The Revolution is Coming!!!!

Back|Track Linux 5.0 Codename Revolution is being released on May 10, 2011. This is an exciting release for the security community. Check out Backtrack-linux.org to find out more information and download it.

It may take a couple of days to get to the site because with such a big release the site usually will go down or is slow downloading. That is just the effects of having such a popular computer program.

Some of the features include:

• 32-bit, and 64-bit Versions (Which is a first for BackTrack)
• More GPU processing power to crack passwords faster
• Using Ubuntu 10.04 as the Base OS
• Updated the Tools.
• GPL v 3 compliant (Which means this is finally 100% free software with the source code)
• Redesigned Repository that will be kept up-to-date
• and so much awesomeness I cannot talk about.

Top Twenty-three Network Administration and Information Security Applications on Android

I decided to review some of the top network administration and infosec applications that I have been using on my Droid 2 phone. Most of these applications are free, and some of them have more advanced features that you can buy in the marketplace. Check it out and if you have any questions or have problems installing or using the application leave me a comment and I will try to help you out.

Thanks,

1. DNSLookUp: DNS and WHOIS lookup tool that supports the use of multiple nameservers and DNS records types. 

2. DNS Lookup Tool: DNS Lookup tool provides the ability to perform MX, A, NS, TXT and Reverse DNS lookups

3. DroidSCP: SCP for Android devices. Transfer your files over SSH for maximum security. Features a recent connection log, local and remote file browser, public/private keys and batch upload/download. With the free version you are limited to transfer only 2 files in batch transfers. And ads are included at the top of the screen. If you don’t won’t those restrictions get the Unlock Key version for $1.49.

4. Dropbox: Synch your files between your computers and your mobile device. Now you can browse the files in your Dropbox folder from anywhere. Share links to files, save photos and video from your camera to your computers, and open files using your favorite Android apps.

5. G-Mon: This is a powerful wardriving scanner and GSM/UMTS Netmonitor and drive test tool. It scans for all WiFi networks in range and saves the data with GPS coordinates into a file on your SD card. You can create a kml file for Google Earth. It shows you the encryption, channel and signal strength. It shows all Aps in range in a live map. G-MoN is a wardriving scanner to collect and map all received wifi access points. It is also a 2G/3G netmonitor and field test drive tool for radio planning engineers. You do need to enable GPS for correct position in map.

You can log GSM or UMTS RX levels into a kml file for Google Earth or a csv file. There are 5 color groups for different levels. These levels can be defined by the user in the settings menue. This file is saved into the gmon folder on the sdcard or external memory. When the log is running the G-MoN Notification icon changes color to red. 2G/3G logging does not work when the screen is off.

6. IP Calculator (IPv4 and IPv6):Performs calculations on IPv4 and IPv6 addresses, networks and netmasks.

7. Ipconfig:

8. Location Spoofer: A simple utility to set a fake wireless network location. You have to allow mock locations under Settingsà Applicationsà Development. Pro Version is available for $2.04 which includes: No ads. Spoof a GPS path, setting start and destination or loading a KML file from the sdcard. Set accuracy, max distance allowed from fake location. Search in map screen. Improved location history. Save your favorite places.

9. ConnectBot: A powerful open-source SSH client. It can manage simultaneous SSH sessions, create secure tunnels, and copy/paste between other applications. This client allows you to connect to Secure Shell servers that typically run on Unix-based servers.

10. HTTPing: This is a ping but for http-requests. Give it an URL, and it’ll show you how long it takes to connect, send a request and retrieve the reply (only the headers).

11. NetInfo

12. OSMonitor

13. Passdroid: Password manager that stores your passwords in a secure way on your Android device. The passwords are guarded by a master password and strong cryptographic algorithms (AES and SHA256). Includes a password generator.

14. Mobile Remote Network Controller: Use mobile through WiFi, you can control your PC. Download the PC client to your PC and you are all set. You are also able to use it to control powerpoint presentations or iTunes or any media player. Instructions: http://ben-works.blogspot.com/2011/01/remote-network-controller.html     Desktop Client: https://docs.google.com/leaf?id=0B_VLOKCL5YljMTlmYTc0ZmYtNTc0Mi00NDhhLTgwYTgtOTczZTlhZjhkOWU0&sort=name&layout=list&num=50&pli=1

15. PingUp

16. Shark: This is a version of wireshark for the Andriod. It sniffs traffic on both 3G and WiFi. You can download the dumped traffic, which is saved on the SD card, using wireshark on the PC or Shark Reader on the Android.

17. Shark Reader: This is an application for reading pcap files. It does have problems with large files. But it works good if you do not have access to a PC at the time and need to look at your pcap files quickly.

18. W&YPages: White and Yellow Pages directory. Easy to use.

19. Wardrive: Wardriving app, stores scans in sqlite db on the sdcard and displays found networks around in the map. Requires Google Maps installed. Requires valid GPS position to work. You can also filter based on information that you want to show.

20. Wifi Analyzer: Turns your android phone into a Wi-Fi analyzer. Shows the Wi-Fi channels around you. Helps you to find a less crowded channel for your wireless router. It is a good diagnostic tool to find out where issues with clients wireless may exist.

21. WifiScanner: A simple scanner for wireless networks.

22. Wireless Tether: Enables tethering (via wifi and Bluetooth)  for “rooted” handsets running android. Clients can connect via wifi (ad-hoc mode) or Bluetooth and get access to the internet using the 3G, 2G mobile connection. Features: Access-control features. Allow/deny clients to use your mobile-data connection. Wifi-Encryption. 128-bit WEP in general. WPA/WPA2 on supported devices. Settings for wifi-ssid, wifi-channel, lan-network and more.

23. Z4root: Gain SuperUser Privileges on your android phone.  One of the simplest solutions I’ve seen. All you have to do is load the app onto your phone, run it, and click the button. It will give you root access to your phone, allowing you to install and run apps that require root access. If you run into any probles, just reboot your device and everything should be back to normal, since z4root doesn’t make any major changes to your system files. To find z4root go to http://4shared.com and search for z4root.apk.

Social Culture of Hackers

Hacking is seen as an underground group. They are very social in nature. No man is an island in the hacker or security community. Hackers share information very liberally. Sites spring up every day to share tools, techniques, news, and other information to fellow hackers and security professionals. Security professionals need to be embracing joining the hacker community not in order to use the techniques of crackers, but so the techniques are known and defenses can be developed.

A couple of well known hacker underground sites include:

Hackers Center Security: http://forums.hackerscenter.com/index.php, T
he Hacker Community: http://www.hacker.org/,
The 2600: http://www.2600.com/
Defcon: http://www.defcon.org/.

Most of the hacker community never meets face-to-face. They hang out on irc, chat sites, and IM.
The only time a person get together are at Defcon and Blackhat security conferences.

Mailing lists and RSS feeds are the lifeblood to the security professional. Within the mailing lists and RSS feeds information is delivered as soon as it is available. If you keep up with the research and
security holes within software packages then you are better able to defend against these weaknesses.

Its a fine line between a criminal cracker and a security professional. They both use the same tools and techniques to defend and attack a computer security system. They both run in the same hacker
community because they are both curious about technology and gadgets. The only way you can tell the difference is by their actions.

Hackers have big egos. They love to talk and in most instance they love to share their secrets. Hacking is not hard. You just have to know what you want to accomplish before you start the hack. You can go to forums and chat sites and discover all sorts of new techniques and procedures to hack.

Personal Information as a Security Vector

Personal information such as SSN, medical records, and academic records are as secure as the knowledge that the staff has gained in order to protect the information. The security team can be well trained in computer and physical security. They can be the expert in the field of cryptography and a firewall or security architect, but if the security team does not train and pass along some of their knowledge then it will not be long before the information that they are trying to protect will be owned by an evil cracker that knows how to get within the company and compromise the integrity of the data.

No matter how good a security policy is companies are always vulnerable to penetration from the outside or even from the inside. Just this past week the employees of my company was told that we could no longer bring USB devices or any other storage devices including personal laptops because one employee was caught bringing company information to his home. Although I was not informed of what information the employee was taking home or why, the fact is that he brought the information home. We used to have a program that was supposed to encrypt the drive and the drive would then only be useful only on the computer that encrypt the drive, so I’m not sure what happened with that security measure. The bad thing is my company deals with social security
numbers and medical information every day, so I know that system and procedure would not be HIPPIA compliant.

Also it would not be hard to gather the username and password of the employees at the company because most of the time the information is on their desk or you can just ask them and they will be happy to give you the information, and most of the time the users do not lock their desktops when they leave their desks. This provides instant access to every SSN in the country and the person that would get called out would be the user because SSA knows who accesses what SSN and when it is accessed.

Remember to go to the training classes when offered. If you don't then you may unknowingly give out personal information that you may not have the right to release.

Part 2: Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is one of the most common application-layer web attacks. XSS targets scripts which are executed on the web browser rather than on the server-side. Cross-site scripting causes applications to execute in the manner desired by the malicious user. A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who now hijack the legitimate user's session.

As on-line business project cannot afford to lose the trust of its present and future customers simply because nobody has ever stepped forward to prove that their site is really vulnerable to XSS exploits. Exploited XSS is commonly used to achieve the following malicious results:

Identity theft

Accessing sensitive or restricted information

Gaining free access to otherwise paid for content

Spying on user's web browsing habits

Altering browser functionality

Public defamation of an individual or corporation

Web application defacement

Denial of Service attacks

Security flaws in high-profile web sites have allowed hackers to obtain credit card details and user information which allowed them to perform transactions in their name. The major cause of XSS is code validation within the application. A
lot of applications do not validate their input. They don't check to see if the code accepts non-malicious input.

Ways to Prevent Cross-Site Scripting Attacks

1.      Validate Code: Go through your code and test your code. Ask yourself, “If a person enters “code” in the textbox will the code execute.” The only way to discover this is to try to run “code” within the textbox. The most common code is SQL commands and JavaScript commands.

2.      Escaping: Escaping is using special characters as escape characters instead of actual characters such as <,>, &, !, etc.  

For more information on Cross-Site Scripting and other web application security check out OWASP.com at

http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

 

Web Application Security 101

Part One: An Introduction

Web applications are often the forgotten child of web designers and programmers. Why is that? It should look like web applications are the single most important code and process that needs to be taken into account when designing websites. After all you are trusting the websites to be trustworthy especially from established brick and mortar stores. That is where the problem lies. A lot of stores and websites are not used to designing security plans for collecting and processing customers' information.


I will discuss in the next coming weeks areas of vulnerabilities within websites that web designers and programmers need to take into consideration before creating the site. Security should not be taken for granted. Applications need to be designed from the ground up with security in mind. Most applications on the web are designed with security as an afterthought and do not include security checks in them until after there is a breach and it has reached the news media.

During this series of post we will discuss, cross-site scripting, SQL Injection, web site authorization, SSL vulnerabilities, man-in-the-middle attacks, and other topics as I think of it. :) The purpose of the articles is to inform both programmers and end-users what to look out for while exploring the website. Continue with me on this exciting journey, and we will both learn something and maybe better secure the Internet or at least bring about a better understanding and awareness of application security.


Thanks,

Lance Howell

Port Scanning

Port scanning is an invasive activity. Port scanning is the process of checking to see if a network is available or not. Port scanning can also cause denial of service on a network if it is scanned long enough. The type of scans that are done are half scans, FIN scans, XMAS scans and other stealth scans that could be used to penetrate a firewall. The ports can be filtered, opened, or closed.


Cases have been attempted to convict people for doing port scans, but the courts have time and time again said as long as people are just scanning they are not committing a crime. The rules do vary from state to state. One of the more famous cases is Moulton vs VC3 where Scott Moulton, a owner and operator of a security company was trying to test the county’s 911 system for vulnerabilities and discovered VC3’s firewall. The judge after Scott explained it to him agreed that it was not a crime. That was in 2000.

But just because it is not illegal by the law does not mean that it is not invasive and uses computer and network resources. It has to send traffic to each port in order to discover if it is an open or closed port. Even if you are not receiving data or information from the ports you are getting information about the network and the company’s network and infrastructure. You are learning how secure or unsecure they are. You in some instincts learn what programs or equipment they may be using.