Search the Community

Numerous malicious attacks on computers and mobile devices as well as networks of important entities have recently made the news and have brought back to the surface the debate on cyber warfare and the dangerousness of cyber weapons. The increasing dependence on the Internet and the recent spur of attacks are beginning to create greater concern. The fear is not just based on the possibility that a cyber attack could simply cause the non-availability of information and services we are now accustomed to. The Internet has not just reshaped the way we obtain news, communicate with others, take care of our finances, watch TV and listen to music, but it is also permeating other essential fields of our lives. From power smart grids to the “Internet of Things,” the potential targets of cyber warriors are now multiple and the possible consequences catastrophic. Premeditated, politically or socially motivated attacks against a computer-dependent society could be orchestrated by foreign powers and affect nations at any level: from the availability of utilities, to denied access to important financial and medical information, to causing a significant impact on national GDPs. This article will explore the concept of cyber warfare and cyber weapons, plus recount latest happenings and discuss whether the danger is real. Cyber Warfare and Cyber Weapons The definition of cyber warfare and cyber weapons is not as clear-cut as it might seem. Distinguishing these attacks from simple cyber crimes is essential to define rules of engagements by countries and to establish what should be considered a direct act of war against the sovereignty and wellbeing of a state. According to the Tallin Manual on the International Law Applicable to Cyber Warfare – a study commissioned by the NATO Cooperative Cyber Defence Centre of Excellence that is not considered a legally binging document – cyber weapons are cyber means of warfare designed, used or intended to cause either injury or death of people or damage to or destruction of objects. Without a globally recognized definition, however, it is hard to strictly define and recognize true acts of cyber warfare, prevent attacks, hold entities accountable and define legal responses. The inability to agree to basic notions is a considerable weakness in the international arena and leaves space to much uncertainty and endless possibilities for nations beginning to employ these warfare techniques. Several definitions have been given by scholars, but, in general, a cyber weapon is intuitively considered any software, virus, and intrusion device that can disrupt critical infrastructures of other countries, from military defense systems to communications to electric power smart grids to financial systems and air traffic control. Debates have been rising on the possibility to consider cyber weapons tools used not only to directly impair systems but also to spy on nations through cyber espionage. Again, the lack of a globally-recognized legal definition doesn’t help. Have cyber weapons ever been deployed? You may recognize an incident that happened in 2009, the first known use of a cyber weapon: Stuxnet. It was a complex piece of malware believed to be an example of government cyber weapon aimed at severely disrupting the Iranian nuclear program. The paternity of the attack has been a source of debate, but in the end, it was believed to be a joint US/Israel operation. Stuxnet targeted a plant in Natanz, Iran. By turning off valves and impairing centrifuges, equipment was damaged and the Iranian uranium enrichment program effectively slowed down. However, Stuxnet might have not even been the first cyber war tool directed toward Iran. Flame, another powerful malware that masqueraded itself as a routine Microsoft software update, had already been used to map and monitor Iranian networks and collect critical information. Is a Cyber World War a Concern? A 2013 report by Director of National Intelligence James R. Clapper explained that the possibility of a major cyber attack to US critical infrastructures causing a long-term and widespread disruption of services by major players like Russia and China is remote. However, smaller scale attacks by smaller states or non-state entities seem to be a concern. According to the report, “less advanced but highly motivated actors could access some poorly protected US networks that control core functions, such as power generation, during the next two years, although their ability to leverage that access to cause high-impact, systemic disruptions will probably be limited. At the same time, there is a risk that unsophisticated attacks would have significant outcomes due to unexpected system configurations and mistakes, or that vulnerability at one node might spill over and contaminate other parts of a networked system.” This may not come as a surprise to anyone, but any telecommunications infrastructure attack could cause enough harm to generate fear. Every government or corporation entire infrastructure, let alone the public at large, may be at stake. Can digital attacks really have tangible effects? Absolutely. An oil pipeline in Turkey was cyber attacked and exploded in 2008. The pipeline was super-pressurized and alarms were shut off. By hacking security cameras, attackers (allegedly Russian) were able to hide the blast from the control room that, unaware, was unable to respond promptly. Another attack to a German steel company demonstrated how, by simply infiltrating the information systems running the plant, hackers could cause major damage. Although not a single Internet successful attack has been recognized as directed by a foreign terror organization against the United States homeland, there have been instances of intrusions intended to inflict significant harm on the American government or state agency, as well as US businesses. Last November, there was an intrusion into the networks of the Department of the State that led to the unclassified email system shutdown. Carol Morello, the diplomatic correspondent for The Washington Post who covered the affair, noted the activity was related to hacking of White House computers reported a month prior, and to security breaches that occurred at both the U.S. Postal Service and the National Weather Service. Those incidents pointed to Russian hackers as prime suspects; the perpetrators were believed to be working directly for the Russian government. Sony Pictures Entertainment (SPE) is another recent case; its networks were infected in a November 2014 incident. According to the FBI, the occurrence resembled past cyber efforts by North Korea. What makes a cyber warfare attack appealing? Mainly the fact that it can come at little or no cost for the perpetrator. An attacker with great technical capabilities can create disruption by using a single computer wherever he or she is located. While the use of conventional weapons requires expensive manufacturing and physical travel to target locations, cyber attacks can be conducted from anywhere. Traditional weapons have a cost that might be prohibitive for many and are hard to transport (or deliver) in secrecy. In other cases, attacks might require the sacrifice of the offenders. Cyber attacks are quick, can be equally destructive and can definitely be inexpensive to execute. According to Amy Chang, research associate at the Center for a New American Security, “Cyber warfare is a great alternative to conventional weapons. […] It is cheaper for and far more accessible to these small nation-states. It allows these countries to pull off attacks without as much risk of getting caught and without the repercussions when they are.” Accountability is hard to prove when cyber weapons are used. By using several proxies or infecting computers indirectly, it is difficult to trace back to a particular malicious hacker or organization on any form of attacks. And even if a culprit is found, it is hard to accuse a nation of a deliberate act of war, especially due to lack of a legal framework. The problem today is that we live in a high-tech world of uncertainty where people are not well trained and equipped for these new threats that can disrupt communications, and network traffic to and from websites and can potentially paralyze Internet service providers (ISPs) at the international level across national borders. So, in the face of constant security threats, there is a need for all to fully understand how to handle cyber security issues and cyber war and how to mitigate risks and minimize the damage, as best as possible if the circumstances arise. Cyberspace and its Security What can be done and who should act in defense of a nation’s cyberspace? The answer may be complicated. Defending cyberspace is not an easy feat, considering the number of interconnected computers, mobile devices and networks. The majority of the systems, including those regulating nations’ critical infrastructures, are interconnected and then vulnerable not only to direct attacks but also to infection by transmission. Ironically, the numerous technological advances might also pose a risk, as cyber terrorists seem to be always a step forward in identifying security vulnerabilities before security experts can patch them. Lack of recognized rules in cyberspace and difficulty to implement boundaries complete the picture. Lacking a real global response to cyber warfare, many countries and organizations are creating structures and task forces to prepare against cyber threats. According to intelligence studies, more than 140 countries have funded cyber weapon development programs. The U.S. is particularly active and created the USCYBERCOM that “plans, coordinates, integrates, synchronizes, and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.” In 2012, the U.S. Defense Advanced Research Projects Agency (DARPA) invested $110 million in Plan X, a “Cyberspace is now recognized as a critical domain of operations by the U.S. military and its protection is a national security issue. Plan X is a foundational cyberwarfare program to develop platforms for the Department of Defense to plan for, conduct, and assess cyber warfare in a manner similar to kinetic warfare.” The program was included in DARPA’s reported $1.54 billion cyber budget for 2013-2017. Recently, the U.S. Naval Academy also received $120M to build a classified cyber warfare center in 2016. The center will allow midshipmen to work on classified system and acquire cyber warfare skills. Organizations like the European Advanced Cyber Defence Centre (ACDC), the NATO Computer Incident Response Capability (NCIRC) and the Internet Engineering Task Force (IETF), amongst many others, are working on fighting back against organized, international cyber criminals that have used cyberspace as a warfighting domain. However, this may not be enough to avoid terrorism-based cyberwar attacks, so everyone ought to prepare proactively and effectively by securing systems as much as possible. In an Internet-connected world, every end user is at risk, either directly or indirectly. The Internet provides many different ways to attack. Internet-connected systems must be secured on a global scale. With cyberspace being so vast, flexible, and unregulated, all its users are highly vulnerable to dangers from outside threats. Recent cyber attacks highlight the potential threat posed by information warfare tactics and techniques that use computer connectivity and exploit vulnerabilities sometimes caused by users’ inattentiveness or lack of basic cyber security practices. Proper use of intrusion-detection and intrusion-prevention systems (IDS/IPS) and firewalls (a network’s first line of defense against threats) is a basic response. Through real-time analysis of network traffic—i.e., to investigate and contain these security threats—people can detect the majority of the less sophisticated hacking attacks at a user level. Larger companies must be more aware than ever about their network security vulnerabilities and secure their properties with proper Advanced Threat Protection Platforms for endpoint protection and server security. In the case of government-orchestrated cyber attacks, one of the main lines of defense is the creation of a common front against attackers. There is no better time than now to open collaboration and dialogue amongst various industries and government agencies to take action. Attacks against larger, interconnected systems might be more easily disclosed by comparing data and creating common task forces. Detection and prevention alone may not be enough to stop the attackers, each time, but at least it may inhibit future, similar threats. The Internet might be becoming a new weapon for terrorists, so overcoming cyber vulnerability requires multiple different organizations to come forward and stop the launch of cyber threats that can manipulate the physical world while operating without international boundaries. Conclusion Some of the numerous larger-scale cyber attacks can be intuitively considered acts of cyber war. With many countries large and small investing in cyber warfare, it is impossible not to think of the use of “information warfare” as a new form of terrorism. Information warfare goes beyond simply attacking computers and communications networks, as a computer-literate terrorist can wreak havoc causing physical destruction and harm to populations. The Internet can be turned into a weapon used against targets by terrorists hidden in cyberspace to carry out cyber violence and disruption, while being physically located elsewhere. Computer-related crimes, as an extension of terrorist attacks, have the potential of bringing catastrophic side effects. Cyberspace is increasingly becoming a place of risk and danger, vulnerable to hacks and cyber warfare. With today’s civilization dependent on interconnected cyber systems to virtually operate many of the critical systems that make our daily lives easier, it is obvious that cyber warfare can be the choice for many governments and states, especially those that don’t have access to expensive, conventional weapons of mass destruction. So, how do we counteract such attacks? If cyber warfare is considered war, then anti-terrorism defenses must be deployed. First, though, a legal basis for responses to attacks must be defined. A legal definition of cyber war and cyber weapon, a definition agreed upon globally, is necessary to define the perimeters within which nations can operate in cyberspace. It is important to define what to consider cyber espionage, cyber war or an act of simple hacking. Lacking a clear definition and a global cyber etiquette, nations are left with creating their own defense against cyber weapons and cyber espionage. Exploring real-world examples, continuously monitoring the Information Superhighway, and endorsing cyber security awareness, web security and online safety are the tools currently available for an effective international governance of the Internet. Although the United States has not been subjective to real, destructive cyber terrorism as of today, in terms of hostile action or threat, it has identified a number of ways terrorists can use the computer as a tool for hacking or information warfare. As the job of a cyberterrorist has become more difficult to detect, in time, information control may also be critical for successful counter-terrorism and avoidance of infrastructure warfare. Therefore, it is paramount to investigate some common defense mechanisms that can help pinpoint and capture these threats before they affect massive numbers of people and impair activities in a much more pervasive way. References Brecht, D. (2014, December). Are Cyber Threats the New Terrorism Frontier? Cyber Warnings E-Magazine, 28-32. Retrieved from index Clapper, J. R. (2013, March 12). US Intelligence Community Worldwide Threat Assessment Statement for the Record. Retrieved from http://www.odni.gov/files/documents/Intelligence%20Reports/2013%20ATA%20SFR%20for%20SSCI%2012%20Mar%202013.pdf Donohue, B. (2014, December 19). FBI Officially Blames North Korea in Sony Hacks. Retrieved from FBI Officially Blames North Korea in Sony Hacks | Threatpost | The first stop for security news Kostadinov, D. (2012, December 21). Cyberterrorism Defined (as distinct from “Cybercrime”). Retrieved from Cyberterrorism Defined (as distinct from “Cybercrime”) - InfoSec Institute Morello, C. (2014, November 16). State Department shuts down its e-mail system amid concerns about hacking. Retrieved from State Department shuts down its e-mail system amid concerns about hacking - The Washington Post NATO REVIEW. (n.d.). The history of cyber attacks – a timeline. Retrieved from http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm Paganini, P. (2013, December 6). Cyber warfare – Why we need to define a model of conflict? Retrieved from http://securityaffairs.co/wordpress/20204/intelligence/cyber-warfare-model-of-conflict.html Storm, D. (2014, December 22). Cyberwarfare: Digital weapons causing physical damage. Retrieved from http://www.computerworld.com/article/2861531/cyberwarfare-digital-weapons-causing-physical-damage.html Suciu, P. (2014, December 21). Why cyber warfare is so attractive to small nations. Retrieved from http://fortune.com/2014/12/21/why-cyber-warfare-is-so-attractive-to-small-nations/ Source

In a new article in an academic math journal, the NSA’s director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the director of researcher at the National Security Agency, wrote in a short piece in Notices, a publication of the American Mathematical Society, that even during the standards development process for Dual EC many years ago, members of the working group focused on the algorithm raised concerns that it could have a backdoor in it. The algorithm was developed in part by the NSA and cryptographers were suspect of it from the beginning. Then, in 2007, well into the life of Dual EC, researchers at Microsoft delivered a talk at a conference that detailed the potential for a backdoor in the algorithm. Still, both the NSA and NIST, which approves technical standards for the United States government, stood by the algorithm. Dual EC was mostly forgotten until late 2013 when allegations emerged that the NSA may have had a secret $10 million contract with RSA Security that prompted the vendor to make Dual EC–which was then known to be weak–the default random number generator in some of its key crypto products. NIST last year removed Dual EC from its guidance on random number generators. “I wrote about it in 2007 and said it was suspect. I didn’t like it back then because it was from the government,” crypto pioneer Bruce Schneier told Threatpost in September 2013. “It was designed so that it could contain a backdoor. Back then I was suspicious, now I’m terrified.” The NSA came under heated criticism for the Dual EC episode, and now one of the agency’s top officials has said it was a mistake for the NSA not to have withdrawn its support for the algorithm after the weaknesses were raised years ago. “With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable,” Wertheimer wrote in a piece in Notices’ February issue. “The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NIST’s April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the DUAL_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to ‘undermine Internet encryption.'” Wertheimer said that the agency is trying to combat that perception by changing the way that it contributes to standards efforts in order to be more transparent and accountable. “One significant, and correct, change is that all NSA comments will be in writing and published for review. In other words, we will be open and transparent about our cryptographic contributions to standards. In addition, we will publish algorithms before they are considered for standardization to allow more time for public scrutiny,” Wertheimer wrote. “With these measures in place, even those not disposed to trust NSA’s motives can determine for themselves the appropriateness of our submissions, and we will continue to advocate for better security in open-source software, such as Security Enhancements for Linux and Security Enhancements for Android.” Source

Inverse Path is readying a tiny, open-spec “USB Armory” SBC that runs Linux or Android on an i.MX53, and offers Trustzone, secure boot, and USB emulation. The USB Armory single board computer, which Inverse Path plans to launch this quarter on the Crowd Supply crowdfunding site, is not your ordinary open source hacker SBC. For one thing, it’s super tiny (65 x 19 x 6mm), with only two real-world ports — a USB 2.0 OTG port and a microSD slot — and it’s specifically aimed at secure computing applications. The USB Armory connects to other systems via the USB port, which is also how the device sips power at 5V. Consumption is less than 500 mA, according to Inverse Path. USB device emulation covers mass storage, HID, and Ethernet, with the latter enabled via a full bidrectional TCP/IP connection using CDC Ethernet emulation. A secure boot feature lets users apply verification keys that ensure only trusted firmware can be executed on a specific USB Armory device. The device also offers ARM TrustZone security to enforce domain separation between secure and normal worlds. The TrustZone support extends beyond the CPU to propagate throughout all system-on-chip components, says Inverse Path. The combination of all these security features “greatly limits the potentiality and scope of supply chain attacks,” says Inverse Path. Potential applications for the USB Armory are said to include: Mass storage device with automatic encryption, virus scanning, host authentication, and data self-destruct OpenSSH client and agent for untrusted hosts (kiosk) Router for end-to-end VPN tunneling, Tor Password manager with integrated web server Electronic wallet (e.g. pocket Bitcoin wallet) Authentication token Portable penetration testing (pen-testing) platform Low level USB security testing The device runs Android, Debian, Ubuntu, or FreeBSD on a Cortex-A8-based Freescale i.MX53 processor clocked at 800MHz. This would appear to be the i.MX537 model, rather than the i.MX535, which is typically clocked at 1GHz. The USB Armory ships with 512MB DDR3 RAM. Aside from the USB and microSD connections, the only interface is a 7-pin header (normally holes, only) for GPIO and UART signals, plus power. Inverse Path has posted schematics and PCB layout files licensed under GPLv2. Specifications listed for the USB Armory include: Processor — Freescale i.MX53 (1x Cortex-A8 @ 800MHz) Memory — 512MB DDR3 RAM Storage — MicroSD slot with secure boot I/O: USB 2.0 OTG port with power support and device emulation 7-pin breakout header with GPIOs and UART Other features — ARM TrustZone support; customizable LED with secure mode detection Power — 5V, via USB; <500 mA consumption Dimensions — 65 x 19 x 6mm Operating system — Android; Linux (ships with Debian and Ubuntu images); FreeBSD Further information The USB Armory will go up for crowdfunding this quarter on Crowd Supply. More information may be found on the Crowd Supply project notification page, as well as this Inverse Path USB Armory product page. The device’s technical documentation is available on Github. Sursa: Tiny open source USB-stick SBC focuses on security*·* LinuxGizmos.com

Norton Internet Security 2014 21.6.0.32 Norton AntiVirus 2014 21.6.0.32 Norton 2014 – strong on protection, light on system resources, award winning! It runs quietly in the background to detect and block today’s complex threats and to protect your identity when you buy, bank, or browse online. The friendly and efficient product design helps minimize confusing security and system slowdowns that can get in the way of your online experience. Norton provides essential protection from viruses, hackers, spyware, spam and other privacy threats. A comprehensive set of security tools, Norton helps keep you safe online as you surf and email, swap files, download programs, and chat Dogefile.com

[align=center]SCAN RAT V2.2 As the title says , i am sharing with you an amazing AIO software , developped by FudMario ( all credits go to him )dedicated to scan your system to detect and delete any malwares , with many features and options ... I found this software on another forum and after on test i find it absolutely usefull and really HQ , here is some pictures of this software : Don't worry guys if you saw spanish language on the screenshots, the vesrion posted here is available in english and spanish Here is what the differents tabs are : -Principal : here you will get all your system informations , also the coder's contacts .. -Scanner : here , you will be able to lauch a complete scan to detect if any malwares is running on your system -Process Viewer : here you will have a complete list of the running processes , no need to open your task manager anymore -Start up : you will be able to detect all the applications laucnhed with windows so if a start up is on your system you will be able to find it and analyse it -Event viewer :to check every event or incident on your system -USB cleaner : this feature will allow you to scan and clean all USB devices to guarantee a perfect security of your system -Lock Folder : will allow you to lock/unlock any folder on your system Here is now some scan of the software : https://www.metascan-online.com/en/scanresult/file/815d0d8a9c2c447fa21bd1b681b76204 https://anubis.iseclab.org/?action=result&task_id=17a219a5724f70bb4bd4c48798e43776a&format=html Download Scan-RAT v2.2 : hxxps://www.sendspace.com/file/39ptx0 Credits : all credits of this software go to FudMario who offer us a great AIO software , thanks to him [/align] //usr6 Descarcati doar pentru analiza https://malwr.com/analysis/MTk0OGZmNDEwOTAwNDcwZGExYTQ0MDA1MzA4ZjJhYzM/

Hello every one. At the moment i am preparing a tv program about cyber criminality and how people can protect them selfs against it. For the simple reason that many people become victim from cyber crimes in such big order that it harms our countries, economies and even our healthcare systems and inocent people. And as Snowden showed us, we got a lot of spywhere from other nations where we are not allowed to vote. If there are here serious people who understand the importance of the protection against cyber crimes, and are willing to cooperate then you can send me a PM ofcourse. Or leave a reaction here what you think is important to be treaded in this program.

Arata bine, incepe astazi. Hello everyone! Felicity, the annual festival of IIIT Hyderabad, brings to you Felicity Threads 2014, the tenth annual edition of the celebration of spirit of computing and engineering. We bring to you a wide range of online contests in various fields of programming and mathematics. Our series of online events includes contests on algorithmic programming (Codecraft), parallel programming (Kernel Cruise), combinatorial search and game playing bot design (Strange Loop), and an unconventional programming challenge (Time Limit Exceeded). Our second event, after Gordian Knot, a math contest, is Break In. Break In, is a Jeopardy-style Capture The Flag (CTF) contest, starting on 1800 IST (1230 UTC), January 11, Saturday for 36 hours. It will be filled with challenges from diverse areas of systems programming and security (description here [1]). Participants will have to crawl the depths of the web, pry open encrypted exchanges and reverse engineer binaries to finally emerge victorious. The only prerequisite to participate is the urge to learn. Let us learn and rejoice the spirit of computing and engineering together. There are exciting prizes for the event too! So be prepared for some and to know more about Threads, visit us at : Threads | Felicity [2] Sincerely, Threads 2014 Team Links: ------ [1] Break In | Threads [2] Threads | Felicity

Just a little note to announce that we released NAXSI, an Open Source, Positive Model Web Applicative Firewall for NGINX. Naxsi is now also an official OWASP project (yeepee !) Why ? Because, out there, first of all, there is not much open source WAFs, secondly, even if mod_security is awesome, we wanted something different, that is more reverse proxy oriented. And last but not least, as a security enthusiast, I’m not found of negative model when it comes to applicative firewalling, as js/html/*sql languages are so rich that it’s very hard to have a 100% coverage of possible injection vectors. You may find some examples here : ModSecurity SQL Injection Challenge: Lessons Learned - SpiderLabs Anterior (results of the mod_security bypass context). To make it short, a negative model requires a LOT of efforts to maintain a core rule set (and we’re far from being able to do what the mod security project has done). So, we are left with proprietary appliances, and as a hoster (more than 1.000 websites currently hosted), proprietary appliances are not even an option. This is why we decided to create NAXSI. How ? Well, positive model can be fairly complicated/long to configure when you have a huge web-site, or a web-site that allows a lot of rich/complex user inputs. So, we designed NAXSI to be as flexible and easy to configure as possible. So, here is a global overview of how it works : 1. NAXSI does not have ‘rules’, strictly talking. It will just “score” strange characters in user contents. When the request reaches a critical score, the request will be denied. 2. The learning mode heavily relies on NGINX’s power. When in a learning mode, all to-be-denied requests will be allowed, AND, posted back to a specific location (in NGINX’s term) pointing to a script that will analyze the request and generate the appropriate white-lists, write them to naxsi’s configuration file and reload NGINX. (Thanks to NGINX design, current connection’s won’t be closed, so it’s 100% invisible for the end-user) 3. Once you are in a “production” state (no more learning mode, NAXSI is indeed blocking the requests), all denied requests will be redirected to a specific location, where you can : 4. Depending on the user’s IP, turn it into learning mode (for some Ips, naxsi will always be in learning mode, and generate white-lists on the fly) 5. If the user’s thinks it’s a false positive, he can fill a captcha. If he decided to do so, a mail will be sent, with the associated generated white-lists and detailed request (full HTTP request, so that it can be reproduced) 6. Very simple rules syntax, allowing (for extreme cases) easy hand tuned white-list or negative rules writing. As you can see, we tried to make this as easy as possible to configure and use. During configuration, the user should never have to edit NAXSI’s white-list configuration by hand, as it’s 100% automatically generated via learning mode. You can even partially perform this part with a crawler (if yours is good enough). You can find more details on the googlecode’s page of the project : naxsi.googlecode.com. What ? Naxsi, thanks to NGINX power, can do pretty much whatever you want : turn on learning mode for some users only, redirect forbidden requests to another domain, a vhost, a single page. For those of you who have some knowledge about NGINX, you know how right I am, for the other’s, have a look at NGINX, it’s pure awesomeness ! When ? Naxsi is currently released on an “alpha” status, but we are already deploying in on various production sites. For those whishing to try naxsi, I ‘really’ recommand that you use the SVN to fetch last sources, as packaging is not done on a regular basis right now. Test ? We have setup a test box (referenced on naxsi’s wiki, here : OnlyTrustWhatYouCanTest - naxsi - Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx - Google Project Hosting where you can try naxsi by yourself, as we setup the box as a reverse proxy to on-purpose vulnerable websites ! Wanna help ? You’re welcome ! We are currently looking for some web developers to setup a nicer forbidden page and even a reporting interface. We are as well looking for some people to test the software and give us some feedback. What’s next ? We are currently thinking very seriously about supporting mod security CRS level 1 in NAXSI, so that we can have the perfect firewall, fitting every kind of web sites ! So, stay tuned ! Source: Naxsi, open source WAF (Web Application Firewall) for NGINX Download: https://github.com/nbs-system/naxsi

If you own a world-renowned Security Product or a Service, National Security Agency (NSA) is ready to pay you 10 Million or more bribe for keeping intentional backdoor for them. According to an exclusive report published by Reuters, there is a secret deal between the NSA and respected encryption company RSA to implement a flawed security standard as the default protocol in its products. Earlier Edward Snowden leaks had revealed that the NSA created a flawed random number generation system (Dual_EC_DRBG), Dual Elliptic Curve, which RSA used in its Bsafe security tool and now Snowden has revealed that RSA received $10 million from NSA for keeping Encryption Weak. So, anyone who knows the right numbers used in Random number generator program, can decipher the resulting cryptotext easily. Recommending bad cryptographic standard is one thing, but accepting 10 million to deliberately implement is something very shameful for a respected Security company. The new revelation is important, cryptographer and Security expert Bruce Schneier said, because it confirms more suspected tactics that the NSA employs. "You think they only bribed one company in the history of their operations? What's at play here is that we don't know who's involved," he said. RSA, now owned by computer storage firm EMC Corp, and has maintained its stand of not colluding with NSA to compromise the security of its products, "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," Both the NSA and RSA haven't directly acknowledged the deal. But after Snowden revelations, What is the RSA's credibility or of other American software and networking companies? Source: NSA paid $10 Million bribe to RSA Security for Keeping Encryption Weak Also, published on: - Reuters - The Register

Malicious URL Shortener + HTML5 DDoS PoC This project demonstrates the serious consequences of the Internet's increased reliance upon URL shortners, as well as how easy it is to create an unwitting DDoS botnet using new HTML5 features without actually exploiting a single computer. It is intended only for demonstration and testing purposes; if you target a site that is not yours, you are responsible for the consequences. Download: http://d0z-me.googlecode.com/files/d0z-me-0.2.tar.gz

A team of Internet security researchers has stumbled upon a massive online cache of more than 2 million hacked email addresses, usernames, and passwords. SpiderLabs, a division of online firm Trustwave that bills itself as an "elite team of ethical hackers, investigators and researchers," made the announcement Tuesday. The majority of hacked accounts come from major sites: Facebook, Yahoo, Google, Twitter, LinkedIn, and Russian and eastern European social networking sites odnoklassniki and VK. The thing that many of the hacked accounts had in common? Outrageously easy passwords. Tens of thousands of them had passwords like "12345," "1," "admin," and the ever-popular "password." As you'd expect, the fewer characters and complexity a password had, the more likely it was to end up on that list. The passwords had been harvested by an enormous botnet referred to as a "Pony," which the BBC referred to as "probably run by a criminal gang." As this Pony's operators did a good job of covering their tracks, SpiderLabs couldn't confirm where the attackers were based, though the dump was written in Russian. Source: The daily Dot More info: Look What I Found: Moar Pony! - SpiderLabs Anterior

AIEngine is a packet inspection engine with capabilities of learning without any human intervention. AIEngine helps network/security profesionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on. Using AIEngine To use AIEngine just execute the binary aiengine: luis@luis-xps:~/c++/aiengine/src$ ./aiengine -h iaengine 0.1 Mandatory arguments: -I [ --interface ] arg Sets the network interface. -P [ --pcapfile ] arg Sets the pcap file. Link Layer optional arguments: -q [ --tag ] arg Selects the tag type of the ethernet layer (vlan,mpls). TCP optional arguments: -t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool. UDP optional arguments: -u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool. Signature optional arguments: -R [ --enable-signatures ] Enables the Signature engine. -r [ --regex ] arg (=.*) Sets the regex for evaluate agains the flows. -c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature on the flows. Frequencies optional arguments: -F [ --enable-frequencies ] Enables the Frequency engine. -g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por t and dst-port. -f [ --flow-type ] arg (=tcp) Uses tcp or udp flows. -L [ --enable-learner ] Enables the Learner engine. -k [ --key-learner ] arg (=80) Sets the key for the Learner engine. Optional arguments: -k [ --stack ] arg (=lan) Sets the network stack (lan,mobile). -d [ --dumpflows ] Dump the flows to stdout. -s [ --statistics ] arg (=0) Show statistics of the network stack. -p [ --pstatistics ] Show statistics of the process. -h [ --help ] Show help. -v [ --version ] Show version string. Integrating AIEngine with other systems AIEngine have a python module in order to be more flexible in terms of integration with other systems and functionalities. The main objects that the python module provide are the followin. Check the wiki pages in order to have more examples. Flow |---> getDestinationAddress |---> getDestinationPort |---> getFrequencies |---> getHTTPHost |---> getHTTPUserAgent |---> getPacketFrequencies |---> getProtocol |---> getSourceAddress |---> getSourcePort |---> getTotalBytes |---> getTotalPackets |---> getTotalPacketsLayer7 FlowManager Frequencies |---> getDispersion |---> getEnthropy |---> getFrequenciesString HTTPHost HTTPUserAgent LearnerEngine |---> agregateFlows |---> compute |---> getRegularExpression |---> getTotalFlowsProcess NetworkStack |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager PacketDispatcher |---> closeDevice |---> closePcapFile |---> openDevice |---> openPcapFile |---> run |---> runPcap |---> setStack PacketFrequencies |---> getPacketFrequenciesString Signature |---> getExpression |---> getMatchs |---> getName SignatureManager |---> addSignature StackLan |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager StackMobile |---> enableFrequencyEngine |---> enableLinkLayerTagging |---> getTCPFlowManager |---> getUDPFlowManager |---> printFlows |---> setStatisticsLevel |---> setTCPSignatureManager |---> setTotalTCPFlows |---> setTotalUDPFlows |---> setUDPSignatureManager Compile AIEngine $ git clone git://bitbucket.com/camp0/aiengine $ ./autogen.sh $ ./configure $ make Contributing to AIEngine AIEngine is under the terms of GPLv2 and is under develop. Check out the AIEngine source with $ git clone git://bitbucket.com/camp0/aiengine https://bitbucket.org/camp0/aiengine/

CSP Is Awesome Content Security Policy Header Generator What is Content-Security-Policy? A mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS) Oh, and it’s awesome. So why the different headers? Since the spec is still a draft. Firefox is using X-Content-Security-Policy and Webkit (Chrome, Safari) are using X-WebKit-CSP. Once the spec is locked down they’ll move to a canonical header. What does it look like? Here are some examples borrowed directly from the Working Draft 1.0 document Example 1: A server wishes to load resources only form its own origin: Content-Security-Policy: default-src 'self' Example 2: An auction site wishes to load images from any URI, plugin content from a list of trusted media providers (including a content distribution network), and scripts only from a server under its control hosting sanitized ECMAScript: Content-Security-Policy: default-src 'self'; img-src *; object-src media1.example.com media2.example.com *.cdn.example.com; script-src trustedscripts.example.com Example 3: Online banking site wishes to ensure that all of the content in its pages is loaded over TLS to prevent attackers from eavesdropping on insecure content requests: Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval' More information https://rstforums.com/forum/69690-user-interface-security-directives-content-security-policy.rst Content Security Policy Header Generator

An alarmingly large security flaw made its way past Tumblr's oversight. Ever logged in to Tumblr on your iPhone or iPad? How about while logged in on a public Wi-Fi connection? If you answered yes to any of the above, you may want to change your Tumblr password ASAP. Tumblr has just made users aware of a serious privacy compromise that enables anybody with the ability to “sniff” traffic on public Wi-Fi networks to view Tumblr users’ passwords in unencrypted plain-text format. The problem arose because the iPad and iPhone apps fail to log users in through a secure server. An official Tumblr announcement urges Tumblr users to change their passwords immediately if they’ve used the app, and to download the newest version of the app as soon as possible: According to the Register, a reader found the bug by chance while evaluating the Tumblr apps for suitable use on his employer’s smartphones. It’s a surprisingly enormous security hole for the Yahoo-bought company to overlook. Anybody who has ever accessed Tumblr over public Wi-Fi from a mobile device, whether at an airport, a coffee shop, or a library, is at risk. Fortunately, Tumblr users don’t seem to be reporting any serious consequences. The Tumblr #password and #security tags abound with users spreading the news, but not with sob stories about compromised accounts. Even if a user does find her account has been compromised, it will be hard to peg it on this security breach in particular. Via: Time To Change Your Tumblr Password—Immediately – ReadWrite

I would like to know how you here think about this. As we all know securing servers and networks is not an easy job to do, personal i think it is impossible to close out all vulnerabilities with an open network as the internet, but ok, it is possible to make it as difficult as possible. But is it safe to secure governmental networks so no one can come in anymore? What i mean is this, in an country like the Netherlands the government is managing to keep the corruption and crimes they commit covert up and secret, it is not the kind of corruption we know here, but there it is about child rape, child murders, murders, tortures, fraud and molesting which are committed by law enforcement and the justice department. With intimidation's, bringing in discredit and destruction of people they manage to keep the corruption covert up. This even reaches till the EU counsel and the EU court of human rights. Sending emails to NGO organisations is often intercepted by the government. When you make networks real secure then such criminal governments became impossible to monitor, and the end is out of sight. You can say then that an safe network or server becomes unsafe for the population. On the other hand, an unsecured network is unsafe because the information that must be protected is open to air. How wishful is it then to secure governmental networks?

Updated to include Microsoft comment Security software companies must be smiling ear to ear as they read the news briefs coming off the transom. Microsoft said today that an undetermined number of computers in its Mac software business unit got infected with malware. The company said the number of infected PCs was small but that there was no indication customer data had been compromised. In a blog post late Friday, Matt Thomlinson, who directs the company's Trustworthy Computing Security program at Microsoft, wrote: Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing. This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries (see our prior analysis of emerging threat trends). We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks. Welcome to the new normal. The escalating number of reported attacks was underscored by a recent report on malware put together by McAfee which reported that the number of trojans created to steal passwords rose about 72 percent in the last quarter. Last week Apple said that an unknown number of Macs had been compromised, but that "there was no evidence any data left Apple." The malware was tied back to a site targeting iPhone developers. Employee computers for Facebook and most likely dozens of other companies were also breached. The incidents occurred roughly around the same time that The New York Times, The Wall Street Journal, and The Washington Post disclosed that outsiders had also targeted their employees' computers. Surs?: Add Microsoft to list of hacked companies | Security & Privacy - CNET News

Snorby Cloud is an instantly deployable, usable, and hassle free Security Monitoring solution. Deploy your own Network & Host Security Monitoring solution in 5 minutes. Cloud Snorby TRIAL 24h

Nu stiu ce s-a intamplat cu telefonul meu..cand il pornesc imi arata o fereastra ENTER LOCK CODE...bag 12345,0000,00000 --nimic nu merge nici unul ( cica este gresit ) .Cum pot sa fac sa il aflu sau sa-l resetez..Mentionez ca telefonul este liber de retea ( nu este codat ).

Pentru ca asa e frumos, sa si dai, nu numai sa iei... Pentru ca am citit multe lucruri care au fost de folos de pe forum in ultimii ani. Pentru ca pe cativa ii va ajuta. Pentru MAMA. Si nu in ultimul rand pentru ca asa a vrut carbazanul meu. IT&C Security

Mai multe fotografii, la care nu aveau acces decât prietenii cei mai apropia?i ai lui Mark Zuckerberg, au putut fi accesate ?i v?zute de toat? lumea, dup? ce un hacker a reu?it s? sparg? contul ?efului Facebook. Reprezentan?ii re?elei de socializare spun c? hackerul a profitat de o sc?pare a sistemului, care îns? a fost remediat? între timp. În fotografiile f?cute publice pe internet se poate vedea o parte din via?a privat? a lui Mark, al?turi de iubita sa, Priscilla Chan. Cei doi g?tesc împreun?, merg la restaurant, sau stau acas? al?turi de prietenii apropia?i. Mai mult, au ap?rut fotografii ?i de la cele mai importante întâlniri ale lui Mark - printre ele fiind cea cu pre?edintele american Barack Obama. Sursa: http://www.antena3.ro/externe/cat-de-sigur-este-facebook-contul-lui-mark-zuckerberg-a-fost-spart-de-hackeri-vezi-poze-private-cu-el-si-iubita-146812.html

Target:Down Status:Game Over Obiectiv: Ob?ine?i codul serial de 12 caractere pentru a intra in posesia premiului Hint: Codul se afla pe serverul target Trimite?i codul serial la adresa mea de mail (o g?si?i în semn?tur?) folosind cheia mea publica PGP Nu voi lua in considerare email-urile in clar text. Nu va voi r?spunde dac? nu va l?sa?i cheia voastr? publica . In cazul in care sunt mai multi care rezolva challenge-ul vom trece la un alt nivel unde doar unul din voi va putea lua premiul. In cazul in care nimeni nu rezolva challenge-ul premiul va r?mîne pentru urm?torul challenge. Nivel: Mediu (de?i as spune ca nu e complicat) Information gathering: PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https Webserver Apache 2.2.3 Mod_security Mod_evasive Host-based Intrusion Detection System About: In challenge a fost introdusa o simpla tehnica pentru a bloca "no skills but prebuild tools" In acest mod va trebui sa lucra?i cu creierul cand folositi un tool , fara ajutorul vostru nici un tool automat fie el comercial sau freeware nu va fi de folos. Challenge-ul a fost construit pentru voi , asadar nu pentru tool-uri automatice Nu va fi de folos sa folosi?i scannere de vulnerabilit??i automatice ca spre exemplu (Nessus,Acunetix) deoarece luati ban automat (doar pentru faptul ca incarcati banda si il consider DOS) Daca faceti DOS adio premiu final , asadar daca folositi creierul v-am dat posibilitatea sa obtineti ceva. Note: In cazul in care ati facut dos, sau orice fel de alt exploit care va produce un reboot, serverul va intra in lockdown (va bloca orice fel de conexiune inbound ) Aici ave?i Game Over Thanks: Thanks goes to tdxev for support and application coding! Premiu final: Usb Fingerprint reader Features: * USB Fingerprint reader * Up to 10 sets fingerprint enrollment * Multi-Factor Authentication * Advanced Password Management * AIAC: Advanced image auto-calibration technology * Secure and Powerful Computer Protection Daca aveti intrebari , s-au comentarii in legatura cu subiectul deschis puteti apasa butonul reply

A mixed bag: new and old/ attack and defense/ for developers, managers, testers/ PHP, AJAX, Rails, Java, .NET, Oracle etc. Ajax Security [2007] Apache Security [2005] Applied Oracle Security: Developing Secure Database and Middleware Environments [2009] BackTrack 4: Assuring Security by Penetration Testing [2011] Beginning ASP.NET Security [2010] Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management [2005] Cracking Drupal: A Drop in the Bucket [2009] Developer's Guide to Web Application Security [2007] E-Commerce: A Control and Security Guide [2004] Enterprise Web Services Security [2005] Essential PHP Security [2005] Expert Web Services Security in the .NET Platform [2004] request download ticket | ifile.it --- Google Hacking for Penetration Testers [2005] Google Hacking for Penetration Testers, Volume 2 [2007] Hacker Web Exploitation Uncovered [2005] Hacking Exposed Web 2.0 [2007] Hacking Exposed Web Applications, 3rd Edition [2011] HackNotes Web Security Pocket Reference [2003] Hack Proofing ColdFusion [2002] Hack Proofing Your E-Commerce Site [2001] Hack Proofing Your Web Applications [2001] How to Break Web Software: Functional and Security Testing of Web Applications and Web Services [2006] Implementing Database Security and Auditing: Includes Examples for Oracle, SQL Server, DB2 UDB, Sybase [2005] Joomla! Web Security [2008] Mastering Web Services Security [2003] ModSecurity 2.5 [2009] ModSecurity Handbook [2010] Oracle Security [1998] php architect's Guide to PHP Security [2005] Practical Oracle Security: Your Unauthorized Guide to Relational Database Security [2007] request download ticket | ifile.it --- Preventing Web Attacks with Apache [2006] Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition [2010] Secure E-Government Web Services [2005] Securing PHP Web Applications [2009] Security for Web Services and Service-Oriented Architectures [2009] Security Fundamentals for E-Commerce [2002] Security on Rails [2009] Security Technologies for the World Wide Web, Second Edition [2002] Seven Deadliest Web Application Attacks [2010] SQL Injection Attacks and Defense [2009] SQL Server Security Distilled [2004] SSL & TLS Essentials: Securing the Web [2000] The Oracle Hacker's Handbook: Hacking and Defending Oracle [2007] The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws [2007] The Database Hacker's Handbook: Defending Database Servers [2005] Web 2.0 Security - Defending AJAX, RIA, AND SOA [2007] Web Application Vulnerabilities: Detect, Exploit, Prevent [2007] Web Hacking: Attacks and Defense [2002] Web Security, Privacy and Commerce, 2nd Edition [2002] Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast [2008] Web Services Security [2003] XML Security [2002] XSS Exploits and Defense [2007] request download ticket | ifile.it

Nu mai mira pe nimeni, nu? Dupa ce in ultima perioada de timp au fost scoase la iveala numeroase bug-uri de securitate, deficiente in setarile de confidentialitate, inca o stire legata de vanzarea datelor unor useri de catre o aplicatie de top de pe Facebook a aparut. Facebook zice ca n-are nimic, nu-s mai mult de o duzina de aplicatii autorizate de ei si considerate a fi de top, care fac asta in mod curent. Facebook App Developers Sold User Data…Shock! An Update on Facebook UIDs - Facebook Developers