« Posts under Security

CrypTool 2

CrypTool 2 is the modern successor of CrypTool 1CrypTool is a free, open-source Windows program for cryptography and cryptanalysis. It is available in 5 languages and the most wide-spreaded e-learning software of its kind. It supports both contemporary teaching methods at schools and universities as well as awareness training for employees and civil servants.

Originally designed as an internal business application for information security training, CrypTool has since developed into an important open-source project in the field of cryptology and IT security awareness.

CrypTool 2 also provides a variety of cryptanalytical tools to analyze or even break classical and modern ciphers.

Practical Malware Analysis

Practical Malware Analysis
Michael Sikorski and Andrew Honig
No Starch Press

Practical Malware Analysis is the best book I have read so far on malware analysis and reverse engineering. The authors take an approach to attract Malware Analyst and Reverse Engineers of all skill levels. This book guides you through malware analysis from the introductory, basic, and advanced techniques with included labs that will lead you to a deeper understanding of the concepts and techniques covered. I strongly highly this book for beginners and experts alike!

Get the book here
practicalmalwareanalysis.com

DreamHost Unauthorized Access (Compromise)

So here’s the email that I received from DreamHost

IMPORTANT INFORMATION: We are writing to let you know that there may have been illegal and unauthorized access to some of your passwords at DreamHost today. Our security systems detected the potential breach this morning and we immediately took the defensive precaution of expiring and resetting all FTP/shell access passwords for all DreamHost customers and their users. There are three different types of passwords at DreamHost: a web panel password (for logging into the panel), email passwords, and FTP/shell access passwords. Only the FTP/shell access passwords appear to have been compromised by the illegal access. Web panel passwords, email passwords and billing information for DreamHost customers were not affected or accessed. Refer to the following DreamHost status post for details: http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/.
IMPORTANT ACTION REQUIRED:
To create a new FTP/shell access password for your DreamHost account, please login to your DreamHost web panel (https://panel.dreamhost.com/), select “Manage Users” in the top left, then select “Edit” next to each user and type in a new password. Make sure you click “Save Changes” at the bottom of the page.
We are also requesting that you change your email password. We are not enforcing this change at this time as we do not believe that email p asswords were compromised. However we strongly recommend that you change your email password as a precaution. To change the passwords for your email users or yourself, log into the DreamHost panel at (https://panel.dreamhost.com/), select “Manage Email” in the top left, select “Edit” next to each email user address, and choose a new password for each. Make sure you click “Save Changes” at the bottom of the page.
We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please contact us through the support page in the panel.
Note that DreamHost will never ask you for personal or account information in an email. Please exercise caution if you receive any other emails that ask for personal information or direct you to a web site where you are asked to provide personal information.
Sincerely,
The DreamHost Team

I believe DreamHost handled a some what ugly situation really well. We can definitely argue with how the attackers gained access to the database in the first place or the fact that the database stored the passwords in plaintext. But, DreamHost expired all FTP/shell access passwords and notified their customers which is a better response than most companies of late.

Stratfor: The Numbers Are In

The hacktivist group Anonymous stole more than 50,000 credit card numbers from Stratfor and posted the information to Pastebin, along with a variety of other data. Based on the data that was posted, the following numbers have been determined by the analysis:

  • 50,277 unique credit card numbers, of which 9,651 are not expired.
  • 86,594 email addresses, of which 47,680 are unique.
  • 27,537 phone numbers, of which 25,680 are unique.
  • 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked.
  • 73.7 percent of decrypted passwords were weak.
  • 10 percent of decrypted passwords were less than 5 characters long
  • 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world

DeSopa for Firefox Bypasses SOPA DNS Blocking

How did I see this coming?

DeSopa is the latest Firefox add-on that can counter the Stop Online Piracy Act (SOPA)’s DNS blocking if the bill passes. The extension gets you through sites censored by DNS and lets you browse them by IP address.

Read more…

Advanced DLL Injection

Nice little how-to on DLL injection.

System Programming: Advanced DLL Injection

Oracle Web Hacking

Some nice tutorials by none other than Chris Gates (carnal0wnage) @carnal0wnage

Oracle Web Hacking Part I
Oracle Web Hacking Part II

Online Shopping Safety

Holiday shoppers!  This is a nice little safety tip put together by the folks over at Trend Micro.

Online Shopping Safety Made Easy

New ‘Anti-Social’ Social Network Lets CSOs Share

Emerging online community for security executives to help one another better defend against attacks — no vendors or consultants allowed.

This is just what security professionals need, another forum to get together. Really?! Let’s quit talking and start doing.

Read more…

APT Or Not APT? Discovering Who Is Attacking The Network

Corporate networks face a variety of attacks every day, yet pinpointing the most serious attacks are no easy matter

You know this is starting to get to a point where when I see the letters APT I think it stands for “Another Pundit Thought”.

Read more…