When you’re in an airport, you open your laptop to read or send e-mails, looking for a free Wi-Fi hotspot. And there it is! You almost always find one and connect to send and read your e-mails etc. What you do not take into consideration is that the free Wi-Fi may have a privacy cost associated with it: the data of your connection, your personal details and other important information can be stolen when you send your message, without having any idea that such a thing could happen. Before you know it, you’re calling Lifelock for identity theft protection because your personal information has been stolen, and soon, your identity.

What should make you suspicious is when there is a Wi-Fi hotspot with a name that is not recognized or resembles an official or even a celebrity name. Also, the user must be particularly cautious in hotspots that do not need password protection for access. The ‘magic’ of the data theft happens through a proxy technology, which monitors the Wi-Fi communication and captures and stores a copy of all your data on the hacker’s laptop. This process will slow down the traffic speed of your connection but in cases of networks with many users it is difficult to say with certainty whether the slow traffic is due to the theft of your data or because there are many users connected simultaneously.

Each time the user performs a task on the internet, whether buying staff online, checking your bank account or checking of email, the computer must send the login to the network, which is a goldmine for fraudsters on the internet. Under normal conditions the connection to a secure site (such as your bank site) must start with “https” instead of “http“, which means that traffic is encrypted. Some sophisticated hackers can even steal your encrypted communication (by proxying your connections through their own computer). For this reason, extreme caution is required when giving personal information and passwords in a public WiFi hotspot.

The threats to be aware while using public Wi-Fi:

• Evil twin login interception: networks set up by hackers to resemble legitimate Wi-Fi hotspots.
• 0-day OS / app attack attempts: attacking your computer and applications in order to get access to it using unknown and unpatched vulnerabilities.
• Sniffing: software or hardware that can capture and record the traffic passing over a network.
• Data leakage (man-in-the-middle attack): Cyber-criminals who can modify network traffic, leaving the impression that the user navigates the website of a bank for instance, while, in reality, traffic is passed first through the attacker’s computer.

No related posts.

As BBC, Reuters and AFP reported, Sega announced that data for their users was compromised from their online network, Sega Pass. Confidential information such as names, birth dates, email addresses, passwords etc were stolen, while stating that the credit card numbers remained unaffected. The company admitted that data information were stolen from the database for approximately 1.3 million customers.

The Sega Pass network was shut down in order to mitigate the attack and reinforce the level of security, Sega said, and apologized to customers for the problem. Remains unknown when the network will operate again.

The violation in security was found last Thursday by the European Sega subsidiary company and was not revealed until recently. The hacker group Lulz Security, which has claimed responsibility for many of the recent major cyber-attacks, but not for the last one, voluntarily offered to help Sega to discover the culprit and punish him.

Related posts:

1. Information Security Cyber Threats for 2010
2. Block Attacks with a Cisco ASA Firewall and IDS using the shun command
3. Preventing SQL Injection Attacks with Cisco ASA Firewall

Encryption plays an important role in protecting data, not only for maintaining confidentiality of information but also to protect data from damage, destruction or alteration. An important part of the encryption process is that it allows verification of the source of information, just like an electronic signature, where the decryption key is available, while the secret encryption key guarantees the authenticity and integrity of a file.

The encryption technologies and algorithms are not limited by the properties of the storage media used. This means that data is modified to the extent that no useful information can be extracted from them, while the resources remain unaffected. It does not matter if the encryption algorithm is known to the public, because confidentiality is guaranteed by the secrecy of the unique key used for decryption.

Just because the encryption is independent of the characteristics of a storage or communication medium, it can be used for secure transfer of data through open communication channels and to protect data in portable storage devices that have been lost or the user has chosen to reject. Even if an offender has access to a file, he will not be able to decrypt the contents nor read them without the secret key.

Related posts:

1. How to Rescue Lost Data from Your Hard Disk Using Spotmau Powersuite 2010

The specifications of my hardware and software are the following:

• Laptop DELL (core i3 with 4GB RAM)
• Win7 64-bit Professional
• VMWARE Workstation version 6.5.4

STEPS:

1. Download file from http://www.backtrack-linux.org/downloads/

File downloaded is bt4-r1-vm.tar.bz2 (around 2.5 GBytes)

2. Check the file with md5.exe tool to verify that MD5 is correct. This is important because such big files sometimes get corrupted when downloaded and also to verify the integrity of the file.

3. Uncompress the image with WinRAR (it took some time for winrar to open the archive – Be patient here.)

4. In VMWARE go to File>Open and select the virtual machine (BT4-R1) which you extracted above.

5. I then selected “Edit Virtual machine settings” and increased the memory from 768MB to 1024MB.

6. Then click on “Power on the virtual machine”
If you get a message that “This virtual machine may have been moved or copied” I selected “I copied it”.

7. After the Virtual machine boots up, you will get a prompt:

bt login:

Use root/toor as initial username/password

You will get the root prompt:

root@bt:~#

Now we must change the root password to something really strong.

root@bt:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

8. Now do the fix-splash as advised by the backtrack website:

root@bt:~# fix-splash

And then reboot

root@bt:~# reboot now

9. After the machine boots up, start the graphical interface:

root@bt:~# startx

DONE

Some other notes:

I like to have my virtual machine with direct access to the network interface of my host computer, so I always go to the virtual machine settings (“Edit Virtual machine settings”) and change the network adapter from “NAT” to “Bridged Mode“. With that, the LAN interface of the Backtrack in the virtual machine will have direct access to the network. If you have a DHCP server in the network, the Backtrack system will receive IP from the network, or otherwise you can configure static IP. Let’s see how to do both options below:

IP address from DHCP Server

ifconfig eth0 up
dhclient eth0

Static IP

ifconfig eth0 100.100.100.1 netmask 255.255.255.0 up
route add default gw 100.100.100.2 eth0

Also, you need to edit the /etc/resolv.conf file and change the nameserver line to add your DNS IP address.

Related posts:

1. Installing BackTrack 4 Pre Final in VMWARE
2. VCP Certification-VMWare Certified Professional

The use of secure wireless networks, encryption or hiding of data on disk to prevent “theft”, and serious precautions during online shopping or banking transactions, are among the practical security measures that users need to follow for protecting their personal information.

With the proliferation of social networks and the numerous applications used to share information via the Internet, PandaLabs, the anti-malware labs of Panda Security, advise users to take additional steps to avoid falling victims to malicious actions during the holidays.

These types of “geo-location” applications are used widely in recent years. Facebook applications such as Doorpl or Trip Advisor (which describes the current location of someone or the desired destination of someone), the Twitter geolocation utility (which shows from which location your tweets are sent), or the location services via GPS mobile devices (iPhone and Android users) are just some examples.

PandaLabs constantly analyze the latest trends in Internet and are able to advise users for their protection throughout the year and more specifically during a massive holiday period like the summer.

If you take your own computer with you on vacation:
- Before you do anything, keep a back up of all your data.
- Make sure you have a reliable and updated antivirus/antimalware protection software and that all necessary security patches are installed.
- In order to mitigate the consequences of theft of your computer, use the encryption technology for information stored on your hard disk, even if such work is tedious and complicated. This will prohibit any access to your files without correct password.
- Clear the temporary files, logs, cookies and password reminders or auto-complete features you use on the browser. This would eliminate the automatic access to webmail, social networks, bank accounts or your favorite online stores.
- Do not connect on unprotected WiFi networks, as you can “get hooked” by hackers who can intercept information shared with your community. Even if you have to pay for network access, it is better and safer to use a secure network you can trust.
- Pay attention to email. The phishing attacks and spam are becoming smarter for stealing sensitive personal data.

If you use another computer on your vacation:
- It’s better not to use someone else computer. You do not know what is installed on this computer. It is possible that PCs in cyber-cafes, hotels or airports, from where you might log into your bank account, etc. are infected by a dangerous Trojan Horse.
- If you do not really have a choice and must go into websites that require your personal credentials, make sure you change them immediately after use in order to minimize the risk.
- Avoid doing online transactions if possible. Remember that any information you enter can be used by another user.
- Do not accept any inducement for storage of personal data offered by many web browsers.
- When you are finished using the computer, delete all temporary files, browser history, the cookies, the log files and any other information stored on computer.
- If you download something on the computer, remember to delete it before turning the computer off.

Using social networks
- Never use the travel planning applications offered by these networks in order to be sure that it is impossible to identify who you are. Do not accept the geolocation detection (geolocation function) in Twitter and do not use this technology in mobile phones.
- Do not reveal your plans for your holidays in chat rooms, IRCs, social communities, etc.
- If you spend time in chat rooms while you’re on vacation, do not disclose any personal or confidential information to someone you don’t know.
- Share the above tips with your children, which are often more open to good faith to share information via the Internet.
- If you notice any suspicious behavior while you are connected to a social network (people with great interest for other people’s destinations, dates, etc.) contact the police. Prevention is always better than cure.

Related posts:

1. The Results Of A Hacker Finding Your Personal Information
2. Information Security Cyber Threats for 2010
3. How To Remove Personal Antivirus-Remove Personal Antivirus Automatically

First, we need to make some changes on the sshd configuration of the NAS station. Open a CLI connection with the NAS (using telnet or ssh) and edit (using vi) the sshd_config file located under /etc/ssh/ path. You need to change the following settings in sshd_config:

• Uncomment the #AllowTcpForwarding no parameter (remove the # ) and change it to yes.
  AllowTcpForwarding yes
• Uncomment the #PermitTunnel no parameter (remove the # ) and change it to yes.
  PermitTunnel yes

However, the changes above will not be permanent since the QNAP NAS device will change all configuration to default settings when rebooted. Therefore we need to somehow make the changes permanent. What we can do is the following:

• Copy the modified sshd_config file into a shared location on the NAS.
• Use the “autorun.sh” script to copy the modified sshd_config file from the shared location and overwrite the original sshd_config file located under /etc/ssh/
• Then restart the sshd deamon to take the new modified settings.

I have copied the modified sshd_config file under /share/HDA_DATA/
Now, in order to create the autorun.sh file, do the following:
# mount -t ext2 /dev/mtdblock5 /tmp/config
# vi /tmp/config/autorun.sh

Get into vi editor and enter the following lines:
cp /share/HDA_DATA/sshd_config /etc/ssh/
killall sshd

Save the file and make it executable.

# chmod +x /tmp/config/autorun.sh
# umount /tmp/config

That’s it for the NAS.

Now in order to create the ssh tunnel, we will use PuTTy as shown below:

Open up PuTTY and go to Tunnels. At Source Port enter a desired local port that will be listening on your local PC (e.g 8888). Select Dynamic and press Add.

As you can see above, port 8888 is created. This port will start listening on your local PC after you connect with SSH to the NAS.

Now go up to “Session” and put the IP address of your NAS ssh server. The picture above shows a private IP address (192.168.10.111) but in real situations this should be the domain name or the public IP address of your NAS server. Click “Open” to log in to the NAS with your SSH username and password. When you log in, a secure SSH tunnel will be created between your PC and the remote NAS server.

If you need to encrypt all of your internet browsing traffic, you have to configure a SOCKS proxy on your browser with IP address 127.0.0.1 and port 8888.

Related posts:

1. Connecting to the ASA Firewall with Telnet and SSH

In 2008, the company’s analysts predicted an increase in system infections by viruses. Unfortunately, these estimates proved accurate. In 2009 we saw the emergence of sophisticated malware with functionality based on rootkits, the significant use of worm Kido (also known as Conficker), but also we observed numerous Internet attacks, the proliferation of botnets, fraud using mobile SMS and attacks on social networking websites.

Estimates for 2010

According to the experts at Kaspersky Lab, there will be a change in the types of attacks. More specifically, there should be a change from the attacks waged through websites and applications to attacks via file-sharing and peer-to-peer networks.

Already in 2009 there was series of massive attacks based on malware that spread via torrents. This method was used for the deployment of web threats such as viruses like TDSS and Virut, and the invasion of computers running Mac OS X. In 2010, we should expect a significant increase in this type of attacks on P2P networks.

The cyber criminals will continue to compete unleashing viruses. Currently, cyber criminals try more and more to be legalized and there are many ways to profit using the spread of malicious viruses through botnet networks. Today, botnets are used mainly for “black market services”. However, future services are expected to become more “gray” color.

The so called “cooperation programs” will give botnet administrators/owners the ability to profit from activities such as sending spam, DoS attacks or via sending malicious software applications that are not clearly a form of criminal activity.

The decline observed in the use of Trojan viruses that banged users of online gaming in 2009, is likely to occur in the use of fake antivirus programs in 2010. This category of threat first appeared in 2007 and in 2009 it reached its zenith. The worm Kido, for example, went to install rogue antivirus programs on infected computers.

However, the “market” of fake antivirus programs is now saturated and profits for cyber criminals have fallen. Furthermore, these activities are closely monitored by the legitimate security companies. In this context, an increasing degree of difficulty for the development and distribution of rogue antivirus programs is introduced.

With regards to attacks on web services, Google Wave is expected to monopolize the interest in 2010. There is no doubt that attacks in this new Google service will follow the usual model. First comes the sending of spam messages, then phishing attacks, then the exploitation of vulnerabilities of systems and the end comes with the spread of malware. The availability of Chrome OS operating system by Google, which is based on Internet technology, is a notable development, but experts of Kaspersky Lab expect that cyber criminals will not show great interest around this software platform.

However, it is expected that 2010 will be a difficult year for iPhone users and for phones with Android operating system. The first malicious programs for these platforms appeared in 2009, which is a clear indication that there is increased interest from cyber criminals. As for the users of iPhone, only those who have cracked appliances will be at risk, but the same does not apply to users of devices with Android software, as all of them can fall victims to attacks. For example, the growing popularity of mobile phones with Android software in China, combined with the lack of effective controls for the security of applications offered from third parties, is expected to contribute to the rise in the number of attacks by malicious programs.

The identification of new vulnerabilities in the systems will be the main cause of mass infection by viruses. These vulnerabilities will be mainly related to software developed by third parties (such as Adobe, Apple, etc.), but also Windows 7, whose marketing has recently started. If a large number of such software vulnerabilities is not found in 2010, it may well be one of the “quieter” years long.

Related posts:

1. Cyber Attacks to Sega
2. Securing your personal information during the holidays
3. The Results Of A Hacker Finding Your Personal Information

The latest big websites attacks is more than likely just the theft of work history and name along with references. Now if the information also included Social Security information or annual salary requirements as well as cell phone numbers and credit card or bank information, people are going to have major problems. This type of activity happens all the time, but we only hear about the big news companies in the spotlight. Now if a pet product site that is just starting out and is not a well-known name, they are not going to divulge that information and if they do, it will not make the news headlines.

Everyone uses the Internet for one reason or another and if you are like most people, you may shop, look for work, play games or just browse. In any cases, you need to be careful how you supply your information. A secure site to display your information needs to contain encryption to protect your information if it is for buying and gaming as well. Anytime you give out personal information about yourself, you want to know your information is protected. With the latest scare with hacked websites, people have to wonder, what will they do with that information?

As hackers become more devious in their endeavor to hack into websites and steal the information, more IT technicians will work harder to make the sites and products to secure the sites even better. All the scares that we encounter with our Internet experiences are just another form of criminal activity, unfortunately, it can cause problems for the entire world. Protecting yourself and your computer from a hack attack is top priority and every day, businesses are upgrading their systems and infrastructures to protect vital information.

The best way to protect yourself some had said is, never give out personal information. Unfortunately, this is not always possible. If you want to shop, look for work, do some gaming or sign up for important newsletters and promotions, you have to supply the pertinent information. Therefore, using a little caution as to what sites you use is great, but as it was proved with Monster, even the best of sites can endure problems. This however, is no reason to stop using the Internet.

You just need to be aware of the threat and use good judgment when you visit a website. Some day we will see a system to track and stop hackers from stealing vital information. Companies who make the software and other software for security measures work hard every day to find new ways to stop a hacker. As the hacker gains more strength, software developers gain more security knowledge to stop them in their tracks.

Related posts:

1. Securing your personal information during the holidays
2. Information Security Cyber Threats for 2010

I have been using BackTrack3 so far for my ethical penetration testing tasks with great success. I decided recently to give BackTrack4 a try, even if it’s still in Pre-Release stage. The guys at remote-exploit state that even if it is pre-final stage, this release is the sturdiest from all previous BackTrack versions so I decided to try it now rather than waiting for the final release. A notable change with BackTrack4 is that it uses Ubuntu now as the underlying operating system which is a very good move in my opinion.

First download the BackTrack 4 pre-final file (bt4-pre-final.iso) from its original location from http://www.remote-exploit.org/backtrack_download.html. The file comes in dvd ISO format. Save the iso file locally on your hard disk.

• Start the VMWare Workstation and go to File>New>Virtual Machine
• Select Typical Install
• Select option to use Installer Disc image file (iso)
• Click the Browse button to find the ISO image that you downloaded above.
• Click Next, select Linux and for version select Ubuntu.
• Click Next and select the location where the Virtual Machine will be installed.
• Leave the defaults (maximum disk size 8GB and Store Virtual disk as a single file).
• Click Next and Finish.
• Go to “Edit virtual machine settings” and change the network adapter to “Bridged”.
• Power on the virtual machine.
• This will boot up the Live CD from the ISO image and give you several boot options. Select the first option (BackTrack Framebuffer 1024×768).
• After it boots, it will get you into command line prompt as root@bt:#
• Type startx
• This will take you into the graphical interface of BackTrack. However you are still under Live CD. Any changes you make will be lost with next reboot. Therefore you need to install it on the VMWare virtual disk.
• Double click the “install.sh” script that you see on the desktop. This will start the installation procedure. Follow all steps. This will finally install BackTrack on the VMWare disk.
• Press “Restart” button to reboot. After rebooting, it will now boot from the VMware disk and not from the Live CD. At the login prompt, enter the username and password that you configured during the graphical installation above.
• You need to configure a root password here. Type “sudo passwd root”. It will ask you for your own user password to execute the command above. Then it will ask you to enter new password for root (twice). After that, the password for root will be changed.
• Login as root and get into graphical interface with startx.
• You are ready to Rock Baby!!!

I advice you to visit the offensive security blog (http://www.offensive-security.com/blog/) to read some very useful posts about BackTrack4. Especially useful is the post about upgrading the Kernel which is required because of a security hole in the default Kernel of bt4.

Related posts:

1. How to install Backtrack 4 R1 in VMWARE
2. Trainsignal VmWare Video Training
3. VCP Certification-VMWare Certified Professional

The lack of security in computer software products costs us billions. We pay tons of money in information theft, financial theft etc. We pay lots of money when productivity is lost, when networks stop working and when dozens of other major or minor problems of security arise in our work and home environments. We have also major financial losses when we are forced to pay and buy security products and services to reduce all those information security issues. We pay for the security year after year.

The problem is that all the money we spend does not solve the problem. We pay, but still end up with security holes. The problem is BAD and INSECURE SOFTWARE. Due to bad software coding practices, poor software embedded features, inadequate software testing and security weaknesses in software programming cause all the problems with information security. The money we spend on security are intended to address the consequences of unsafe software.

That is the actual problem. We don’t pay to actually improve the security of the underlying software. We pay to temporarily cope with the problem and not to correct it. The only way to correct the problem of security is to convince the vendors to correct their software by incorporating proper secure software coding techniques. The only way to convince the software vendors to develop secure software is to force them to take up the costs and responsibility of security breaches and holes in their product.

There are many parties involved in a typical software attack. There is the company that originally sold the software with the security weakness, the person who created the tool of attack, the attacker himself that used the tool to break into the network, the network operator, who had been assigned to protect the network etc. 100 percent of the responsibility of an attack should not be borne by the vendor of the software, but it should be shared among all the parties including the attacker or the network operator. But these days, 100% of the cost goes solely to the owner of the network and this should stop happening.

Liability changes everything. At present, there is no reason for a software company not to offer one feature after another after another. Liability in security however will force software companies to better reflect a change of a software characteristic or feature. Liability forces companies to protect the data on which they are responsible. Liability means that those who are able to correct the problem, are also responsible for the problem. Software vendors should therefore have liability on the security of their software product.

The information security is not a technological problem. It is an economic problem and to improve information technology we will have to correct the economic problem first. Let’s do this and all others will follow.

Related posts:

1. Cisco CCNA Security Certification
2. Information Security Cyber Threats for 2010
3. Remove Total Security Virus-How To Remove Total Security Virus Easily