http://www.symantec.com/about/news/release/article.jsp?prid=20081008_02
A 695M deal. Wow...
Sunday, October 12, 2008
Tuesday, September 2, 2008
Using wget over proxy in Linux
Just need to export an environment variable "http_proxy".
export http_proxy="http://proxy.example.com:8080"
Simple and easy. If you need the system to remember this, you can add this to /etc/profile for all users or ~/.bash_profile for selected individuals.
export http_proxy="http://proxy.example.com:8080"
Simple and easy. If you need the system to remember this, you can add this to /etc/profile for all users or ~/.bash_profile for selected individuals.
Friday, July 25, 2008
Gain Access to Any Windows Computer
Sounds great, right?
The concept is simple: reset the local admin account. Resetting the admin account password is not that difficult. Using a bootable linux CD to start the computer, and overwrite the password file can done the job. However, this will leaves a discover problem, as the real administrator will knows this when they do actual maintenance.
A more clever way is to copy the password file in advance, reset the password to gain access and copy back the backed up password file. This will do the track with less likely to be discovered.
An advanced level is to get the password, instead of copy the password file.
There are two interesting files in any Windows system. They are:
Because in most cases, local admin password of all workstations are the same due to disk cloning technique for fast deployment in a corporate environment. This means once you distribute a notebook to a user, the user will have the local admin password for all workstations in the environment. If your administrator is so careless to have the domain admin password the same as the local admin password, you are now controlling your whole network of Windows computer.
The concept is simple: reset the local admin account. Resetting the admin account password is not that difficult. Using a bootable linux CD to start the computer, and overwrite the password file can done the job. However, this will leaves a discover problem, as the real administrator will knows this when they do actual maintenance.
A more clever way is to copy the password file in advance, reset the password to gain access and copy back the backed up password file. This will do the track with less likely to be discovered.
An advanced level is to get the password, instead of copy the password file.
There are two interesting files in any Windows system. They are:
- WINDOWS\system32\config\system and
- WINDOWS\system32\config\sam
Because in most cases, local admin password of all workstations are the same due to disk cloning technique for fast deployment in a corporate environment. This means once you distribute a notebook to a user, the user will have the local admin password for all workstations in the environment. If your administrator is so careless to have the domain admin password the same as the local admin password, you are now controlling your whole network of Windows computer.
SSLVPN
Recently, I implemented a new change to my home networking infrastructure. Originally, I had some port forwards for RDP and SSH open to all Internet space. This was not good as people on the Internet can do brute force attack on these services.
Now, I had implemented a SSLVPN service at my home network to act as the first authentication gate. The product I am using is SSL-Explorer from 3SP (http://www.3sp.com/). The product gives me 1st tier defence by authenticate over a browser. I added two factor authentication by SMS. The product natively support SMS gateway from Clickatel (http://www.clickatel.com/). The implementation experience was great as the whole installation and profile provisioning only costs me less then 3 hours with AD integration.
In order to avoid certification untrust issue every time I connect via the SSLVPN, I bought a SSL certificate from GoDaddy (http://www.godaddy.com/).
After all these implementation, I disabled all direct port forwarding except TCP 443 to SSLVPN service.
The total investment for this project:
Now, I had implemented a SSLVPN service at my home network to act as the first authentication gate. The product I am using is SSL-Explorer from 3SP (http://www.3sp.com/). The product gives me 1st tier defence by authenticate over a browser. I added two factor authentication by SMS. The product natively support SMS gateway from Clickatel (http://www.clickatel.com/). The implementation experience was great as the whole installation and profile provisioning only costs me less then 3 hours with AD integration.
In order to avoid certification untrust issue every time I connect via the SSLVPN, I bought a SSL certificate from GoDaddy (http://www.godaddy.com/).
After all these implementation, I disabled all direct port forwarding except TCP 443 to SSLVPN service.
The total investment for this project:
- AD - already have, nothing added, $0
- 3SP SSLVPN license -using 2 concurrent users free license, $0
- PC based server - using a virtual machine with CentOS, $0
- SMS Gateway - Clickatell, HK$100 for about 220 SMS send out credits (about HK$0.45 per authentication)
- SSL Certificate - GoDaddy, US$14.95 for 1 year
- My time - 3 hours of design and implementation
In shout, for home use, it does not cost a lot if you do not need SMS OTP. Other methods of two factor authentication can also be used, like digital signatures, OTP tokens, etc. However, I think SMS is the most accessabile way for me.
Sunday, June 15, 2008
Two Reports on Information Security
2008 Data Breach Investigations Report - Verizon Business
http://www.verizonbusiness.com/resources/security/databreachreport.pdf
2007 Global Security Survey - Deloitte
http://www.deloitte.com/dtt/cda/doc/content/ca_en_Global_Security_Survey.final.en.pdf
http://www.verizonbusiness.com/resources/security/databreachreport.pdf
2007 Global Security Survey - Deloitte
http://www.deloitte.com/dtt/cda/doc/content/ca_en_Global_Security_Survey.final.en.pdf
RDP Encrption - MITM Vulnerability
Just doing regular vulnerability scan and found "Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability" on one of my home servers.
It is a repeatable vulnerability and proven it had problem.
Massimiliano Montoro had written a detailed paper on this and it can be found at http://www.oxid.it/downloads/rdp-gbu.pdf
Will try to do an exercise soon to test using Cain & Abel.
It is a repeatable vulnerability and proven it had problem.
Massimiliano Montoro had written a detailed paper on this and it can be found at http://www.oxid.it/downloads/rdp-gbu.pdf
Will try to do an exercise soon to test using Cain & Abel.
Blackjacking?!
Do you know what is Blackjacking? Playing Blackjack? Nope.
It is a new term refering "BlackBerry Hijacking". Cool... it refers to hacking and hijacking to handheld devices. Yes, enterprises tend to have more mobility by using these tiny devices for mobile communications. However, the security on these new technologies are often missed.
Have you evaluate the risk associate with these wireless technologies together with handheld devices (not limited to BlackBerry, but also other handhelds like iPhone, cell phones, PDAs, etc.)? It is an interesting topic for research.
It is a new term refering "BlackBerry Hijacking". Cool... it refers to hacking and hijacking to handheld devices. Yes, enterprises tend to have more mobility by using these tiny devices for mobile communications. However, the security on these new technologies are often missed.
Have you evaluate the risk associate with these wireless technologies together with handheld devices (not limited to BlackBerry, but also other handhelds like iPhone, cell phones, PDAs, etc.)? It is an interesting topic for research.
Welcome to White Hat - Information Security Blog
Wow... welcome to my infosec blog.
I wish this becomes a platform for people around the world to share information security related issues.
Write, write and write... I believe writing can make knowledge sharable.
I wish this becomes a platform for people around the world to share information security related issues.
Write, write and write... I believe writing can make knowledge sharable.
Subscribe to:
Posts (Atom)
View William Lee's profile