http://neworder.box.sk/
A Discussion of Virtual Machines Related to
Forensics Analysis
@
Articles -> Link Dec 22
2008, 07:10 (UTC+0) |
For
the scope of this paper, the focus will be on the uses of virtual
machines as it relates to forensic analysis, with both a virtual
machine as your evidence and as an asset to your forensic tool box.
Although only one virtual application is noted in this paper, the
concepts and theories of their focus can be applied to other
applications that are not described. The operating systems referenced
are of Microsoft Windows (all versions) as this is the most prevalent
operating system used worldwide. Some of this information may apply to
other operating system in varying degrees, but again, it is the concept
and theory of the examinations concerning virtual machines that will
remain consistent across various platforms.
Continued...
|
|
Top 10 Ways to Lock Down Your Data
@
Articles -> Link Dec 21
2008, 16:08 (UTC+0) |
By Kevin Purdy
This past week proved that you can't rely on something as simple as a
web browser to keep your personal data and identity safe from harm.
Critical flaws were found in the Internet Explorer and even Firefox web
browsers, leaving users potentially vulnerable to spyware, viruses, and
password-sniffing. But don't throw up your hands in defeat―with the
right software tools and a little Advanced Common Sense, you can secure
your data so that even if someone did get onto your computer or into
your email, they'd find nothing but headaches and woe. Read on for our
list of ten software apps and strategies for locking down your online
life continued...
|
|
Installing a PPPoE server under Linux Debian
@
Articles -> Networking Dec
21 2008, 11:26 (UTC+0) |
dagost writes: PPP
is mainly used by Internet Access Providers in order to set up an
access network. The documentation about how to establish a PPP over
Ethernet (PPPoE) server lacks on the net because it does not concern
the traditional user. Thus, this document attempts to fill this hole.
[PDF]Continued...
It has originally been written in French, here is the french version : Original
(offsite PDF)
|
|
Changes, mergers and forums
@ Site
News Dec 20 2008, 07:01 (UTC+0)
|
Hello people of NewOrder,
as you may have noticed there have been quite a few changes around in
the recent months. We have now reached a stable point and thus feel
obliged to let you know what we've done and for what reasons.
continued...
|
|
Implementing a Better DNS Dead Drop
@
Articles -> Link Dec 20
2008, 06:59 (UTC+0) |
Editors
Note: A little old but interesting article.
dead drop (n): A dead drop or dead letter box, is a location used to
secretly pass items between two people, without requiring them to meet.
"Two years ago, I implemented a DNS-based dead-drop, based on an idea
presented by Dan Kaminisky in Attacking Distributed Systems: The DNS
Case Study."
Continued...
|
|
Money, a Short Con and Crime = Short Change
@
Articles -> Link Dec 19
2008, 12:56 (UTC+0) |
Everyone's
heard the term "short change," but very few people know about the
actual street con for which it's named. This scam is performed
thousands of times each year, and con men score millions of dollars
just by using a few simple verbal tricks...
THE GOAL: To get more money out of the register than you're entitled
to, without the attendant even realizing it.
THE METHOD: In this episode, we're presenting one of the simplest
versions of the short change. Advanced versions of this scam can take
people for hundreds of dollars. This version uses three phases: Continued...
|
|
Writing Effective Security Policies
@
Articles -> Link Dec 19
2008, 11:57 (UTC+0) |
How
to write an effective security policy, covering elements of technical
controls that should be found in the majority of policies in the world
of PCI DSS, SOX, Euro SoX, Hippa and ISO 127001.
Writing an Effective Security Policy (Part 1)
- Introduction
- The challenge
- What is a policy?
- Authority
- Framework
- Who should the policy apply to?
- Technical controls
- Managing, protecting and dealing with data
- Reporting
- Summary
Writing an Effective Security Policy (Part 2)
- To: From:
- Human resources and their involvement
- Uses of security policy
- Where do security policies go to die?
- What now?
- Summary
|
|
LFI to RCE Exploit with Perl Script
@
Articles -> Link Dec 19
2008, 11:44 (UTC+0) |
##########
Contents
##########
[0x00] - Introduction
[0x01] - File Inclusion (RFI/LFI)
[0x01a] - How the attack works for Remote File Inclusion [RFI]
[0x01b] - How the attack works for Local File Inclusion [LFI]
[0x01c] - Vulnerable PHP Function for File Inclusion
[0x02] - Local File Inclusion To Remote Command Execution [LFI RCE]
[0x02a] - LFI RCE via Apache Log Injection
[0x02b] - LFI RCE via Process Environ Injection
[0x02c] - LFI RCE via Other Files
[0x03] - Fundamental of Perl Library for Exploit Website
[0x03a] - Introduction to Socket
[0x03b] - Introduction to Library for WWW in Perl (LWP)
[0x03c] - Condition to use Socket or LWP
[0x04] - Writing LFI RCE Exploit with Perl Script
[0x04a] - Perl Exploit to Injecting code into Target
[0x04b] - Perl Exploit to Executing injected code on Target
[0x04c] - LFI RCE Complete Exploit [Use Logfile Injection]
[0x05] - How to protect File Inclusion
[0x06] - References
[0x07] - Greetz To
Continued...
|
|
Robert Seacord on the CERT C Secure Coding Standard
@
Articles -> Link Dec 19
2008, 01:57 (UTC+0) |
Robert
C. Seacord and David Chisnall discuss the CERT C Secure Coding
standard, developing C standards, and the future of the language and
its offshoots.
I recently had the opportunity to
interview Robert Seacord, author of the recently-published The CERT C
Secure Coding Standard. Robert has been deeply involved with C and UNIX
for longer than I've been programming in any language. Read on to find
out about his work on developing C standards and his views on the
future of the language.
Continued...
|
|
Free Virtualization eLearning and eBook
@
Articles -> Link Dec 18
2008, 14:16 (UTC+0) |
Make
sure you use this offer to access a free 400+ pages eBook around
Microsoft's virtualization strategy, not only Hyper-V but also Desktop
and Application Virtualization.
Continued...
|
|
Understanding Encryption
@
Articles -> Encryption Dec
18 2008, 02:59 (UTC+0) |
lone_REBEL writes: BASIC CONCEPT:
All of us (computer users) are familiar to the word "encryption" even
if we don't exactly know what it really means. Windows encryption
utility, zip file encryption, hard disk encryption softwares, online
data encryption ... blah blah blah. WHAT DOES ALL THIS ENCRYPTION FUSS
MEAN? Lets see what this fuss means.
continued...
|
|
EDRi-gram Number 6.24, 17 December 2008
@
Articles -> Networking Dec
18 2008, 02:57 (UTC+0) |
EDRi-gram
biweekly newsletter about digital civil rights in Europe
Contents
========
1. ECHR decided against the UK DNA Database
2. Wikipedia filtered by UK ISPs for cover album picture
3. ECHR rules on identifying serious privacy infringers
4. Romanian Authority asks ISPs to block 40 pornographic websites
5. Bulgarian Court annuls a vague article of the data retention law
6. Snooping law, "Lex Nokia", proceeding slowly but surely in Finland
7. German Federal Archives provides Wikipedia with 100 000 images
8. UK Government now in favour of the extension of the copyright term
9. Spanish collective society fined for making clandestine wedding video
10. ENDitorial: First FRA Conference on Fundamental Rights
11. Recommended Reading
12. Agenda
13. About
Continued...
|
|
IE7 Zero Day Technical Analysis
@
Articles -> Link Dec 18
2008, 02:18 (UTC+0) |
Following our
alert, we completed this analysis for the Zero Day attack. The exploit
for this vulnerability has two parts:
A. _javascript_ heap spray code and x86 shellcode
B. The XML/SPAN tag vulnerability
- Advanced shellcode
- Hooks
- Checks for hooks
- UrlDownloadToCache
- CreateProcessA
- LdrShutDownThread
- shdocvw ordinal 101
- Last words on the shellcode
IE7 Zero Day Technical Analysis by Jun Zhang and Nicolas Brulez
Continued...
|
|
Anti-XSS 3.0 Beta and CAT.NET public Beta
@
Articles -> Link Dec 17
2008, 03:05 (UTC+0) |
I am
delighted to say that we have released two new free tools.
CAT.NET CTP and Anti-XSS 3.0 Beta.
CAT.NET - Community Technology Preview
CAT.NET is a managed code static analysis tool for finding security
vulnerabilities. It's exactly the same tool we use internally to scan
all of our Line of Business (LOB) applications; it runs as a Visual
Studio plug-in or as a stand-alone application. It was engineered by
this group (CISG) and has been designed in partnership with the ACE
Team and Microsoft Research.
Continued...
|
|
Writing a web services fuzzer in 5 minutes to SQL
injection
@
Articles -> Link Dec 15
2008, 15:42 (UTC+0) |
This
week, I was doing an internal penetration test for a client of a web
service, which is used by applications loaded on kiosk machines around
the country. I didn’t have much time to do the test, so I had a couple
advantages, like having network access to the service, the WSDL and
also ability to interact with the developers. This also gave me a
chance to see how capable our web application firewall was at being
able to detect attacks.
Continued...
|
|
Internet Explorer 8.0 Beta 2 Anti-XSS Filter
Vulnerabilities
@
Articles -> Link Dec 15
2008, 15:32 (UTC+0) |
Aspect9
has discovered several vulnerabilities in Microsoft Windows Internet
Explorer 8.0 Beta 2. This new version of Microsoft's famous browser
includes new security improvements such as a Cross Site Scripting (XSS)
filter. This version also includes a new object that safely allows
transferring data across domains, allowing them to interact with each
other.
The Anti-XSS filter has been found to have some security
holes in the current implementation. Microsoft decided to filter "Type
1 XSS" which is free text send to the server being reflected to the
user and therefore injecting HTML code into the website's page. They
chose not to handle certain situations such as injection into a
_javascript_ tag space, which would be extremely difficult to filter. The
software giant also chose not to filter injection into HTTP headers,
which will drive hackers to focus on discovering CRLF vulnerabilities.
Credit:
The information has been provided by Rafel Ivgi.
Continued...
|
|
How to Prevent Digital Snooping
@
Articles -> Link Dec 13
2008, 06:34 (UTC+0) |
Appeared in The Wall Street Journal
December 9, 2008
As the first digital president, Barack Obama is learning the hard way
how difficult it can be to maintain privacy in the information age.
Earlier this year, his passport file was snooped by contract workers in
the State Department. In October, someone at Immigration and Customs
Enforcement leaked information about his aunt's immigration status. And
in November, Verizon employees peeked at his cellphone records.
What these three incidents illustrate is not that computerized
databases are vulnerable to hacking �C we already knew that, and anyway
the perpetrators all had legitimate access to the systems they used �C
but how important audit is as a security measure.
Continued...
|
|
Security Through Virtualization
@
Articles -> Link Dec 11
2008, 19:36 (UTC+0) |
We
all know that virtualization can save companies money and simplify
management of IT resources, but can it also be used to enhance the
security of our systems and networks? From the creation of virtual
honeypots and honeynets to the use of Hyper-V to isolate server roles
to seamless sandboxing of virtual applications with the latest version
of VMWare Workstation, the answer is yes. This article will explore
ways you can use virtualization tools to increase the security of your
Windows environment.
Continued...
|
|
Browser Security Handbook
@
Articles -> Link Dec 11
2008, 19:14 (UTC+0) |
This
document is meant to provide web application developers, browser
engineers, and information security researchers with a one-stop
reference to key security properties of contemporary web browsers.
Insufficient understanding of these often poorly-documented
characteristics is a major contributing factor to the prevalence of
several classes of security vulnerabilities.
Although all browsers
implement roughly the same set of baseline features, there is
relatively little standardization - or conformance to standards - when
it comes to many of the less apparent implementation details.
Furthermore, vendors routinely introduce proprietary tweaks or
improvements that may interfere with existing features in non-obvious
ways, and seldom provide a detailed discussion of potential problems.
Continued...
|
|
Pushing the Limits of Windows: Virtual Memory
@
Articles -> Link Dec 11
2008, 13:20 (UTC+0) |
In
my first Pushing the Limits of Windows post, I discussed physical
memory limits, including the limits imposed by licensing,
implementation, and driver compatibility. This time I’m turning my
attention to another fundamental resource, virtual memory. Virtual
memory separates a program’s view of memory from the system’s physical
memory, so an operating system decides when and if to store the
program’s code and data in physical memory and when to store it in a
file. The major advantage of virtual memory is that it allows more
processes to execute concurrently than might otherwise fit in physical
memory.
Continued...
|
|
|
