Category: Security

Security Articles

Posted on

BackTrack 4 Final Released

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.

Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

This release includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to most major bugs that were known of.

You can download BackTrack Final 4 here.

Posted on

Google Hack Leaked to Internet; Security Experts Urge Vigilance!

The code that was used to hack Gmail accounts in China is now publicly available on the Internet, and security experts are urging computer users throughout the world to be highly vigilant until a patch can be developed.

The hack involves Internet Explorer 6, the browser that came with the Windows XP operating system that, while outdated, still powers millions of businesses and home computers and is now dangerously compromised.

On Thursday, the code that was used to hack Gmail accounts in China and led Google to threaten to close shop there was posted to malware-analysis web site Wepawet. By Friday, security site Metasploit had posted a demonstration of just how easily the exploit can be used to gain complete control over a computer.

Gregg [Michael Gregg, head of *Superior Solutions Inc*] calls it “spearphishing.” “They target the user with an e-mail that would appeal to them, one that leads to a site that launches malicious code onto your system.” And the IE 6 exploit makes it particularly easy to slip that code on your computer.

Staying on top of current security patches, using firewalls, updating Web browsers and running intrusion detection software is the first part of staying safe. But since most attacks rely upon spearphishing or some similar end-user exploit, Gregg suggests a training program that would warn users that if an e-mail link looks too good to be true, it probably is — don’t click on it.

Read full story here.

Posted on

Foreign Reporters’ Google E-Mail Hacked in China

BEIJING — International journalists in China said Monday that their Google e-mail accounts have been hacked in attacks similar to the ones against human rights activists that the search giant cited as a reason for considering pulling out of the country.

The Foreign Correspondents’ Club of China sent an e-mail Monday to its members warning that reporters in at least two news bureaus in Beijing said their Gmail accounts had been broken into, with their e-mails surreptitiously forwarded to unfamiliar accounts.

Although the warning did not name the organizations, one of the accounts belonged to an Associated Press journalist.

John Daniszewski, senior managing editor for international news at the news cooperative in New York, deplored the breach and said the AP will be investigating to determine if any vital information was compromised.

Read the full story here.

My comments …

Its unclear as to how their accounts were “hacked” into. This may have been part of the larger coordinated hack against Google and Yahoo last week. Its also possible the latest Adobe PDF zero-day exploit was used, a keystroke logger or that the journalists got mess with sticky notes. I’d love to know more…

Posted on

IP Blacklisting

In the event you find that an IP address you manage or access the Internet from is blacklisted, DNSBL can be a big help in quickly identifying who’s blacklisted you and why.

DNSBL includes links to all known public black lists and information on how to delist an IP address from each system.

Domain Name System Blacklists, also known as DNSBL’s or DNS Blacklists, are spam blocking lists that allow a website administrator to block messages from specific systems that have a history of sending spam. As their name implies, the lists are based on the Internet’s Domain Name System, which converts complicated, numerical IP address such as 140.239.191.10 into domain names like example.net, making the lists much easier to read, use, and search. If the maintainer of a DNS Blacklist has in the past received spam of any kind from a specific domain name, that server would be “blacklisted” and all messages sent from it would be either flagged or rejected from all sites that use that specific list.

For more information click here.

Posted on

How to tell if a server support TLS for secure email transmission

TLS (Transport Layer Security) is the mechanism by which two email servers, when communicating, can automatically negotiate an encrypted channel between them so that the emails transmitted are secured from eavesdroppers.

It is becoming ever more important to use a company that supports TLS for email transmission as more and more banks, health care, and other organizations who have any kind of security policy are requiring their vendors and clients to use this type of encryption for emailed communications with them. Additionally, if your email provider supports TLS for email transmission, and you are communicating with people whose providers do also, then you can be sure that all of the email traffic between you and them will be encrypted.

How do you find out if someone to whom you are sending email uses a provider who’s servers support TLS-encrypted communications? We will take you through the whole process step-by-step, but first let us note some important truths about TLS connection encryption.

  1. The use of TLS encryption is negotiated/determined each and every time two servers connect to each other to transmit your email.
  2. Just because a server supports TLS today, does not mean that it will tomorrow — server configurations can change and mistakes can be made.You can, however, be sure that an email will never be sent to someone without TLS – see Enforcing Email Security with TLS when Communicating with Banks.
  3. If your email is passed between more than one server, then the security of each server-to-server connection along the way needs to be negotiated separately.
  4. Only the recipient’s externally facing email servers can be checked for TLS support. There is no way of checking the back-end servers of a service provider’s email system to make sure TLS is supported all the way to delivery to the recipient’s mailbox.
  5. Even if the sender’s email servers and the recipient’s email servers are configured to use TLS, both parties still need to configure their email clients to connect securely to their respective servers (for the initial sending of the message, and for the final download and viewing of the message) in order to ensure that the email message is transmitted securely during its entire trek from sender to receiver.

Continue reading “How to tell if a server support TLS for secure email transmission”