Monday, December 31, 2012

Google Chrome blocks access to Twitpic for Malware risk


Suddenly today Google Chrome start detecting Twitpic.com as malware threat. Twitpic is one of the most popular website for Sharing photos and videos on Twitter. Twitpic denies and said that there is no malware on the website and is trying to contact Google.
Google Chrome block access to twitpic for Malware riskWe also notice that, Twitter profiles and pages with Twitpic URL in tweets are also blocked curretly by Chrome. Many people also complaining about this on Google Help forum.

An official statement from Twitpic via tweet,"Working to fix the google chrome malware notice when visiting Twitpic.com as this is not true or the case, trying to contact google".

Google's Safe Browsing Diagnostic page for twitpic.com saying, "Site is listed as suspicious - visiting this web site may harm your computer. Of the 12029 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-30, and suspicious content was never found on this site within the past 90 days."

Also Google report said,"No, this site has not hosted malicious software over the past 90 days. In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message."

Source: THN

Wednesday, December 19, 2012

Official Certified Ethical Hacker Review Guide, for Version 7.1

Official Certified Ethical Hacker Review Guide, for Version 7.1: Exam 312-50

 By Steven DeFino, Larry Greenblatt

WordPress Pingback Vulnerability Serves DDoS attack feature



Accunetix a web application security company reported vulnerabilities found in the Wordpress Pingback feature. According to report, Pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service (DDoS) attacks.

"WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. When WordPress is processing pingbacks, it's trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog." Bogdan Calin explained.


A new tool has been released that automates the pingback vulnerability autonomously, distributed on the software development site Github as "WordpressPingbackPortScanner" . That tool exposes the API and lets attackers scan other hosts, multiple WordPress blogs and with a specialized URL, reconfigure routers.

Tool description - "Wordpress exposes a so called Pingback API to link to other blogposts. Using this feature you can scan other hosts on the intra- or internet via this server. You can also use this feature for some kind of distributed port scanning: You can scan a single host using multiple Wordpress Blogs exposing this API."

The bug is already reported on Wordpress community, but Softpedia notice that the ticket was closed at the time after someone argued that “there are so many ways to orchestrate a DDOS attack.”

All the wordpress blogs are at risk,can be heavily  abused by attackers. Since the Wordpress also supports URL credentials , the attacker can use a link like http://admin:admin@192.168.0.1/changeDNS.asp?newDNS=aaaa to reconfigure internal routers.

He also says that disabling the Pingback feature won't fix the solution ,the ultimate solution is a patch.

Source: THN

Thursday, December 13, 2012

Samsung smart TV vulnerability allow attacker to read storage remotely


 ReVuln Ltd. , a small security company headed by Donato Ferrante and Luigi Auriemma, post a video that demonstrates that how attacks can gain root on the appliances.






Samsung smart vulnerability allow attacker to read storage remotely

Samsung Smart TV contain a vulnerability which allows remote attackers to swipe data from attached storage devices.

In this demonstration readers will see how it is possible to use a 0-day vulnerability to retrieve sensitive information, root access, and ultimately monitor and fully control the device remotely.

Auriemma said, “We have tested different Samsung televisions of the latest generations running the latest version of their firmware. Unfortunately we can't disclose additional information but we can only say that almost all the people having a Samsung TV at home or in their offices are affected by this vulnerability.".

Source: THN

Wednesday, December 12, 2012

Todd Lammle's CCNA IOS Commands Survival Guide



Todd Lammle's CCNA IOS Commands Survival Guide

 By Todd Lammle

CCNP 70-410 

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Friday, December 7, 2012

Introducing Windows Server 2012


 

Introducing Windows Server 2012

 By Mitch Tulloch


For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Tuesday, November 20, 2012

Worst password of 2012, Have you ever used one of these ?


 This year we have seen some big Security breaches that expose millions of passwords like Yahoo!, LinkedIn, eHarmony and Last.fm, among others , SplashData Reveals Its Annual "25 Worst Passwords of the Year" List.
how-secure-is-my-password_TIMuW_25552_530x302
The three worst passwords haven't changed since 2011; they're password, 123456 and 12345678. The new worst passwords added to this year's list include welcome, jesus, ninja, mustang and password1. Have you ever used one of the most popular passwords of 2012 for your own personal accounts?

SplashData CEO Morgan Slain stated “At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password.”


 “We’re hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”

I am sure hope you didn't find one of your passwords. If you did, I highly advise you switch it fast. In order to create a safer password, use security phrases with at least eight characters while utilizing a variety of characters within the phrase. Also use multiple passwords across different types of sites.

Password management applications also can help users keep track of their passwords and avoid using the same password for multiple sites, which is another bad practice, especially when mixing, say, entertainment and social networking sites with financial services

Friday, October 12, 2012

Firefox 16 pulled just after release to address security vulnerabilities

According to the Mozilla Security Blog, Firefox 16 features a security vulnerability that allows “a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters.
As a precaution, users can downgrade to version 15.0.1” - Firefox 16 offers several new features, most of which are aimed at developers. One such feature is the Developer Command Line, which provides keyboard control over the Developer Tools. Other features include CSS3 Animations, Image Values, IndexedDB, Transitions, and Transforms.
Firefox 16 for Android was also affected by this vulnerability, but a patched version of the browser is already out.
Source: THN

Friday, October 5, 2012

ABC for new generation....... :))


Cyber attack on Iran’s Internet system Disrupts Iran Internet

IRAN state official has said that Cyber attackers have targeted Iranian infrastructure and communications companies, disrupting the Internet across the country. “Yesterday we had a heavy attack against the country’s infrastructure and communications companies which has forced us to limit the Internet,”
cyber_file-670
Iran the world’s no. 5 oil exporter, has tightened cyber security since its uranium enrichment centrifuges were hit in 2010 by the Stuxnet computer worm, which Tehran believes was planted by arch-adversaries Israel or the United States. Last week, the Islamic republic cut citizens’ access to Gmail and the secure version of Google Search. Gmail has since been restored.

Since sites such as Youtube and Facebook were used to organise  mass anti-government protests against the re-election of President Mahmoud Ahmadinejad back in 2009, the Iranian government has maintained one of the world’s largest internet filters, blocking access to thousands of sites and IP addresses. Yet still the hackers find a way in.
Presently we have constant cyber attacks in the country. Yesterday an attack with a traffic of several gigabytes hit the Internet infrastructure, which caused an unwanted slowness in the country’s Internet,” he said.
All of these attacks have been organised. And they have in mind the country’s nuclear, oil, and information networks.
Last April, Iran revealed that a computer Trojan was detected inside the control systems of its vast terminal responsible for the country’s crude oil exports. There was no reported operational disruption on the facility at that time.
Last month a commander in the elite Revolutionary Guard announced that Iran is ready to defend itself against any form of cyber war, as the country deems it more of a threat than a physical attack. Clearly they were not as ready as they thought.
Iran claims that its nuclear program is for peaceful purposes only, but Israel, the United States and other Western powers suspect that the country has ambitions for a nuclear bomb.

Source: THN

Thursday, October 4, 2012

25 years of storage device


What I plan to do when I get back from work...


Google Warning about New State Sponsored Attacks

“Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.” From last 3 months Google users were surprised to see this unusual notification at the top of their Gmail inbox, Google home page or Chrome browser. These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.


“The company said that since it started alerting users to malicious probably state-sponsored activity on their computers in June, it has picked up thousands more instances of cyberattacks than it anticipated.” NYtimes said. Google will now start sending out these messages to tens of thousands more people, as its methods for detecting suspicious activity have improved. Mike Wiacek, a manager on Google’s information security team, said that since then, Google has improved its knowledge on attack methods and the groups behind them, and has started pushing out new alerts on Tuesday – as evidenced by a slew of U.S. journalists, researchers and foreign policy experts who said they already received the warning. Noah Schactman, the editor of Wired’s national security blog “Danger Room,” tweeted: “Aaaaand I just got Google’s ‘you may be a victim of a state-sponsored attack’ notice. #WhatTookYouSoLong?” Mr. Wiacek noted that Google had seen an increase in state-sponsored activity coming from the Middle East. He declined to call out particular countries, but he said the activity was coming from “a slew of different countries” in the region.

Source: THN

Wednesday, October 3, 2012

Dead Mouse


ARMY : USB Drive responsible for over 70 percent of Cyber Security Breaches

A ban on the use of pen drives has not been able to safeguard cyber security as it has now been labeled as a major threat in defence forces, the Army officials said. The use of pen drives as an easy-to-carry storage device has increased in the recent past and internal reports have confirmed that over 70 percent cyber security breaches in the armed forces are due to their unauthorised use
These pen drives, which are mostly manufactured in China, have emerged as a big threat to our cyber security systems,” they said.

Generally it is found that officials use pen drive to store official data for use at their personal computers but from there, it is transmitted from their IP addresses to hackers from the ‘malware’ present in the pen drives. About a couple of years ago, a Major posted in Andaman and Nicobar Islands was apprehended as it was found that sensitive data was being transferred from his computer.
However, it later emerged that his system had been hacked and spying viruses were transferring information to other computers. Measures have been taken by the other two services also to tighten their cyber security as IAF (Indian Air Force) also recently issued instructions to its personnel warning them against having any official data on their personal computers and pen drives.
Anybody found violating these instructions in checks by cyber security personnel will draw strict action which may even amount to disciplinary action including court martial, they said.
Source: THN

Wednesday, September 26, 2012

100k IEEE site Plain-Text Passwords found on Public FTP

A Romanian researcher – Radu Drăgușin found that 100000 usernames and passwords of the Institute of Electrical and Electronics Engineers (IEEE) was stored in plaint-text on a publicly accessible FTP server.

According to him, on Sept. 18 he first discovered a log with usernames and passwords in plaintext, publicly available via IEEE’s FTP server for at least a month. He informed them of his find yesterday, and evidently the organization is addressing the issue.
On the FTP server, according Dragusin were the logfiles for the offers and ieee.org spectrum.ieee.org – Total data to approximately 376 million HTTP requests. Including 411,308 log entries with login and password in plain text.
Among the users who’s information was exposed are researchers at NASA, Stanford, IBM, Google, Apple, Oracle and Samsung. IEEE’s membership of over 340,000 is roughly half American (49.8 percent as of 2011).
IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places. I did not and will not make the raw data available to anyone else.” Message posted on researcher’s site.
Source: THN

Billions of Windows Users Affects with Java Vulnerability

Researchers at Security Explorations disclosed a new vulnerability in Java that could provide an attacker with control of a victim's computer. The researchers have confirmed that Java SE 5 – Update 22, Java SE 6 – Update 35, and Java SE 7 Update 7 running on fully patched Windows 7 32-bit operating systems are susceptible to the attack.
 
This Flaw allowing a malicious hackers to gain complete control of a victim’s machine through a rigged website. The affected web browsers are Safari 5.1.7, Opera 12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer 9.0.8112.16421.

Though Oracle released a fix for the most critical vulnerabilities reported by Security Explorations on August 30th, the security firm quickly found another flaw in that fix that would allow a hacker to bypass the patch. That bug in Oracle’s patch still hasn’t been patched, leaving users vulnerable to both the new flaw and the previous attack.

SOURCE: THN

New Google, Facebook and Youtube Ads ……….. !!


CISCO paths


Tuesday, September 25, 2012

I wonder if he's making a voip call .... !!!!


iPhone 5 and 4 Hacked with same Exploit


iPhone 5 is vulnerable to the same attack that successfully breached an iPhone 4S at the mobile Pwn2Own hacker contest held this week at the EUSecWest event in Amsterdam.
As we reported that Joost Pol and Daan Keuper won the mobile Pwn2Own contest by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.The vaunted security of the iPhone (4S) took an epic fail tumble during the event when they was able to build an exploit for a vulnerability in WebKit to beat Apple’s code-signing features and the MobileSafari sandbox. The same bug is present in the iOS6 Golden Master development code base, which means iPhone 5 is  also vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable. “We specifically chose this one because it was present in iOS 6, which means the new iPhone coming out today will be vulnerable to this attack,” Pol said. The duo won $30,000 for their efforts.
A good thief can hack into your personal data given enough time, we estimate that may mean a full working day of hacking.
SOURCE: THN

CCNP Routing 642-902

Refer to the exhibit. When you examine the routing table of R1 and R4, you are not able to see the R1 Ethernet subnet on the R4 routing table. You are also not able to see the R4 Ethernet subnet on the R1 routing table. Which configuration change should be made to resolve this issue? Select the routers where the configuration change will be required, and select the required EIGRP configuration command(s). (Choose two.)

A. R1 and R4
B. R2 and R3
C. ip summary-address eigrp 1 10.1.1.0 255.255.255.0 and ip summary-address eigrp 1
D. variance 2
E. eigrp stub connected
F. no auto-summary
Answer: BF
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing 642-902

Refer to the exhibit. You are the network administrator responsible for the NProuter, the 10.1.1.1 router, and the 10.1.1.2 router. What can you determine about the OSPF operations from the debug output? Select the best response.


A.The NProuter has two OSPF neighbors in the “Full” adjacency state.
B.The NProuter serial0/0 interface has the OSPF dead timer set to 10 seconds.
C.The NProuter serial0/0 interface has been configured with an OSPF network type of “point- to-point”.
D.The 10.1.1.1 and 10.1.1.2 routers are not using the default OSPF dead and hello timers setting.
E.The “Mismatched” error is caused by the expiration of the OSPF timers.
Answer: B
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing 642-902

Refer to the exhibit. A client has asked you to consult on an eBGP loading question. Currently the AS 100 eBGP links have an average outbound load of 65% and 20% respectively. On further investigation, traffic from 10.10.24.0 accounts for 45%, and 10.10.25.0 and 10.10.32.0 accounts for 20% each of the outbound load. The customer wants to spread the load between the two eBGP links more evenly. The BGP attributes are currently set at their default values.


If you are located at AS 100 and want to influence how AS 100 sends traffic to AS 200, what BGP attribute could you configure to cause AS 100 outbound traffic to load the eBGP links more evenly?
A. On router A, set the default local-preference to 50.
B. On router B, set the default metric to 150.
C. On router B, configure a route map for 10.10.25.0/24 with a local preference of 150 linked to neighbor 192.168.30.2.
D. On router B, set the default local-preference to 150.
Answer: C
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Friday, September 21, 2012

CCNP Routing

Refer to the exhibit. On the basis of the configuration provided, how are the Hello packets sent by R2 handled by R5 in OSPF area 5?

A.The Hello packets will be exchanged and adjacency will be established between routers R2 and R5.
B.The Hello packets will be exchanged but the routers R2 and R5 will become neighbors only.
C.The Hello packets will be dropped and no adjacency will be established between routers R2 and R5.
D.The Hello packets will be dropped but the routers R2 and R5 will become neighbors.
Answer: C
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing

What are three kinds of OSPF areas? (Choose three.)
A. stub
B. active
C. remote
D.backbone
E. ordinary or standard
Answer: ADE
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing

A company has a BGP network and a BGP route of 196.27.125.0/24 that should be propagated to all of the devices. The route is not now in any of the routing tables. The administrator determines that an access list is the cause of the problem. The administrator changes the access list to allow this route, but the route still does not appear in any of the routing tables. What should be done to propagate this route?
A. Clear the BGP session.
B. Use the release BGP routing command.
C. Use the service-policy command to adjust the QOS policy to allow the route to propagate.
D. Change both the inbound and outbound policy related to this route.
Answer: A
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Browser Ladies….!!! …… :)


Tuesday, September 18, 2012

MCITP 70-640

Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees they Allow Read and Allow Execute permissions to shared resources in the main office. The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office. What should you do?
A.Grant the new employees the Allow Access Dial-in permission.
B.Grant the new employees the Allow Full control permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group.
Answer: A
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

MCITP 70-640

You need to identify all failed logon attempts on the domain controllers. What should you do?
A.View the Netlogon.log file.
B.View the Security tab on the domain controller computer object.
C.Run Event Viewer.
D.Run the Security and Configuration Wizard.
Answer: C
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

MCITP 70-640

Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link.
You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server.
What should you do?
A.Clear the cache on DNS2.
B.Reload the zone on DNS1.
C.Refresh the zone on DNS2.
D.Export the zone from DNS1 and import the zone to DNS2.
Answer: C
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing – 642-902

Which two routing protocols require a metric to be configured when redistributing routes from other protocols? (Choose two.)
A.RIP
B.OSPF
C.EIGRP
D.IS-IS
E.BGP
Answer: AC
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing – 642-902

A company has a BGP network and a BGP route of 196.27.125.0/24 that should be propagated to all of the devices. The route is not now in any of the routing tables. The administrator determines that an access list is the cause of the problem. The administrator changes the access list to allow this route, but the route still does not appear in any of the routing tables. What should be done to propagate this route?
A.Clear the BGP session.
B.Use the release BGP routing command.
C.Use the service-policy command to adjust the QOS policy to allow the route to propagate.
D.Change both the inbound and outbound policy related to this route.
Answer: A

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing – 642-902

Which command displays statistics on EIGRP hello, updates, queries, replies, and acknowledgments?
A.    debug eigrp packets
B.     show ip eigrp traffic
C.     show ip eigrp topology
D.    show ip eigrp neighbors
Answer: B

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Friday, September 14, 2012

Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

The infamous Aurora Trojan horse is just one of many attacks launched by the same group of malware authors over the past three years, according to researchers at Symantec. Security researchers with Symantec have issued a report outlining the techniques used by the so-called “Edgewood” hacking platform and the group behind it.
The group seemingly has an unlimited supply of zero-day vulnerabilities.
The company said that the group is well-funded and armed with more than a half-dozen unpublished security vulnerabilities. “They are definitely shifting their methodology, and there are open questions about why that is,” said Eric Chien, senior technical director for Symantec’s security response group. “They may be finding that older techniques are no longer working.”
“The number of zero-day exploits used indicates access to a high level of technical capability.”The researchers said that the group appears to favour “watering hole” attacks techniques in which the attacker profiles a targeted group and places attack code into sites which the targets are likely to visit.
Here are just some of the most recent exploits that they have used:
• Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
• Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
• Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
• Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535)
Posted Image
Operation Aurora was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010. In the blog post, Google said the attack originated in China.
The attacks were both sophisticated and well resourced and consistent with an advanced persistent threat attack. The attack has been aimed at dozens of other organizations, of which Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted.
The security firm has published details in a 14-page research report titled “The Elderwood Project”. The first thing that stands out in the report is that the vast majority of detections are in the US. In the last year, Symantec detected 677 files used by the Elderwood gang in the US. Rounding out the top five is Canada with 86 files,
China with 53, Hong Kong with 31, and Australia also with 31.
SOURCE: NETASQ

Tuesday, September 11, 2012

Where is the Mouse they were talking about..????


Scan and check if your computer has any Virus...


Press 'Any Key' to continue... :0


CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS.
The new attack has been given the name CRIME by the researchers.The CRIME attack is based on a weak spot in a special feature in TLS 1.0, but exactly which that feature is has not been revealed by the researchers. They will say that all versions of TLS/SSL including TLS 1.2, on which the BEAST attack did not work are vulnerable.
Once they had the cookie, Rizzo and Duong could return to whatever site the user was visiting and log in using her credentials. HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. But the new attack, devised by security researchers Juliano Rizzo and Thai Duong, is able to decrypt them.
Posted Image
The CRIME attack code, known as an agent, needs to be loaded inside the victim’s browser. This can be done either by tricking the victim into visiting a rogue website or, if the attacker has control over the victim’s network, by injecting the attack code into an existing HTTP connection.CRIME doesn’t require browser plug-ins to work; JavaScript was used to make it faster, but it could also be implemented without it, Rizzo said.
The attacker must also be able to sniff the victim’s HTTPS traffic. This can be done on open wireless networks; on local area networks (LANs), by using techniques such as ARP spoofing; or by gaining control of the victim’s home router through a vulnerability or default password. CRIME was tested successfully with Mozilla Firefox and Google Chrome.
SOURCE: NETASQ

Wednesday, September 5, 2012

Wiper, the Destructive Malware possibly connected to Stuxnet and Duqu

Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper – a destructive malware program attacking computer systems related to oil facilities in Western Asia.
Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyber espionage threats.
The malware wipes data from hard drives, placing high priority on those with a .pnf extension, which are the type of files Stuxnet and Duqu used, and has other behavioral similarities, according to Schouwenberg.
It also deletes all traces of itself. As a result, researchers have not been able to get a sample, but they’ve reviewed  mirror images left on hard drives. Kaspersky’s researchers were not able to find the mysterious malware, which was given the name Wiper, because very little data from the affected hard disk drives was recoverable.
Image
Even though a connection to Flame is unlikely, there is some evidence suggesting that Wiper might be related to Stuxnet or Duqu.For example, on a few of the hard drives analyzed, the researchers found traces of a service called RAHDAUD64 that  loaded files named ~DFXX.tmp where XX are two random digits from the C:\WINDOWS\TEMP folder.
No one has ever found a sample of Wiper in order to study its code and determine exactly what it did to machines in Iran. According to Kaspersky, the malware’s algorithm is “designed to quickly destroy as many files as effectively as possible, which can include multiple gigabytes at a time.”
Although Flame can be updated by its creators with various modules, including conceivably a module that would destroy data,  there has never been any evidence found that Flame had a module that was used to destroy data on machines or wipe out hard drives.
Source: NETASQ

Monday, September 3, 2012

A Linux and UNIX System Programming Handbook

The Linux Programming Interface: A Linux and UNIX System Programming Handbook

By Michael Kerrisk
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CentOS Bible

 


CentOS Bible

 By Christopher Negus, Timothy Boronczyk

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Thursday, August 30, 2012

Mastering Microsoft Windows Server 2008 R2

Mastering Microsoft Windows Server 2008 R2
By
Mark Minasi,
Darril Gibson,
Aidan Finn,
Wendy Henry,
Byron Hynes

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Monday, August 27, 2012

CCNP Route - 642-902

Which two statements about 6to4 tunneling are accurate? (choose two)
Select the 2 best responses.
A. Prepending a reserved IPv6 code to the hexadecimal representation of 192.168.0.1 facilitates 6to4 tunneling
B. 2002::/48 is the address range specifically assigned to 6to4
C. Each 6to4 site receives a /48 prefix in a 6to4 tunnel
D. Prepending 0x2002 with the IPv4 address creates an IPv6 address that is used in 6to4 tunning
E. 6to4 is a manual tunnel method
Answer: CD

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Route - 642-902

When learning a new route, if a LSA received is not found in the topological database, what will an internal OSPF router do?
Select the best response.
A. The sequence numbers are checked, and if the LSA is valid it is entered into the topology database.
B. The LSA is placed in the topological database and an acknowledgement is sent to the transmitting router.
 C. The LSA is dropped and a message is sent to the transmitting router.
D. The LSA is flooded immediately out of all the OSPF interfaces, except the interface from which the LSA was received.
Answer: D

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Route - 642-902

What are two Cisco IOS commands that can be used to view neighbor adjacencies? (Choose two.)
Select 2 response(s).
A. show ip ospf database
B. show ip ospf neighbors
C. show ip ospf protocols
D. show ip ospf interfaces
Answer: BD

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Watch the difference...!!

Image

Wednesday, August 22, 2012

Airport VPN hacked using Citadel malware

It sounds like an air traveler’s nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network (VPN) credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being investigated by law enforcement.

Many businesses use VPNs to provide outside workers with access to secure data. Incursions on these networks often involve advanced “Man in the Browser” malware such as the Citadel, Zeus, and SpyEye programs. The man-in-the-browser (MITB) assault first used form-grabbing malware, which steals data entered into web forms before it is passed over the internet, to steal the airport employees' VPN usernames and passwords, Amit Klein, Trusteer's chief technology officer, said in a blog post.

“This was potentially very dangerous, but we don’t know whether the attacker group was targeting the financial system of the airport for economic gain or if the attack was terrorism-related,”


Posted Image

The airport VPN was immediately disconnected after officials there were made aware of the breach and authorities are investigating.

The product that the airport was using to provide strong authentication for employees gave each user two choices: log in with a username and a one-time password that's sent via SMS or a smartphone app; or log in using a CAPTCHA-like image of 10 digits that the user maps to his own static password. The Citadel malware used the screen-capture tactic to defeat this.

"This security measure prevents the form grabber from capturing the actual static password. This is where the screen capturing feature in Citadel kicks in," Klein said.

Trusteer doesn't know who the attackers are and what they are after, but Kedem says they could be trying to gather intelligence on airport security processes, or even the border customs service.He says the attack appears to be very targeted, and the bottom line is that VPN connections are not safe.

In addition to using endpoint cybercrime prevention software, Kedem also advises users to abide by standard practices for preventing infection: avoid opening unknown attachments or clicking links in emails.

Source: NETASQ

Google engineers Warn Of Serious Unpatched Adobe Reader Flaws

Adobe has missed dozens of vulnerabilities in Reader in this week’s Patch Tuesday run according to Google engineers who reported the flaws. Sixteen vulnerabilities still affected the Windows and Mac OS X versions, while 31 critical and “trivially exploitable” bugs were found in the Linux application.

Of particular concern to Google’s Mateusz Jurczyk and Gynvael Coldwind are bugs in Reader for Linux, although other issues affect versions for Windows and OS X. For the Linux version, which went completely unpatched, Adobe and Google have been working together to counter 14 “new unique crashes” and nine “test-cases” that were potentially exploitable for remote code execution.

When Adobe released a new version of Reader for Windows and Mac OS X earlier this week, it patched 12 vulnerabilities, but another 16 remained unpatched. Jurczyk and Coldwind decided to come forward with information on those flaws in the interest of user safety, as Adobe has no plans to issue additional out of band updates before 27 August.

Posted Image

“Considering that fixing the first twenty four crashes took twelve unique code fixes, it is expected that the remaining crashes might represent around eight more unique problems. Adobe plans to fix these remaining bugs and issue an update for the Linux version of Reader in an upcoming release,” the Google researchers said.

Adobe released new versions of Adobe Acrobat, Reader, Shockwave, and Flash to patch security holes in those products as well.

Check out the details of the Microsoft and Adobe security bulletins to figure out which ones apply to you, and prioritize the patches that are most critical or have the greatest potential to impact your PCs.


Source: NETASQ