.

Click HERE

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

]]> http://xkid83.wordpress.com/?p=128 Tue, 05 Aug 2008 03:01:26 +0000 xkid83 http://xkid83.wordpress.com/?p=128  

Adware
Adware is software that presents banner ads or in pop-up windows through a bar that appears on a computer screen. Those advertising spots usually can't be removed and are consequently always visible. The connection data allow many conclusions on the usage behavior and are problematic in terms of data security.

Backdoors
A backdoor can gain access to a computer by going around the computer access security mechanisms.

A program that is being executed in the background generally enables the attacker almost unlimited rights. User's personal data can be spied with the backdoor's help, but are mainly used to install further computer viruses or worms on the relevant system.

Boot viruses
The boot or master boot sector of hard drives is mainly infected by boot sector viruses. They overwrite important information necessary for the system execution. One of the awkward consequences: the computer system cannot be loaded any more…

Bot-Net
A Bot-Net is collection of softwarre bots, which run autonomously. A Bot-Net can comprise a collection of cracked machines running programs (usually referred to as worms, Trojans) under a common command and control infrastructure. Boot-Nets server various purposes, including Denial-of-service attacks, etc., partly without the affected PC user's knowledge. The main potential of Bot-Nets is that the networks can achieve dimensions on thousands of computers and its bandwidth sum bursts most conventional Internet accesses.

Dialer
A dialer is a computer programm that establishes a connection to the Internet or to another computer network through the telephone line or the digital ISDN network. Fraudsters use dialers to charge users high rates when dialing up to the Internet without their knowledge.

EICAR test file
The EICAR test file is a test pattern that was developed at the European Institute for Computer Antivirus Research for the purpose to test the functions of anti-virus programs. It is a text file which is 68 characters long and its file extension is “.COM” all virus scanners should recognize as virus. 

Exploit
An exploit (security gap) is a computer program or script that takes advantage of a bug, glitch or vulnerability leading to privilege escalation or denial of service on a computer system. A form of an exploit for example are attacks from the Internet with the help of manipulated data packages. Programs can be infiltrated in order to obtain higher access.

Grayware
Grayware operates in a way similar to malware, but it is not spread to harm the users directly. It does not affect the system functionality as such. Mostly, information on the patterns of use is collected in order to either sell these data or to place advertisements systematically.

Hoaxes
The users have obtained virus alerts from the Internet for a few years and alerts against viruses in other networks that are supposed to spread via email. These alerts are spread per email with the request that they should be sent to the highest possible number of colleagues and to other users, in order to warn everyone against the "danger".

Honeypot
A honeypot is a service (program or server), which is installed in a network.

It has the function to monitor a network and to protocol attacks. This service is unknown to the legitime user - because of this reason he is never addressed. If an attacker examines a network for the weak points and uses the services which are offered by a Honeypot, it is protocolled and an alert sets off.

Keystroke logging
Keystroke logging is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. Like this, confidential and personal data, such as passwords or PINs, can be spied and sent to other computers via the Internet. 

Macro viruses
Macro viruses are small programs that are written in the macro language of an application (e.g. WordBasic under WinWord 6.0) and that can normally only spread within documents of this application. Because of this, they are also called document viruses. In order to be active, they need that the corresponding applications are activated and that one of the infected macros has been executed. Unlike "normal" viruses, macro viruses do consequently not attack executable files but they do attack the documents of the corresponding host-application.

Polymorph viruses
Polymorph viruses are the real masters of disguise. They change their own programming codes - and are therefore very hard to detect.

Program viruses
A computer virus is a program that is capable to attach itself to other programs after being executed and cause an infection. Viruses multiply themselves unlike logic bombs and Trojans. In contrast to a worm, a virus always requires a program as host, where the virus deposits his virulent code. The program execution of the host itself is not changed as a rule.

Script viruses and worms
Such viruses are extremely easy to program and they can spread - if the required technology is on hand - within a few hours via email round the globe.

Script viruses and worms use a script language such as Javascript, VBScript etc. to infiltrate in other new scripts or to spread by activation of operating system functions. This frequently happens via email or through the exchange of files (documents).

A worm is a program that multiplies itself but that does not infect the host. Worms can consequently not form part of other program sequences. Worms are often the only possibility to infiltrate any kind of damaging programs on systems with restrictive security measures.

Spyware
Spyware are so called spy programs that intercept or take partial control of a computer's operation without the user's informed consent. Spyware is designed to expolit infected computers for commerical gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements. AntiVir is able to detect this kind of software with the category "ADSPY" or "adware-spyware".

Trojan horses (short Trojans)
Trojans are pretty common nowadays. We are talking about programs that pretend to have a particular function, but that show their real image after execution and carry out a different function that, in most cases, is destructive. Trojan horses cannot multiply themselves, which differenciates them from viruses and worms. Most of them have an interesting name (SEX.EXE or STARTME.EXE) with the intention to induce the user to start the Trojan. Immediately after execution they become active and can, for example, format the hard drive. A dropper is a special form of Trojan that 'drops' viruses, i.e. embeds viruses on the computer system.

Zombie
A Zombie-PC is a computer that is infected with malware programs and that enables hackers to abuse computers via remote control for criminal purposes. The affected PC, for example, can start Denial-of-Service- (DoS) attacks at command or send spam and phishing emails.

From : www.avira.com

"Neuroanatomist Jill Bolte Taylor had an opportunity few brain scientists would wish for: One morning, she realized she was having a massive stroke. As it happened -- as she felt her brain functions slip away one by one, speech, movement, understanding -- she studied and remembered every moment. This is a powerful story about how our brains define us and connect us to the world and to one another."

Especially coming from a Harvard scientist, where this talk led to went past my expectations. Beautifully so.

Dato che sono alcuni giorni che Honeyd gira e "cattura" dati, ho cominciato a cercare uno strumento per visualizzare i log che produce senza dover imparare tutti i codici a memoria.

Gira che ti rigira, ho deciso di dare uno sguardo a honeydsum, un semplice script in perl che volendo genera dei log HTML decisamente passabili. Il problema è che ha bisogno di una bella quantità di moduli (lo so, il Perl è così...) e anche loro non scherzano con le pretese.

Ora, se ricostruisco un attimo la mia history vi dovrei dire cosa ho fatto.

Come prima cosa ovviamente scaricate e installate:

honeyd-common da aptitude,
libgd2-xpm-dev sempre da aptitude o con apt-get,
Honeydsum da qui.

I moduli Perl da scaricare e installare sono:

GD (2.39)
GD Graph (1.44)
GD TextUtil (0.86)
GD Graph3d (0.63)
Net Netmask (1.9015)

I nomi ovviamente non sono "corretti" e qualche purista del Perl potrà storcere il naso davanti alla mia pessima grafia, ma basta una Ricerca su CPAN con quello che ho scritto per trovarli. Vi ricordo che la procedura di installazione per un modulo Perl è la seguente:

1. Scompattare il .tar.gz che contiene i files
2. Entrare nella cartella appena creata e lanciare
   perl Makefile.PL
3. se non ci sono errori lanciare make && make test && make install

Se tutto è andato bene, potrete lanciare il nostro bel programmino per la visualizzazione dei log ad esempio con questa sintassi:

./honeydsum.pl -c honeydsum.conf -w /var/log/honeyd/honeylog.log

Che vuol dire: usa il file di configurazione honeydsum.conf -che si deve trovare nella stessa cartella-, genera una pagina in formato HTML (-w) del log che si trova in /var/log/honeyd/honeylog.log.
A questo punto aprite la cartella e magicamente troverete una selva di immagini e pagine web. Aprite index.hml fiduciosi con il vostro browser preferito e ammirate i vostri log.

Mo mi metto a studiare il file di configurazione perchè vorrei cambiare alcune cose...

Ovviamente per usare correttamente chroot() dovremo fare alcune modifiche, a cominciare dalla creazione di una cartella dove potrà sguazzare liberamente come se si trovasse nella directory radice. Io ho chiamato la mia cartella honeyd/ ma siete liberissimi di rinominarla come volete, ma aggiornate i comandi corrispondenti.

Ecco ciò che ho fatto:

mkdir /home/fixed/honeyd
cd /home/fixed/honeyd
mkdir etc
mkdir etc/honeypot/
mkdir lib
mkdir var
mkdir var/run
mkdir var/log
mkdir proc
mkdir usr
mkdir usr/sbin
mkdir usr/lib
mkdir usr/bin
mkdir usr/share
mkdir usr/share/honeyd
mkdir dev
mkdir proc/net

Non ho messo il path della mia shell all'inizio dei comandi perchè capisco che sia molto noioso digitarli, quindi ho fatto in modo che possiate incollarli dentro uno script, modificare le prime due righe ed eseguirlo da soli.

Proseguendo, bisogna copiare librerie e tutto il necessario dentro al nostro "piccolo mondo"

cp /usr/sbin/farpd usr/sbin/
cp /usr/bin/honeyd usr/bin/
cp -r /usr/share/honeyd/* usr/share/honeyd/
cp /usr/lib/libdb-4.5.so usr/lib/
cp /lib/libpthread.so.0 lib/
cp /usr/lib/libevent-1.1a.so.1 usr/lib/
cp /usr/lib/libdumbnet.so.1 usr/lib/
cp /usr/lib/libpcap.so.0.8 usr/lib/
cp /usr/lib/libz.so.1 usr/lib/
cp /etc/honeypot/* etc/honeypot/
cp /lib/libc.so.6 lib/
cp /lib/ld-linux.so.2 lib/
cp /lib/libm.so.6 lib/
cp /lib/libdl.so.2 lib/
cp /etc/ld.so.cache etc/
cp /etc/localtime etc/
cp usr/bin/rrdtool usr/bin/
cp /usr/lib/librrd.so.2 usr/lib
cp /usr/lib/libpng12.so.0 usr/lib/
cp /usr/lib/libfreetype.so.6 usr/lib/
cp /usr/lib/libart_lgpl_2.so.2 usr/lib/
mknod dev/urandom c 1 9
mount --bind -t proc /proc/net proc/net/

Finito questo, possiamo provare ad eseguire honeyd con chroot:

chroot /home/fixed/honeyd /usr/bin/honeyd -d -i eth0 -f /etc/honeypot/honeyd.conf

Non da problemi con ping, ma sicuramente (dato che non abbiamo copiato un sacco di cose in chroot) non potremo eseguire script in bash e perl...una bella limitazione!
Sto lavorando sul problema, appena saprò qualcosa ve lo farò sapere...

E' solo un gioco se vogliamo, ma è anche un modo per testare la propria destrezza nella sicurezza informatica (se si conosce il modo in cui un sistema può essere violato si conosce anche il modo di difenderlo) ed è anche un modo per comprendere il livello di know-how generale della rete (questo più da parte dei proprietari dei siti, ma utile anche per capire la necessità di sicurezza percepita nell'utilizzo dei computer in rete.. decisamente poca a mio parere). Quindi sotto a chi tocca e in bocca al lupo agli impavidi :)

Hack This Site, Try2Hack, Hackers Lab, Root This Box, Hellbound Hackers.

In dieser Hinsicht scheint ein Anklicken eines Links schlimmer zu sein, als die Anstiftung zur Verbreitung von Kinderpornografie, wie es der FBI-Agent tat...

Havent' seen her on the board before - if anyone has anymore, PLEASE POST.

...als er `seinen` Honeypot-Link verteilte.

Ein Dozent aus Pennsylvania, Roderick Vosburgh, wurde der Aussage seines Anwalts...

no reasonable jury could have found beyond a reasonable doubt that Mr. Vosburgh himself attempted to download child pornography

...zum Trotz angeklagt - er wird des Versuches, sich Kinderpornografie besorgen zu wollen, beschuldigt. Ein Thumbnail-grosses Bild mit zwei nackten Minderjährigen kommt erschwerend hinzu - da kann sogar die Tatsache, dass keinerlei weitere Bilder oder Videos sichergestellt werden konnten, getrost vernachlässigt werden...