Disqus for Cyber Fort

Showing posts with label e hacking. Show all posts
Showing posts with label e hacking. Show all posts

Saturday 26 October 2013

The NSA’s Website (NSA.gov) Is Down

Be The First To Comment
The National Security Agency’s website has been down for at least 30 minutes. Officials have acknowledged the outage, but won’t say if it was hacked. At least a few Twitter accounts that sound like the elite hacktivist contingent, Anonymous, are taking credit.
Official Anonymous channels are just making fun of the outage:
To be sure, The NSA’s website has been hacked before. But, we won’t speculate, for fear of perpetuating the kinds of rumors implied by this delightful XKCD comic:














While we’re all waiting to figure out what went wrong, feel free to add your own Healthcare.gov jokes in the comments.
Update: LOLZ

Read More

How to Protect yourself from keyloggers

4 Comments

Protect yourself from keyloggers 



This tool is a powerful, easy to use anti-spy software tool that prohibits operation of keyloggers, known or unknown, professional or custom made. Once installed, Anti Keylogger Shield will run silently in your System Tray, it will block the system mechanisms that are exploited by keyloggers, and will immediately start protecting your privacy. With Anti Key logger shield you can hide and protect your keystrokes from prying eyes.

I haven't create this one but i though it might be useful to post it here.

Here is what the description says:

Quote: Keyloggers are small spy programs, that record everything you type on the computer, including documents, emails, user names and passwords, and then either stores this information in a hidden place on your computer or sends it over the Internet to the person who infiltrated it.

Keyloggers can come in many forms, as emails, viruses, Trojan horses; from people who might try to invade your privacy and see what you are typing, or remote hackers, who might want to steel user names and passwords as you type them.

Unlike similar programs, Anti Keylogger Shield does not use a signature database, and it will not try to detect keyloggers. Anti Keylogger Shield will simply block the very mechanisms that are used by keyloggers, and they will not be able to record your information anymore.

Read More

Friday 18 October 2013

Bypass Any PHONE and SMS Verification Code Of Any Website

Be The First To Comment

shubucyber


In this artical i'll give you to get a free virtual number that can be used for reviving sms and sending SMS. You don't need to verify by email. You can create unlimited phone numbers, and the numbers will never expire, when they are in use.


shubucyber

 

Guide :-

Step 1:

First, you have to go to: Textfree Web for Free Unlimited Texting
http://goo.gl/S22st5 From Your Computer. Now from there, create an account. By clicking >> Signup FREE and then filling out the form.

Step 2:

Now login, into your account. When you have to enter the zip code, enter something like this 10453. At entering the age, just enter some random age.
Now choose a number and then hit >> Confirm.

Step 3:

Now click on >> Options. From there you can copy your phone number. Use this to bypass any SMS verification.

Thank you! Hope this article is helpful for you all guyzz. "HAPPY HACKING"
 
Read More

How To Secure WireLess (Wi-Fi) Network

Be The First To Comment

shubucyber


                    In this article I'll describes you the techniques that how user can secure wireless (Wi-Fi) home network. Securing a wireless network is very important because if you don't, your neighbors can not only borrow your Internet connection, but also access your files and check up on what you're doing.

shubucyber



1> Change Default Administrator Passwords (and User names)

Wireless routers (and access points) allow administrators to manage their Wi-Fi network through a special account. Anyone who knows this account's username and password can log into the router, giving them complete access to the device's features and information about any devices connected.

Manufacturers set up all of their new routers with the same default username and password. The username is often simply the word "admin" or "administrator." The password is typically empty (blank), the words "admin," "public," or "password," or some other simple word.

To improve the security of your Wi-Fi network, you should change the administrative password on your wireless access point or router immediately when first installing the unit. The default passwords for popular models of wireless network gear are well-known to hackers and often posted on the Internet. Most devices do not allow the administrative username to be changed, but if yours does, seriously consider changing this name as well.

Finally, to maintain home network security for the long term, continue changing this administrative password periodically. Use words that would be very difficult for others to guess. Many experts recommend changing Wi-Fi passwords every 30 to 90 days.


2> Change the Default SSID


Wi-Fi access points and routers establish a wireless network using a name called an SSID. Routers are configured with a default SSID pre-defined and set by the manufacturer at the factory.

Typical default SSIDs are simple names like

☻   "wireless"
☻   "netgear"
☻   "linksys"
☻   "default"

The SSID can be accessed from within the router's Web-based or Windows-based configuration utilities. It can be changed at any time, but wireless clients must then recognize the new SSID in order to reconnect to that router and wireless network.

To improve the security of your home wireless network, consider changing the router's SSID to a different name than the default. Here are some recommended do's and dont's, based on recommended network security practices:

☻     Don't embed your name, address, birth date, or other personal information as part of the SSID

☻     Likewise, don't use any of your Windows or Internet Web site passwords

☻     Don't tempt would-be intruders by using tantalizing network names like "SEXY-BOX" or "TOP-SECRET"

☻     Do pick an SSID that contains both letters and numbers

☻     Do choose a name as long or nearly as long as the maximum length allowed

☻     Do consider changing your SSID periodically (at least once every few months)


3> Disable SSID Broadcast


Most wireless access points and routers automatically transmit their network name (SSID) into open air at regular intervals (every few seconds). This feature of Wi-Fi network protocols is intended to allow clients to dynamically discover and roam between WLANs.

However, this feature also makes it easier for hackers to break into your home network. Because SSIDs are not encrypted or otherwise scrambled, it becomes easy to grab one by snooping the WLAN looking for SSID broadcast messages coming from the router or AP. Knowing your SSID brings hackers one step closer to a successful intrusion.

In a home Wi-Fi network, roaming is largely unnecessary and the SSID broadcast feature serves no useful purpose. You should disable this feature to improve the security of your WLAN. Once your wireless clients are manually configured with the right SSID, they no longer require these broadcast messages.

Note that disabling SSID broadcast is just one of many techniques for tightening security on a Wi-Fi network. This technique is not 100% effective, as hackers can still detect the SSID by sniffing different messages in the Wi-Fi protocol. Still, using techniques like SSID broadcast disable makes it more likely that would-be intruders will bypass your home network seeking easier targets elsewhere.


4> Do Not Auto-Connect to Open Wi-Fi Networks


Connecting to an open Wi-Fi network such as a free wireless hotspot exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations with your (the user's) awareness.

To verify whether automatic connections to open Wi-Fi networks are allowed, check the computer's wireless configuration settings. For example, on Windows XP computers having Wi-Fi connections managed by the operating system, the setting is called "Automatically connect to non-preferred networks." To check this setting, follow these steps:

i)     From the Start Menu, open Windows Control Panel.

ii)    Inside Control Panel, click the "Network Connections" option if it exists, otherwise first click "Network and Internet Connections" and then click "Network Connections."

iii)   Right-click "Wireless Network Connection" and choose "Properties."

iv)   Click the "Wireless Networks" tab on the Properties page.

v)    Click the "Advanced" button in this tab.

vi)    Find the "Automatically connect to non-preferred networks" setting. If checked, this setting is enabled, otherwise it is disabled.

While Windows XP does not enable automatic non-preferred connections by default, some users enable it in an attempt to simplify connecting to their own home network. Users should instead configure these as Windows XP Preferred networks which allows automatic connection to the home equipment yet still prevents auto-connection to other networks.


5> Assign Static IP Addresses to Devices


Static IP address assignment (sometimes also called fixed addressing) is an alternative to dynamic addressing (normally, DHCP) on Internet Protocol networks. Dynamic addressing is convenient. It also allows mobile computers to more easily move between different networks.

However, static IP addressing also offers some advantages:

☻   A static IP address best supports name resolution, so that a computer can be most reliably reached over the network by its host / domain name. Web and FTP servers in particular benefit from fixed addressing for this reason.

☻   Using static IP addresses on home networks gives somewhat better protection against network security problems than does DHCP address assignment.

☻   Some network devices do not support DHCP. Using static IP address assignment for all devices on the home network guarantees to avoid potential address conflicts where DHCP may supply an address already assigned statically elsewhere.

When using static IP addresses on home and other private networks, they should be chosen from within the standard private IP address ranges listed:

☻   10.0.0.0 through 10.255.255.255
☻   172.16.0.0 through 172.31.255.255
☻   192.168.0.0 through 192.168.255.255

These ranges support many thousands of different IP addresses. It's common for people to assume that any address in these ranges can be chosen and the specific choice doesn't matter much. This is untrue. To choose and set specific static IP addresses suitable for your network, follow these guidelines.

i>     Do not choose any addresses that end with ".0" or ".255" - these addresses are generally reserved for use by network protocols.

ii>    Do not choose the addresses at the beginning of a private range. IP addresses like 10.0.0.1 and 192.168.0.1 are very commonly used by network routers and other consumer devices. These are the first addresses someone will attack when trying to break into a private computer network.

iii>   Do not choose an address that falls outside the range of your local network. For example, to support all addresses in the 10.x.x.x private range, the subnet mask on all devices must be set to 255.0.0.0, otherwise some static IP addresses in this range will not work.


6> Enable Firewalls On Each Computer and the Router


One of the easiest, least expensive ways to guard a home network from attack is to set up a personal firewall. The top firewall software products listed below afford good network protection and help maintain personal privacy. Even those who have home routers probably need the additional protection that a personal firewall offers. While these products all target the Windows environment, Symantec also sells the Norton Personal Firewall for Macintosh.

Some personal firewalls formerly available as stand alone downloads, such as the CA Personal Firewall based on the old free TINY Personal Firewall, are now bundled together with other security software and no longer on this list.


i> Sygate Personal Firewall PRO


Before being discontinued by Symantec as a product, Sygate Personal Firewall software offered solid network protection, activity logging, and automatic email notifications. Free for personal use, it supported advanced configuration options without being overly difficult to use. The PRO edition (no longer available) includeed guaranteed VPN support, an unlimited number of security rules, ability to import/export settings to multiple computers, and one year of free upgrades.


ii> ZoneAlarm Pro


Zone Labs provides a free ZoneAlarm download, too. The Pro edition adds email attachment protection similar to that offered by antivirus software, password protection, and ICS/NAT support. ZoneAlarm runs in Stealth Mode, making your PC literally "invisible" on the Internet. Though missing some of the more advanced personal firewall controls, its user interface includes handy features like the "Stop" button.


iii> Symantec Norton Personal Firewall 2012


Some claim that Norton's graphic interface isn't as easy to use as some other products in this category. Symantec doesn't offer a free trial version of this personal firewall software product either. Still, it continues to improve, and a new Home Network Assistant feature simplifies administering security across the home LAN. The Norton Personal Firewall software is solid and from a reputable company.


iv> McAfee Personal Firewall Plus


McAfee's software is sold on a one-year subscription basis rather than on one-time purchase, a feature that may appeal to some, but no free trial exists. McAfee also possesses a comparatively small footprint and a central "Control Panel" style of user interface. Product updates occur "live" over the Internet. McAfee does not support Windows ICS networks or the IIS Web server.


v> BlackICE™ PC Protection


BlackICE was the first mainstream personal firewall software product and remains an all-around top choice. Its high-quality user interface, logging capability, and support for auto-blocking of traffic from specific network addresses are great features for beginners and more advanced networkers alike. BlackICE PC Protection is an end of life product no longer receiving support from its vendor (IBM).


7> Turn Off the Network During Extended Periods of Non-Use


QuestionShould Your Computer Network Be Powered Off When Not in Use?
Most broadband Internet connections stay "always-on," keeping you online at all times. For convenience, residential network owners often leave their router, broadband modem and other network equipment powered up and operating, even when not utilizing it for long periods of time.
          But should home network gear really stay always connected? What are the pros and cons of switching it off?

Answer: Home network gear need not be powered on and connected to the Internet at all times. Several clear advantages apply if you turn off your equipment when not using it, although some disadvantages exist also. Consider these pros and cons:

 Security  - Powering off your gear when not using it improves your network security. When network devices are offline, hackers and Wi-Fi wardrivers cannot target them. Other security measures like firewalls help and are necessary but not bulletproof.

☻ Electricity cost savings  - Powering down computers, routers and broadband modems saves money. In some countries, the savings is low, but in other parts of the world, costs are significant.

 Surge protection  - Unplugging network devices prevents potential damage from power surges. As with other types of consumer electronics, surge protectors may also prevent this damage. However, surge units, particularly the inexpensive ones, generally cannot protect against severe power spikes like those from lightning strikes.

☻ Noise reduction  - Networking gear has grown quieter in recent years, as noisy built-in fans get replaced with solid state cooling systems. Your senses might be adjusted to the relatively low levels of home network noise, but you might also be pleasantly surprised at the added tranquility of a residence without it.

☻ Hardware reliability  - Frequently power cycling a computer network device can shorten its working life due to the extra stress involved. Disk drives are particularly susceptible to damage. On the other hand, high temperature also greatly reduces the lifetime of network equipment. Leaving equipment always-on very possibly causes more damage from heat than will powering it down occasionally.

 Communication reliability  - After power cycling, network communiations may fail to re establish. You must take care to follow proper start-up procedure. For example, broadband modems generally should be powered on first, then other devices only later, after the modem is ready. You may also experience start-up failures due to "flaky" or unstable installations. Troubleshoot these problems when they arise, or you'll be faced with bigger networking problems down the road.

☻ Convenience  - Network devices like routers and modems may be installed on ceilings, in basemenets or other hard-to-reach places. You should shut down these devices gracefully, using the manufacturer-recommend procedure, rather than merely "pulling the plug." Powering down a network takes time to do properly and may seem an inconvenience at first.

In summary, most of these considerations suggest turning off your network during extended periods of non-use is a good idea. The security benefit alone makes this a worthwhile endeavor. Because computer networks can be difficult to set up initially, some people naturally fear disrupting it once working. In the long run, though, this practice will increase your confidence and peace of mind as a home network administrator.

Read More

How To Secure Gmail Account

Be The First To Comment

shubucyber

I'm writing this article because I’ve been noticing a lot of people’s email getting hacked lately. Have you noticed an email going around titled “Document” with a very dry note from your “friend” that says they want to share their Google Docs? Yeah, I got that too. This does not mean we all need to go on panic mode, it’s just a reminder to be careful about what we open. That said, it might not be a bad idea to setup Google’s 2-Step Verification to add a little extra security. The way this works is when you sign in to your Gmail account, Google will text you a code, which you have to enter before you can be signed in. This way someone who’s attempting to hack your account MUST also have your phone. If they can’t enter the verification code, they can’t get in. Simple as that.

Enable Two-Step Gmail Verification :-


To have Gmail ask you for a remembered password and a code sent to your mobile phone to log in for enhanced security:

Click your name or photo in the top Gmail navigation bar.

Click on Account from the menu that comes up.

Now click on Security on left tab.

Click on Edit in side of 2-step verification.

Enter your Gmail password under.

Insert your mobile number.

Verify your number.

Now your 2-step verification is ON.

Disable Two-Step Gmail Verification :-


To turn off enhanced two-step verification for your Gmail account:

Go to the Google 2-step verification page.

If prompted, enter your Gmail password under Password: and click Sign in.

Click Turn off 2-step verification….

Now click OK.

Read More

What Is Keylogger ?

Be The First To Comment

shubucyber


A keylogger also know as keystroke logger is software or hardware device which monitors each and every key typed by you on your keyboard. You can not identify the presence of keylogger on your computer since it runs in background and also it is not listed in task manager or control panel. It can be used by parents to keep eye on their childrens or company owner to spy on their employes.

"OR" You can say that it is a hardware device or a software program that records the real time activity of a computer user including the keyboard keys they press.

"OR" A keylogger is a type of surveillance software that has the capability to record every keystroke you make to a log file, usually encrypted. A keylogger recorder can record instant messages, e-mail, and any information you type at any time using your keyboard. The log file created by the keylogger can then be sent to a specified receiver. Some keylogger programs will also record any e-mail addresses you use and Web site URLs you visit.

shubucyber


Some keylogger software is freely available on the Internet, while others are commercial or private applications. Most keyloggers allow not only keyboard keystrokes to be captured but also are often capable of collecting screen captures from the computer. Normal keylogging programs store their data on the local hard drive, but some are programmed to automatically transmit data over the network to a remote computer or Web server.


shubucyber


Keyloggers are sometimes part of malware packages downloaded onto computers without the owners' knowledge. Detecting the presence of a keylogger on a computer can be difficult. So-called anti-keylogging programs have been developed to thwart keylogging systems, and these are often effective when used properly.
 
Read More

How To Make Windows 7 Genuine

Be The First To Comment
In this artical i will give you the steps that how to make windows 7 Genuine.
As usual again you follow some easy steps by step guide...

Steps 1 - Open Command Prompt which is in Start Menu , All Programs , Accessories ... but you must run as administrator.

shubucyber

2.   Then simply type in this command:
                               slmgr -rearm

shubucyber

Within a few seconds you’ll normally see this dialog show up, saying that the command has completed successfully, at which point you’ll want to reboot.

shubucyber

Now don't panic you will still get the not genuine message at start up but it shouldn't be in the corner of your desktop anymore.
So,checking the system properties again shows that you now have so many days left to activate.

shubucyber

3.   Now run the Windows 7 Loader by right clicking and run as administrator.

shubucyber

Then just leave the loader on Default mode and click install...

shubucyber

4.   Now once you click install it will disappear don't worry it will take a minute or 2 then tell you to reboot.

shubucyber


Also if you wish you can tick the advanced options and select your pc's make for serial and certificate's but it's not a necessity.

shubucyber



5.   Now once you get the message telling you to restart yourcomputer simply click ok and let the system reboot.
 
And your all done your system should be fully activated...
 
And able to pass validation on the Microsoft site at Genuine Microsoft Software
 
Hope all this Helps you Good Luck !!!
Give your Comments
 
Read More

"LeaseWeb" Hacked by KDMS Team

Be The First To Comment
World's Largest Web Hosting company "LeaseWeb" Hacked by KDMS Team




LeaseWeb is one of the World's largest hosting provider has been defaced by Palestinian hackers, named as KDMS Team. LeaseWeb was also hosting provider for one of the biggest file-sharing website Megaupload in the past. Later Megaupload Founder, Kim Dotcom claimed that Leaseweb had deleted all Megaupload user data from 690 servers without warning.

The hacker group replaced the Homepage of the website for just a few hours with an Anonymous Palestine, homepage titled "You Got Pwned" and the defacement message says:

     Hello Lease
     Web Who Are You ?
     Who is but the form following the function of what
     and what are you is a hosting company with no security
     KDMS Team : Well ,, We Can See That :P

We noticed that Attacker has just changed the DNS server to point the Domain to another server at 67.23.254.6, owned by the attacker. At the time of writing, Leaseweb team resolved the issue and get their Domain back to the original server.

But because the hack was done just a few hours back, Google DNS cache still pointing to domain to the attacker's server. Change your their DNS server to 8.8.8.8 and access LeaseWeb site again, you will be able to see the defaced page, as shown above.

The hacker also posted on the homepage,"Do You Know What That Means ? We Owned All Of Your Hosted Sites Index On Your Site Is The Prove ;)".

It seems a DNS hijacking only, But Hackers told The Hacker News, "We owned Leaseweb  Servers and kept some of their servers for us. But we only changed the DNS Server for now, because we faced some problems with the company website. Here, all what we need .. is to add our signature on their homepage to prove that there is not Completely Secure. If we can pwn them, we can hack other big providers too.,"

The hackers didn't claim that they get hold on customers' information or Credit card numbers. Stay tuned with us for further updates on this hack Story.

Update (9:35 PM Saturday, October 5, 2013 GMT): We contacted and ask LeaseWeb to provide an official statement over the Hack and claims by Hacker.

Update (5:51 AM Sunday, October 6, 2013 GMT): LeaseWeb confirmed the hack and tweeted, "Website should be back to normal in a few hours. No customer data compromised. We continue to investigate."

Hackers exploited a Zero-day SQL Injection flaw in Web Hosting software WHMCS used by LeaseWeb also.
 
Read More

What is Honeypot ?

Be The First To Comment

shubucyber


The first step to understanding honeypots is defining what a honeypot is. This can be harder then it sounds. Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem. Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud. Its is this flexibility that gives honeypots their true power. It is also this flexibility that can make them challenging to define and understand. As such, I use the following definition to define what a honeypot is.

shubucyber


A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.

This is a general defintion covering all the different manifistations of honeypots. We will be discussing in this paper different examples of honeypots and their value to security. All will fall under the definition we use above, their value lies in the bad guys interacting with them. Conceptually almost all honeypots work they same. They are a resource that has no authorized activity, they do not have any production value. Theoreticlly, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. While this concept sounds very simple (and it is), it is this very simplicity that give honeypots their tremendous advantages (and disadvantages). I highlight these below.


Advantages :-  Honeypots are a tremendously simply concept, which gives them some very powerful strengths.

☺ Small data sets of high value: Honeypots collect small amounts of information. Instead of logging a one GB of data a day, they can log only one MB of data a day. Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day. Remember, honeypots only capture bad activity, any interaction with a honeypot is most likely unauthorized or malicious activity. As such, honeypots reduce 'noise' by collectin only small data sets, but information of high value, as it is only the bad guys. This means its much easier (and cheaper) to analyze the data a honeypot collects and derive value from it.

☺ New tools and tactics: Honeypots are designed to capture anything thrown at them, including tools or tactics never seen before.

☺ Minimal resources: Honeypots require minimal resources, they only capture bad activity. This means an old Pentium computer with 128MB of RAM can easily handle an entire class B network sitting off an OC-12 network.

☺ Encryption or IPv6: Unlike most security technologies (such as IDS systems) honeypots work fine in encrypted or IPv6 environments. It does not matter what the bad guys throw at a honeypot, the honeypot will detect and capture it.

☺ Information: Honeypots can collect in-depth information that few, if any other technologies can match.

☺ Simplicty: Finally, honeypots are conceptually very simple. There are no fancy algorithms to develop, state tables to maintain, or signatures to update. The simpler a technology, the less likely there will be mistakes or misconfigurations.


Disadvantages :-  Like any technology, honeypots also have their weaknesses. It is because of this they do not replace any current technology, but work with existing technologies.

☻ Limited view: Honeypots can only track and capture activity that directly interacts with them. Honeypots will not capture attacks against other systems, unless the attacker or threat interacts with the honeypots also.

☻ Risk: All security technologies have risk. Firewalls have risk of being penetrated, encryption has the risk of being broken, IDS sensors have the risk of failing to detect attacks. Honeypots are no different, they have risk also. Specifically, honeypots have the risk of being taken over by the bad guy and being used to harm other systems. This risk various for different honeypots. Depending on the type of honeypot, it can have no more risk then an IDS sensor, while some honeypots have a great deal of risk. We identify which honeypots have what levels of risk later in the paper.


Value of Honeypots :-

Now that we have understanding of two general categories of honepyots, we can focus on their value. Specifically, how we can use honeypots. Once again, we have two general categories, honeypots can be used for production purposes or research. When used for production purposes, honeypots are protecting an organization. This would include preventing, detecting, or helping organizations respond to an attack. When used for research purposes, honeypots are being used to collect information. This information has different value to different organizations. Some may want to be studying trends in attacker activity, while others are interested in early warning and prediction, or law enforcement. In general, low-interaction honeypots are often used for production purposes, while high-interaction honeypots are used for research purposes. However, either type of honeypot can be used for either purpose. When used for production purposes, honeypots can protect organizations in one of three ways; prevention, detection, and response. We will take a more in-depth look at how a honeypot can work in all three.

Honeypots can help prevent attacks in several ways. The first is against automated attacks, such as worms or auto-rooters. These attacks are based on tools that randomly scan entire networks looking for vulnerable systems. If vulnerable systems are found, these automated tools will then attack and take over the system (with worms self-replicating, copying themselves to the victim). One way that honeypots can help defend against such attacks is slowing their scanning down, potentially even stopping them. Called sticky honeypots, these solutions monitor unused IP space. When probed by such scanning activity, these honeypots interact with and slow the attacker down. They do this using a variety of TCP tricks, such as a Windows size of zero, putting the attacker into a holding pattern. This is excellent for slowing down or preventing the spread of a worm that has penetrated your internal organization. One such example of a sticky honeypot is LaBrea Tarpit. Sticky honeypots are most often low-interaction solutions (you can almost call them 'no-interaction solutions', as they slow the attacker down to a crawl :). Honeypots can also be protect your organization from human attackers. The concept is deception or deterrence. The idea is to confuse an attacker, to make him waste his time and resources interacting with honeypots. Meanwhile, your organization has detected the attacker's activity and have the time to respond and stop the attacker. This can be even taken one step farther. If an attacker knows your organization is using honeypots, but does not know which systems are honeypots and which systems are legitimate computers, they may be concerned about being caught by honeypots and decided not to attack your organizations. Thus the honeypot deters the attacker. An example of a honeypot designed to do this is Deception Toolkit, a low-interaction honeypot.

The second way honeypots can help protect an organization is through detection. Detection is critical, its purpose is to identify a failure or breakdown in prevention. Regardless of how secure an organization is, there will always be failures, if for no other reasons then humans are involved in the process. By detecting an attacker, you can quickly react to them, stopping or mitigating the damage they do. Tradtionally, detection has proven extremely difficult to do. Technologies such as IDS sensors and systems logs haven proven ineffective for several reasons. They generate far too much data, large percentage of false positives, inability to detect new attacks, and the inability to work in encrypted or IPv6 environments. Honeypots excel at detection, addressing many of these problems of traditional detection. Honeypots reduce false positives by capturing small data sets of high value, capture unknown attacks such as new exploits or polymorphic shellcode, and work in encrypted and IPv6 environments. You can learn more about this in the paper Honeypots: Simple, Cost Effective Detection. In general, low-interaction honeypots make the best solutions for detection. They are easier to deploy and maintain then high-interaction honeypots and have reduced risk.

The third and final way a honeypot can help protect an organization is in reponse. Once an organization has detected a failure, how do they respond? This can often be one of the greatest challenges an organization faces. There is often little information on who the attacker is, how they got in, or how much damage they have done. In these situations detailed information on the attacker's activity are critical. There are two problems compounding incidence response. First, often the very systems compromised cannot be taken offline to analyze. Production systems, such as an organization's mail server, are so critical that even though its been hacked, security professionals may not be able to take the system down and do a proper forensic analysis. Instead, they are limited to analyze the live system while still providing production services. This cripiles the ability to analyze what happend, how much damage the attacker has done, and even if the attacker has broken into other systems. The other problem is even if the system is pulled offline, there is so much data pollution it can be very difficult to determine what the bad guy did. By data pollution, I mean there has been so much activity (user's logging in, mail accounts read, files written to databases, etc) it can be difficult to determine what is normal day-to-day activity, and what is the attacker. Honeypots can help address both problems. Honeypots make an excellent incident resonse tool, as they can quickly and easily be taken offline for a full forensic analysis, without impacting day-to-day business operations. Also, the only activity a honeypot captures is unauthorized or malicious activity. This makes hacked honeypots much easier to analyze then hacked production systems, as any data you retrieve from a honeypot is most likely related to the attacker. The value honeypots provide here is quickly giving organizations the in-depth information they need to rapidly and effectively respond to an incident. In general, high-interaction honeypots make the best solution for response. To respond to an intruder, you need in-depth knowledge on what they did, how they broke in, and the tools they used. For that type of data you most likely need the capabilities of a high-interaction honeypot.


Up to this point we have been talking about how honeypots can be used to protect an organization. We will now talk about a different use for honeypots, research. Honeypots are extremely powerful, not only can they be used to protect your organization, but they can be used to gain extensive information on threats, information few other technologies are capable of gathering. One of the greatest problems security professionals face is a lack of information or intelligence on cyber threats. How can we defend against an enemy when we don't even know who that enemy is? For centuries military organizations have depended on information to better understand who their enemy is and how to defend against them. Why should information security be any different? Research honeypots address this by collecting information on threats. This information can then be used for a variety of purposes, including trend analysis, identifying new tools or methods, identifying attackers and their communities, early warning and prediction, or motivations. One of the most well known examples of using honeypots for research is the work done by the Honeynet Project, an all volunteer, non-profit security research organization. All of the data they collect is with Honeynet distributed around the world. As threats are constantly changing, this information is proving more and more critical.

 
Read More

Thursday 17 October 2013

Top 15 Wireless Scanner Softwares For Network

1 Comment


Scanning tools is needed to scan the wifi or wireless networks around you. First of all we need to scan all the wireless networks so that we can select the wireless network to hack. There are several wireless scanning tools but my favorite is NET STUMBLER. And for Mac operating systems is MacStumbler.

There are several Wireless scanning tools, a list of all wireless scanning tools is given below:
Read More

Wednesday 16 October 2013

Hack WI FI With CommView In 8 Steps Only

Be The First To Comment


Step 1 : Install CommView for WiFi . It doesnt matter whether you install it in VoIP mode or
Standard mode . I used VoIP . It automatically installs the necessary drivers . Allow it to
install .Note :- You will not be able to connect to any Network using WiFi when using
CommView .

Step 2 : Click on the PLAY ICON in the Left First

Step 3 : (Choosing the Network (a) ) : A new window should pop up now. Click on the START
SCANNING button

Step 4 : (Choosing the Network (b) ) : Click on the WiFi network you want to hack in the Right
Coulumn and Click on CAPTURE.

Step 5 : (Capturing the Packets) : The windows should close now and you should see that CommView has started Capturing Packets .

Step 6 : (Saving the Packets ) : Now that the Packets are getting captured you need to Save
them. Click on Settings->Options->Memory Usage Change Maximum Packets in buffer to 20000.

Click on the LOGGING Tab .

Check AUTO-SAVING

In the Maximum Directory Size : 5000
Average Log File Size : 50
Now CommView will automatically Start Saving
packets in the .ncp format at a size of 20MB
each in the specified directory .

Step 7 : ( Concatenating the Logs ) : 
Since you
are capturing a lot of logs you will need to concatenate them into once file . To do this go to Logging and click on CONCATENATE LOGS Choose all the files that have been saved in your specified folder and Concatenate them .
Now you will have one .ncf file .

Step 8 : (Converting .ncf to .cap ) : Now that you have one file with all the packets you need to Convert it into .cap file for AIRCRACK to crack .

Click on File->Log Viewer->Load Commview Logs-> Choose the .ncf file. Now File->Export->Wireshark/TCP dump format .

Aircrack Part :Now for the Second Part Cracking

this is very simple . Just open the Aircrack
Folder->Bin->Aircrack-ng GUI.exe Choosethe .cap file and you should be able to do the others .

Note :- this article is for only educational purpose...
Read More