Thursday, December 8, 2011
Saturday, November 26, 2011
BackTrack 5 Overview - Video
Great overview video of the new version of BackTrack.
The author gives some explanation on what some of the tools do. Great source for someone that is just getting into Linux and wants to know what Backtrack is and what it can do.
The author gives some explanation on what some of the tools do. Great source for someone that is just getting into Linux and wants to know what Backtrack is and what it can do.
Tuesday, November 22, 2011
Great CompTIA training resource
Hey everyone,
during my Computer Repair class we were discussing about good resource of information to get prepared for the CompTIA A+ certification exam. The lab manager at HCC recommended the web site ProfessorMesser.com.
At the top of his page, you can see some tabs for the different training programs. Under each tab, you find links to videos and quizzes.
Each video takes from 5 to 30 min long, and have an excellent coverage of the material for the exams.
This is a great resource to get an extra help in order to prepare for the CompTIA exams.
Visit the web site and find more information.
during my Computer Repair class we were discussing about good resource of information to get prepared for the CompTIA A+ certification exam. The lab manager at HCC recommended the web site ProfessorMesser.com.
At the top of his page, you can see some tabs for the different training programs. Under each tab, you find links to videos and quizzes.
Each video takes from 5 to 30 min long, and have an excellent coverage of the material for the exams.
This is a great resource to get an extra help in order to prepare for the CompTIA exams.
Visit the web site and find more information.
Sunday, November 13, 2011
Facebook infected by Anonymous 'Fawkes Virus'
According to the web site The Enquirer, the group Anonymous has infected Facebook with a new virus. See the article below.
By Dave Neal.
HACKTIVIST GROUP Anonymous has posted a video about a virus on Facebook that appears to be spinning out of control.
"Anonymous #Operation 'Fawkes Virus' Released on Facebook," said a short tweet made by the @Anon_Central account, which links to a Youtube video.
The video says that the virus attaches itself to a Facebook page, starts sending out malicious links and gains access to your account. Once there it seizes control, then starts making friend requests and hopping between pages.
According to the video the worm is sophisticated and a hacked account could open users up to hacks on their hard drives and loss of control over their entire systems. Although it seems firmly rooted in Facebook, the video said that it could be applied to any social network and added, "We did not expect the intensity in which it would spread."
"Anonymous would like to welcome you to the Fawkes virus which was fully written by Anonymous programmers," says the robotic voice-over as it explains just how far and wide and vigorously it seems to be spreading. "After the worm is under control Anonymous will use this to its advantage against corruption and as an alternative attack against its opponents".
We have asked Facebook for a comment on the virus, and will update when we have its response.
By Dave Neal.
HACKTIVIST GROUP Anonymous has posted a video about a virus on Facebook that appears to be spinning out of control.
"Anonymous #Operation 'Fawkes Virus' Released on Facebook," said a short tweet made by the @Anon_Central account, which links to a Youtube video.
The video says that the virus attaches itself to a Facebook page, starts sending out malicious links and gains access to your account. Once there it seizes control, then starts making friend requests and hopping between pages.
According to the video the worm is sophisticated and a hacked account could open users up to hacks on their hard drives and loss of control over their entire systems. Although it seems firmly rooted in Facebook, the video said that it could be applied to any social network and added, "We did not expect the intensity in which it would spread."
"Anonymous would like to welcome you to the Fawkes virus which was fully written by Anonymous programmers," says the robotic voice-over as it explains just how far and wide and vigorously it seems to be spreading. "After the worm is under control Anonymous will use this to its advantage against corruption and as an alternative attack against its opponents".
We have asked Facebook for a comment on the virus, and will update when we have its response.
Friday, November 11, 2011
Do you have a Facebook account?
Here are some "not fun" facts about Facebook's security that the web site The Register post on 10/30/11.
Every 24 hours 600,000 Facebook accounts are subject to attempted hacking or violation, Facebook has revealed.
The Social Network™ disclosed details of hacking activity as it unveiled new measures to protect user’s privacy. “We are adapting and responding to new threats everyday and will continue to roll out new ways to protect your account,” Facebook said.
‘Trusted friends’ allows users to nominate a few friends as a default measure that will be given access codes to your account if you cannot access it.
It is also testing a feature that allows users to use app passwords for logging into third party applications.
Initial feedback from users has been mixed with many pointing out that “friends” are also subject to hacking and security maybe further compromised by exposing access information to other parties.
Over 90 percent of users have received spam over a social network, and more than half have experienced phishing attacks. More than 20 percent have received malware, 16.6 percent have had their account used for spamming, and about 13 percent have had their account hijacked or their password stolen. Significantly more than half are unhappy with Facebook's privacy controls. ®
Source The Register 10/30/11.
Every 24 hours 600,000 Facebook accounts are subject to attempted hacking or violation, Facebook has revealed.
The Social Network™ disclosed details of hacking activity as it unveiled new measures to protect user’s privacy. “We are adapting and responding to new threats everyday and will continue to roll out new ways to protect your account,” Facebook said.
In a blog post, Facebook revealed new tools to help users access their accounts if they are locked out and help prove your identity through your friends. “It's sort of similar to giving a house key to your friends when you go on vacation - pick the friends you most trust in case you need their help,” it explains.
It is also testing a feature that allows users to use app passwords for logging into third party applications.
Initial feedback from users has been mixed with many pointing out that “friends” are also subject to hacking and security maybe further compromised by exposing access information to other parties.
Meanwhile according to researchers at Barracuda Labs, one in 100 tweets are malicious while one in 60 Facebook posts are malicious.
The new Barracuda survey data of social media users found that LinkedIn is the least-blocked social network by enterprises, with only 20 percent of organizations preventing their employees from using LinkedIn from work.Over 90 percent of users have received spam over a social network, and more than half have experienced phishing attacks. More than 20 percent have received malware, 16.6 percent have had their account used for spamming, and about 13 percent have had their account hijacked or their password stolen. Significantly more than half are unhappy with Facebook's privacy controls. ®
Source The Register 10/30/11.
Wednesday, November 9, 2011
Duqu - the backdoor for a catastrophe
A new era of computer system attacks have come from the movies to our reality. As new time comes, the computer and technology era evolves faster than anything else, I guess, if not compared to the excitement and ambition of virtual-terrorists. User’s computers, servers, entire networks, or even large institutions do not seem to be desirable enough targets to attack. During summer 2011, Stuxnet amazed everyone with its impressive well-written code and alerted us all about the intention of this new era of attacks. Around October 14th 2011, not too long after Stuxnet hit the security world news, another similar-coded threat was discovered in computer system located in Europe, Duqu. Because the similarities in their codes, researchers still don’t know which malware came first since Duqu seems to be a first stage, reconnaissance phase, of a Stuxnet attack. Named after the filename prefix it creates “~DQ”, Duqu is still being researched and decoded by the major research labs around the world, and is directly linked to Stuxnet because of its similarities and differences.
Even though researchers seem to agree that it is the same person or organization that wrote both malwares, Duqu differentiates from Stuxnet. Duqu has about 50% of its code exactly the same as the code used in Stuxnet; however both malware have different purpose. According to Symantec, Duqu's purpose is to gather intelligence data and assets from entities, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility, a SCADA-type of attack as the intention of the code found in Stuxnet. Also, instead of a payload designed to sabotage an industrial control system, the Duqu payload has been replaced with general remote access capabilities.
Duqu have an unusual purpose when compare to other information gathering malware, but have clever characteristics. Duqu is a remote access Trojan (RAT) that does not self-replicate. The main purpose is to open a backdoor to retrieve information from an infostealer program that can record keystrokes, enumerating the network and gain other system information. Using HTTP and HTTPS to communicate with the command-and-control server, the malware uses a C&C protocol to primarily downloading or uploading what appear to be a JPG files. Once the communication is established, it retrieves an encrypted and compressed local log file. Finally, because it is configured to run for 36 days it will automatically remove itself from the system.
According to the latest updated on Duqu, an installer has been recent recovered. CrySys, the same research lab that initially discovered Duqu, was able to recover one of the many possible installers of the malware. The installer was integrated in a Microsoft Word document (.doc) and exploits a previously unknown kernel vulnerability that allows code execution. Once the file is opened, the malware installs the main Duqu binaries. Below is a schematic of how the Word document installs Duqu.
Although investigation and research from all major AV companies and even Microsoft continue, nobody could extract all desired details from the code found in the variants of Duqu. What they know is that if it was the same person or organization that wrote both Duqu and Stuxnet, the programmers did not repeated the same mistake of using a stolen certificate from a Taiwan company as they did with Stuxnet. With Duqu, they managed to use an untraceable digital certificate, making it more mysterious. A greater and more serious suspicion is that because of the complexity of both codes, researches believe that nation-states could be behind these attacks. For far, Duqu infections have been confirmed in six possible organizations in eight countries. The author of Duqu nobody knows yet, but in game is the ability and power of a nation being aware of and prepared to deal with the major results of a successful attack.
Reference:
Even though researchers seem to agree that it is the same person or organization that wrote both malwares, Duqu differentiates from Stuxnet. Duqu has about 50% of its code exactly the same as the code used in Stuxnet; however both malware have different purpose. According to Symantec, Duqu's purpose is to gather intelligence data and assets from entities, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility, a SCADA-type of attack as the intention of the code found in Stuxnet. Also, instead of a payload designed to sabotage an industrial control system, the Duqu payload has been replaced with general remote access capabilities.
Duqu have an unusual purpose when compare to other information gathering malware, but have clever characteristics. Duqu is a remote access Trojan (RAT) that does not self-replicate. The main purpose is to open a backdoor to retrieve information from an infostealer program that can record keystrokes, enumerating the network and gain other system information. Using HTTP and HTTPS to communicate with the command-and-control server, the malware uses a C&C protocol to primarily downloading or uploading what appear to be a JPG files. Once the communication is established, it retrieves an encrypted and compressed local log file. Finally, because it is configured to run for 36 days it will automatically remove itself from the system.
According to the latest updated on Duqu, an installer has been recent recovered. CrySys, the same research lab that initially discovered Duqu, was able to recover one of the many possible installers of the malware. The installer was integrated in a Microsoft Word document (.doc) and exploits a previously unknown kernel vulnerability that allows code execution. Once the file is opened, the malware installs the main Duqu binaries. Below is a schematic of how the Word document installs Duqu.
Reference:
- Higgins, K. J. (2011, October 19). Waiting for “son of Stuxnet” to attack. Dark Reading, Retrieved November 5, 2011, from http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/231901226/waiting-for-son-of-stuxnet-to-attack.html
- Higgins, K. J. (2011, October 20). “Duqu” not after same target as Stuxnet, researchers say, Retrieved November 5, 2011, from http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/231901335/duqu-not-after-same-target-as-stuxnet-researchers-say.html
- Higgins, K. J. (2011, November 2). What is Duqu up to?, Retrieved November 5, 2011, from http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/231902150/what-is-duqu-up-to.html
- Symantec Security Response Blog (Updated Oct 24th 2011) . W32.Duqu: The Precursor to the Next Stuxnet. Retrieved on November 5, 2011, from http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet
- Thakur, V. (Updated Nov 3, 2011), Duqu: Status Updates Including Installer with Zero-Day Exploit Found, Symantec Security Response Blog. Retrieved November 6, 2011, from http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit
Tuesday, November 8, 2011
Stuxnet: Anatomy of a computer virus
A new era of computer system virus. Are we prepared?
Stuxnet: Anatomy of a Computer Virus from Patrick Clair on Vimeo.
Windows Evolution
Subscribe to:
Posts (Atom)