LulzSec - my view on security

"The hacker group LulzSec released what it said are sensitive documents from the Arizona Department of Public Safety today to protest the agency's "racial-profiling anti-immigrant" policies.

Read more: http://news.cnet.com/8301-27080_3-20073843-245/lulzsec-releases-arizona-law-enforcement-data/#ixzz1QYXsKJr8"

I don't know what to think any more. I am not supporting them , I am not against them.
There are so many companies who don't hire enough IT professionals to protect their systems/networks and there are companies that do however they can't really monitor it efficiently.

The times where we could set up firewalls and zones and then just sit back and drink coffee are passed although loads of Network/Security Officers still think they are in the dreamland. IDS,IPS,Honeypots are a must and even if implemented won't guarantee the confidentiality, integrity and availability. Most of the companies who got hacked and reported it (rare) are the victim due to a lack of updates on their systems rather than 0 day exploits. It's quite easy these day for script-kiddies to download the existing tools and pull of some attacks which is also a problem for insecure companies. The number of web severs running on the old worldpress,apache etc are so massive that without proper knowledge and just by using existing tools can be all hacked as we speak.



Apparently UK spent loads of money on cyber-crime this and coming year, how come you can't see what they are doing? Fighting face-book abuse??!

Dropbox - no authentication for 4hours?! Rainy Clouds

Just when the world start to believe and use cloud computing Dropbox addmited having issues with their authentication systems on the 20th of June where anyone could log in on any account without correct password. Another question is the lack of encryption of the sync where files can be seen in plain text.

http://www.cio.co.uk/news/3287251/dropbox-hit-by-password-failure/?olo=rss

Adobe Flex Animations +MS PowerPoint - Computer Based Training (CBT,WBT)

Computer/Web based training requires some sort of presentation component to display the main content and images to the users. Early days for development of first session were no much effective due to amount of time spent for use of adobe flash for simple animation. There was a time for analyses and new approach has been chosen.

The way new approach has been successful was to create a power point slides for each session and they have been broken down to 2,3 or 4 parts depending on the size of the session. Tool has been found to convert the created PowerPoint session into .avi video format using EM Free PowerPoint Video Converter.



After there was a need to convert that .avi format into flash .swf and Free Video to Flash Converter v 4.7.21 build 305 was found to do the job as shown below:



The output became a .swf flash video with all the PowerPoint build in animations and time frame that changes as it has been chosen using converters. Disadvantage of this method was to use Actionscript Timer class in order to trigger events.
.swf files can be easily added within flex applications.

Hidden Password vs Javascript

javascript:(function(){var%20s,F,j,f,i;%20s%20=%20%22%22;
%20F%20=%20document.forms;%20for(j=0;%20j%20{%20f%20=%20F[j];%20for%20(i=0;%20i%20{%20if%20(f[i].type.toLowerCase()%20==%20%22password%22)
%20s%20+=%20f[i].value%20+%20%22\n%22;%20}%20}%20if
%20(s)%20alert(%22Passwords%20in%20forms%20on%20this
%20page:\n\n%22%20+%20s);%20else%20alert(%22There%20are
%20no%20passwords%20in%20forms%20on%20this
%20page.%22);})();

Honeypots , HoneyBOT vs Honeyd

Honeypot is a device on the computer network designed to capture malicious traffic. It disguises itself as real production system but contains dummy information. Often located behind the firewall inside the network and it is used to learn about intruders and detect vulnerabilities. Any connections to it on strange ports may mean that they may be a vulnerability or wrong configuration on the firewall. It can also disguise itself as routers or firewalls. Honeypots are becoming leading security tools especially detecting latest tricks and exploits.

Brief Overview

HoneyBOT – brief
“Development began as a small project to capture attacks of Code Red and Nimda worms which were propagating widely on the internet “in 2001. In September 2005 they had first public release and it’s maintained by Atomic Software solutions.

HoneyBOT open a large number of listening sockets on computer where it is installed. These sockets appear open so that any attempt to connect to them or even an attempt to scan a port is logged as shown on the Figure A1. It requires windows operating system and it has its own graphical user interface therefore is quite user friendly.



Honeyd.- brief

It has been created and developed by Niels Provos who is a Principal Engineer for Google Inc. It has been released it in 2007 under GNU General Public License therefore it developed rapidly due to many people who contributed by fixing bugs and developing the code.

Honeyd is a small daemon that allows you to create virtual nodes on the network.
They can disguise themselves as any operating system or device such as router or switch. It offers wide range of functionality for instance it allows for virtual host to claim multiple addresses. It is supported on unix based operating systems with some attempts towards windows platform - even more complex to set it up.



HoneyBOT functionality.
It has very simple and straightforward options. Even thought by default it opens large number of services (1339) it allows for selection of ports to be opened as well.
It has a build in email alert function that sends a daily e-mail with all the log files.It also checks for updates and allows for anytime log export.

Honeyd Functionality.
Honeyd is far more complex in terms of functionality, it emulates different operating systems using the same fingerprint database used by nmap (nmap.prints).It also can disguised itself as routers, here’s example:

create router
set router personality "Cisco 4500-M running IOS 11.3(6) IP Plus"
add router tcp port 23 "/usr/bin/perl scripts/router-telnet.pl"
set router default tcp action reset
set router uid 2500 gid 2500 set router uptime 1736485
bind 192.168.1.150 router
Another important function is ability to run subsystems, as in above example of router there is a script that is added to the port that will creating some interaction between the system and attacker. With the large number or these so called subsystems it’s possible to create the most ‘real’ environment and log the attackers moves.
An example of outcome for telneting into above router shown below:





I believe that two tools that I have compared has many strengths and weaknesses. Starting with HoneyBOT it is very easy to install and use due to graphical user interface and very user-friendly controls, there is plenty of web based guides and support and updates provided by Atomic software solutions. The weakness is the default configuration that opens more than a thousand ports which makes it look too obvious rather than a real production server. Another disadvantage is the way the file logs are presented , without any sort of programming skills to apply some filtering it may be really time talking to go through them in order to indentify the attacker. Lastly the fact that it’s a really small application and requires an operating system to run is a huge weakness due to power consumption, cost and management.

Honeyd is quite advanced in terms of functionality, it allows to create multiple honeypots at the time and to link multiple ip addresses with one honeypot. It can disguise itself as a real production system due to subsystem functionality that enables to run perl scripts that are executed while intruder tries to connect. Additionally it can also emulate routers and actually route traffic therefore ‘disguised’ network topologies may be created .Daemon is really small and it doesn’t need a dedicated server to run, all of the above can be managed from a single configuration file which is a big advantage. The most important weakness is the complexity of advanced functions and hardly any support.

To conclude even though honeyd scored slightly less points than HoneyBOT I believe it’s a better piece of software. The scope for further development is extraordinary, the implementation of the whole spoofed networks with subsystems and routing is just great environment for detection of latest exploits etc.It has some weaknesses but in my opinion support will come as soon as people realise the potential. The developer is currently working on the new release.

GeForce 9600GT 512MB [Overclocking]

Graphics card is much more easier to overclock then a PCU.
A freeware RivaTuner does the trick.
Each card has Core clock, Shader clock and memory clock and in GeForce 9600GT for instance it's 650/1625/900.
Currently I run it at 701/1752/1000 which gives much better FPS,
RivaTuner allows for monitoring the temperature, its best not to exceed 80C, however GeForce cards can handle up to 120C!!!


My card reaches 65C under load although if i push the specs a bit higher it occasionally crashes.

To test FPS use 3DMark 11 for latest cards and 3DMark 6,7 for older ones.

Intel Core 2 Duo E4500 @ 2.2GHz to 3.25Ghz[Overclocking]

E4500 turn out to be a great when it comes to overclocking.
First of all download CPU-Z and RealTemp to monitor hardware and temperature.
Secondly download Prime95 which will allow to test the processor under 100% load also called stressing.

The best way to overclock PCU is to do so though the BIOS.
To start you can set FSB Memory clock mode to linked and increase FSB by 20-50mhz (that will decrease your ram performance for now). Load the system and prime95 and check the temperature. Here it's done @2.75Ghz





Keep increasing the FSB until the temperature start to reach 67-70C as 72C is max for this Intel processor.If you can afford get different cooler.
After stable PCU, unlinked it from memory (you can also overclock the memory a bit 20-50mhz and give a bit of vol. between 1.8-2.2 - which is max BE CAREFUL!) I run my crossair PC6400 at 1000mhz (800mhz stock) 1.95v

My E4500 is now @3.25GHz (FSB 275x11) but I have seen people with some £20 quid worth of cooling push it towards @3.6GHz.

The current 3.06Ghz CPU gets quite hot after 3H of prime95 stressing. I ignore it as even playing latest games graphics card to most of the work. PCU shouldn't be getting as hot.