Thursday, February 17, 2011

In this tutorial I will show you how to make a  Facebook virus using simple commands on notepad. .This will make the victim think they have got a virus when they click on an icon such as Internet Explorer .

1) Open notepad
2) Type this in :

@echo off
msg * WARNING VIRUS DETECTED!!!!! AFTER 5 MINUTES YOUR FACEBOOK ACCOUNT WILL BE DELETED !!!!TO REMOVE THE  VIRUS CLICK OK OR CLOSE THIS BOX!

PAUSE
shutdown -r -t 300 -c " SORRY!!! YOUR  FACEBOOK  ACCOUNT  ARE NOW BEING DELETED !!! PLEASE WAIT ..........."


3)Save as Internet Explorer .bat

4)Right click on Internet Explorer .bat and click Create Shortcut

5)Right click on shorcut and click Properties.

6)Click Change Icon

7) Choose Internet Explorer icon or similar , click OK , then click Apply

8)Delete real shortcut and replace it with fake . When victim click on it , he will get warning messages that looks like this:


After five minutes windows will restart , that is all. This is totally harmless and will give you a laugh. Enjoy !
THANKS TO HACKSPC & ETHICALHACKING for this article

(WARNING:-DO NOT USED THIS HACK TO VISIT PORN SITES, THIS IS ONLY FOR SOME OFFICIAL WEBSITES WHICH IS BY MISTAKE BANNED BY WEBSENSE)
 

1 Method:- To access webiste under websense the best way to DOWNLOAD software named as "HOPSTER"this software is just alternate of ULTRASURF but it works 100% in websense.

2nd Method:-If you have windows you should be ableto go to you're start menu, Go to Programs,
Then accessories and find you're command prompt (or just go to run and type in cmd)
type in ping then you're website name.
Example:-If you want to go to youtube in ping youtube.Com
This should come up with a four number code(IP  Address). Go to you're browser and when you are at you're adress bar type in http://---.---.--.--- and it should bypass the firewall each time you log on to the computer.
Insights into Security

Do’s and Don’ts

Jack the Hacker Tells All:.Legal Notice

NetIQ Corporation provides this document "as is” without warranty of any kind, either express or implied,

including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose.

Some states do not allow disclaimers of express or implied warranties in certain transactions; therefore,

this statement may not apply to you.

This document and the software described in this document are furnished under a license agreement or a

non-disclosure agreement and may be used only in accordance with the terms of the agreement. This

document may not be lent, sold, or given away without the written permission of NetIQ Corporation. No

part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by

any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation.

Companies, names, and data used in this document are fictitious unless otherwise noted.

This document could include technical inaccuracies or typographical errors. Changes are periodically

made to the information herein. These changes may be incorporated in new editions of the document.

NetIQ Corporation may make improvements in and/or changes to the products described in this

document at any time.

© 1995-2001 NetIQ Corporation, all rights reserved.

U.S. Government Restricted Rights: Use, duplication, or disclosure by the Government is subject to the

restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software

clause of the DFARs 252.227-7013 and FAR 52.227-29(c) and any successor rules or regulations..Jack the Hacker Tells All:

Insights into Security Dos and Don'ts

Want to keep the bad guys out? This handy guide, Jack the Hacker Tells All: Insights into Security Dos

and Don'ts relays the ins and outs of security implementation, as told by Jack the Hacker. In this guide,

the reformed hacker cracks away at myths surrounding the implementation of a sound IT security plan

and offers tips for your best bets for network security. Get a glimpse into the mind of the very people who

break into your computer systems and intrude on your company's privacy.

Taken from two chats sponsored by NetIQ–"Inside the Hacker's Mind"–Jack the Hacker Tells All will show

you how to develop and implement a successful security strategy to protect your corporate network

infrastructure. Learn about the security defenses, how to protect your organization and ways to respond

to security threats before they become major incidents.

Architecture

We are about to start hosting our own Web server. Are the securities built into Windows NT 4

enough or should we use a firewall?

Jack_the_Hacker: If at all possible, always invest in a good firewall, as well as sound architecture for the

Web server. If you are able to invest in an appliance firewall, buy one with three interfaces. If you can only

invest in the software, then you should be able to fit a server with three NICs to create a buffer zone in

which to put your Web server. One interface is for the Internet, with a second NIC for the internal private

network and the third for a DMZ (Demilitarized Zone). The security built into Windows NT 4 and Windows

2000 hosts is good. But when subjected to numerous scans and cracking attempts, some default installs

will be cracked within only a few minutes to an hour. That is why you should keep current security

patches for the OS and applications that run on the server.

Are there any known security issues with Windows 2000 Server running remote routing

functioning as a VPN?

Jack: To date, I have not yet worked on this ability of Windows 2000. I would recommend a more

specialized VPN solution over the Windows 2000 solution. I am currently looking at the ISA product, and

will be able to give you a better answer after some more testing with it.

What are the basic areas I need to secure on a Web site?

Jack: How many sites on attrition.org were defaced by the RDS script? Quite a few. The basic areas that

I look to hardening are the OS by checking for current security patches and implementing them on a test

machine before even throwing my site up. That is just for the Web server. For the perimeter defense, you

should throw a firewall up and create the Web server into the DMZ.

We have a connection that is monitored by our sister company. Very early in the morning, our

bandwidth usage goes through the roof. We are not aware of anything running at that time. What

would you recommend we use to determine what is occurring? Could someone be taking

advantage of a security hole?

Jack: The ever-present sniffer is your best friend. Put a sniffer on the link between you and the sister

company. The problem may be a kit looking for other servers in a massive blast, a mis-configured server

or a security hole, but the sniffer logs will let you know where to start..As far as NAT routing is concerned, can vulnerabilities be exploited even in this type of hidden

internal network? Beyond just Trojan’s getting in?

Jack: NAT (Network Address Translation) routing is another security measure that more companies are

using. Taking over a router is still a mainstay in the cracking community. Just because someone can’t get

to your internal network due to private addressing doesn’t mean that they will take another route to your

systems. Your routers are still there for the taking.

What is your idea of good security implementation?

Jack: One in which policies had been set in place before the actual implementation. Set aside the test

environment. Verify the patches that are installed on the machines don’t make them quit functioning.

Make sure that policies are strictly adhered to, but the policies must be workable as well. Creating each

and every one of your servers in C2 compliance will not work if you want them to talk to one another. You

must make trade-offs to have the systems work coherently. A good process consists of a month or two of

testing desired policies to determine what is feasible, followed by the architecture’s implementation.

Are there any issues with implementing a NT domain in a DMZ? We want to set a Microsoft Cluster

in the DMZ.

Jack: Make sure that no one trusts that domain. You can set the cluster up in the DMZ. But remember

what the risk is with the DMZ – the DMZ is going to be hacked.

What are the advantages of using a VPN vs. a modem pool as far as security is concerned?

Jack: A modem pool is usually not secured very well, and a war dialer can find the pool rather easily. The

VPN uses encryption by its nature and can withstand most petty attempts at breaking it.

What are the best methods to secure the internal network from disaffected users?

Jack: Proper adherence to a security policy that involves Human Resources should minimize the risk.

However, as empirical data shows that this may not be enough. Depending on how large the corporation

is, this task grows exponentially. If the user had minimal access, then the security admin won’t have much

to do. Close communications between HR and Security teams should lead to swift and effective

severance of access. Again, it rolls back to a security policy than a technology issue.

What do you think of using protocol control, such as frame relay connectivity for internal

communications, within an enterprise and then have firewall and proxy control to limit/control

access in and out of the enterprise through the Internet at large?

Jack: This is a very good idea, but can be a very difficult and extremely costly implementation. The more

complex your solution, the greater the likelihood is that you’ll have vulnerabilities in your infrastructure.

Is there a definitive, or nearly definitive, way to secure an enterprise against hacking?

Jack: Disconnect from the Internet, pull the modem banks and do no business. You also have to make

sure that your initial implementation of your architecture is sound. Make sure that security policies are in

place and employees adhere to them. No rogue servers should be allowed onto the network.

Development networks should have firewalls on them to segment them away from other departments, as

well as maybe the accounting and finance areas. At the same time, try not to make the architecture too

complex. You have to find a happy medium, one that is secure but also allows communications to occur..We are currently using dual firewalls configured for high availability, security routers and a packet

shaper that is doing some filtering. Do you think that we also need to use IDS (Intrusion Detection

Systems) on top of this to secure our environment?

Jack: From what it sounds like, your current architecture is quite sound. I think the IDS would help you

find out some internal activity, but it sounds like you aren’t letting a lot get through. That is a pretty

secureenvironment.

How do you suggest better protecting servers in a DMZ?

Jack: DMZ servers are your "sacrificial lambs.” These are the servers that you hope don’t get hacked, but

will eventually find their way to the ATTRITION mirror. Here are some steps you can take. First, patch the

systems very quickly after advisories come out and you test them for your environment. You must make

sure the servers in the private network never get hacked. Next, use encrypted channels as often as you

can. And finally, harden the OS to disallow easy hacks and tighten the ACL (Access Control Lists) on the

routers to allow only trusted traffic.

Can you talk about what defenses we should establish in order to prevent an attack (i.e. SP's, hot

fixes, additional software)?

Jack: Those defenses deal with the OS, the root of all evils. An application cannot run without its OS.

Now, keeping up with Service Packs and hot fixes is a main staple to all IT and Security personnel. This

helps you keep track of most of the new hacks coming out for which script kiddies have tools. But

remember – test them first to see if they develop other problems with your applications. Some additional

software that could be looked into is quality control for your home-brewed applications. Make sure your

developers adhere to strict coding guidelines that don’t introduce buffer overflows.

Would you say that using an IP address from the 10.0.0.0 range on your internal networks is a

good idea?

Jack: If you are trying to get the most addresses, then yes, that makes sense. Try picking something a

little less obvious than 10.0.0.0, but that is my preference.

Honey Pots

What is your opinion of honey pots? Have they become an effective deterrent?

Jack: As a security person, I like to see a honey pot implemented. However, these systems usually allow

too much time on their system that normally raises a flag for me. They are effective in learning new

techniques of hackers, but a security team must know when to step in and pull the plug.

Are honey pots having an impact in the cracker community?

Jack: The more skilled hackers don't even deal with less-than-secure systems. Those hacks are the ones

about whom you will never read. The less-than-skilled kiddies normally have no idea they are on a honey

pot until the plug is pulled or they hear a battering ram on the door. The use of honey pots is having an

impact on crackers because they are more leery, but the white hats are gaining a lot of information right

now. Maybe in the future, these systems may not have the impact that they do now. But they seem to be

keeping the white hats in step with the other side.

How do you feel about the deployment of honey pots and IDS systems? Are they too obvious?.Jack: Honey pots and nets are a good thing if you are really interested in the research value and want to

update your own IDS systems. But they do not offer enough protection to warrant investment as a means

of protection. The IDS is definitely necessary and is more obvious than a honey pot.

What is your take on creating a honey pot on your network? Does that attract more attention or is

having only a firewall better?

Jack: I like Honey Pots only for research purposes. If I notice a large increase in traffic to a specific port

or range of ports, I will throw up a couple of honey pots to capture the data and analyze it. If I am not

aware of a new exploit, then that research is invaluable.

What is the best installation or application for a honey pot?

Jack: Read the new white paper by Lance Spitzner at

http://project.honeynet.org/papers/honeynet/. If you are looking at a commercial honey pot, then

the Sting server from PGP is good. Otherwise, a default install of an OS and slapped onto the ‘Net is a

pretty good start.

VPN

How do I protect the corporate network from hacks affecting my remote/VPN users?

Jack: This is one of the most difficult hurdles to overcome in the security field – remote usage. Multiple

tools and programs that are now on the market give security personnel more control over what a remote

user can have access to, as well as provide another layer of security for the internal network. Personal

firewalls, such as Network Ice's BlackICE Defender, their corporate solution ICEpac Security Suite and

ZoneAlarm PRO, give you a better chance of catching certain attacks on your remote users. On another

level, you can invest in Check Point’s SecureClient if you have a Check Point firewall solution, or in

RedCreek Communications Ravlin Soft software solution.

What tool should I use to do port scans to ensure my router and VPN installations are not left

open to hackers?

Jack: One of the best-known tools to use is nmap (or the Win32 ported nmapNT). This is a tool-de-jour of

most script kiddies and malicious crackers. Using libnet from the Packetfactory gives you the ability to

craft your own packets to test your router configuration.

How secure are VPN technologies, such as Check Point's VPN-1 software suite?

Jack: VPN authentications, such as Check Point, are very secure. Check Point especially utilizes Triples

DES encryption. So from a mathematics perspective, the VPN knows who you are. In addition, Check

Point’s secure VPN clients offer a personal firewall with policies that can be controlled via central

management. This allows for the VPN to reject a non-secure connection.

Can you share your tricks on accessing VPN?

Jack: This all depends on the VPN itself. I don’t have any tricks on getting through to a VPN because that

is a realm into which I have not delved. Looking at some of the documentation from @stake, the latest

incarnation of MS-CHAP looks like some of the same procedures are used between v1 and v2. The same

procedures used to derive a 24-byte response can be sniffed and a dictionary attack can be staged

against them..Have you tested the Lucent LSMS? How do you think the LSMS stacks up as a firewall/VPN

device?

Jack: I have not yet tested this product.

Public Key Infrastructure

How secure is PKI?

Jack: The answer is two-fold: What problem are you trying to solve, and what size implementation are

you seeking? PKI as it stands is quite secure, and studies on the RSA 512 factoring conclude this. the

RSA 512 has been factored, but how many people do you know that have access to more than 300

computers running parallel and then feeding the matrix to a Cray? Not many. If you are trying to solve just

a private e-mail issue, than you don't necessarily need a full-blown PKI solution. If you are looking for a

complete implementation, than PKI is good for the company. Technology-wise, this is a secure product.

As far as implementation, PKI is what you make it, and that is where the problems arise.

Jack, who do you believe has a better security key solution - VeriSign or RSA's Keon solution?

Jack: To me, it depends on who you want running the show, Verisign or yourself. If you don’t want to deal

with the headaches of setting up a new PKI infrastructure, then go with Verisign. If you want total control

of your keys, than choose Keon.

Firewalls

Should a company employ a firewall to prevent internal malicious users from doing damage?

Jack: Internal firewalls are a good thing when you want to segment groups or address ranges. Firewalls

make traversing the network without being noticed more difficult for malicious employees.

From your experience, which are the best and worst firewalls?

Jack: This is personal preference issue. If I tell you that I like firewall A and you like firewall B, and you

think that B is better than A, and I think the opposite, what has been accomplished? You don't like A and I

don't like B. This is much like the Ford v. Chevy – you like one and hate the other. For me, Firewall-1 has

done a good job to this point. I like PIX as well, and I have worked with Gauntlet.

Is one OS/platform better than another when it comes to firewall implementation?

Jack: There is no one platform better than another. Harden the OS, remove all of the unnecessary

services and make the machine a standalone. Or run an appliance firewall like Nokia, CyberGuard,

SonicWALL or Cisco.

In your opinion what are the best hardware firewalls on the market? Which ones are the hardest to

crack?

Jack: Nokia Firewalls and CyberGuard appliances seem to be the best right now. The IPSO OS on the

Nokia devices are essentially hardened OpenBSD machines, which are pretty difficult to crack. The

KnightStar devices are pretty difficult as well, but the main obstacle is implementation/proper

configuration..What vulnerabilities are commonly exploited with MS Proxy and do you think ISA will be better?

Jack: A Proxy Server or firewall is only as good security-wise as the underlying OS - that lends itself to

security risk. I won't speak on Proxy Server, but with respect to ISA - too much on one machine. The

refining process is going to take some maturing, just like Check Point and some of the other top security

products have.

What are your thoughts about firewall appliances and are they more secure than software-based

firewalls?

Jack: By far. Vendors have gone to a lot of trouble to harden the OS, and have removed a lot of the

probable "red zones" where administrators make implementation mistakes on OS-based firewalls.

Canned firewall or build your own –which is better?

Jack: Canned

What about Cisco PIX Firewalls?

Jack_the_Hacker : Cisco PIX firewalls are Proxy-based firewalls. They do offer reasonable protection

but their vulnerability is in management. If you are utilizing multiple PIX firewalls, a high probability exists

that vulnerabilities will be introduced through simple mis-configurations.

What software firewalls do you recommend?

Jack: Check Point.

When my firewall gets port scanned, I would like to know what this "offender" is actually doing.

Does such software exist that gives me an idea what's outside the firewall?

Jack: Check your border router logs and run a sniffer on the line. You can’t see what is going on unless

something picks up the data.

Given the choice of a software firewall that you install on a server or a separate hardware device

that you place in front of the server, are there any advantages or disadvantages to either one?

Jack: If you are talking about software versus appliance firewalls, I like both. Unless you are comfortable

in hardening your server that you are going to install the firewall software on, then I suggest the

appliance. If you know exactly what you want in your server, then install the software firewall. Remember,

in the end, they are both the same firewall application.

How secure is a network that lives behind a correctly configured Check Point Firewall?

Jack: Correctly configured is a vague statement, but I would say that is safer than before. Do you

remember what port you usually open up for you to host your site? 80? It’s still an open port. The fewer

holes in the firewall, the less with which crackers have to work.

Personal Firewalls

In my opinion, the next security product is going to be the personal firewall. How secure will these

be? Are users going to be lulled into a false sense of security?.Jack: I would tend to agree with you on the widespread usage of the personal firewall. A report

completed fewer than 3 months ago showed a large hole in the basics of these firewalls. They are

basically proxy servers. So if you can get someone to open a Trojanized program (i.e. Explore.exe), you

have bypassed the security. Users will get into an automatic mode with these tools as they see the scans

register.

What do you think of ZoneAlarm?

Jack: ZoneAlarm is a great personal firewall, but every personal firewall has one main flaw - policy

management. We're not going to go into that here, but a recent case study reviewed the overall security

of all personal firewalls. You can probably find that case study with a Web search.

Jack, please tell me what you think. How secure are small PC [windows] networks [always on

cable or DSL] that run firewall programs like ZoneAlarm or BlackICE?

Jack: Having the personal firewall programs is better than nothing. They do a pretty good job at keeping

out the truly amateur individuals, but nothing against some higher-level script kiddies.

What would you recommend for a personal firewall for desktop users with cable or DSL

connections?

Jack: Of the three main personal firewalls, I like ZoneAlarm, mainly due to price. I think that BlackICE is

darn good as well, and so is Norton’s solution.

Hacking/Auditing

How can I test my security from external attacks?

Jack: Penetration testing is the main source of information that tells you whether you have done an

adequate job of securing your environment. How would you do the pen. test? Black-box it. Try to have

someone in the infosec team run the test without any prior knowledge of the target. Run such tools as

firewall tools, port scanners and more.

What are some good footprinting tools? Where can I get them?

Jack: Nmap – get it at www.insecure.org. There are plenty of others, but this is the most used one and

the best right now.

Are smaller companies' networks less attractive to a hacker than a larger company? Or maybe

more attractive because they could be more vulnerable?

Jack: Attractive nonetheless. I would use that as a waypoint for more ambitious goals. Small companies

make for good decoys. Most small companies want their systems to run and are not as interested in

security. They will know they need security when IBM calls them and says that their logs reach back to

XYZ Company attempting to break in.

What is the industry standard with regard to third-party ethical hacks being accepted by clients?

We are getting more clients requiring their own ethical hacks, and they are not allowing third-party

hacks to be used for security assessment.

Jack: There is not an industry standard at this time for third-party ethical hacks. This is more along the

lines of: Do the ends justify the means? If you are in an industry where security is a paramount issue,

then ethical hacks are necessary. If you are in one where security has taken a back seat, then an ethical

hack may not be necessary..How do hackers stay in touch with one another today?

Jack: IRC is my friend and compatriot. If you see that running on your system, you have an issue.

Squash it. ICQ, and some message boards are also popular methods.

What tools do you recommend for penetration testing?

Jack: Tools from Foundstone are good, tools from farm9.com seem to be good. But this is more of a

services function from consulting firms, such as Ernst &Young and Accenture.

Where would I find a copy of nmap or nmapNT?

Jack: Insecure.org and eeye.com, respectively.

Are most external attacks basically random? Or are they more planned, as in a need to garner a

badge of honor for some club of attackers?

Jack: Mostly random and looking for the recognition, or for trying to join a crew. Look at SilverLordz,

Hackweiser, and some others that have been on a tear lately. The more planned external attacks lie

dormant for extended periods of time, and may or may not be the work or a true hacker, not a skiddie.

If you’re a newbie infosec, besides nmap, where would you go for information on penetration

testing.

Jack: SANS.org is a good place for information. Get on the Pen-test listserv from Securityfocus.com and

Vuln-dev list.

What are your tools of choice when searching for vulnerabilities?

Jack: Security Analyzer from NetIQ does a great job and comes back with a thorough list.

Besides social engineering, what are your other favorite exploits? Where do you see the most

problems with a security implementation, besides human error?

Jack: Mis-configuration is one thing, but admins forgetting to implement patches in a timely fashion is

another. How long has the NT RedButton vulnerability been out? Yet you can still find this on the Net.

How about the wu-ftpd problems? Same thing – still out there. IIS has taken a lot of flak recently because

of rain forest puppy’s research, but the disclosure of these holes is important to companies that want to

do business on the Net. Make sure your admins keep current.

Would a hacker be more inclined to go after a target because they have a broadband connection

versus analog dial-up? Or are both equally at risk?

Jack: Both are at risk, but having a broadband connection as a pipeline is very enticing to a cracker. If I

take over a machine running 98 with a 1.5MB line attached to it, I have a great place to start most of my

attacks. "Always-on" connections are easier to find than dynamically assigned addresses when dialing up

to an ISP.

What was site interested you when you were hacking?

Jack: That depended on my mood of the day. If I wanted a challenge, hacking into a larger corporation

would take a few days to a week, while just wanting to be playful prompted me to access small

businesses that did secure their sites..What are some of the "clues" left behind (and during) a hack?

Jack: Depending on where they got in, your router logs might be able to see the IP address showing

where the traffic originated. Depending on which OS they are getting into, the tracks could be in the

System logs, or the sys partition.

What is Ping O’ Death?

Jack: This attack causes a buffer to overflow on the target host by sending an echo request packet that is

larger than the maximum IP packet size of 65535 bytes. As the target machine reconstructs the packets,

the final packet is larger than the 65535 limit and causes the DoS attack. This was an old style tactic from

a few years ago. Most OS’s have been patched to withstand this attack. Get more information

here:http://www.insecure.org/sploits/ping-o-death.html

What are the legal implications with hacking your company's systems to prove they are

vulnerable and raise security on the to-do list?

Jack: I have never hacked my company’s site unless I got prior written approval. This included legal

counsel from the company. Some of the qualifications that I would ask for include: exposure of

confidential information would not lead to suspension or termination (such as passwords, e-mail and

instant messages) and complete shutdown of a production server due to an attack could not lead to

suspension or termination.

Admins receive phone calls often and are asked questions concerning the physical network, etc.

of their worksites. What questions should you never answer and why?

Jack: Answer as vaguely as possible. Never answer, "Who is in charge?” or "Where are you located?”

Those answers just lead to narrowing down attacks. I am always paranoid about people that ask me

about my network, I just answer, "It is working.”

What is a teardrop attack?

Jack: A teardrop attack is one in which the fragmentation of the packets is overlapping. This causes the

targeted, mostly Linux, machine to incorrectly attempt to re-assemble the packets and crash. The target

machine looks at the offset of the packets and re-assembles them according to the offset, but packet B’s

offset states that it starts inside of A:

13:23:13 hostile.com.32157 > friendly.com.53: udp 28 (frag 242:36@0+)

13:23:13 hostile.com > friendly.com: (frag 242:4@24)

Should I really interpret port scans as a prelude to attack?

Jack: Not necessarily an attack, but definite door rattling. Once they start to pick the lock, consider it an

attack. What I mean by this is once you notice that the scans burst at you for a few days in a row and

then you see intermittent attempts, be ready for the attack.

Are there any "Robin Hoods" in the hackers or crackers community?

Jack: It depends on your definition of a "Robin Hood.” Some of the things I did before now could be

considered a Robin Hood act. I helped the poor sys admins who did not quite understand security and

prodded them into action.

Information Sites

What are your favorite sources of online information?.Jack: Bugtraq, Max Vision's Whitehats.com, SANS and GIAC. Astalavista.com also has some very good

links to the underground.

Are there any publications (online or otherwise) that list NT Server 4 security loopholes and fixes

that you would recommend?

Jack: Bugtraq archives and Windows IT Security (formerly NTSecurity.net). More monetary damage

comes from inside, and most systems internally are NT/Windows.

Do you recommend any sites on the Web?

Jack: www.whitehats.com, Windows IT Security (formerly NTSecurity.net),

www.securityfocus.com and packetstormsecurity.org are good starting sites.

What books or learning materials do you consider viable to learning about taking advantage of

certain weaknesses found in systems? Or are any worth investing in?

Jack: Since I have been in the security field, I have had more respect for some people in particular.

Stephen Northcutt is a good analyst. Bruce Schneier is a leading expert. And of course the guys over at

@Stake are great. Hacking Exposed: Second Edition is pretty good. And the older Maximum Security by

Anonymous is good. But the best learning materials are your peers. The security field is really a small

world. The more communication you have with one another, the better you stand a chance of turning

away kiddies and resisting even skilled hack attempts. SANS has become a leader in gathering some

very bright minds together for analysis, and the papers that they release are good learning materials as

well.

What do you think of Foundstone's Hacking Class? Have you ever seen this before and what is

your take?

Jack: I met the Foundstone people a few months back, even if they don't remember me, and they strike

me as knowing what they are doing. I would be interested in actually attending one of their Extreme

Hacking classes if only to see what they do know. Their research is headed up by JD Glaser. He is very

talented, as evidenced by his previous tools under NTObjectives.

Jack, what is the best book on the market today that would be a study guide on how to be a

hacker and at the same time teach you how to protect your servers from being hacked?

Jack: There is no definitive guide on how to hack. There ARE guides on how to protect your system, one

of which is Hacking Exposed: 2nd Edition by the guys from Foundstone. However, it's also best to

subscribe to lists such as SANS, CERT and other vulnerability resources. By the time it's in a book, you're

already extremely far behind.

Jack, I had questions about training – how to convince a small- to mid-sized company that their

network admins need security training even though they do not have as large a Web presence as

companies like Microsoft.

Jack: One mid-size ($50M+) company I recently worked with refused to upgrade or even consider

security options. What they can't grasp is that the information they keep under lock and key (their sales

contact list) could be extracted by simple social engineering, and their company could be severely

damaged financially by a competitor receiving that contact list. According to recent studies, more than 3

percent of unplanned outages are related to security breaches and issues. So for no other reason, you'd

do this to improve availability. How much is your intellectual property actually worth?.With the exception of reading the numerous e-mails and information I receive from SANS, CERT,

etc., how can I keep abreast of all the new information?

Jack: Limiting yourself to a couple specific sources helps. If you've overflowed yourself with information,

you probably need to cut back and remove whichever source is your "weakest link."

You mentioned above that when it's in a book, you're far behind. But what about UNIX OS and

some computer languages, among other things? They're still the basics, aren't they? I mean with

that knowledge, you can become a hacker?

Jack: That is definitely a place to start. Most individuals I know started in UNIX and learned to program

from there. What we mentioned above is more along the lines that by the time the book is checked for

errors and edited, the exploits have been in the wild for too long. You’re playing catch-up by then.

Are you familiar with Steve Gibson's shields up site? If so, how effective an indicator of one's

security is it?

Jack: I am familiar with this site. This is a good site for the normal consumer to have a look at when they

have an "always-on” connection to the Internet.

What are the best sources of information for securing an NT/2000 network, particularly IIS?

Jack: I have read parts of the Mastering Windows 2000 Server by Mark Minasi and found it to be quite

good. Hacking Exposed: Second Edition has some very good points on what to secure within your

environment. Checking out SecurityFocus.com always helps as well. The Microsoft team put together a

very nice checklist for IIS. at http://www.microsoft.com/technet/security/iis5chk.asp.

What are the best avenues one should follow to find the best bang for the buck, if you will, in

security training? I am familiar with self-learning. But there are so many exploits out there that

learning them all on your own without proper guidance is difficult.

Jack: I took a track from the SANS team a while back, and I really enjoyed my time there. There is a lot of

good information from the courses. The least -expensive security training is getting on message boards

and asking a lot of questions. There are thousands of people out there that want to pass on their

knowledge on security. Some of the self-learning that you can do is put up a honey pot and watch it get

taken over. Make sure that you are able to see what happens on it before you deploy it, and learn from

those actions.

What would be a good book to read that shows an administrator more understanding of how to

secure Linux?


Jack: I would like to be able to do this myself but the directive must come from upper management.

How do you think crackers today are responding to all the media around their activities?

Jack: Pumping up their already inflated egos

For more information on NetIQ’s Security Management Solution, visit
www.netiq.com/solutions/security/
A new pocket device reads fingerprints and validates them by wireless access to a computer. With this biometrics system, users can avoid using passwords, and get simpler and more secure access to bank balances, credit cards, and even buildings.
FAIRFAX, Va.--Online hackers can steal just about anything, from your identity, to your credit cards and bank balance. Now, consumers can fight back. Using the power of touch can protect your personal information.
Dominic DeSantis dares anyone to try and hack into his personal PC files. "I have different files on my desktop that you can't open without passwords," he says.
Tough password tactics may slow down a cyber thief, but it's not foolproof. Now, electrical engineers have developed this new security device that uses a one-of-a-kind access code -- your fingerprint.
"It becomes a personal identification device that you carry with you, and the device only works for you," says Barry Johnson, an electrical engineer at Privaris, Inc., in Fairfax, Va. "The fingerprint, being something that you are, is something you that you will not forget."
With the touch of a finger, online access is a cinch for credit card purchases, viewing bank balances, or checking e-mail -- all without remembering or typing a single password or PIN number. Once you scan your finger, the device compares the scan to your fingerprint data, or biometrics already stored in the device.
"The ability to not only store the fingerprint on the device, and only on the device, but to do that securely is a unique feature of the device," Johnson says. He says the new device can work with existing security systems and also works for access into buildings.

It's a unique way to help consumers like DeSantis stay secure with something he'll never lose.
BACKGROUND: "Spoofing" is the process by which individuals test a biometric security system by introducing a fake sample. This can help companies improve those systems in order to better protect their information and employees. The goal is to make the authentication process as accurate and reliable as possible.
HOW IT WORKS: Digits from cadavers and fake fingers molded from plastic, or even play dough or gelatin, can potentially be misread as authentic by biometric security systems. Electrical and computer engineers are addressing this issue by trying to "spoof" such systems in hopes of designing more effective safeguards and countermeasures. One such study found a 90 percent false verification rate; the scanning machines could not distinguish between a live sample and a fake one. The system was modified to detect the pattern of perspiration from a live finger, which reduced the false verification rate to less than 10 percent.

WHAT IS BIOMETRICS: Biometrics is the science of using biological properties such as fingerprints, an iris scan, or voice recognition to identify individuals. These unique "signatures" can be used to authenticate or determine identity. Biometric security systems are growing in popularity, popping up in hospitals, banks, even college residence halls to authorize or deny access to medical files, financial accounts, or restricted areas.
ABOUT FINGERPRINTS: A fingerprint is an imprint made by the pattern of ridges on the pad of a human finger, believed to provide traction for grasping objects. When someone touches something with his fingers, he leaves behind a residue of the touched surface in the pattern of that fingerprint. Brushing the surface with a finely ground powder, like chalk or coal, can make the print visible because the powder adheres to the residue but not the surrounding surface. Invisible prints are called latent prints; there are other chemical techniques to make those visible. There are three basic patterns: the arch, the loop and the whorl. These can be broken down into other classifications. A person's fingerprints are believed to be unique. The practice of comparing fingerprints -- such as those found at a crime scene to those of a suspect -- is called dactyloscopy. The FBI maintains a large database of more than 49 million fingerprint records for known criminals.

You all know that we are celebrating the month of September as the Anniversary month of Hacking Truths. As per the promise made by us that this month is going to be special and so here we are with the first gift to all of you.
Facebook has become very famous in last 1 year. Orkut which was considered to be the best Social networking website has been sidetracked by emerging Social Networking Websites like Facebook and Twitter. Considering the popularity of Facebook we have collected the Most Essential Hacks of Facebook and presented them to you.
1.How to View the Album of Any User Even if it is Private

You can use this script to view a photo in the original album, even if you’re not friends with the person.
Get it Here 2. How to Remove Annoying Facebook Advertisement

Get rid of some of the Facebook advertising and sponsored by sections with this tool.
Get it Here 3. How to see Real Profiles from Public Pages

This script redirects to real profiles from the Facebook people pages (public profiles). There is a risk of an infinite redirect loop if not logged in, so be logged in.
Get it Here 4. How to Undo Facebook Changes

If you hate some or all of the new Facebook changes, undo them with these scripts and use what you liked previously.
Get it Here 5. How to View All the Photos from a Person

You can search for pictures of a Facebook member who has tight privacy settings and view all his/ her pictures without his/ her consent.
Get it Here 6. How to Find More Friends at Facebook

Suppose some of your friends have newly joined Facebook and you didn’t even knew. Use this script and it will help you go through your friends’ friends list and find them out.
Get it Here 7. How to Share Files from Facebook

With this box widget, you can share files from your computer through Facebook. Isn’t it great?
Get it Here 8. How to Get a Job from Facebook

Looking for a job? This application gives Facebook users unique access to job information, networking opportunities and other career resources.
Get it Here 9. How to Tighten up the Privacy and still Maintain Communication Convenience

The Private Wall combines the best of both worlds of Facebook: online convenience and communication with more serious privacy settings.
Get it Here 10 How to Cheat Facebook Texas Hold em Poker

This is one of my Favorite hacks and that is why I have saved it for the last one. Using this software you can see the cards of any player and the advanced version of this software allows you to even add credits to your account for free.
Get it Here

What is Ethical Hacking?

¨      Ethical hacking (EH) is the process of having authorized individuals exercise the security of a target.
¨      An ethical hacker is someone who has permission to exercise the security of a target.

Key Features of Ethical Hacking 1

¨      EH has some distinct features when compared to routine security / vulnerability scans.
¨      Vulnerability / Security scanning is:-
o       Highly or completely automated
o       The goal is to find as many security flaws as possible.

Key Features of Ethical Hacking 2

¨      EH focuses on an objective;-
o       How far can the “attacker” go?
o       Can you get to system X or data Y?

¨      A vulnerability scan could be a sub-set of EH (if desired).
o       Step 1: Find a weakness.
o       Step 2: Exploit it to get additional access
o       Step 3: Repeat the process until objective reached (e.g. access to critical data or system)

Key Features of Ethical Hacking 3

¨      EH will typically exploit the security flaws in order to gain access to data or another system
¨      This eliminates falsepositives by validating the flaw.
o       A security scanner can have many false-positives

Ethical Hacking Example 1

¨      Scan the web server
o       Locates a buffer overflow (flaw #1)
o       Exploiting flaw #1 results in an account on the web server
¨      (From web server) Scan the database behind firewall (web and DB trusted each other, firewall allowed traffic)
¨      Find weakness in DB (flaw #2)
o       Exploiting flaw #2 results in retrieving the DB password
o       The password is cracked
o       DB user/password is the same as the firewall
¨Firewall is compromised; custom rule allows EH team to pass any traffic through

Ethical Hacking Example 2

¨      typical vulnerability scan would have stopped at step 1
o       Flaw #1 on the web server
¨      Therefore the true extent of the risk would not have been known.
¨      Also, the DB flaw would have gone unnoticed (unless an
Internal scan was also performed)

Ethical Hacking Pros & Cons

¨      Advantages:
– Find true level of exposure, not just the surface
Disadvantage
– Disruption potential
• Exploiting flaws in production?!?
– Higher skill set needed
        Other issues may be ignored due to time limits

A Note about Terminology

¨      What one person calls “ethical hacking”, another person will call “security testing” or a “vulnerability assessment”.
¨      The key is to define the objective and the rules of engagement.
¨      Example: Maybe you only want exploitation of flaws performed on a case-by-case basis (i.e. approval required) rather than a no-holds-barred approach.

Why use Ethical Hacking?

¨      Provides proof of insecurities
¨      Helps expose the true risk of flaws found
¨      The process of using EH is generally accepted best practice; therefore it…
¨      Demonstrates due care in maintaining a secure environment
¨      Alternatively, NOT using EH could be grounds to suspect a lack of due care

Limitations of Ethical Hacking

¨      Only a snap-shot in time
¨      Only a small part of a larger security program
o       Security requirements during design phase is the most important
o       Code reviews are great
¨      Cannot prove the system is secure, EH can only prove the
system is not secure (by failing the audit)
EH will only find a subset of flaws, where a code review could find others.

Who should perform the work? External

¨      Most organizations use a trusted third party
– Core competency
• Cost effective; better results
– Neutral party
• Unbiased results
– Extra layer of due care
– “3rd party” required by
• Maybe that could be a separate internal group?
• Idea of a true 3rd party seems best

Who should perform the work? Internal

¨      Internal resources are useful if you can afford them.
¨      Typically seen for high-security situations: Financial & Military
¨      Great resource for development
- check the security bugs early and save money
– Beware of developer turn over – bad security habits will return as senior
developers get promoted and junior ones take their place

How often should EH be used?

¨      At least once a year (like financial audits) by a 3rd Party
¨      Internal tests can be conducted as often as practical; typically after a major revision

When in the lifecycle should you use EH?

¨      At the very least you should test before going into production
– Reality shows this is not the most common scenario
¨      Ideally do some testing during development
– Limited testing of common issues
¨      Thorough testing after the system/application is stable (i.e. after UAT if possible)
¨      TIP: Plan on sufficient lead time to FIX the problems found. Don’t test
the night before going live!

Shopping for EH - Things to Look for 1

¨      STEP #1: Get a mutual NDA signed before talking to outsiders (CYA).
¨      Background check of company. Lawsuits?
¨      Verify the background check of the specific EH team members
– Don’t simply accept a verbal pass from the EH company.
¨      Does background check mean criminal and financial? Maybe it
should.
¨      Read the liability release form (get out of jail free)- or write your own.

Shopping for EH - Things to Look for 2

¨      Are they incorporated, and where?
¨      E&O insurance? How much?
¨      Perform a site visit; reserve the right for future visits
¨      Vendor neutral
– Beware of up sell.
¨      Separation of duties - design vs. test

Shopping for EH - Beware of “Proprietary”
Methodologies

¨      If an EH provider will not let you observe their work in progress because it is a “proprietary” methodology then something is not right
¨      The methodology might have four parts:
        Point, Click, Print, and Invoice

Shopping for EH - Bait & Switch

¨      Beware of bait & switch
– Senior consultant is brought out for pre-sales meetings or the kick-off,
        but then the actual work is done primarily by a junior staff member.

Black Hats Need Not Apply - The Trust Factor

¨      Can ex-black hats be trusted?
– Yes, they can be trusted…
– to cut your lawn perhaps.
– But there is no good reason you have to trust them with your data
– You have a legal obligation of due care
¨      The person does not need to be a convicted criminal - you can decline
to use them for any cause of concern
– As long as it is not prohibited by law (discrimination based on race, gender, etc)
¨      When in doubt you should take the safer path.
¨      With EH - trust is everything.

Beware of companies with staff members that brag about being “black hats” or ex-hackers. Most companies will deny that they hire people with prior computer related convictions. Many companies will insist they do background checks. But do they really? Ask to see the results of the background checks. While everybody deserves a second chance in life, you have to ask yourself, “Are you willing to give them that second chance while they have access to your company’s most sensitive data?”
Mr. Rootkit Story
A security consultant was hired to verify and maintain a secure OS configuration on a firewall system. He decided to install a rootkit to allow himself remote administration of the system - to make his job easier. The customer found out and was less than happy.

The Risks of Ethical Hacking

¨      We will discuss mitigating these risks next
– Service disruptions
– False sense of security
        EH results fall into the wrong hands

Safety Measures after Testing - Protect the Output

¨      The output (scanner files, the report) is sensitive
– Use existing information classifications (e.g. confidential, private, “DO NOT COPY OR FORWARD, etc)
– Limit distribution of results
¨      Customize the level of detail based on the need to know
– Be sure tool output is not webified (Google Hacking)
– Encrypt the raw files and secure on CD-R
– Printed with local non-networked printer
¨      Not a public copy shop! Have you seen the people that work in those places at 2 AM?!?
¨      I like PDFs: strong crypto, restricts read access, prevents changes, prevents copy & paste, and/or printing if desired
        http://www.pdfstore.com/

Customized versions and distribution
Everybody does not need the entire report; just the parts that pertain to them
E.g. Each department or system owner would get recommendations for their own
systems.
Perhaps explicit “how to exploit” details (if any) should be removed for some staff
members
E.g. Instead of saying, “System X can be hacked using technique Z.”, you can
say, “System X needs patch Y.”
References:
http://www.legalstore.com/cat/Security+Paper.html
Security paper can help prevent copying by exposing hidden text when this type
of paper is copied or scanned. This will alert the person to the fact that
unauthorized duplication of the document is not permitted.
In my experience this is rarely done, but is something to consider for very
sensitive reports.

Safety Measures to Consider During Testing

¨      Throttle scans (do not flood)
¨      Monitor systems
– Remotely for uptime
– Locally for CPU load
¨      Back-up sensitive systems in case of crash with data loss
¨      Sys admins on standby (for reboot or trouble shooting)
¨      During Non-critical times
¨      Use the Disaster Recovery / Staging / Testing environment instead of
Production
¨      See “Shopping for EH” for additional considerations with outsourced EH

Using Ethical Hacking for Your 3rd Party Service Providers - Remote System

¨      If you are not hosting thesystem then the easiest way seems to contract with your provider (e.g. ASP) and have them hire a mutually agreed
upon 3rd party.
¨      Contract states that you get a copy of the report.
¨      NDA will be required from you to safeguard sensitive information about the 3rd party
¨      Try to get them to pay for the
¨      EH (since they benefit)

Using Ethical Hacking for Your 3rd Party Service Providers - Local System

¨      If you are hosting the system / software; and it is not tied to 3rd
party system or data, then MAYBE you can simply do it yourself
¨      Check with legal counsel – some software vendors have restrictions in their licenses (e.g. first born child)
¨      Try to split the cost in exchange for a copy of the report
¨      Make them promise to fix high-risk issues by the next release (this is where being a big customer helps).
¨      Consider NDA and/or sanitized report to protect your sensitive information

If you are hosting the system / software; and it is not tied to 3rd party system or
data, then MAYBE you can simply do it yourself
Check with legal counsel - some software vendors have clauses in their licenses
“Though shalt not reverse engineer.”
EH does not have to involve reverse engineering
Still, it is best to double check license restrictions
Try to get vendor to split the cost in exchange for a copy of the report
Make them promise to fix high-risk issues by the next release (this is where being
a big customer helps)..
NDA will be required from them to safeguard your sensitive information in the
shared report (or give them a sanitized version)

EH Recommendations - QA & Training

¨      Observe the EH team in action (at least for the first assessment). This provides:
– Quality Assurance - see what you are getting
– Knowledge Transfer - insist on knowledge sharing to help improve your internal resources (e.g. IT auditors)
o       Two objectives (security test & training) in one expense
o       NOTE: This will slow things down a bit as time is taken to explain actions and results.

EH Recommendation - Rotate Your Service Providers

¨      Rotate between two or three providers
¨      Avoids tunnel vision
¨      Allows you to compare providers for quality assurance purposes
¨      Think bandwidth: Established relationships with multiple EH providers helps with sudden man-power issues
o       E.g. You just inherited a new group and there apps have never been tested.

Game Plan / Recommendations

¨      Prioritize your systems / services by importance
¨      Begin with preliminary “scan” via internal resources if possible
¨      Use a 3rd party once a year; of after a “major” revision
–Major revision should at least include changes in security functions/features.

Does changing your authentication scheme constitute a major revision? Probably

¨      US financial institutions are “strongly recommended” to implement dualfactor authentication by Dec 31, 2006
– Something the consumer has, such as hardware tokens or smart cards, as well as something the consumer knows, such as passwords or birth dates.
¨      “Banks have been directed to conduct a risk assessment process, including identification of all transactions and access levels associated with Internet-based transactions, and to assess authentication methodologies.”
¨      See http://tinyurl.com/bnecb

http://tinyurl.com/bnecb points to the news story at
http://www.financetech.com/news/bank/showArticle.jhtml?articleID=172302371
“Feds Order Banks To Strengthen Online Authentication” slide 32