Yahoo's privacy

Yahoo is now using something called "Web Beacons" to track Yahoo Group
users around the net and see what you're doing and where you are going
(similar to cookies). Yahoo is recording every website and every group
you visit. Take a look at their updated privacy statement:

 - http://privacy.yahoo.com/privacy

A little over half-way down the page, in the section on cookies, you
will see a link that says "web beacons". Click on it to be taken to
this page:

 - http://privacy.yahoo.com/privacy/us/beacons/details.html

That will bring you to the Web Beacons page. Look in the section
"Outside the Yahoo! Network" (2nd one down). The last sentence in the
last "bulleted" paragraph reads "Please click here to opt-out." -
click where indicated to be brought to this page:

- http://pclick.yahoo.com/p?optout

Once you have clicked that link (or visited the link above), you are
exempted. (Notice the "Success" message at the top of the page.) Be
careful because on that page there is a "Cancel Opt-out" button that,
if clicked, will *undo* the opt-out. How thoughtful of them to include
such an easy way to get back in, yet making getting out a 4 step
process...

Windows Genuine Advantage???

Microsoft "Genuine Advantage" cracked in 24h: window.g_sDisableWGACheck='all' AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours." Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

javascript:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

There are other work arounds but this seems to work fine for me

Open source BEER..!!

How can beer be open source?

The recipe and the whole brand of Our Beer is published under a Creative Commons license <http://creativecommons.org/licenses/by-sa/2.0/> , which basically means that anyone can use our recipe to brew the beer or to create a derivative of our recipe. You are free to earn money from Our Beer, but you have to publish the recipe under the same license (e.g. on your website or on our forum) and credit our work. You can use all our design and branding elements, and are free to change them at will provided you publish your changes under the same license ("Attribution & Share Alike").

http://www.voresoel.dk/main.php?id=70

Research on Information Intelligence

The Advanced Research and Development Activity (ARDA) is a U.S. intelligence community (IC) center for conducting advanced research and development related to information technology (IT). ARDA sponsors high risk, high payoff research designed to produce new technology to address some of the most important and challenging IT problems faced by the intelligence community. The research is currently organized into five technology thrusts: Information Exploitation, Quantum Information Science, Global Infosystems Access, Novel Intelligence from Massive Data, and Advanced Information Assurance. More information is available at http://cryptome.org/traceback.htm .

The IC uses a specialized information infrastructure and a unique security environment that must be able to acquire, retain, and provide access to highly sensitive information for many years. In this environment, relying solely on the commercial sector to satisfy IC information assurance requirements is unacceptable. Relying on COTS for certain security-critical components within the IC information infrastructure incurs even greater risk when these components are developed outside the purview of the IC or IC-sponsored organizations. The Advanced Information Assurance (IA) research thrust within ARDA's overall R&D program is tasked with providing tailored security solutions for the IC to fill any perceived security gaps in the IC's information infrastructure. Its program is currently focused in the following areas: (1) countering the insider threat; (2) cyber intelligence; (3) high assurance for IC information infrastructure; (4) new defensive concepts; and (5) quantum cryptography.

As part of its overall IC security research program, ARDA's Information Assurance research thrust is initiating research in traceback within information networks used by the intelligence community, such as NIPRNET, SIPRNET, JWICS, and IC enclaves.

Parineeta

After a long dearth of good hindi movies Parineeta finally impressed me. Everything was good about the movie except one thing... was there any need of breaking the wall towards the end of the film..?? The songs are excellent with a classic blend of classical music. Pradip Sarkar has done a really good job. Thums up....

Distributed identity system

OpenID (http://www.danga.com/openid/), developed by the creators LiveJournal, is another attempt at a single sign-on system. The system is similar TypeKey and Password, but focused more towards blogs and promises to actually be "distributed".

"An OpenID-enabled site/blog lets you authenticate using your existing login from your homesite (whether that's on your own server or a hosted service) without giving away your password to the 3rd-party site you're visiting, or making a new account there, or giving away your email address. And it's secure, and can run entirely in the browser without extensions, without moving between pages."

The overview mentions the possible use of SAML, which might be of interest to the conversation of about placing XML services in Ajax thread.

There is also a demo available using Ajax: http://www.danga.com/openid/demo/demo.html

and detailed system specifications: http://www.danga.com/openid/specs.bml

Critical flaws in IPsec protocols

Flawed cryptography is leaving people using IPsec security protocols vulnerable to hacking, according to the UK's National Infrastructure Security Coordination Centre (NISCC).The organisation has released an advisory about the discovery of three key flaws in the Encapsulating Security Payload (ESP) that provides base-level encryption of data, typically travelling though virtual private networks.

"An attacker could modify sections of the IPsec packet, causing either the cleartext inner packet to be redirected or a network host to generate an error message," warned NISCC.

"In the latter case, these errors are relayed via the Internet Control Message Protocol. Because of the Protocol's design, these messages directly reveal segments of the header and payload of the inner datagram in cleartext.

"The attacks have been implemented and demonstrated to work under realistic conditions."

The organisation rates the flaws as 'highly critical' and added that the Authentication Header protocols that guarantee the authenticity of data packets are also vulnerable.The advisory provides three ways to work around the problem, including reconfiguring the ESP system and using Authentication Header and ESP simultaneously to defeat eavesdroppers.

IP Security (IPsec) is a set of protocols developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the IP layer; IPsec has been deployed widely to implement Virtual Private Networks (VPNs).

Three attacks that apply to certain configurations of IPsec have been identified. These configurations use Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH to provide integrity protection are also vulnerable. In these configurations, an attacker can modify sections of the IPsec packet, causing either the cleartext inner packet to be redirected or a network host to generate an error message. In the latter case, these errors are relayed via the Internet Control Message Protocol (ICMP); because of the design of ICMP, these messages directly reveal segments of the header and payload of the inner datagram in cleartext. An attacker who can intercept the ICMP messages can then retrieve plaintext data. The attacks have been implemented and demonstrated to work under realistic conditions. http://www.vnunet.com/news/1163022

Virus versus backdoors in popularity

A reader pointed out that "backdoor.hackdefender" was rather popular at virustotal. Looking at the top 10, it shows that most of the top 10 are backdoors.

Perhaps time to make a mental note that although backdoors typically don't have fast rates to spread they do seem to be widely available in the wild.

Add to that that cleaning up from a backdoor is tricky business: what else was installed/changed/... while the backdoor was installed ? Typical viruses are much more predictable and therefore easier to clean up.

As such it might be a good moment to check the risk levels of backdoors in your organization and perhaps take some more measures.

Let me know what you think about it. If you do have extra measures in addition to the typical anti-virus measures to counter the threat of backdoors, let me know which.

Cheers M$

Is it the Win 95 on C64..?? hah..sure to get lost..!!

Botnets and phising

A recent post to the Dailydave mailing list, titled Distributed Phishing, described an incident similar to the report we received yesterday. The report outlined a large organization's battle against a botnet that implemented a phishing attack against the organization's customers. The trend to use bots for hosting phishing websites on compromised systems is not new, and was documented in the Register article titled Phishers Tapping Botnets to Automate Attacks. Using bots in this manner makes it difficult to shut down the malicious site, because the attacker can quickly modify the domain record to point to another compromised system. One way to defend against such attacks is to work with the company hosting the DNS server that resolves the malicious domain name to remove or modify the offending records.

Attacks that we're observing now are becoming more elaborate. In the most recent report, the attacker was using a botnet to host not only the malicious websites, but also the DNS servers that provided domain resolution services for the targeted domain name. This setup allowed the attacker to move to a new DNS server when one of the malicious servers got shut down. An organization battling this threat typically has to deal with the registrar of the malicious domain, instead of attempting to shut down the individual DNS server. Unfortunately, many domain registrars don't have formal procedures for dealing with such requests, which makes it difficult for organizations to defend against such attacks.

Some ISP can help their customers combat such attacks by implementing a type of domain hijacking, intercepting and redirecting malicious DNS traffic that traverses their network. While this approach does not entirely mitigate the issue, it does mitigate it within the ISP's network; it is particularly effective if implemented by a large ISP. Considering the limitations of this mechanism, having domain registrars develop processes for addressing this attack scenario would be very helpful.

Still changing the thoughts...

Several companies which fear hackers will think after reading this - "f*ck, we have to tighten the "new employee" process". But I will tell you something: Too late ... we are already everywhere. In all major consultant, audit and software development, banks and IT security companies are former hackers. And guess what? The world is not crumbling down in despair. Most hackers have ethics. You might not like their ethical code, but most of them have a code of honour, and would never hack the company they are working for. You might say - "but the others, not all are good" - yes, that's true, but so is the rest of the world - same is true about people who are not hackers. If you fight us you will loose - valuable team-members, with strong skills and experiences. Think about it. And to the hacker scene: having a cool security job and still doing greyhat stuff - this is the best thing which can happen to us. Having fun - and getting paid for it.

Changing the thoughts...

Young hackers usually dream about becoming a well-known security expert, whose job is about executing high profile penetration tests on fortune 100 companies. Why? Cool and interesting projects, bleeding edge hard and software to work with, new areas to learn and gain knowledge, earning money, creating (another) high profile - this time with the real name - most hackers dream of that - few actually achieve that. It is mostly about the pitfalls a hacker has to overcome, especially when a company doesn't like "evil" hackers for the job. Therefore a sound and seemingly logical explanation, where he did get this security knowledge is very important. Some people might say "hey, nice article, but it is not really about hacking" - well, I say it is. It is about hacking coporate minds. You want to achieve your goal - working for that fortune 10 bank as an IT security expert, but f*ck, they don't like hackers. Hackers are evil, criminals, they say. So you have to hack their brains to get what you want! First, it should be clear what a "security job" is about - or being a whitehead. The world, work and views are different. The section "Hacker World vs. Security World" is describing this. Then you might need additional knowledge to impress your hope-fully new employer - also the ways for that are pretty clear, you can find some hints at "Getting a Background". After you know what will await you, you actually have to apply for a job. There are some do's and some don'ts you should keep in mind for writing your application documents and when you've got your job interview. The sections "Truthful or not", "How to find a job", "Getting your CV right" and "The Job Interview" will keep you on the right track. And finally: "Things you should not do after getting the job". This might be more important than you think. Last thing you should keep in mind when reading this text: it is especially meant for people who have a hard time to get employed because the company they are interested in have got a "no-hacker" policy, or the country they are living in are seeing hackers not as an enrichment to the security business. If you are trying to get into a company which welcomes hackers with open arms - which is rarely the case - this text can still be important to you. Enjoy.(Will come up with more in the next part.. :))

Writing my first

I'm writing my first blog today.I believe that everything grows out from a small effort. So perhaps this is my first effort.Ok guys i'll share some professional stuffs along with my own.I'll write all the security related stuffs for a newbie to read learn.If you are viewing this blog then don't forget to post a reply here.