Wednesday, September 26, 2012

100k IEEE site Plain-Text Passwords found on Public FTP

A Romanian researcher – Radu Drăgușin found that 100000 usernames and passwords of the Institute of Electrical and Electronics Engineers (IEEE) was stored in plaint-text on a publicly accessible FTP server.

According to him, on Sept. 18 he first discovered a log with usernames and passwords in plaintext, publicly available via IEEE’s FTP server for at least a month. He informed them of his find yesterday, and evidently the organization is addressing the issue.
On the FTP server, according Dragusin were the logfiles for the offers and ieee.org spectrum.ieee.org – Total data to approximately 376 million HTTP requests. Including 411,308 log entries with login and password in plain text.
Among the users who’s information was exposed are researchers at NASA, Stanford, IBM, Google, Apple, Oracle and Samsung. IEEE’s membership of over 340,000 is roughly half American (49.8 percent as of 2011).
IEEE suffered a data breach which I discovered on September 18. For a few days I was uncertain what to do with the information and the data. Yesterday I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100.000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places. I did not and will not make the raw data available to anyone else.” Message posted on researcher’s site.
Source: THN

Billions of Windows Users Affects with Java Vulnerability

Researchers at Security Explorations disclosed a new vulnerability in Java that could provide an attacker with control of a victim's computer. The researchers have confirmed that Java SE 5 – Update 22, Java SE 6 – Update 35, and Java SE 7 Update 7 running on fully patched Windows 7 32-bit operating systems are susceptible to the attack.
 
This Flaw allowing a malicious hackers to gain complete control of a victim’s machine through a rigged website. The affected web browsers are Safari 5.1.7, Opera 12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer 9.0.8112.16421.

Though Oracle released a fix for the most critical vulnerabilities reported by Security Explorations on August 30th, the security firm quickly found another flaw in that fix that would allow a hacker to bypass the patch. That bug in Oracle’s patch still hasn’t been patched, leaving users vulnerable to both the new flaw and the previous attack.

SOURCE: THN

New Google, Facebook and Youtube Ads ……….. !!


CISCO paths


Tuesday, September 25, 2012

I wonder if he's making a voip call .... !!!!


iPhone 5 and 4 Hacked with same Exploit


iPhone 5 is vulnerable to the same attack that successfully breached an iPhone 4S at the mobile Pwn2Own hacker contest held this week at the EUSecWest event in Amsterdam.
As we reported that Joost Pol and Daan Keuper won the mobile Pwn2Own contest by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.The vaunted security of the iPhone (4S) took an epic fail tumble during the event when they was able to build an exploit for a vulnerability in WebKit to beat Apple’s code-signing features and the MobileSafari sandbox. The same bug is present in the iOS6 Golden Master development code base, which means iPhone 5 is  also vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable. “We specifically chose this one because it was present in iOS 6, which means the new iPhone coming out today will be vulnerable to this attack,” Pol said. The duo won $30,000 for their efforts.
A good thief can hack into your personal data given enough time, we estimate that may mean a full working day of hacking.
SOURCE: THN

CCNP Routing 642-902

Refer to the exhibit. When you examine the routing table of R1 and R4, you are not able to see the R1 Ethernet subnet on the R4 routing table. You are also not able to see the R4 Ethernet subnet on the R1 routing table. Which configuration change should be made to resolve this issue? Select the routers where the configuration change will be required, and select the required EIGRP configuration command(s). (Choose two.)

A. R1 and R4
B. R2 and R3
C. ip summary-address eigrp 1 10.1.1.0 255.255.255.0 and ip summary-address eigrp 1
D. variance 2
E. eigrp stub connected
F. no auto-summary
Answer: BF
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing 642-902

Refer to the exhibit. You are the network administrator responsible for the NProuter, the 10.1.1.1 router, and the 10.1.1.2 router. What can you determine about the OSPF operations from the debug output? Select the best response.


A.The NProuter has two OSPF neighbors in the “Full” adjacency state.
B.The NProuter serial0/0 interface has the OSPF dead timer set to 10 seconds.
C.The NProuter serial0/0 interface has been configured with an OSPF network type of “point- to-point”.
D.The 10.1.1.1 and 10.1.1.2 routers are not using the default OSPF dead and hello timers setting.
E.The “Mismatched” error is caused by the expiration of the OSPF timers.
Answer: B
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing 642-902

Refer to the exhibit. A client has asked you to consult on an eBGP loading question. Currently the AS 100 eBGP links have an average outbound load of 65% and 20% respectively. On further investigation, traffic from 10.10.24.0 accounts for 45%, and 10.10.25.0 and 10.10.32.0 accounts for 20% each of the outbound load. The customer wants to spread the load between the two eBGP links more evenly. The BGP attributes are currently set at their default values.


If you are located at AS 100 and want to influence how AS 100 sends traffic to AS 200, what BGP attribute could you configure to cause AS 100 outbound traffic to load the eBGP links more evenly?
A. On router A, set the default local-preference to 50.
B. On router B, set the default metric to 150.
C. On router B, configure a route map for 10.10.25.0/24 with a local preference of 150 linked to neighbor 192.168.30.2.
D. On router B, set the default local-preference to 150.
Answer: C
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Friday, September 21, 2012

CCNP Routing

Refer to the exhibit. On the basis of the configuration provided, how are the Hello packets sent by R2 handled by R5 in OSPF area 5?

A.The Hello packets will be exchanged and adjacency will be established between routers R2 and R5.
B.The Hello packets will be exchanged but the routers R2 and R5 will become neighbors only.
C.The Hello packets will be dropped and no adjacency will be established between routers R2 and R5.
D.The Hello packets will be dropped but the routers R2 and R5 will become neighbors.
Answer: C
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing

What are three kinds of OSPF areas? (Choose three.)
A. stub
B. active
C. remote
D.backbone
E. ordinary or standard
Answer: ADE
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing

A company has a BGP network and a BGP route of 196.27.125.0/24 that should be propagated to all of the devices. The route is not now in any of the routing tables. The administrator determines that an access list is the cause of the problem. The administrator changes the access list to allow this route, but the route still does not appear in any of the routing tables. What should be done to propagate this route?
A. Clear the BGP session.
B. Use the release BGP routing command.
C. Use the service-policy command to adjust the QOS policy to allow the route to propagate.
D. Change both the inbound and outbound policy related to this route.
Answer: A
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Browser Ladies….!!! …… :)


Tuesday, September 18, 2012

MCITP 70-640

Your company hires 10 new employees. You want the new employees to connect to the main office through a VPN connection. You create new user accounts and grant the new employees they Allow Read and Allow Execute permissions to shared resources in the main office. The new employees are unable to access shared resources in the main office. You need to ensure that users are able to establish a VPN connection to the main office. What should you do?
A.Grant the new employees the Allow Access Dial-in permission.
B.Grant the new employees the Allow Full control permission.
C.Add the new employees to the Remote Desktop Users security group.
D.Add the new employees to the Windows Authorization Access security group.
Answer: A
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

MCITP 70-640

You need to identify all failed logon attempts on the domain controllers. What should you do?
A.View the Netlogon.log file.
B.View the Security tab on the domain controller computer object.
C.Run Event Viewer.
D.Run the Security and Configuration Wizard.
Answer: C
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

MCITP 70-640

Your company has an Active Directory domain. The main office has a DNS server named DNS1 that is configured with Active Directory-integrated DNS. The branch office has a DNS server named DNS2 that contains a secondary copy of the zone from DNS1. The two offices are connected with an unreliable WAN link.
You add a new server to the main office. Five minutes after adding the server, a user from the branch office reports that he is unable to connect to the new server. You need to ensure that the user is able to connect to the new server.
What should you do?
A.Clear the cache on DNS2.
B.Reload the zone on DNS1.
C.Refresh the zone on DNS2.
D.Export the zone from DNS1 and import the zone to DNS2.
Answer: C
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing – 642-902

Which two routing protocols require a metric to be configured when redistributing routes from other protocols? (Choose two.)
A.RIP
B.OSPF
C.EIGRP
D.IS-IS
E.BGP
Answer: AC
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing – 642-902

A company has a BGP network and a BGP route of 196.27.125.0/24 that should be propagated to all of the devices. The route is not now in any of the routing tables. The administrator determines that an access list is the cause of the problem. The administrator changes the access list to allow this route, but the route still does not appear in any of the routing tables. What should be done to propagate this route?
A.Clear the BGP session.
B.Use the release BGP routing command.
C.Use the service-policy command to adjust the QOS policy to allow the route to propagate.
D.Change both the inbound and outbound policy related to this route.
Answer: A

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CCNP Routing – 642-902

Which command displays statistics on EIGRP hello, updates, queries, replies, and acknowledgments?
A.    debug eigrp packets
B.     show ip eigrp traffic
C.     show ip eigrp topology
D.    show ip eigrp neighbors
Answer: B

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

Friday, September 14, 2012

Operation Aurora - Other Zero-Day Attacks targeting finance and Energy

The infamous Aurora Trojan horse is just one of many attacks launched by the same group of malware authors over the past three years, according to researchers at Symantec. Security researchers with Symantec have issued a report outlining the techniques used by the so-called “Edgewood” hacking platform and the group behind it.
The group seemingly has an unlimited supply of zero-day vulnerabilities.
The company said that the group is well-funded and armed with more than a half-dozen unpublished security vulnerabilities. “They are definitely shifting their methodology, and there are open questions about why that is,” said Eric Chien, senior technical director for Symantec’s security response group. “They may be finding that older techniques are no longer working.”
“The number of zero-day exploits used indicates access to a high level of technical capability.”The researchers said that the group appears to favour “watering hole” attacks techniques in which the attacker profiles a targeted group and places attack code into sites which the targets are likely to visit.
Here are just some of the most recent exploits that they have used:
• Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779)
• Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875)
• Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889)
• Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535)
Posted Image
Operation Aurora was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010. In the blog post, Google said the attack originated in China.
The attacks were both sophisticated and well resourced and consistent with an advanced persistent threat attack. The attack has been aimed at dozens of other organizations, of which Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted.
The security firm has published details in a 14-page research report titled “The Elderwood Project”. The first thing that stands out in the report is that the vast majority of detections are in the US. In the last year, Symantec detected 677 files used by the Elderwood gang in the US. Rounding out the top five is Canada with 86 files,
China with 53, Hong Kong with 31, and Australia also with 31.
SOURCE: NETASQ

Tuesday, September 11, 2012

Where is the Mouse they were talking about..????


Scan and check if your computer has any Virus...


Press 'Any Key' to continue... :0


CRIME : New SSL/TLS attack for Hijacking HTTPS Sessions

Two security researchers claim to have developed a new attack that can decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. From the security researchers who created and demonstrated the BEAST (Browser Exploit Against SSL/TLS) tool for breaking SSL/TLS encryption comes another attack that exploits a flaw in a feature in all versions of TLS.
The new attack has been given the name CRIME by the researchers.The CRIME attack is based on a weak spot in a special feature in TLS 1.0, but exactly which that feature is has not been revealed by the researchers. They will say that all versions of TLS/SSL including TLS 1.2, on which the BEAST attack did not work are vulnerable.
Once they had the cookie, Rizzo and Duong could return to whatever site the user was visiting and log in using her credentials. HTTPS should prevent this type of session hijacking because it encrypts session cookies while in transit or when stored in the browser. But the new attack, devised by security researchers Juliano Rizzo and Thai Duong, is able to decrypt them.
Posted Image
The CRIME attack code, known as an agent, needs to be loaded inside the victim’s browser. This can be done either by tricking the victim into visiting a rogue website or, if the attacker has control over the victim’s network, by injecting the attack code into an existing HTTP connection.CRIME doesn’t require browser plug-ins to work; JavaScript was used to make it faster, but it could also be implemented without it, Rizzo said.
The attacker must also be able to sniff the victim’s HTTPS traffic. This can be done on open wireless networks; on local area networks (LANs), by using techniques such as ARP spoofing; or by gaining control of the victim’s home router through a vulnerability or default password. CRIME was tested successfully with Mozilla Firefox and Google Chrome.
SOURCE: NETASQ

Wednesday, September 5, 2012

Wiper, the Destructive Malware possibly connected to Stuxnet and Duqu

Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper – a destructive malware program attacking computer systems related to oil facilities in Western Asia.
Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyber espionage threats.
The malware wipes data from hard drives, placing high priority on those with a .pnf extension, which are the type of files Stuxnet and Duqu used, and has other behavioral similarities, according to Schouwenberg.
It also deletes all traces of itself. As a result, researchers have not been able to get a sample, but they’ve reviewed  mirror images left on hard drives. Kaspersky’s researchers were not able to find the mysterious malware, which was given the name Wiper, because very little data from the affected hard disk drives was recoverable.
Image
Even though a connection to Flame is unlikely, there is some evidence suggesting that Wiper might be related to Stuxnet or Duqu.For example, on a few of the hard drives analyzed, the researchers found traces of a service called RAHDAUD64 that  loaded files named ~DFXX.tmp where XX are two random digits from the C:\WINDOWS\TEMP folder.
No one has ever found a sample of Wiper in order to study its code and determine exactly what it did to machines in Iran. According to Kaspersky, the malware’s algorithm is “designed to quickly destroy as many files as effectively as possible, which can include multiple gigabytes at a time.”
Although Flame can be updated by its creators with various modules, including conceivably a module that would destroy data,  there has never been any evidence found that Flame had a module that was used to destroy data on machines or wipe out hard drives.
Source: NETASQ

Monday, September 3, 2012

A Linux and UNIX System Programming Handbook

The Linux Programming Interface: A Linux and UNIX System Programming Handbook

By Michael Kerrisk
For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook

CentOS Bible

 


CentOS Bible

 By Christopher Negus, Timothy Boronczyk

For Best CISCO/MCITP/LINUX/EXCHANGE SERVER/PC HARDWARE AND  NETWORKING Training visit www.zoomgroup.com
Join us on facebook