Cross-Site Request Forgery(CSRF) Vulnerability in HP Service Manager

2/26/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi95cNED1sSP_JKoftxfkj3UFWlO-Cx3ZuqmFFSzczDImVpij9pBh6opd4ZHStF1joHDuiQKa32dyXmUrABdEatbMYD0sAy0KB_TikKCbdZ7edATNhww8oqB6DAxfIQ2lHShhWF2BDUSi4/s1600/hp+csrf.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Cross-Site Request Forgery(CSRF)  in HP (Hewlett-Packard)" border="0" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi95cNED1sSP_JKoftxfkj3UFWlO-Cx3ZuqmFFSzczDImVpij9pBh6opd4ZHStF1joHDuiQKa32dyXmUrABdEatbMYD0sAy0KB_TikKCbdZ7edATNhww8oqB6DAxfIQ2lHShhWF2BDUSi4/s1600/hp+csrf.jpg" title="Cross-Site Request Forgery(CSRF)  in HP (Hewlett-Packard)" width="400" /></a></div>
<br />
Potential security vulnerabilities have been identified with <a href="http://www.hp.com/" rel="nofollow" target="_blank">HP</a> Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (<a href="http://www.hackerschronicle.com/search/label/XSS" target="_blank">XSS</a>), Cross-Site Request Forgery (<a href="http://www.hackerschronicle.com/search/label/CSRF" target="_blank">CSRF</a>), Denial of Service (<a href="http://www.hackerschronicle.com/search/label/DoS" target="_blank">DoS</a>), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues.<br />
<br />
<h3>
Effected Software Versions</h3>
HP Service Manager<br />
<ul>
<li>v9.30</li>
<li>v9.31</li>
<li>v9.32</li>
<li>v9.33</li>
</ul>
<h3>
Solution</h3>
HP has made the following software updates available to resolve the vulnerabilities.<br />
<ul>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00507" target="_blank">AIX Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00508">HP Itanium Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00509">Linux Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00510">Solaris Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00511" target="_blank">Windows Server 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00512" target="_blank">Web Tier 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00513" target="_blank">Windows Client 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00514" target="_blank">Windows Client Configuration 9.33.0035</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00515" target="_blank">Mobility 9.33.0006</a></li>
<li><a href="http://support.openview.hp.com/selfsolve/document/LID/HPSM_00516" target="_blank">Applications 9.33.0035</a></li>
</ul>
<h3>
Technical Details</h3>
<ul>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493" target="_blank">CVE-2013-1493</a> - Oracle Java JRE 1.7 Remote Execution of Arbitrary Code and Denial of Service (DoS)</li>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067" target="_blank">CVE-2013-2067</a> - Apache Tomcat Authentication Issues</li>
<li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6202" target="_blank">CVE-2013-6202</a> - Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information</li>
</ul>
Source: <a href="http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04117626&ac.admitted=1393402317326.876444892.492883150" target="_blank">HP</a></div>

CSRF HP Vulnerability Cross-Site Request Forgery(CSRF) Vulnerability in HP Service Manager

Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited result...

Install & Configure HAProxy on CentOS for Load Balancing

2/26/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-FGNaqO7JgyS87FGY56QxtTA8qdmKBwQSWxPMrPCdX6vxOB-BXyHJAzspbQa4_ib24af1BxbdJY7NKrJ43WK6p5TDFPRTcG8XzmcwQofSSs95dokh9FtpbUKIukxzlt_Dxi0ae3cnGrA/s1600/installing-haproxy-on-centos.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Installing HAProxy on CentOS for Load Balancing" border="0" height="256" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-FGNaqO7JgyS87FGY56QxtTA8qdmKBwQSWxPMrPCdX6vxOB-BXyHJAzspbQa4_ib24af1BxbdJY7NKrJ43WK6p5TDFPRTcG8XzmcwQofSSs95dokh9FtpbUKIukxzlt_Dxi0ae3cnGrA/s1600/installing-haproxy-on-centos.png" title="Installing HAProxy on CentOS for Load Balancing" width="320" /></a></div>
<br />
HAproxy is open source proxy that can be used to enable <a href="http://en.wikipedia.org/wiki/High_availability">high availability</a> and <a href="http://en.wikipedia.org/wiki/Load_balancing_(computing)">load balancing</a> for web applications. It was designed especially for high load projects so it is very fast and predictable, HAProxy is based on single-process model.<br />
<br />
<div style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA5j4GnrTrI8gUBenIJIvo5wtPO1FwxsLGHQo-XFNyKTk41I7c3BuMI3Sq7_begyT0pIfOTO9rqsVU77YMOZDepziJvEN34rvTERZJhas11TTLWzXlFCwsGOok5EnvjbJpMoIBohezUmM/s1600/HAProxy-logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="Installing HAProxy on CentOS for Load Balancing" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjA5j4GnrTrI8gUBenIJIvo5wtPO1FwxsLGHQo-XFNyKTk41I7c3BuMI3Sq7_begyT0pIfOTO9rqsVU77YMOZDepziJvEN34rvTERZJhas11TTLWzXlFCwsGOok5EnvjbJpMoIBohezUmM/s1600/HAProxy-logo.png" title="Installing HAProxy on CentOS for Load Balancing" /></a></div>
In this post I’ll describe sample setup of HAProxy: users’ requests are load balanced between two web servers <strong>Web1</strong> and <strong>Web2</strong>, if one of them goes down then all the request are processed by alive server, once dead servers recovers load balancing enables again. See topology to the right.<br />
<h3>
Installation</h3>
<br />
HAProxy is included into repositories for major Linux distributions, so if you’re using <a href="http://www.hackerschronicle.com/search/label/Centos">Centos</a>, <a href="http://www.hackerschronicle.com/search/label/Redhat">Redhat</a> or <a href="http://www.hackerschronicle.com/search/label/Fedora">Fedora</a> type the following command:<br />
<br />
<div class="command wobble-horizontal">
#yum install haproxy</div>
<br />
<br />
If you’re Ubuntu, Debian or Linux Mint user use this one instead:<br />
<br />
<div class="command wobble-horizontal">
#apt-get install haproxy</div>
<h3>
Configuration</h3>
<br />
As soon as HAProxy is installed it’s time to edit its configuration file, usually it’s placed in <span class="highlight system pop">/etc/haproxy/haproxy.cfg</span>.<br />
Official documentation for HAProxy 1.4 (stable) is <a href="http://haproxy.1wt.eu/download/1.4/doc/configuration.txt">here</a>.<br />
<br />
Here is configuration file to implement setup shown at the diagram and described above:<br />
<div class="content shadow-radial">
global<br />
user daemon<br />
group daemon<br />
daemon<br />
log 127.0.0.1 daemon<br />
<br />
listen http<br />
bind 1.2.3.4:80<br />
mode http<br />
option tcplog<br />
<br />
log global<br />
option dontlognull<br />
<br />
balance roundrobin<br />
clitimeout 60000<br />
srvtimeout 60000<br />
contimeout 5000<br />
retries 3<br />
server web1 web1.hackerschronicle.com:80 check<br />
server web2 web2.hackerschronicle.com:80 check<br />
cookie web1 insert nocache<br />
cookie web2 insert nocache</div>
<br />
<br />
Let’s stop on most important parts of this configuration file. Section <strong>global</strong> specifies user and group which will be used to run haproxy process (<strong>daemon</strong> in our example). Line <strong>daemon</strong> tells HAProxy to run in background, <strong>log 127.0.0.1 daemon</strong> specifies syslog facility for sending logs from HAProxy.<br />
<br />
Section <strong>listen http</strong> contains line <strong>bind 1.2.3.4:80</strong> that specifies IP address and port that will be used to accept users’ requests (they will be load balanced between Web1 and Web2). Line <strong>mode http</strong> means that HAProxy will filter all requests different from HTTP and will do load balancing over HTTP protocol.<br />
<br />
Line <strong>balance roundrobin</strong> specifies load balancing algorithm according to which each web server (Web1 and Web2) will be used in turns according to their weights. In our example weights for both servers are the same so load balancing is fair.<br />
<br />
Lines <strong>server web1</strong> … and <strong>server web2</strong> … specify web servers for load balancing and failover, in our case they are load balanced according to round robin algorithm and have the same priority/weight.<br />
<br />
The last two lines in configuration files are optional, they makes it possible to preserve cookies, it means for example that if you logged in to web application hosted at Web1 and then HAProxy forwarded your next request to Web2 you will still have logged in session opened as cookies with session id from Web1 will be sent to you from Web2 as well.</div>
<h3>
Start HAProxy Service</h3>
<div class="command wobble-horizontal">
# service haproxy start<br />
# chkconfig haproxy on</div>
<br />
<br />
<strong>Congratulation’s!</strong> you have successfully configured HAProxy load balancer. Read next article to <a href="http://www.hackerschronicle.com/search/label/HAProxy">enable haproxy stats</a> and <a href="http://www.hackerschronicle.com/search/label/HAProxy">setup ACL in HAProxy</a>.</div>

Centos HAProxy Linux Tutorials Load Balancing Tutorials Install & Configure HAProxy on CentOS for Load Balancing

HAproxy is open source proxy that can be used to enable high availability and load balancing for web applications. It was designed es...

Remote Code Execution Vulnerability in Adobe Flash Player

2/24/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxDu6dlxotmtqUKRXqJ1hEft2l0sZCmBKrCleKtNKvkF2ge1HONG_i0F9odi6uhH9vrBooZCBQoV1531Fy79_tU_Jfydvx5UaDv4wHPsSO0iGuwVOBZLDJ_p-L13HlWaPZb1h64aMzfmc/s1600/adobe-flash-remote-code-execution.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Remote Code Execution Vulnerability in Adobe Flash Player" border="0" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxDu6dlxotmtqUKRXqJ1hEft2l0sZCmBKrCleKtNKvkF2ge1HONG_i0F9odi6uhH9vrBooZCBQoV1531Fy79_tU_Jfydvx5UaDv4wHPsSO0iGuwVOBZLDJ_p-L13HlWaPZb1h64aMzfmc/s1600/adobe-flash-remote-code-execution.png" title="Remote Code Execution Vulnerability in Adobe Flash Player" width="400" /></a></div>
<br />
A <a href="http://www.hackerschronicle.com/search/label/Remote%10Code%20Execution">remote code execution</a> <a href="http://www.hackerschronicle.com/search/label/Vulnerability">vulnerability</a> has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful <a href="http://www.hackerschronicle.com/search/label/Exploit">exploitation</a> would allow an attacker to take complete control of the affected system.<br />
<strong>CVE number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0498">CVE-2014-0498</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0499">CVE-2014-0499</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502">CVE-2014-0502</a><br />
<br />
<h3>
Vulnerable Versions</h3>
Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh <br />
Flash Player 11.2.202.336 and earlier for Linux <br />
Flash Player 12.0.0.44 and earlier for Chrome (Windows, Macintosh and Linux) <br />
Flash Player 12.0.0.44 and earlier in Internet Explorer 10 for Windows 8.0 <br />
Flash Player 12.0.0.44 and earlier in Internet Explorer 11 for Windows 8.1 <br />
AIR 4.0.0.1390 and earlier for Android <br />
AIR 4.0.0.1390 SDK & Compiler <br />
AIR 4.0.0.1390 SDK<br />
<br />
<h3>
Solution</h3>
Adobe recommends users update their software installations by following the instructions below:<br />
<ul>
<li>Adobe recommends users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh update to the newest version 12.0.0.70 by downloading it from the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.</li>
<li>Adobe recommends users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux update to Adobe Flash Player 11.2.202.341 by downloading it from the Adobe Flash Player Download Center.</li>
<li>For users of Flash Player 11.7.700.261 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 12.0.0.44, Adobe has made available the update Flash Player 11.7.700.269, which can be downloaded here.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Macintosh and Linux.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.</li>
<li>Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.</li>
<li>Users of the Adobe AIR 4.0.0.1390 SDK should update to the Adobe AIR 4.0.0.1628 SDK.</li>
<li>Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1680 SDK & Compiler.</li>
<li>Users of the Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628 by browsing to Google play on an Android device.</li>
</ul>
</div>

Adobe Hacking Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Adobe Flash Player

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition whe...

EC-Council Hacked 2014

2/23/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVpEVrcUO4OpsfbflvKpSEgGK_TfXw369QEYatc34ZeHtYxH9BoKTtHIpphafIpFTehtCaw0xU3ZJ2GhAwoV-bKU8AXIQtWgJLV1gw5_P98xgQ5ewRcjdfdbJRk7wu4XJt-MMRL8DXLrk/s1600/EC-Council+Hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="EC-Council Hacked 2014" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVpEVrcUO4OpsfbflvKpSEgGK_TfXw369QEYatc34ZeHtYxH9BoKTtHIpphafIpFTehtCaw0xU3ZJ2GhAwoV-bKU8AXIQtWgJLV1gw5_P98xgQ5ewRcjdfdbJRk7wu4XJt-MMRL8DXLrk/s1600/EC-Council+Hacked.png" title="EC-Council Hacked 2014" /></a></div>
<br />
The security company <a href="http://www.eccouncil.org/" rel="nofollow" target="_blank">EC-Council</a> which provides multiple certificates like the Certified Ethical Hacker has been hacked by a hacker that claims to be a 'certified unethical software security professional'. The hacker hacked the EC-Council website and left the Passport of <a href="http://en.wikipedia.org/wiki/Edward_Snowden" target="_blank">Edward Snowden</a>. on the website.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmoj9TLvGRpKDwGRdOQWS_V5ZI__QvNXixk76VLtN2NTLZrLS0M_FI_8QaG1X8W_CCHMj1TYawSolQSoOod12JpDBqL20Wj0oPJz3KFlAmHcA07d79wvkU2qdgfESIRCZT2Wb6E6YYYHY/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="EC-Council Hacked 2014" border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmoj9TLvGRpKDwGRdOQWS_V5ZI__QvNXixk76VLtN2NTLZrLS0M_FI_8QaG1X8W_CCHMj1TYawSolQSoOod12JpDBqL20Wj0oPJz3KFlAmHcA07d79wvkU2qdgfESIRCZT2Wb6E6YYYHY/s1600/Capture.PNG" title="EC-Council Hacked 2014" width="400" /></a></div>
<br />
As you can see in the image above, the website of EC-Council has been defaced by an hacker. The hacker left the name of 'Eugene Belford' on the website, this refers to the movie 'Hackers'. The hacker also left a copy of Edward Snowden his passport on the Ec-Council website.<br />
<a href="http://www.cyberwarzone.com/" rel="nofollow" target="_blank">Source</a></div>

Defacement EC-Council Hacking News News EC-Council Hacked 2014

The security company EC-Council which provides multiple certificates like the Certified Ethical Hacker has been hacked by a hacker th...

Top 10 Open Source security tools

2/22/2014 cyb3r.gladiat0r 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjm-nT14QyLjY-ZaKOLwHBCQzpGFHbLvWYOk6khndJoXJ2AqRP-uEUxw4y6HH7yVbakzAGlHKDE5ivpQWvUZyYfXpKZ3JXC3sooY3Xaxr0CH_fIdCBSYmj5CSYOOPHxYt5JQk2vlRyfE8/s1600/10-open-source-tools.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Top 10 Open Source security tools" border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjm-nT14QyLjY-ZaKOLwHBCQzpGFHbLvWYOk6khndJoXJ2AqRP-uEUxw4y6HH7yVbakzAGlHKDE5ivpQWvUZyYfXpKZ3JXC3sooY3Xaxr0CH_fIdCBSYmj5CSYOOPHxYt5JQk2vlRyfE8/s1600/10-open-source-tools.jpg" title="Top 10 Open Source security tools" width="320" /></a></div>
<br />
The layered-security approach centers on maintaining appropriate security measures and procedures at five different levels within your IT environment: Data, Application, Host, Network and Perimeter. Implementing security at each level is very important to ensure end-to-end security and selecting top 10 tools from large group of open source projects was very difficult as the tool selection vary based on requirements. However I have selected the most popular security tools to provide security at each level. The selection based on feature set, simplicity and active among the community development for enhancing the tools better and better to match current IT standards and requirements.<br />
<br />
<h3>
Data security</h3>
This section covers encryption tools for providing security at the data level. Encrypting data which resides in local system and even when it travels across your network is a recommended best practice because, if all other security measures fail, a strong encryption scheme protects your data.<br />
<br />
The following are some of the tools provide security at the data level:<br />
<h3>
GnuPG</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2s62Oi4AxTp0fPTNhAyzTERJKeDOaipHMfVnkpZlnFdDM2b-1ButZR4De7Hj9EOMle4_Pq4bytMUIFeYX4srTv2cRWDjeqdHjigKFY62sHUclmNFTPVWAMWD0_gjrDQxx7res5wC2CFc/s1600/logo-gnupg-light-purple-bg.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em; text-align: center;"><img border="0" height="108" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2s62Oi4AxTp0fPTNhAyzTERJKeDOaipHMfVnkpZlnFdDM2b-1ButZR4De7Hj9EOMle4_Pq4bytMUIFeYX4srTv2cRWDjeqdHjigKFY62sHUclmNFTPVWAMWD0_gjrDQxx7res5wC2CFc/s1600/logo-gnupg-light-purple-bg.png" width="320" /></a><br />
<div style="text-align: justify;">
 GnuPG/GPG (<a href="http://www.gnupg.org/" target="_blank">GNU Privacy Guard</a>) is a GNU project and it’s used for file and email encryption. This project is mainly created to provide an alternative solution to PGP (Pretty Good Privacy) and it complies with OpenPGP standards. GPG is a command line tool and its part of all the major Linux distributions (Fedora, CentOS, openSUSE, Ubuntu).</div>
<br />
<br />
One simple use case: Taking data backup is a common task and most of the time we store the data with un-encrypted format. Using GPG, generate public and private key in your backup server and import the public key to all data servers from where you want to take backup and encrypt it. This way, your backup infrastructure fulfills the IT security policy.<br />
<h3>
Truecrypt</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsI1oStKeFGr7_1jYTqHgECmhdUDiy7XhBTPGkpE0_THQmvVxnWOiBdx3mFMIYr_J07TSRoEy0-_nCzrhPDa5c9VYQa-wAWXM5GI8C0_F8fJxsR-tHndCumHvm_FEh1dpAoMNBXjLe8ZA/s1600/Truecrypt+logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsI1oStKeFGr7_1jYTqHgECmhdUDiy7XhBTPGkpE0_THQmvVxnWOiBdx3mFMIYr_J07TSRoEy0-_nCzrhPDa5c9VYQa-wAWXM5GI8C0_F8fJxsR-tHndCumHvm_FEh1dpAoMNBXjLe8ZA/s1600/Truecrypt+logo.png" /></a><br />
<div style="text-align: justify;">
There are many open source utilities out there for disk level encryption. I have considered <a href="http://www.truecrypt.org/" target="_blank">Truecrypt</a> for disk level encryption. It’s an open-source security tool used for on-the-fly disk encryption. Truecrypt encrypts the data automatically right before it is saved to the disk and decrypts right after it is loaded from the disk, without any user intervention.</div>
Application security<br />
Application security is as important as other levels of security. Now a day’s web presence and web development companies are increasing drastically. Similar way, web vulnerabilities are also increasing and most of the vulnerabilities are discovered after deployment. The main reason for application security threats are as security aspects are not considered during the application design and development.<br />
The following project helps application developer to design and develop secure application.<br />
<h3>
OWASP</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx5SwIbDF5_VHn_S1nRnevh74MSTzqlu1KQgySEwfrxRToKAY_kzT-SozLfbsuKpwi2aYGxDGKX2a7dQpdC3OZ7-fsUllawxN4uAcXUFVh_4wH9T1PrGmZl5psTCvXMf6_K9mO8y3Irm0/s1600/owasp_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx5SwIbDF5_VHn_S1nRnevh74MSTzqlu1KQgySEwfrxRToKAY_kzT-SozLfbsuKpwi2aYGxDGKX2a7dQpdC3OZ7-fsUllawxN4uAcXUFVh_4wH9T1PrGmZl5psTCvXMf6_K9mO8y3Irm0/s1600/owasp_logo.png" width="193" /></a><br />
<br />
<div style="text-align: justify;">
The Open Web Application Security Project (<a href="http://www.owasp.org/" target="_blank">OWASP</a>) is an open-source web application security project and it provides best practices, tools, guidelines, testing procedures and code review steps that software developers, architects and security practioners can follow to design and develop design secure software. OWASP chapters are available all over the world. You can join to the chapter which is local to you and start learning and contributing to the project.</div>
<h3>
Host security</h3>
The host level security protects the individual devices, such as servers, desktops, laptops etc., on the network. The tools which are discussed in this section provide excellent protection at the host level because they are designed to meet specific characteristics of a single device.<br />
The following are some of the tools provide security at the host level:<br />
<h3>
ClamAV</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdLuT59bOxKiflj4YR_ZJhfkGnoYLnHcUWb6He1qGrEBmiGu9GPTrJ7i2me5tM0QppzLEEDQA6p4y52A2iECcapPGbUrq54jZ9RUxneg6i0kpS-V5DhyxUQfWVyF_S7FHNlXgUo9V_N6g/s1600/Clam.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdLuT59bOxKiflj4YR_ZJhfkGnoYLnHcUWb6He1qGrEBmiGu9GPTrJ7i2me5tM0QppzLEEDQA6p4y52A2iECcapPGbUrq54jZ9RUxneg6i0kpS-V5DhyxUQfWVyF_S7FHNlXgUo9V_N6g/s1600/Clam.png" width="200" /></a><br />
<div style="text-align: justify;">
Securing the data by encrypting it is not enough to make sure that our data is secure. <a href="http://www.clamav.net/" target="_blank">ClamAV</a> is considered as antivirus engine to scan all our data which is coming from various sources. ClamAV is an open-source antivirus engine which is designed for detecting Trojans, viruses and malwares, to prevent the unauthorized access of the data. It acts as mail gateway scanner, thus scanning all the incoming emails before they are sent to the user mailbox.</div>
<br />
<h3>
OSSEC</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA1qyLOVSwmpBUe_Zt9g-LidLzhtgB6QNBEWWC1QsT2aXkUjhNCJ2p1q2WM7ek77Tc0QUUAX7_l5iFUjOCZimo-RWjHZDhJGPtO74eQXj2dT9PHN6tr8bO5sPQcxQBuO_n4vMJokNO32g/s1600/ossec-hids.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiA1qyLOVSwmpBUe_Zt9g-LidLzhtgB6QNBEWWC1QsT2aXkUjhNCJ2p1q2WM7ek77Tc0QUUAX7_l5iFUjOCZimo-RWjHZDhJGPtO74eQXj2dT9PHN6tr8bO5sPQcxQBuO_n4vMJokNO32g/s1600/ossec-hids.png" /></a><br />
OSSEC (<a href="http://www.ossec.net/" target="_blank">Open Source SECurity</a>) is an open source Host based <a href="http://rahlabs.blogspot.in/search/label/Intrusion%20Detection" target="_blank">Intrusion Detection System</a> (HIDS) that provides log monitoring and SIM/SEM solution.<br />
<br />
Most of the banking customers primarily look for compliance requirements such as Payment Card Industry Data Security Standard (PCI DSS), HIPPA etc.  OSSEC helps customers to meet such standards and it helps to integrate with existing infrastructure such as Security Incident Management/Security Event Management (SIM/SEM). Adoption of OSSEC by the IT industry is growing very rapidly.<br />
<br />
The key features of OSSEC,<br />
<br />
<ul>
<li>File integrity checking</li>
<li>Log monitoring</li>
<li>Rootkit detection</li>
<li>Active response</li>
<li>Network security</li>
</ul>
The network level security refers to your internal LAN and WAN. Your network may include desktops, servers, laptops and other devices which are required for internal and external communication. Unlike host level security tools, the network security tools are extended to communicate with the hosts connected to the network and provides consolidated vulnerable information.<br />
The following are some of the tools provide security at the network level:<br />
<h3>
Snort</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBPehn75NvkTIq_iKBk8VLxHFh82bndEAo6eHS10xKLFrF7cyRh3n275STR1qJObUiCkEvBDWkZzafFHOTBWIGBlkpZrwnYfqc5O_QV1Mh3LJsrB5ii8cSj_B8EMEbJ3dn_rc8q0w3Nlk/s1600/Snort_ids_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBPehn75NvkTIq_iKBk8VLxHFh82bndEAo6eHS10xKLFrF7cyRh3n275STR1qJObUiCkEvBDWkZzafFHOTBWIGBlkpZrwnYfqc5O_QV1Mh3LJsrB5ii8cSj_B8EMEbJ3dn_rc8q0w3Nlk/s1600/Snort_ids_logo.png" /></a><br />
<div style="text-align: justify;">
<a href="http://www.snort.org/" target="_blank">Snort</a> is an open source network Intrusion Detection and Prevention System (IDS/IPS). It performs detection and analysis of network traffic moving across your network in much greater detail than your firewall. Similar to anti-virus engine, IDS and IPS tools analyze traffic and compare each packet to a database of known attack profiles.</div>
 IDS tools alert your IT staff that an attack has occurred; IPS tools go a step further and automatically block the harmful traffic. It takes major role in most company security architectures.<br />
<h3>
OpenVAS</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXKpoeHC95ZyP9jXDOmBeyx1MhmG0e6i_32XMDEFrVaBs9yUoiuKBRaDvMj0gzWDsXyUCdjV6ix_wKG2xAS-OQH9s-TMCHAF1M2D0X3UUYSAGYjZqWb-1nLKDihAkFa3wShFGGJJXQNJc/s1600/openvas_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="121" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXKpoeHC95ZyP9jXDOmBeyx1MhmG0e6i_32XMDEFrVaBs9yUoiuKBRaDvMj0gzWDsXyUCdjV6ix_wKG2xAS-OQH9s-TMCHAF1M2D0X3UUYSAGYjZqWb-1nLKDihAkFa3wShFGGJJXQNJc/s1600/openvas_logo.png" width="320" /></a><br />
Open Vulnerability Assessment System (<a href="http://www.openvas.org/" target="_blank">OpenVAS</a>) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and management system.<br />
 It’s an alternative system to Nessus.<br />
Vulnerability management is a security practice designed to proactively prevent the exploitation of vulnerabilities that exist within organization. Vulnerability management alone does not fix vulnerabilities. Patch and configuration management and antivirus software to block or eliminate identified malware.<br />
<h3>
Backtrack</h3>
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqB0lTCtIiC-ffKz9hp_wNb-aV2euzaem1UHmX0m9fuuzyjRmdYj3x37RVBbgDrYXc7W1sDFOv7eHW_WOrbgtoJwS1TTIyFuE43fRwfuUG_Ikzx44S5RrZA8aisEtwGLch88LIJXXfLss/s1600/Backtrack_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqB0lTCtIiC-ffKz9hp_wNb-aV2euzaem1UHmX0m9fuuzyjRmdYj3x37RVBbgDrYXc7W1sDFOv7eHW_WOrbgtoJwS1TTIyFuE43fRwfuUG_Ikzx44S5RrZA8aisEtwGLch88LIJXXfLss/s1600/Backtrack_logo.png" width="200" /></a><br />
<a href="http://www.backtrack-linux.org/" target="_blank">Backtrack</a> is a well-known Linux based security distribution used for penetration testing. It’s a one stop solution for security professionals and includes more than 300 open source security tools. The tools are neatly categorized into different areas.<br />
<br />
<h3>
OSSIM</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr8YeG9WANBoetPKGyQyjTYHqTZF4wIi8lF9Q_rrR1p0p5XCo-4_MgEWcza7qHnZZK6eE1d_jQH2o_celdnbfhwPoecEQrlpyfRsqcgh-ViVwvdinKJFrWFLoGq7MvQhR63RZ9ebv0cJ8/s1600/AlienVault_OSSIM_Software_Logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="89" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr8YeG9WANBoetPKGyQyjTYHqTZF4wIi8lF9Q_rrR1p0p5XCo-4_MgEWcza7qHnZZK6eE1d_jQH2o_celdnbfhwPoecEQrlpyfRsqcgh-ViVwvdinKJFrWFLoGq7MvQhR63RZ9ebv0cJ8/s1600/AlienVault_OSSIM_Software_Logo.png" width="200" /></a><br />
<div style="text-align: justify;">
Open Source Security Information Management (<a href="http://sourceforge.net/projects/os-sim/">OSSIM</a>) provides a Security Information and Event Management (SIEM) solution. It is a one-stop solution and integrated the open source software’s NTOP, Mrtg, Snort, OpenVAS, and Nmap. OSSIM is a cost effective solution in the area of monitoring network health and security of network/hosts compared to other propriety products.</div>
Perimeter security<br />
Perimeter is the area where your network ends and the Internet begins. The perimeter consists of one or more firewalls to protect your network. The following is one of tool that provides perimeter security:<br />
<h3>
IPCop</h3>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrbKVr5yI9X1N92SJpfEFVyGtbvO_fRDq1s86PdKjb_iXaCfVe_rvirk3iXcr66CMqjDPxjHmSGpZ_wsSJH8y2nAoRi5GCkC1Y0qK3dO3_vDCaRVEx2Xgc0FSqGVvpv0X9SlKGs6_9hh0/s1600/IPCOP.gif" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="64" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrbKVr5yI9X1N92SJpfEFVyGtbvO_fRDq1s86PdKjb_iXaCfVe_rvirk3iXcr66CMqjDPxjHmSGpZ_wsSJH8y2nAoRi5GCkC1Y0qK3dO3_vDCaRVEx2Xgc0FSqGVvpv0X9SlKGs6_9hh0/s1600/IPCOP.gif" width="320" /></a><br />
<div style="text-align: justify;">
<a href="http://www.ipcop.org/" target="_blank">IPCop</a> is a Linux based firewall distribution and it’s configured and made ready to protect your network. It can be run on a standalone machine or deployed at edge network i.e. </div>
behind ISP network. IPCop also offers DHCP server, DNS server, Proxy server and Intrusion Detection functionalities.</div>

Hacking Tools IPCop Open Source Open VAS OWASP Snort Top 10 Open Source security tools

The layered-security approach centers on maintaining appropriate security measures and procedures at five different levels within your I...

How to detect a hacker attack

2/21/2014 The Hackers Chronicle 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVO9MiHoA2BShqxOQ9TrA8TP83EYUyW5W2GSitvqe6PpbI-Alo8Qs4ReMfq3R4iUKT5Aqrs_lHPjUw8w_fxxC-6sxFEfh5z85DI_ORvpfXpqgWcpl8FLjfB_1E03NPqlidDsNzozyzfgJf/s1600/Hackers-attack.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Detect a hacker attack" border="0" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVO9MiHoA2BShqxOQ9TrA8TP83EYUyW5W2GSitvqe6PpbI-Alo8Qs4ReMfq3R4iUKT5Aqrs_lHPjUw8w_fxxC-6sxFEfh5z85DI_ORvpfXpqgWcpl8FLjfB_1E03NPqlidDsNzozyzfgJf/s1600/Hackers-attack.jpg" title="How to detect a hacker attack" width="400" /></a></div>
<br />
Most computer <a href="http://rahlabs.blogspot.in/search/label/Vulnerability" target="_blank">vulnerabilities</a> can be exploited in a variety of ways. Hacker attacks may use a single specific <a href="http://rahlabs.blogspot.in/search/label/Exploit" target="_blank">exploit</a>, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.

Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.
<br />
<h3>
Windows machines:</h3>
<ul>
<li><i>Suspiciously high outgoing network traffic</i>. If you are on a dial-up account or using <b>ADSL</b> and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.</li>
<li><i>Increased disk activity</i> or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.</li>
<li><i>Large number of packets which come from a single address</i> being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.</li>
<li>Your resident antivirus suddenly starts reporting that <i>backdoors or trojans</i> have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.</li>
</ul>
<h3>
Unix machines:</h3>
<ul>
<li><i>Suspiciously named files</i> in the <span class="system pop">/tmp folder</span>. Many exploits in the Unix world rely on creating temporary files in the <span class="system pop">/tmp</span> standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the <span class="system pop">/tmp</span> folder and use it as 'home'.</li>
<li><i>Modified system binaries</i> such as '<span class="system pop">login</span>', '<span class="system pop">telnet</span>', '<span class="system pop">ftp</span>', '<span class="system pop">finger</span>' or more complex daemons, '<span class="system pop">sshd</span>', '<span class="system pop">ftpd</span>' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.</li>
<li>Modified <span class="system pop">/etc/passwd</span>, <span class="system pop">/etc/shadow</span>, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.</li>
<li><i>Suspicious services</i> added to <span class="system pop">/etc/services</span>. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying <span class="system pop">/etc/services</span> as well as <span class="system pop">/etc/ined.conf</span>. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port. </li>
</ul>
<a href="http://securelist.com/">Source</a>
</div>

Hacking Hacking Tutorials Intrusion Detection Tutorials How to detect a hacker attack

Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit , several exploit...

Ubuntu 13.10 Kernel Exploit

2/21/2014 rahlabs 0

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUzKdvFGwYsPPLYutyQUQA5WqqWeneoTubm7ajR6GHLDx2fDjpWtdMVFfw0r0IiaoPWwrL18QXYDrLJuXY86Q4DupDSK1fXUR1wIh8RHJRib4C0e5B1JejWU7kH-8PG786QANPh5yxS8Xt/s1600/ubuntu+kernel+exploit.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Ubuntu 13.10 Kernel Exploit" border="0" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUzKdvFGwYsPPLYutyQUQA5WqqWeneoTubm7ajR6GHLDx2fDjpWtdMVFfw0r0IiaoPWwrL18QXYDrLJuXY86Q4DupDSK1fXUR1wIh8RHJRib4C0e5B1JejWU7kH-8PG786QANPh5yxS8Xt/s1600/ubuntu+kernel+exploit.jpg" title="Ubuntu 13.10 Kernel Exploit" width="400" /></a></div>
<br />
A security issue affects Ubuntu 13.10 releases of Ubuntu and its derivatives<br />
<b>Saran Neti</b> reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (<div class="highlight pop">CVE-2013-4563</div>)<br />
<b>Mathy Vanhoef</b> discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing attack.  (<div class="highlight pop">CVE-2013-4579</div>
)<br />
<b>Andrew Honig</b> reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (<div class="highlight pop">CVE-2013-4587</div>) Various other issues were also addressed.<br />
Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (<div class="highlight pop">CVE-2013-6367</div>)<br />
Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash).<br />
Source:<a href="http://www.ubuntu.com/usn/usn-2117-1/" target="_blank">Ubuntu</a> </div>

Exploit Hacking Kernel Linux News OS Ubuntu Vulnerability Ubuntu 13.10 Kernel Exploit

A security issue affects Ubuntu 13.10 releases of Ubuntu and its derivatives Saran Neti reported a flaw in the ipv6 UDP Fragmentation ...