640" /></a></div>
<br />
The Tor Foundation is moving forward with a plan to provide its own instant messaging service. Called the Tor Instant Messaging Bundle, the tool will allow people to communicate in real time while preserving anonymity by using chat servers concealed within Tor’s hidden network.<br />
In planning since last July—as news of the National Security Agency’s broad surveillance of instant messaging traffic emerged—the Tor Instant Messaging Bundle (TIMB) should be available in experimental builds by the end of March, based on a <a href="https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting/notes/RoadmapTIMB" target="_blank">roadmap</a> published in conjunction with the <a href="https://trac.torproject.org/projects/tor/wiki/org/meetings/2014WinterDevMeeting" target="_blank">Tor Project’s Winter Dev meeting in Iceland</a>.<br />
TIMB will connect to instant messaging servers configured as Tor “hidden services” as well as to commercial IM services on the open Internet.<br />
The effort, which is funded by an <a href="https://trac.torproject.org/projects/tor/wiki/org/sponsors/SponsorO" target="_blank">anonymous donor organization</a>, was originally called <a href="https://trac.torproject.org/projects/tor/wiki/org/sponsors/Otter/Attentive/Plan" target="_blank">Attentive Otter</a>. To ensure the anonymity of the user, TIMB will force all instant messaging traffic through the Tor network, regardless of whether it’s aimed at a server on the Tor network or not. TIMB will be based on <a href="http://www.instantbird.org/" target="_blank">Instantbird</a>, an open source instant messaging tool which is itself based on <a href="http://www.hackerschronicle.com/search/label/Mozilla" target="_blank">Mozilla’s</a> <a href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/XULRunner" target="_blank">XULrunner</a> cross-platform runtime environment.<br />
Instantbird was chosen after the TIMB team decided against using Pidgin or <a href="https://developer.pidgin.im/wiki/WhatIsLibpurple" target="_blank">libpurple</a>, the GPL open-source instant messaging library used by Pidgin and Adium, mostly because of the amount of effort that would have been required to audit and maintain the library, and also because of <a href="https://lists.torproject.org/pipermail/tor-dev/2013-October/005544.html" target="_blank">some concerns about how seriously Pidgin’s developers took security concerns</a>. The TIMB project will remove libpurple from Instantbird, a task that the Mozilla and Instantbird team were already working toward as they move the software to a pure JavaScript implementation.<br />
The first experimental release of TIMB won’t include “<a href="https://otr.cypherpunks.ca/" target="_blank">off the record” (OTR) capability</a>. OTR mode encrypts traffic further and uses an exchange of digital signatures to verify the identity of each party. But the signatures can’t be checked by anyone outside the instant messaging session and can’t be used to prove identity outside the session. The Tor team is hoping to develop OTR components for Instantbird and get them merged into future versions of the main Instantbird code line.</div>

Anonymous Mozilla News Tor Tor Instant Messager Tor develops its own anonymous Messenger

The Tor Foundation is moving forward with a plan to provide its own instant messaging service. Called the Tor Instant Messaging Bundle, ...

Cross-Site Request Forgery(CSRF) Vulnerability in HP Service Manager

2/26/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi95cNED1sSP_JKoftxfkj3UFWlO-Cx3ZuqmFFSzczDImVpij9pBh6opd4ZHStF1joHDuiQKa32dyXmUrABdEatbMYD0sAy0KB_TikKCbdZ7edATNhww8oqB6DAxfIQ2lHShhWF2BDUSi4/s1600/hp+csrf.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Cross-Site Request Forgery(CSRF)  in HP (Hewlett-Packard)" border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi95cNED1sSP_JKoftxfkj3UFWlO-Cx3ZuqmFFSzczDImVpij9pBh6opd4ZHStF1joHDuiQKa32dyXmUrABdEatbMYD0sAy0KB_TikKCbdZ7edATNhww8oqB6DAxfIQ2lHShhWF2BDUSi4/s1600/hp+csrf.jpg" title="Cross-Site Request Forgery(CSRF)  in HP (Hewlett-Packard)" width="400" /></a></div>
<br />
Potential security vulnerabilities have been identified with <a href="http://www.hp.com/" rel="nofollow" target="_blank">HP</a> Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (<a href="http://www.hackerschronicle.com/search/label/XSS" target="_blank">XSS</a>), Cross-Site Request Forgery (<a href="http://www.hackerschronicle.com/search/label/CSRF" target="_blank">CSRF</a>), Denial of Service (<a href="http://www.hackerschronicle.com/search/label/DoS" target="_blank">DoS</a>), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues.<br />
<br />
<h3>
Effected Software Versions</h3>
HP Service Manager<br />
<ul>
<li>v9.30</li>
<li>v9.31</li>
<li>v9.32</li>
<li>v9.33</li>
</ul>
<h3>
Solution</h3>
HP has made the following software updates available to resolve the vulnerabilities.<br />
<ul>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00507" target="_blank">AIX Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00508">HP Itanium Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00509">Linux Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00510">Solaris Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00511" target="_blank">Windows Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00512" target="_blank">Web Tier 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00513" target="_blank">Windows Client 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00514" target="_blank">Windows Client Configuration 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00515" target="_blank">Mobility 9.33.0006</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00516" target="_blank">Applications 9.33.0035</a></li>
</ul>
<h3>
Technical Details</h3>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493" target="_blank">CVE-2013-1493</a> - Oracle Java JRE 1.7 Remote Execution of Arbitrary Code and Denial of Service (DoS)</li>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067" target="_blank">CVE-2013-2067</a> - Apache Tomcat Authentication Issues</li>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6202" target="_blank">CVE-2013-6202</a> - Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information</li>
</ul>
Source: <a href="http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04117626&ac.admitted=1393402317326.876444892.492883150" target="_blank">HP</a></div>

CSRF HP Vulnerability Cross-Site Request Forgery(CSRF) Vulnerability in HP Service Manager

Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited result...

Install & Configure HAProxy on CentOS for Load Balancing

2/26/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-FGNaqO7JgyS87FGY56QxtTA8qdmKBwQSWxPMrPCdX6vxOB-BXyHJAzspbQa4_ib24af1BxbdJY7NKrJ43WK6p5TDFPRTcG8XzmcwQofSSs95dokh9FtpbUKIukxzlt_Dxi0ae3cnGrA/s1600/installing-haproxy-on-centos.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Installing HAProxy on CentOS for Load Balancing" border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-FGNaqO7JgyS87FGY56QxtTA8qdmKBwQSWxPMrPCdX6vxOB-BXyHJAzspbQa4_ib24af1BxbdJY7NKrJ43WK6p5TDFPRTcG8XzmcwQofSSs95dokh9FtpbUKIukxzlt_Dxi0ae3cnGrA/s1600/installing-haproxy-on-centos.png" title="Installing HAProxy on CentOS for Load Balancing" width="320" /></a></div>
<br />
HAproxy is open source proxy that can be used to enable <a href="http://en.wikipedia.org/wiki/High_availability">high availability</a> and <a href="http://en.wikipedia.org/wiki/Load_balancing_(computing)">load balancing</a> for web applications. It was designed especially for high load projects so it is very fast and predictable, HAProxy is based on single-process model.<br />
<br />
<div style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA5j4GnrTrI8gUBenIJIvo5wtPO1FwxsLGHQo-XFNyKTk41I7c3BuMI3Sq7_begyT0pIfOTO9rqsVU77YMOZDepziJvEN34rvTERZJhas11TTLWzXlFCwsGOok5EnvjbJpMoIBohezUmM/s1600/HAProxy-logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="Installing HAProxy on CentOS for Load Balancing" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA5j4GnrTrI8gUBenIJIvo5wtPO1FwxsLGHQo-XFNyKTk41I7c3BuMI3Sq7_begyT0pIfOTO9rqsVU77YMOZDepziJvEN34rvTERZJhas11TTLWzXlFCwsGOok5EnvjbJpMoIBohezUmM/s1600/HAProxy-logo.png" title="Installing HAProxy on CentOS for Load Balancing" /></a></div>
In this post I’ll describe sample setup of HAProxy: users’ requests are load balanced between two web servers <strong>Web1</strong> and <strong>Web2</strong>, if one of them goes down then all the request are processed by alive server, once dead servers recovers load balancing enables again. See topology to the right.<br />
<h3>
Installation</h3>
<br />
HAProxy is included into repositories for major Linux distributions, so if you’re using <a href="http://www.hackerschronicle.com/search/label/Centos">Centos</a>, <a href="http://www.hackerschronicle.com/search/label/Redhat">Redhat</a> or <a href="http://www.hackerschronicle.com/search/label/Fedora">Fedora</a> type the following command:<br />
<br />
<div class="command wobble-horizontal">
#yum install haproxy</div>
<br />
<br />
If you’re Ubuntu, Debian or Linux Mint user use this one instead:<br />
<br />
<div class="command wobble-horizontal">
#apt-get install haproxy</div>
<h3>
Configuration</h3>
<br />
As soon as HAProxy is installed it’s time to edit its configuration file, usually it’s placed in <span class="highlight system pop">/etc/haproxy/haproxy.cfg</span>.<br />
Official documentation for HAProxy 1.4 (stable) is <a href="http://haproxy.1wt.eu/download/1.4/doc/configuration.txt">here</a>.<br />
<br />
Here is configuration file to implement setup shown at the diagram and described above:<br />
<div class="content shadow-radial">
global<br />
user daemon<br />
group daemon<br />
daemon<br />
log 127.0.0.1 daemon<br />
<br />
listen http<br />
bind 1.2.3.4:80<br />
mode http<br />
option tcplog<br />
<br />
log global<br />
option dontlognull<br />
<br />
balance roundrobin<br />
clitimeout 60000<br />
srvtimeout 60000<br />
contimeout 5000<br />
retries 3<br />
server web1 web1.hackerschronicle.com:80 check<br />
server web2 web2.hackerschronicle.com:80 check<br />
cookie web1 insert nocache<br />
cookie web2 insert nocache</div>
<br />
<br />
Let’s stop on most important parts of this configuration file. Section <strong>global</strong> specifies user and group which will be used to run haproxy process (<strong>daemon</strong> in our example). Line <strong>daemon</strong> tells HAProxy to run in background, <strong>log 127.0.0.1 daemon</strong> specifies syslog facility for sending logs from HAProxy.<br />
<br />
Section <strong>listen http</strong> contains line <strong>bind 1.2.3.4:80</strong> that specifies IP address and port that will be used to accept users’ requests (they will be load balanced between Web1 and Web2). Line <strong>mode http</strong> means that HAProxy will filter all requests different from HTTP and will do load balancing over HTTP protocol.<br />
<br />
Line <strong>balance roundrobin</strong> specifies load balancing algorithm according to which each web server (Web1 and Web2) will be used in turns according to their weights. In our example weights for both servers are the same so load balancing is fair.<br />
<br />
Lines <strong>server web1</strong> … and <strong>server web2</strong> … specify web servers for load balancing and failover, in our case they are load balanced according to round robin algorithm and have the same priority/weight.<br />
<br />
The last two lines in configuration files are optional, they makes it possible to preserve cookies, it means for example that if you logged in to web application hosted at Web1 and then HAProxy forwarded your next request to Web2 you will still have logged in session opened as cookies with session id from Web1 will be sent to you from Web2 as well.</div>
<h3>
Start HAProxy Service</h3>
<div class="command wobble-horizontal">
# service haproxy start<br />
# chkconfig haproxy on</div>
<br />
<br />
<strong>Congratulation’s!</strong> you have successfully configured HAProxy load balancer. Read next article to <a href="http://www.hackerschronicle.com/search/label/HAProxy">enable haproxy stats</a> and <a href="http://www.hackerschronicle.com/search/label/HAProxy">setup ACL in HAProxy</a>.</div>

Centos HAProxy Linux Tutorials Load Balancing Tutorials Install & Configure HAProxy on CentOS for Load Balancing

HAproxy is open source proxy that can be used to enable high availability and load balancing for web applications. It was designed es...

Remote Code Execution Vulnerability in Adobe Flash Player

2/24/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxDu6dlxotmtqUKRXqJ1hEft2l0sZCmBKrCleKtNKvkF2ge1HONG_i0F9odi6uhH9vrBooZCBQoV1531Fy79_tU_Jfydvx5UaDv4wHPsSO0iGuwVOBZLDJ_p-L13HlWaPZb1h64aMzfmc/s1600/adobe-flash-remote-code-execution.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Remote Code Execution Vulnerability in Adobe Flash Player" border="0" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxDu6dlxotmtqUKRXqJ1hEft2l0sZCmBKrCleKtNKvkF2ge1HONG_i0F9odi6uhH9vrBooZCBQoV1531Fy79_tU_Jfydvx5UaDv4wHPsSO0iGuwVOBZLDJ_p-L13HlWaPZb1h64aMzfmc/s1600/adobe-flash-remote-code-execution.png" title="Remote Code Execution Vulnerability in Adobe Flash Player" width="400" /></a></div>
<br />
A <a href="http://www.hackerschronicle.com/search/label/Remote%10Code%20Execution">remote code execution</a> <a href="http://www.hackerschronicle.com/search/label/Vulnerability">vulnerability</a> has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful <a href="http://www.hackerschronicle.com/search/label/Exploit">exploitation</a> would allow an attacker to take complete control of the affected system.<br />
<strong>CVE number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0498">CVE-2014-0498</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0499">CVE-2014-0499</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502">CVE-2014-0502</a><br />
<br />
<h3>
Vulnerable Versions</h3>
Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh <br />
Flash Player 11.2.202.336 and earlier for Linux <br />
Flash Player 12.0.0.44 and earlier for Chrome (Windows, Macintosh and Linux) <br />
Flash Player 12.0.0.44 and earlier in Internet Explorer 10 for Windows 8.0 <br />
Flash Player 12.0.0.44 and earlier in Internet Explorer 11 for Windows 8.1 <br />
AIR 4.0.0.1390 and earlier for Android <br />
AIR 4.0.0.1390 SDK & Compiler <br />
AIR 4.0.0.1390 SDK<br />
<br />
<h3>
Solution</h3>
Adobe recommends users update their software installations by following the instructions below:<br />
<ul>
<li>Adobe recommends users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh update to the newest version 12.0.0.70 by downloading it from the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.</li>
<li>Adobe recommends users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux update to Adobe Flash Player 11.2.202.341 by downloading it from the Adobe Flash Player Download Center.</li>
<li>For users of Flash Player 11.7.700.261 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 12.0.0.44, Adobe has made available the update Flash Player 11.7.700.269, which can be downloaded here.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Macintosh and Linux.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.</li>
<li>Users of the Adobe AIR 4.0.0.1390 SDK should update to the Adobe AIR 4.0.0.1628 SDK.</li>
<li>Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1680 SDK & Compiler.</li>
<li>Users of the Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628 by browsing to Google play on an Android device.</li>
</ul>
</div>

Adobe Hacking Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Adobe Flash Player

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition whe...

EC-Council Hacked 2014

2/23/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVpEVrcUO4OpsfbflvKpSEgGK_TfXw369QEYatc34ZeHtYxH9BoKTtHIpphafIpFTehtCaw0xU3ZJ2GhAwoV-bKU8AXIQtWgJLV1gw5_P98xgQ5ewRcjdfdbJRk7wu4XJt-MMRL8DXLrk/s1600/EC-Council+Hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="EC-Council Hacked 2014" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVpEVrcUO4OpsfbflvKpSEgGK_TfXw369QEYatc34ZeHtYxH9BoKTtHIpphafIpFTehtCaw0xU3ZJ2GhAwoV-bKU8AXIQtWgJLV1gw5_P98xgQ5ewRcjdfdbJRk7wu4XJt-MMRL8DXLrk/s1600/EC-Council+Hacked.png" title="EC-Council Hacked 2014" /></a></div>
<br />
The security company <a href="http://www.eccouncil.org/" rel="nofollow" target="_blank">EC-Council</a> which provides multiple certificates like the Certified Ethical Hacker has been hacked by a hacker that claims to be a 'certified unethical software security professional'. The hacker hacked the EC-Council website and left the Passport of <a href="http://en.wikipedia.org/wiki/Edward_Snowden" target="_blank">Edward Snowden</a>. on the website.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmoj9TLvGRpKDwGRdOQWS_V5ZI__QvNXixk76VLtN2NTLZrLS0M_FI_8QaG1X8W_CCHMj1TYawSolQSoOod12JpDBqL20Wj0oPJz3KFlAmHcA07d79wvkU2qdgfESIRCZT2Wb6E6YYYHY/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="EC-Council Hacked 2014" border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmoj9TLvGRpKDwGRdOQWS_V5ZI__QvNXixk76VLtN2NTLZrLS0M_FI_8QaG1X8W_CCHMj1TYawSolQSoOod12JpDBqL20Wj0oPJz3KFlAmHcA07d79wvkU2qdgfESIRCZT2Wb6E6YYYHY/s1600/Capture.PNG" title="EC-Council Hacked 2014" width="400" /></a></div>
<br />
As you can see in the image above, the website of EC-Council has been defaced by an hacker. The hacker left the name of 'Eugene Belford' on the website, this refers to the movie 'Hackers'. The hacker also left a copy of Edward Snowden his passport on the Ec-Council website.<br />
<a href="http://www.cyberwarzone.com/" rel="nofollow" target="_blank">Source</a></div>

Defacement EC-Council Hacking News News EC-Council Hacked 2014

The security company EC-Council which provides multiple certificates like the Certified Ethical Hacker has been hacked by a hacker th...

Top 10 Open Source security tools

2/22/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjm-nT14QyLjY-ZaKOLwHBCQzpGFHbLvWYOk6khndJoXJ2AqRP-uEUxw4y6HH7yVbakzAGlHKDE5ivpQWvUZyYfXpKZ3JXC3sooY3Xaxr0CH_fIdCBSYmj5CSYOOPHxYt5JQk2vlRyfE8/s1600/10-open-source-tools.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Top 10 Open Source security tools" border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjm-nT14QyLjY-ZaKOLwHBCQzpGFHbLvWYOk6khndJoXJ2AqRP-uEUxw4y6HH7yVbakzAGlHKDE5ivpQWvUZyYfXpKZ3JXC3sooY3Xaxr0CH_fIdCBSYmj5CSYOOPHxYt5JQk2vlRyfE8/s1600/10-open-source-tools.jpg" title="Top 10 Open Source security tools" width="320" /></a></div>
<br />
The layered-security approach centers on maintaining appropriate security measures and procedures at five different levels within your IT environment: Data, Application, Host, Network and Perimeter. Implementing security at each level is very important to ensure end-to-end security and selecting top 10 tools from large group of open source projects was very difficult as the tool selection vary based on requirements. However I have selected the most popular security tools to provide security at each level. The selection based on feature set, simplicity and active among the community development for enhancing the tools better and better to match current IT standards and requirements.<br />
<br />
<h3>
Data security</h3>
This section covers encryption tools for providing security at the data level. Encrypting data which resides in local system and even when it travels across your network is a recommended best practice because, if all other security measures fail, a strong encryption scheme protects your data.<br />
<br />
The following are some of the tools provide security at the data level:<br />
<h3>
GnuPG</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2s62Oi4AxTp0fPTNhAyzTERJKeDOaipHMfVnkpZlnFdDM2b-1ButZR4De7Hj9EOMle4_Pq4bytMUIFeYX4srTv2cRWDjeqdHjigKFY62sHUclmNFTPVWAMWD0_gjrDQxx7res5wC2CFc/s1600/logo-gnupg-light-purple-bg.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em; text-align: center;"><img border="0" height="108" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2s62Oi4AxTp0fPTNhAyzTERJKeDOaipHMfVnkpZlnFdDM2b-1ButZR4De7Hj9EOMle4_Pq4bytMUIFeYX4srTv2cRWDjeqdHjigKFY62sHUclmNFTPVWAMWD0_gjrDQxx7res5wC2CFc/s1600/logo-gnupg-light-purple-bg.png" width="320" /></a><br />
<div style="text-align: justify;">
 GnuPG/GPG (<a href="http://www.gnupg.org/" target="_blank">GNU Privacy Guard</a>) is a GNU project and it’s used for file and email encryption. This project is mainly created to provide an alternative solution to PGP (Pretty Good Privacy) and it complies with OpenPGP standards. GPG is a command line tool and its part of all the major Linux distributions (Fedora, CentOS, openSUSE, Ubuntu).</div>
<br />
<br />
One simple use case: Taking data backup is a common task and most of the time we store the data with un-encrypted format. Using GPG, generate public and private key in your backup server and import the public key to all data servers from where you want to take backup and encrypt it. This way, your backup infrastructure fulfills the IT security policy.<br />
<h3>
Truecrypt</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsI1oStKeFGr7_1jYTqHgECmhdUDiy7XhBTPGkpE0_THQmvVxnWOiBdx3mFMIYr_J07TSRoEy0-_nCzrhPDa5c9VYQa-wAWXM5GI8C0_F8fJxsR-tHndCumHvm_FEh1dpAoMNBXjLe8ZA/s1600/Truecrypt+logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsI1oStKeFGr7_1jYTqHgECmhdUDiy7XhBTPGkpE0_THQmvVxnWOiBdx3mFMIYr_J07TSRoEy0-_nCzrhPDa5c9VYQa-wAWXM5GI8C0_F8fJxsR-tHndCumHvm_FEh1dpAoMNBXjLe8ZA/s1600/Truecrypt+logo.png" /></a><br />
<div style="text-align: justify;">
There are many open source utilities out there for disk level encryption. I have considered <a href="http://www.truecrypt.org/" target="_blank">Truecrypt</a> for disk level encryption. It’s an open-source security tool used for on-the-fly disk encryption. Truecrypt encrypts the data automatically right before it is saved to the disk and decrypts right after it is loaded from the disk, without any user intervention.</div>
Application security<br />
Application security is as important as other levels of security. Now a day’s web presence and web development companies are increasing drastically. Similar way, web vulnerabilities are also increasing and most of the vulnerabilities are discovered after deployment. The main reason for application security threats are as security aspects are not considered during the application design and development.<br />
The following project helps application developer to design and develop secure application.<br />
<h3>
OWASP</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx5SwIbDF5_VHn_S1nRnevh74MSTzqlu1KQgySEwfrxRToKAY_kzT-SozLfbsuKpwi2aYGxDGKX2a7dQpdC3OZ7-fsUllawxN4uAcXUFVh_4wH9T1PrGmZl5psTCvXMf6_K9mO8y3Irm0/s1600/owasp_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx5SwIbDF5_VHn_S1nRnevh74MSTzqlu1KQgySEwfrxRToKAY_kzT-SozLfbsuKpwi2aYGxDGKX2a7dQpdC3OZ7-fsUllawxN4uAcXUFVh_4wH9T1PrGmZl5psTCvXMf6_K9mO8y3Irm0/s1600/owasp_logo.png" width="193" /></a><br />
<br />
<div style="text-align: justify;">
The Open Web Application Security Project (<a href="http://www.owasp.org/" target="_blank">OWASP</a>) is an open-source web application security project and it provides best practices, tools, guidelines, testing procedures and code review steps that software developers, architects and security practioners can follow to design and develop design secure software. OWASP chapters are available all over the world. You can join to the chapter which is local to you and start learning and contributing to the project.</div>
<h3>
Host security</h3>
The host level security protects the individual devices, such as servers, desktops, laptops etc., on the network. The tools which are discussed in this section provide excellent protection at the host level because they are designed to meet specific characteristics of a single device.<br />
The following are some of the tools provide security at the host level:<br />
<h3>
ClamAV</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdLuT59bOxKiflj4YR_ZJhfkGnoYLnHcUWb6He1qGrEBmiGu9GPTrJ7i2me5tM0QppzLEEDQA6p4y52A2iECcapPGbUrq54jZ9RUxneg6i0kpS-V5DhyxUQfWVyF_S7FHNlXgUo9V_N6g/s1600/Clam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdLuT59bOxKiflj4YR_ZJhfkGnoYLnHcUWb6He1qGrEBmiGu9GPTrJ7i2me5tM0QppzLEEDQA6p4y52A2iECcapPGbUrq54jZ9RUxneg6i0kpS-V5DhyxUQfWVyF_S7FHNlXgUo9V_N6g/s1600/Clam.png" width="200" /></a><br />
<div style="text-align: justify;">
Securing the data by encrypting it is not enough to make sure that our data is secure. <a href="http://www.clamav.net/" target="_blank">ClamAV</a> is considered as antivirus engine to scan all our data which is coming from various sources. ClamAV is an open-source antivirus engine which is designed for detecting Trojans, viruses and malwares, to prevent the unauthorized access of the data. It acts as mail gateway scanner, thus scanning all the incoming emails before they are sent to the user mailbox.</div>
<br />
<h3>
OSSEC</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA1qyLOVSwmpBUe_Zt9g-LidLzhtgB6QNBEWWC1QsT2aXkUjhNCJ2p1q2WM7ek77Tc0QUUAX7_l5iFUjOCZimo-RWjHZDhJGPtO74eQXj2dT9PHN6tr8bO5sPQcxQBuO_n4vMJokNO32g/s1600/ossec-hids.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA1qyLOVSwmpBUe_Zt9g-LidLzhtgB6QNBEWWC1QsT2aXkUjhNCJ2p1q2WM7ek77Tc0QUUAX7_l5iFUjOCZimo-RWjHZDhJGPtO74eQXj2dT9PHN6tr8bO5sPQcxQBuO_n4vMJokNO32g/s1600/ossec-hids.png" /></a><br />
OSSEC (<a href="http://www.ossec.net/" target="_blank">Open Source SECurity</a>) is an open source Host based <a href="http://rahlabs.blogspot.in/search/label/Intrusion%20Detection" target="_blank">Intrusion Detection System</a> (HIDS) that provides log monitoring and SIM/SEM solution.<br />
<br />
Most of the banking customers primarily look for compliance requirements such as Payment Card Industry Data Security Standard (PCI DSS), HIPPA etc.  OSSEC helps customers to meet such standards and it helps to integrate with existing infrastructure such as Security Incident Management/Security Event Management (SIM/SEM). Adoption of OSSEC by the IT industry is growing very rapidly.<br />
<br />
The key features of OSSEC,<br />
<br />
<ul>
<li>File integrity checking</li>
<li>Log monitoring</li>
<li>Rootkit detection</li>
<li>Active response</li>
<li>Network security</li>
</ul>
The network level security refers to your internal LAN and WAN. Your network may include desktops, servers, laptops and other devices which are required for internal and external communication. Unlike host level security tools, the network security tools are extended to communicate with the hosts connected to the network and provides consolidated vulnerable information.<br />
The following are some of the tools provide security at the network level:<br />
<h3>
Snort</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBPehn75NvkTIq_iKBk8VLxHFh82bndEAo6eHS10xKLFrF7cyRh3n275STR1qJObUiCkEvBDWkZzafFHOTBWIGBlkpZrwnYfqc5O_QV1Mh3LJsrB5ii8cSj_B8EMEbJ3dn_rc8q0w3Nlk/s1600/Snort_ids_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBPehn75NvkTIq_iKBk8VLxHFh82bndEAo6eHS10xKLFrF7cyRh3n275STR1qJObUiCkEvBDWkZzafFHOTBWIGBlkpZrwnYfqc5O_QV1Mh3LJsrB5ii8cSj_B8EMEbJ3dn_rc8q0w3Nlk/s1600/Snort_ids_logo.png" /></a><br />
<div style="text-align: justify;">
<a href="http://www.snort.org/" target="_blank">Snort</a> is an open source network Intrusion Detection and Prevention System (IDS/IPS). It performs detection and analysis of network traffic moving across your network in much greater detail than your firewall. Similar to anti-virus engine, IDS and IPS tools analyze traffic and compare each packet to a database of known attack profiles.</div>
 IDS tools alert your IT staff that an attack has occurred; IPS tools go a step further and automatically block the harmful traffic. It takes major role in most company security architectures.<br />
<h3>
OpenVAS</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXKpoeHC95ZyP9jXDOmBeyx1MhmG0e6i_32XMDEFrVaBs9yUoiuKBRaDvMj0gzWDsXyUCdjV6ix_wKG2xAS-OQH9s-TMCHAF1M2D0X3UUYSAGYjZqWb-1nLKDihAkFa3wShFGGJJXQNJc/s1600/openvas_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="121" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXKpoeHC95ZyP9jXDOmBeyx1MhmG0e6i_32XMDEFrVaBs9yUoiuKBRaDvMj0gzWDsXyUCdjV6ix_wKG2xAS-OQH9s-TMCHAF1M2D0X3UUYSAGYjZqWb-1nLKDihAkFa3wShFGGJJXQNJc/s1600/openvas_logo.png" width="320" /></a><br />
Open Vulnerability Assessment System (<a href="http://www.openvas.org/" target="_blank">OpenVAS</a>) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and management system.<br />
 It’s an alternative system to Nessus.<br />
Vulnerability management is a security practice designed to proactively prevent the exploitation of vulnerabilities that exist within organization. Vulnerability management alone does not fix vulnerabilities. Patch and configuration management and antivirus software to block or eliminate identified malware.<br />
<h3>
Backtrack</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqB0lTCtIiC-ffKz9hp_wNb-aV2euzaem1UHmX0m9fuuzyjRmdYj3x37RVBbgDrYXc7W1sDFOv7eHW_WOrbgtoJwS1TTIyFuE43fRwfuUG_Ikzx44S5RrZA8aisEtwGLch88LIJXXfLss/s1600/Backtrack_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqB0lTCtIiC-ffKz9hp_wNb-aV2euzaem1UHmX0m9fuuzyjRmdYj3x37RVBbgDrYXc7W1sDFOv7eHW_WOrbgtoJwS1TTIyFuE43fRwfuUG_Ikzx44S5RrZA8aisEtwGLch88LIJXXfLss/s1600/Backtrack_logo.png" width="200" /></a><br />
<a href="http://www.backtrack-linux.org/" target="_blank">Backtrack</a> is a well-known Linux based security distribution used for penetration testing. It’s a one stop solution for security professionals and includes more than 300 open source security tools. The tools are neatly categorized into different areas.<br />
<br />
<h3>
OSSIM</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr8YeG9WANBoetPKGyQyjTYHqTZF4wIi8lF9Q_rrR1p0p5XCo-4_MgEWcza7qHnZZK6eE1d_jQH2o_celdnbfhwPoecEQrlpyfRsqcgh-ViVwvdinKJFrWFLoGq7MvQhR63RZ9ebv0cJ8/s1600/AlienVault_OSSIM_Software_Logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="89" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr8YeG9WANBoetPKGyQyjTYHqTZF4wIi8lF9Q_rrR1p0p5XCo-4_MgEWcza7qHnZZK6eE1d_jQH2o_celdnbfhwPoecEQrlpyfRsqcgh-ViVwvdinKJFrWFLoGq7MvQhR63RZ9ebv0cJ8/s1600/AlienVault_OSSIM_Software_Logo.png" width="200" /></a><br />
<div style="text-align: justify;">
Open Source Security Information Management (<a href="http://sourceforge.net/projects/os-sim/">OSSIM</a>) provides a Security Information and Event Management (SIEM) solution. It is a one-stop solution and integrated the open source software’s NTOP, Mrtg, Snort, OpenVAS, and Nmap. OSSIM is a cost effective solution in the area of monitoring network health and security of network/hosts compared to other propriety products.</div>
Perimeter security<br />
Perimeter is the area where your network ends and the Internet begins. The perimeter consists of one or more firewalls to protect your network. The following is one of tool that provides perimeter security:<br />
<h3>
IPCop</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrbKVr5yI9X1N92SJpfEFVyGtbvO_fRDq1s86PdKjb_iXaCfVe_rvirk3iXcr66CMqjDPxjHmSGpZ_wsSJH8y2nAoRi5GCkC1Y0qK3dO3_vDCaRVEx2Xgc0FSqGVvpv0X9SlKGs6_9hh0/s1600/IPCOP.gif" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="64" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrbKVr5yI9X1N92SJpfEFVyGtbvO_fRDq1s86PdKjb_iXaCfVe_rvirk3iXcr66CMqjDPxjHmSGpZ_wsSJH8y2nAoRi5GCkC1Y0qK3dO3_vDCaRVEx2Xgc0FSqGVvpv0X9SlKGs6_9hh0/s1600/IPCOP.gif" width="320" /></a><br />
<div style="text-align: justify;">
<a href="http://www.ipcop.org/" target="_blank">IPCop</a> is a Linux based firewall distribution and it’s configured and made ready to protect your network. It can be run on a standalone machine or deployed at edge network i.e. </div>
behind ISP network. IPCop also offers DHCP server, DNS server, Proxy server and Intrusion Detection functionalities.</div>

Hacking Tools IPCop Open Source Open VAS OWASP Snort Top 10 Open Source security tools

The layered-security approach centers on maintaining appropriate security measures and procedures at five different levels within your I...