Professional Documents
Culture Documents
Astalavista Banner Contest - 2004 is now live, more information is available at:
http://www.astalavista.com/index.php?page=107
Enjoy your time, holidays are coming :)
Astalavista's Security Newsletter is mirrored at:
http://packetstormsecurity.org/groups/astalavista/
If you want to know more about Astalavista.com, visit the following URL:
http://astalavista.com/index.php?page=55
Previous Issues of Astalavista's Security Newsletter can be found at:
http://astalavista.com/index.php?section=newsletter
Editor - Dancho Danchev
dancho@astalavista.net
Proofreader - Yordanka Ilieva
danny@astalavista.net
02. Security News
------------The Security World is a complex one. Every day a new
vulnerability is found, new tools are released, new measures are made up and
implemented etc. In such a sophisticated Scene we have decided to
provide you with the most striking and up-to-date Security News during the
month, a centralized section that contains our personal comments on the
issue discussed. Your comments and suggestions about this section are
welcome at security@astalavista.net
------------[ ONLINE FRAUD TUTORIALS...FROM THE SECRET SERVICE? ]
As a jaunty flourish in its high-profile roundup of fraudsters and forgers last
Thursday, the agency took over Shadowcrew.com, a New Jersey-based online crime b
azaar
that sits at the center of the government's "Operation Firewall" investigation.
Officials locked out the user accounts and swapped in a new front page featuring
a Secret Service
banner, an image of a prison cell, and a list of federal charges against some si
te members.
More information can be found at:
http://securityfocus.com/news/9866
http://www.shadowcrew.com/
Astalavista's comments:
The Secret Service's "deface" of the group's site simply sends out a message to
a very large and
malicious audience, the group's other members, given the fact that the
investigation itself must have taken a great deal of coordination and resources.
I wonder how many groups like this are still active, and how many are to come ha
ving in
mind the rise of phishing and id thefts,?
[ ALLEGED DDOS KINGPIN JOINS MOST WANTED LIST ]
The fugitive Massachusetts businessman charged in the first criminal case to ari
se from an
alleged DDoS-for-hire scheme has appeared on an FBI most wanted list, while the
five men accused
of carrying out his will are headed for federal court.
More information can be found at:
http://securityfocus.com/news/9870
http://www.fbi.gov/mostwant/alert/echouafni.htm
Astalavista's comments:
Why is the government going after such a small fish with green bucks after all probably because of the
good publicy, but this is not the best way to send a message for potential DDoSfor-hire schemes
since the people behind these attacks are still out there, building zombie netwo
rks,
underground economics, DDoS and phishing services on demand.
[ CISCO FIREWALL SOURCE CODE IS FOR SALE ]
A group describing itself as the Source Code Club (SCC) has offered to sell sour
ce code for
Cisco's Pix proprietary security firewall software to any taker for $24,000. In
a note posted on a
Usenet newsgroup, the group also said that it would also make available other, u
nnamed source code to
those who paid.
More information can be found at:
http://nwc.networkingpipeline.com/shared/article/showArticle.jhtml?articleId=512
02557
Astalavista's comments:
Although Cisco have had quite a lot of source code leakeges recently, I doubt wh
ether this is a serious
one, or perhaps the folks behind it are desperately looking for cash. Cisco, as
the world's most
established networking company, should put more efforts into safeguarding its so
urce code.
News reports like these make a mockery of the company's image.
[ TROJAN HORSE TARGETS MOBILE PHONES ]
A new Trojan horse that sends unauthorized spam to mobile phones via sms has bee
n detected by anti-virus
authority Sophos, marking a new trend in the convergence of viruses and mass-mai
l attacks.
The Troj/Delf-HA Trojan horse infects a PC, then downloads instructions on which
spam campaign to
launch from a Russian telecom Web site, according to Gregg Mastoras, senior secu
rity analyst at Sophos.
It can plague owners of cell phones by sending them unsolicited junk text messag
es
over the carrier's network.
More information can be found at:
http://wireless.newsfactor.com/story.xhtml?story_title=Trojan-Horse-Targets-Mobi
le-Phones&story_id=28307
Astalavista's comments:
Welcome to the new borne world of mobile viruses, mobile spam, and with the numb
er of banks doing
banking over mobiles, mobile phishing attacks are soon to appear as well. A coup
le of interesting papers
for you to read on the topic are available at:
http://www.sourceo2.com/NR/rdonlyres/ehunutobhlesv6szirdn2sd4ltxg7vkbhuh2ak4zizn
oe4xgk3ezbsfdxlhi7i76zlsik5ujllbf4tetdzzw7vqajwb/CabirWormInfo.pdf
http://www.astalavista.com/index.php?section=dir&cmd=file&id=2315
http://www.astalavista.com/index.php?section=dir&cmd=file&id=1586
[ NEW MYDOOM ATTACKS MAY SIGNAL 'ZERO DAY' ]
The newest version of the MyDoom worm now circulating suggests to security exper
ts that the much-anticipated
"Zero Day attack" may have arrived. Zero Day refers to an exploit, either a worm
or a virus, that arrives on the
heels of, or even before, the public announcement of a vulnerability in a comput
er system. This new MyDoom appeared
only two days after a security flaw in Windows IE was made public, according to
reports.
More information can be found at:
http://www.pcworld.com/news/article/0,aid,118580,00.asp
Astalavista's comments:
Slaves of the botnets?! Yes we are, the whole industry is. They fill every secur
ity gap,
they make patching pointless, they update and fully load each other whenever a
public or Zero Day exploit is found, thus creating yet another news story
and a couple of thousands new zombies by the time administrators respond.
Further reading:
http://www.columbia.edu/~medina/docs/resnet/medina-resnet2004.pdf
http://www.sfbay-infragard.org/SUMMER2004/Botnets_Botherds-1.pdf
03. Astalavista Recommends
---------------------This section is unique with its idea and the information included within. Its pu
rpose is
to provide you with direct links to various white papers covering many aspects o
f Information Security.
These white papers are defined as a "must read" for everyone interested in deepe
ning his/her
knowledge in the Security field. The section will keep on growing with every new
issue.
Your comments and suggestions about the section are welcome at
security@astalavista.net
" PGP 101 - GETTING, INSTALLING, AND USING PGP FREEWARE "
A tutorial on PGP for the complete beginner, screenshots included as well
http://www.astalavista.com/?section=dir&act=dnd&id=3190
" VTRACE 0.1 "
Tool for visual tracert, shows the geographical location of a certain host
http://www.astalavista.com/?section=dir&act=dnd&id=3187
" EXPLOIT MITIGATION TECHNIQUES - PRESENTATION "
Various exploit mitigation techniques revealed
http://www.astalavista.com/index.php?section=dir&act=dnd&id=3151
" NET TOOLS 3.1 "
Over 70 network/security tools application, recommended!
http://www.astalavista.com/index.php?section=dir&act=dnd&id=3163
" APPRECON - APPLICATIONS IDENTIFICATION "
AppRecon is a small java tool that tries to identify
applications by sending appropriate discovery broadcast packets.
http://www.astalavista.com/?section=dir&act=dnd&id=3214
04. Site of the month
-----------------http://www.futurewar.net/
FutureWar.net is a site dedicated to provide its visitors with quality and exten
sive
information on various information warfare issues.
05. Tool of the month
-----------------Vodka-tonic - cryptography-steganography hybrid tool
Vodka-tonic is a cryptography-steganography hybrid
tool. It a three level security system for paranoid people.
http://www.astalavista.com/index.php?section=dir&act=dnd&id=3181
06. Paper of the month
-------------------
Question: A network attack of some kind was recently responsible for shutting do
wn the connection between
our branches in two different cities; we weren't able to detect a DDoS attack, n
or was our ISP able to detect anything
unusual. We have started an investigation - any ideas on what happened would be
appreciated?
--------Answer: Thanks for the extensive email and your request for advice on this issue
. From what I've read
it sounds like either an insider had knowledge of critical infrastructure and th
e physical insecurities around it, or an
application level DoS attack simply shut down these vital servers. I would recom
mend you make sure that the servers aren't
compromised by the use of integrity checkers, since you alredy have them in plac
e, and pay attention to a possible insider
treat. I'm sure if you look deeper, you will be able to clarify what happened.
A useful paper on Application level DoS attacks can be found at:
http://www.corsaire.com/white-papers/040405-application-level-dos-attacks.pdf
Another useful article on insiders can be found at:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci906437,00
.html
---------Question: Hi, folks at Astalavista.com. Congratulations on the security resource
you've been providing me with for the past
several years. It helped me achieve a lot in my ITSec career. I wanted to reques
t additional opinion on an issue that has
been bothering me for a very long time. It's not that I don't trust the people
that I employ, I do, since trust is
vital, but how do I protect from insiders, so taht the company does not turn int
o a commercial BigBrother :)
---------Answer: Depends on what you're doing and how sensitive it is. You might need to
turn your enterprise into a
BigBrother to a certain extent. Staff monitoring is a hot and complicated topic
given the different laws and regulations
across the globe. Most of all, staff monitoring should act as an enformecement t
ool when implementing your company's
security policy; otherwise the amount of information gathered could be abused to
a great extent. Your employees aren't
watched, there're just monitored - this is the feeling that your monitoring prog
ram should represent and enforce.
08. Enterprise Security Issues
-------------------------In today's world of high speed communications, of companies completely
relying on the Internet for conducting business and increasing profitability, w
e have
decided that there should be a special section for corporate security, where
advanced and highly interesting topics will be discussed in order to provide
that audience with what they are looking for - knowledge!
- Company's best practices on anti-spam prevention -
Spam represents one of the biggest threats to our business and personal email co
mmunication. Every day
millions of spam messages are sent, a couple of hundred people are lured into th
e ads, several thousand
think they've removed themselves on the mail servers - a certain loss of product
ivity when employees are constantly
bothered by spam. In this issue we have decided to provide company or IT manager
s with practical tips on how to deal
with the problem.
The problems with mail server bandwidth
Given the different sizes of organizations and the publicity of their emails, th
e unecessary flood of
daily spam can cause additional, sometimes above the average bandwidth costs to
an organization. It can contribute to the
certain delays in processing emails as well.
The problems with loss of productivity
The flood of spam targeting your employees can result in significant loss of pro
ductivity; everyone has to
manually go through the spam and delete it. Employees' mode of thinking is that
they believe the company has better
anti-spam filters than the ones they have at their free web based or ISP mail ac
counts; this is why they often use these
emails on public forums etc.
Practices to safeguard the company's infrastructure
- the anti-email exposure policies
Your company has to develop and closely monitor the enforcement of an anti-email
exposure policy, namely
that the company's email accounts shouldn't be used at public www boards, mailin
g lists etc. If enforced successfully, this
might significantly limit the amount of spam towards your mail servers.
- the use of web forms
The use of web forms instead of plain info@example.com emails is strongly recomm
ended. Yes it's very
convinient for a customer to reach you, the same goes out about the spammer as w
ell. Beside all, users don't mind
filling out web forms.
- the use of cost-effective open-source solutions
The Spam Assassin Project (http://spamassassin.apache.org/ ) is one of the most
effective anti-spam approaches I have
used so far, besides developing an effective white listing model. It works perfe
ctly well even on a high
bandwidth server processing thousands of mails daily.
09. Home Users' Security Issues
-------------------------Due to the high number of e-mails we keep getting from novice users, we have dec
ided that it would be a very good
idea to provide them with their very special section, discussing various aspects
of Information Security in an
easily understandable way, while, on the other hand, improve their current level
of knowledge.
- How to effectively fight spam - practical tips How many messages did you got today? I got 14 even though I've thought there's a
spam protection in
place. The truth is that spammers are getting smart - they're not using our own
computers once breached to distribute
spam. Yes this is right - you might be actually sending all that spam to yoursel
f and your friends even without
knowing it. This article will provide you with practical tips on how to deal wit
h spam and avoid the most general mistakes.
How spammers harvest your emails
- from public web forums or places where your email is in plain text like you@ya
hoo.com
- from fake mailing lists and sites created with the idea to gather as much emai
ls as possible
How to protect your email
- have a couple of emails, one for personal reasons, other for business, and yet
another one to give out
for mailing lists and web site submissions, so you can be sure if there're unetc
hical activities behind the site you'll
be able to find that very easily
- Read your email offline. As a large number of spammers no longer require you t
o reply or somehow
interact with the message, once you open it, it sends back a confirmation so you
r email is now known as an active one,
meaning you'll get even more spam.
- Never reply to a spammer or try to manualy remove yourself from the list, simp
ly because this is just
another way to confirm that your email is real and active.
- Whenever posting your email somewhere, make sure it is in the following form,
thus protecting against spam
harvesters: you@yahoo.com would be you AT yahoo DOT com or you [at] yahoo.com.
A recommended article that will give you more details on how to protect yourself
can be downloaded at:
http://www.astalavista.com/?section=dir&act=dnd&id=3194
10. Meet the Security Scene
----------------------In this section you are going to meet famous people, security experts and
all personalities who in some way contribute to the growth of the community.
We hope that you will enjoy these interviews and that you will learn a great dea
l of
useful information through this section. In this issue we have interviewed Dave
Wreski from LinuxSecurity.com
Your comments are welcome at security@astalavista.net
------------------------------------------------
- Access to thousands of anonymous proxies from all over the world, daily update
s
- Security Forums Community where thousands of individuals are ready to share th
eir knowledge and answer
your questions; replies are always received no matter of the question asked.
- Several WarGames servers waiting to be hacked; information between those inter
ested in this activity is
shared through the forums or via personal messages; a growing archive of white
papers containing
info on previous hacks of these servers is available as well.
http://www.astalavista.net/
The Advanced Security Member Portal
14. Astalavista Banner Contest - 2004
----------------------------------Are you good at designing creatives (banners, buttons, wallpapers etc.)?
Would you like to contribute to Astalavista.com with your talent and creativity?
And would you appreciate if we provide the most talented of you with the brand n
ew Astalavista DVD or
a FREE Astalavista.net membership?
All you have to do is simple - participate!
At Astalavista.com we have always valued designers and provided them with the op
portunity to publish
their work at our Gallery section, while rewarding the best creatives with Astal
avista.net memberships.
So far we have had several successful creative contests, namely because we are w
ell aware of the high
number of designers visiting our site.
Enjoy this year's creative contest!
We are looking for the following Astalavista.com and
Astalavista.net related creatives:
- banners
Banners should be in the following size only (468 x 60)
- buttons
Buttons should be in the following size only (88 x 31)
- Prize
The brand new Astalavista DVD, or a free membership to Astalavista.net - Advance
d Security Member Portal
More information is available at:
http://astalavista.com/index.php?page=107
15. Final Words
----------Dear Subscribers,
Thanks for your feedback and participations at our contests, hope you've enjoyed
issue 11.
Thanks for your time, till the next Christmas issue of Astalavista Security News
letter.