Here is a link to an article from The Register regarding a weakness in the SSL/TLS protocols.
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
I also recommend reading this article regarding the number of ways that SSL is essentially broken and why it has been for a long time.
http://www.theregister.co.uk/2011/04/11/state_of_ssl_analysis/
Wednesday, 21 September 2011
Saturday, 10 September 2011
Week 1 - Creating a DVL VM
Okay guys...as a part of my first lab in my advanced hacking class I have to "build" or "setup" and VM running DVL (Damn Vulnerable Linux). I've come to learn that DVL is essentially a Linux distro that's geared towards computer security students to demonstrate some of the vulnerabilities associated with the Linux OS.
I will work through the installation and setup step-by-step. It's very easy and all you'll require ahead of time is a copy of VMWare Workstation (I'm using 7.0.1) and a .iso of DVL (I'm using version 1.5).
Here we go:
-Open VMWare Workstation
-Click "New Virtual Machine"
-Ensure "Typical" Installation is selected and click "Next"
-Ensure "Installer Disc Image File (.iso) is selected and click "Browse"
-Navigate to the .iso file for DVL, highlight it, click "Open", then click "Next"
-Ensure "Linux" is selected as the Guest Operating System
-Select "Other Linux 2.6.x Kernel" as the Version and click "Next"
-Name your VM and change the location of the VM configuration files if you wish - click "Next"
-Change the Max. Disk Size to 20GB and ensure the virtual disk is stored as a single file - click "Next"
-Check the box "Power on the VM after creation" and click "Finish"
-After the VM gets to the "boot: " prompt, press "Enter"
At this point your VM should boot and you should be looking at a screen that looks similar to this:
There you have it! You're DVL VM is ready for you to login (root/toor) and you're off to the races. You can issue the command "startx" when you are at the "bt ~ $" prompt to boot the GUI version of the OS.
Quick and painless - please comment if you found this helpful.
I will work through the installation and setup step-by-step. It's very easy and all you'll require ahead of time is a copy of VMWare Workstation (I'm using 7.0.1) and a .iso of DVL (I'm using version 1.5).
Here we go:
-Open VMWare Workstation
-Click "New Virtual Machine"
-Ensure "Typical" Installation is selected and click "Next"
-Ensure "Installer Disc Image File (.iso) is selected and click "Browse"
-Navigate to the .iso file for DVL, highlight it, click "Open", then click "Next"
-Ensure "Linux" is selected as the Guest Operating System
-Select "Other Linux 2.6.x Kernel" as the Version and click "Next"
-Name your VM and change the location of the VM configuration files if you wish - click "Next"
-Change the Max. Disk Size to 20GB and ensure the virtual disk is stored as a single file - click "Next"
-Check the box "Power on the VM after creation" and click "Finish"
-After the VM gets to the "boot: " prompt, press "Enter"
At this point your VM should boot and you should be looking at a screen that looks similar to this:
There you have it! You're DVL VM is ready for you to login (root/toor) and you're off to the races. You can issue the command "startx" when you are at the "bt ~ $" prompt to boot the GUI version of the OS.
Quick and painless - please comment if you found this helpful.
Some Stats from securelist.com - August 2011
Here are a few stats I found on securelist.com for the month of August 2011.
Click here for the link to the entire article.
Click here for the link to the entire article.
August ratings:
Top 10 Internet threats
| 1 | Blocked | 45643803 | 72.76% |
| 2 | Trojan.Script.Iframer | 1677006 | 2.67% |
| 3 | Trojan.Script.Generic | 1230615 | 1.96% |
| 4 | Trojan.Win32.Generic | 758315 | 1.21% |
| 5 | Exploit.Script.Generic | 671473 | 1.09% |
| 6 | AdWare.Win32.Shopper.ee | 462860 | 1.07% |
| 7 | Trojan-Downloader.Script.Generic | 459647 | 0.74% |
| 8 | Trojan.JS.Popupper.aw | 431959 | 0.73% |
| 9 | AdWare.Win32.Eorezo.heur | 430763 | 0.69% |
| 10 | WebToolbar.Win32.MyWebSearch.gen | 270739 | 0.69% |
Top 10 sources of malware:
| 1 | United States | 26.31% |
| 2 | Russian Federation | 16.48% |
| 3 | Germany | 9.12% |
| 4 | Netherlands | 7.40% |
| 5 | United Kingdom | 6.09% |
| 6 | Ukraine | 5.27% |
| 7 | China | 3.98% |
| 8 | Virgin Islands, British | 3.07% |
| 9 | Romania | 1.97% |
| 10 | France | 1.94% |
Top 10 malware hosts:
| 1 | ak.imgfarm.com | 10.17% |
| 2 | ru-download.in | 8.64% |
| 3 | literedirect.com | 7.84% |
| 4 | 72.51.44.90 | 7.01% |
| 5 | go-download.in | 6.86% |
| 6 | h1.ripway.com | 4.75% |
| 7 | updateversionnew.info | 4.68% |
| 8 | lxtraffic.com | 4.36% |
| 9 | ak.exe.imgfarm.com | 4.18% |
| 10 | dl1.mobimoba.ru | 3.62% |
Top 10 malicious domain zones:
| 1 | com | 30618963 |
| 2 | ru | 10474116 |
| 3 | net | 3465349 |
| 4 | in | 2466494 |
| 5 | info | 2052925 |
| 6 | org | 1982282 |
| 7 | tv | 827236 |
| 8 | cc | 819225 |
| 9 | cz.cc | 463536 |
| 10 | tk | 329739 |
Top 10 countries with the highest percentage of attacks against user comptuers (Web Antivirus)
| 1 | Russia | 35.82% |
| 2 | Oman | 32.67% |
| 3 | Armenia | 31.16% |
| 4 | Belarus | 31.05% |
| 5 | Iraq | 30.37% |
| 6 | Azerbaijan | 29.97% |
| 7 | Kazakhstan | 28.31% |
| 8 | Ukraine | 27.57% |
| 9 | Republic of Korea | 27.23% |
| 10 | Sudan | 26.01% |
Top 10 countries with FakeAV detections:
| 1 | USA | 29.26% | ||||||||||
| 2 | Russia | 9.6% | ||||||||||
| 3 | India | 6.31% | ||||||||||
| 4 | Germany | 3.95% | ||||||||||
| 5 | United Kingdom | 3.9% | ||||||||||
| 6 | Vietnam | 3.75% | ||||||||||
| 7 | Spain | 2.88% | ||||||||||
| 8 | Canada | 2.81% | ||||||||||
| 9 | Mexico | 2.47% | ||||||||||
| 10 | Ukraine | 2.21% |
What this blog is all about...
This is my first blog post on my first blog which I've created as a part of my Hacking Techniques: Advanced course at Fanshawe College in beautiful London, Ontario, Canada.
I'm basically going to be rambling on about my classes as they pass (graduation in 4 months - cheaaaa) and will also be posting articles, links, pictures, and other things that I come across as I get to know the information security community a little bit better.
Please feel free to leave me a comment and let me know what you think.
I'm basically going to be rambling on about my classes as they pass (graduation in 4 months - cheaaaa) and will also be posting articles, links, pictures, and other things that I come across as I get to know the information security community a little bit better.
Please feel free to leave me a comment and let me know what you think.
Subscribe to:
Posts (Atom)