NFL 2013 Prediction College Football 2013 Prediction
Predict Football 2013
Random Photos
Back to साझा Techies
CHAT with others with similar interests



~   साझा Techies ~
    One of the challenges InfoSec Profession ...[SAAJHA]       09-24-10 [10:02 PM]
      @pyara, Howdee'!!It's kinda off tangent, ...[SAAJHA]       09-25-10 [8:53 PM]
       I don't mean to push your enthusiasm asi ...[SAAJHA]       09-27-10 [4:09 PM]
         Saajha, I don't mean to push ...[pyaradeshbasiharu]       09-29-10 [1:58 PM]
          Guys my talk would be completely o ...[walkahead]       09-29-10 [11:16 PM]
           @ walkahead,- Check out the name K ...[black_panther]       09-29-10 [11:25 PM]
            I once Wrote a Script to Analyze h ...[pyaradeshbasiharu]       09-30-10 [10:47 AM]
             Folks, - If U have a webcam on you ...[black_panther]       10-03-10 [11:14 AM]
             @pyara, keep up the good work! I&nb ...[saajha]       10-04-10 [9:29 PM]
               Interesting Article http://www.co ...[pyaradeshbasiharu]       10-20-10 [12:44 PM]
               www.net-security.org/malware_news.php ...[SAAJHA]       10-27-10 [9:18 AM]
                Yet another evil stuff: www.computerwor ...[saajha]       10-27-10 [11:12 AM]
                 Wikileaks.com which has leaked thousands ...[ne0]       11-29-10 [12:18 PM]
                  visa.com and mastercard.com DDoS'd by Wi ...[SAAJHA]       12-08-10 [3:30 PM]
                     IE Blows Away Rivals in Browse ...[pyaradeshbasiharu]       12-15-10 [11:29 AM]
                    Some malwares are good at locking your c ...[ne0]       08-27-13 [10:35 AM]

Welcome to all Techies & Web Junkies;

There are a lot of resourceful Nepali techies who are very good at what they do. There are many aspiring techies who are very quick to learn new things. Internet is a vast resource of knowledge and many times one small pointer makes or breaks someones jeal to learn, produce and benefit in some way. This resource is provided by sajha to everyone interested in technology, programming, designing, creating and learning. Please be sure to check a sub category of your posting so that it's easy to navigate for others who can benefit from it.

In addition, this interest group has been created in the interest of helping out general computer users who have problems with their computers and have very little knowledge on how to tackle it.

pyaradeshbasiharu 23-Sep-10 19:59:12            Login in to Rate this Post:     0       ?        
Posted under: SECURITY
pyaradeshbasiharu 24-Sep-10 19:43:42            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

 Walkahead,

This is not someone who is sitting in ma's and pa's Basement and pawning a Bunch of servers. What we are seeing is a Next Generation of Sophisticated Cyberattack. Given the enormous Complexity to Own SCADA system and Utilising at least 4 Zero Days, it's definitely Involvement of Some State.

Stuxnet Could Probably be the Most Sophisticated Malware Written in History.

 

and BTW Politics is Always involved in the Security industry whether u like it or not. That is atleast what I have seen in Last Couple of Years.

 

 

 

 

SAAJHA 24-Sep-10 22:02:08            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

One of the challenges InfoSec Professionals constantly face and battle with is: getting the sysadmins patch their servers, and getting to implant a process/policy they'd adhere to. Granted, Win admins are comparatively paranoid. With the vendor throwing in a bunch of updates almost every black Tuesday, and with the OSes constantly getting fuzzed from newbies and oldbies across the planet,it's slightly easier to convince and push Win admins into bringing their servers to the latest and greatest update levels! But things get wackier when it comes to UNIX world. They just don't want to touch their servers -- period! Reboot? You kiddin' me? Afterall they are the core production systems, and it's a no-no to touch them, and the management thinks the same (because uptime is what *we* need),and *NIX is "supposed to be" secured!! But there's a hope --- we're seeing some light at the end of the tunnel: KSplice. Is this cool or what! Something is definitely evolving in the Linux Security world! 

 

~@~

Excerpt from Wikipedia: Ksplice is an open source[1] extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system. Ksplice takes as input a unified diff and the original kernel source code, and it updates the running kernel in memory

 

   

pyaradeshbasiharu 25-Sep-10 19:19:16            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

 How would You fend off 0 Days???

 

Baitnet Coming soon..

Last edited: 25-Sep-10 07:21 PM
SAAJHA 25-Sep-10 20:53:27            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

@pyara, Howdee'!!

It's kinda off tangent, but two points abt Zero day vulns:

-Typical Corporate infrastructures deploy layered Security mechanisms. Unless an attack is targeted, zero day vulnerabilities generally don't get exploited wide and sparse. Exploitation is a multi-step process, and there are few hurdles one needs to unshield regardless of how severe the vulnerability is! 

-If a zero day is known and the corresponding exploits are out in the wild, it's not necessarily a *zero day* at that point. SOCs and Security app vendors contantly look out for such taffys and work toward offering heuristic solutions to the associated risks - fighting to grab that "pioneer" crown.

I remember, when RPC DCOM exploit got out in the wild back in '08, SourceFire and Snort developers had the snort rules immediately ready. The rule would look for the exploit action on the OS, as opposed to matching the exploit signature (pretty smart!). Qualys, Nessus, eEye, and many other vulnerability assessment vendors had their stuffs intact. The known Zero days aren't very dreadful, provided that you have *some* mechanisms other than a monthly/quarterly patch process. Things do get messier though, if an attack is targeted.

Think of an analogy -- robbers are generally more successful in bagging ransoms they seek, while a seasonal pickpocket might end up with a little or nil! Agreed, Zero days are ugly and scary, but are worse when they are NOT publicly known, and the attack is targeted. In fact, majority of successful intrusions are through the gateways overted by the well known and existing vulnerabilities.

~@~

SAAJHA 27-Sep-10 16:09:16            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

I don't mean to push your enthusiasm aside or to question your knowledge, but you've gotta get some terminologies straight, first:

Payload is a piece of code that you send to a target system to exploit an identified vulnerability (*identified* is the key here that matches with the term *exploit*),. You can have virtually  infinite number of different payloads that can cause overflow and execute the underlying code; which (the code -- a portion of that payload) also can very well vary!. A specific payload should never be a focus while addressing a zero day threat. Instead, the portion of the code that has issues needs to be watched. Payload should not be the focus!


Zero day vulnerability is not a one shot detect/mitigate phenomenon. There are millions of applications out there, and each application can possibly have several poorly written code segments, which through different methods of fuzzing and enumerations, if noticed, can be exploited by bad guys. Today's 'secure code' doesn't necessarily remain secure tomorrow. Vulnerabilties unfold with time and technical enhancements. If you have enough resources, desire and the need, you can possibly take snapshots of the Operating System and installed applications and compare their integrities against a known baseline, measuring the changes, and charting them out. Pretty much like what tripwire does! But that'll not be a preventive control. 

Security tools are out there to assist us, not to feed us with spoon. We pay vendors for their product and services that they offer, which must be customized and tweaked and re-customized and re-tweaked while maintaining vigilance all the time.
If they miss 45% of the known exploits out of the box and through their updates, then it's upto us to raise the bar and pull the figure up to a higher percentage. If the tools were to be the sole servants, there'd virtually be no need to hire Security professionals and Engineers (I know it's a bit of an exaggeration, but you've got the point, I hope!).   

Hundreds of thousands of users throughout the world have worked (and are working) towards developing new and cutting-edge Snort rules (signature based as well as behavior based), as well as exploits, and proof of concepts. You can blame SourceFire for missing 2004's exploit (if there's one), but should also blame yourself for not deploying this free tool (or some other alternatives) and made your way toward creating your own exploit detector using all the jewels these tools offer to the world! Believe it or not, you and I might be missing it, but there are several out there that have stepped beyond relying on the vendor services and have benefitted higher, especially in the open source world.    

Stuxnet is a purely industrial infrastructure targeting malware which can very well be bent around to target virtually any kind of infrastructure, and I agree with your point somewhere up there that this could be a State (or some entity) supported effort. But there's nothing to be highly excited about its capabilities. This is simply a step forward in strengthening its features and adaptability. You could target 4 zero days or 400 zero days, at the end of the day, you'll need 'one' to pass through a barrier and exploit the needful! At that point, the C&C server or the managing peer needs to instruct many of the remaining steps anyway. Worms and botnets are constantly evolving, as just about everything else. This is simply a step higher in this game. That said, I'm not saying these are not dangerous, or shouldn't be of concern. As I stated earlier, targeted attacks are wackier, and the chances of attackers getting with flying colors are higher in such cases.    

Social Engineering is a totally different beast. If you can get your way in through Social Engineering, you might not even need to look for any application specific vulnerabilities. Nothing much to say in this regard.

 

cheers,

~@~

pyaradeshbasiharu 29-Sep-10 13:58:28            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

 Saajha,

 

I don't mean to push your enthusiasm aside or to question your knowledge, but you've gotta get some terminologies straight, first:

 

-I have to admit that I was/is Never Good on the Terminologies and Explaining People what I meant. But I know What You are Talking ABT.


Payload is a piece of code that you send to a target system to exploit an identified vulnerability (*identified* is the key here that matches with the term *exploit*),. You can have virtually  infinite number of different payloads that can cause overflow and execute the underlying code; which (the code -- a portion of that payload) also can very well vary!. A specific payload should never be a focus while addressing a zero day threat. Instead, the portion of the code that has issues needs to be watched. Payload should not be the focus!
-Yes Payload Should not the Focus Right!! Strangely Vendors Rely on Detecting the Payload Rather than Detecting the Underlying Vulns and Mitigating it. I have seen Lots of Vendors Particularly the ONE's Who Boast on Having HIPS(I am  Talking Particularly the AV's), but once even a Generic Payload Say(Shell Bind Reverse TCP) is Obfuscated they are caught Flat Out. The focus for Detecting any Exploit that Triggers an Underlying Vuln should be Infact Monitoring Chunks of Memory and Detecting Any shell code that acts as Part of the Trusted Process but tries to Access Protected Part of the Memory which it shouldn't be accessing.

Zero day vulnerability is not a one shot detect/mitigate phenomenon. There are millions of applications out there, and each application can possibly have several poorly written code segments, which through different methods of fuzzing and enumerations, if noticed, can be exploited by bad guys. Today's 'secure code' doesn't necessarily remain secure tomorrow. Vulnerabilties unfold with time and technical enhancements. If you have enough resources, desire and the need, you can possibly take snapshots of the Operating System and installed applications and compare their integrities against a known baseline, measuring the changes, and charting them out. Pretty much like what tripwire does! But that'll not be a preventive control.  

-Yes there are Hundreds of APPs/OSes Combo That can be exploited. Severity of the 0 Day Depends upon APP/Oses that is commonly deployed. I am not going to Waste my Time Writing Zero Day for Say Netscape which has 0 ROI. And talking abt Snapshotting the OS'es and Applications Against a Known Baseline and Measuring the Changes, This is What i am Exactly Doing. But there are Some Caveats to this Approach.For Validating this Approach i am reconstructing the Binary from Memory Dump+Watching the Process in target. The reason Being Exploits are Typically Memory resident  and Run as Part of the Trusted Process(Say IE)and Normally don't hit the disk. Once You are able to reconstruct the Binary(Typical Shell Code) You can Validate it against Known Good V/s Known Bad.

 

Security tools are out there to assist us, not to feed us with spoon. We pay vendors for their product and services that they offer, which must be customized and tweaked and re-customized and re-tweaked while maintaining vigilance all the time.
If they miss 45% of the known exploits out of the box and through their updates, then it's upto us to raise the bar and pull the figure up to a higher percentage. If the tools were to be the sole servants, there'd virtually be no need to hire Security professionals and Engineers (I know it's a bit of an exaggeration, but you've got the point, I hope!).    

--Saajha , I work at one of the Largest Security Product Testing facility and i have Tested Numerous IPS,FW's AV's, Browsers,UTM's. What was Shocking to see was the % they Missed. AV's are the worst for detecting Exploits/Malwares(Given that there are roughly 20-40,000 Malware Sample Released on the Wild Everyday). You Might Argue that AV's are not tailored to Detect Exploits but why the hell in this world do they Advertise that they have HIPS. Or am I missing Something.Average Pap and Mom Don't have the Luxury to Maintain Vigilance. They will Believe on the what they are told to Believe.

Hundreds of thousands of users throughout the world have worked (and are working) towards developing new and cutting-edge Snort rules (signature based as well as behavior based), as well as exploits, and proof of concepts. You can blame SourceFire for missing 2004's exploit (if there's one), but should also blame yourself for not deploying this free tool (or some other alternatives) and made your way toward creating your own exploit detector using all the jewels these tools offer to the world! Believe it or not, you and I might be missing it, but there are several out there that have stepped beyond relying on the vendor services and have benefitted higher, especially in the open source world.     

- There are different tools that are Being Developed by the Community and they have different Approach on Detecting Exploits/Mitigating. Yes Source Fire missed  2004 CVE. The reason i am Making a Hoopla Out of this is Bad Guys Need Just one . They are one of Best and Talented People Working out there are and have Given Great Snort Rules but one Miss to Get Inside Extremely important Installation makes me Paranoid.

 


Stuxnet is a purely industrial infrastructure targeting malware which can very well be bent around to target virtually any kind of infrastructure, and I agree with your point somewhere up there that this could be a State (or some entity) supported effort. But there's nothing to be highly excited about its capabilities. This is simply a step forward in strengthening its features and adaptability. You could target 4 zero days or 400 zero days, at the end of the day, you'll need 'one' to pass through a barrier and exploit the needful! At that point, the C&C server or the managing peer needs to instruct many of the remaining steps anyway. Worms and botnets are constantly evolving, as just about everything else. This is simply a step higher in this game. That said, I'm not saying these are not dangerous, or shouldn't be of concern. As I stated earlier, targeted attacks are wackier, and the chances of attackers getting with flying colors are higher in such cases.     

-Since this is a Targeted Attack , the Level of sophistication and resource required to Pull this out makes me think it's Sponsored by Gov or Enormously Large Corp.

Social Engineering is a totally different beast. If you can get your way in through Social Engineering, you might not even need to look for any application specific vulnerabilities. Nothing much to say in this regard.

-yes it's a Different Beast but day by day OS'es /APP's are Made More Secure , PPL rely on a Bit a Social Engineering to Pawn a System. Aurora was a Classic Example. 0 Day+Social Enginering.

 

cheers,

 

 

Last edited: 29-Sep-10 06:25 PM
Last edited: 29-Sep-10 06:27 PM
walkahead 29-Sep-10 23:16:34            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

 Guys my talk would be completely out of track, but I had the speaker in my class.. and he is CIO from a very popular IT company. They had 9 of the security level employees, 

and when we asked what kind of people would they hire? Guess what was his answer, 

They would first look at the candidates that has FBI and CIA charges. That means the people who have the charges for the security break-in on the systems of other companies.. 

Weird.. 

Where would i Fall on that.. ??? Big Question

black_panther 29-Sep-10 23:25:26            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

 @ walkahead,


- Check out the name Kevin Mitnick ....

- Once the most wanted man by the Feds ...

- Now working as a security consultant ...

- There are many others like him (just a google search away ....)

 

 

pyaradeshbasiharu 30-Sep-10 10:47:27            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

 I once Wrote a Script to Analyze hashes on Virus-Total. It is Fully Automated and Outputs the result in CSV format for Further Analysis. It's Written in Perl and will require HTML extract Module for perl.If the Folks at VT decide to Change the Form Submission part it won't work at that point of time.

 

Feel Free to Modify and Reuse the Code

 

#!/usr/local/bin/perl
 
# Description: Uses Virustotal.com to parse MD5 hashes of malware
# Assumes hashes to be analyzed are in a text file "md5.txt" in the same directory as the script
# RESULT.csv shows the md5 hash, AV engine, Scan result
# ** Needs HTML Table Extract module **
 
 
 
use strict;
use warnings;
 
use IO::File;
use Fcntl qw(SEEK_END);
use LWP::UserAgent;
use HTTP::Request::Common;
use DB_File;
use URI::Escape ('uri_escape');
 
use lib qw( ..);
use HTML::TableExtract;
use LWP::Simple;
#use Data::Dumper;
 
use FileHandle;
use IO::File;
use Getopt::Long;
use vars qw (%options);
 
 
# How many hashes are there? (count the lines in the file)
my $totalhashes = `grep -cve '^\\s*\$' ./md5.txt`;
chomp $totalhashes;
print "$totalhashes hashes to process\n";
 
my $line_number = 0;
 
for ($line_number = 0; $line_number < $totalhashes; $line_number++)
{
my $output = $line_number + 1;
print "Processing hash $output of $totalhashes\n";
 
# Read the desired line number
my @lines = "";
my $tie = "";
 
my $filename = "./md5.txt";
 
$tie = tie(@lines, "DB_File", $filename, O_RDWR, 0666, $DB_RECNO)
or die "Cannot open file $filename: $!\n";
 
unless ($line_number < $tie->length) {
   die "Didn't find line $line_number in $filename\n"
}
my $hashline = $lines[$line_number];
 
my $md5 = substr $hashline, 0, 32;
 
# POST hashes to virustotal
# URL to post to
my $URL = "http://www.virustotal.com/search.html";
my $BrowserName = "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6";
my $ua = new LWP::UserAgent;
$ua->agent($BrowserName);
push @{$ua->requests_redirectable}, 'POST';
my $response = $ua->post($URL,
[
'chain' => $md5
],
);
 
die "Error: ", $response->status_line
unless $response->is_success;
 
#open (RESPONSE, ">>./response.txt"); 
#print RESPONSE $response->content;
#my $te  = new HTML::TableExtract( depth =>0, count =>5, gridmap =>0);
my $te = new HTML::TableExtract( headers => [qw(Antivirus Result)] );
 
$te->parse($response->content);
my $finaloutput = new FileHandle (">>  ./RESULT.csv");
my ($ts,$row);
foreach $ts ($te->table_states)
{
foreach $row ($ts->rows)
{
unshift(@$row, $md5); 
$finaloutput->print ( join(',', @$row), "\n");
}
}
 
$finaloutput->close();
 
# die;
}
 

black_panther 03-Oct-10 11:14:01            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

 Folks,

- If U have a webcam on your computer, U better cover it up ...

   - because hackers can access it & start recording ...

   - they can then post the footage on the internet ...

   - U might not know it, until its too late ...

- This hacking program is downloadable and free ... (scary stuff)

 

Check this reporting from CNN:

- Embedding disabled ... so click below and it will lead to U-Tube...

Note: - I think video removed. None of the links below work ... 

 

- Alternate is here: (maybe it might work)

www.cnn.com/video/#/video/bestoftv/2010/10/03/nr.suicide.webcam.cnn

 

 

 

 

 

 
 
 
Last edited: 03-Oct-10 11:33 AM

 

Last edited: 04-Oct-10 03:11 PM
Last edited: 04-Oct-10 03:19 PM
saajha 04-Oct-10 21:29:09            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

@pyara, keep up the good work! I like your zeal and aspiration.  

All, please continue sharing ..

BTW, for those that aren't aware, and are interested; the site www.hakin9.org now allows users to download their monthly editions for free. This is one magazine that I've barely missed since the beginning of its publication, and purchased just about every edition.

Local Barnes & Noble and Borders carry the printed copies that usually come bundled with a backtrack or similar Linux CD, and some bonus training videos @ times. Look out for this gem!

 

~@~ 

 

pyaradeshbasiharu 20-Oct-10 12:44:54            Login in to Rate this Post:     0       ?        
Posted under: SECURITY
SAAJHA 27-Oct-10 09:18:41            Login in to Rate this Post:     0       ?        
Posted under: SECURITY
saajha 27-Oct-10 11:12:13            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

Yet another evil stuff:

www.computerworld.com/s/article/9193201/How_to_protect_against_Firesheep_attacks

Not that it really really makes a difference, but Sajha's vulnerable to this too.. 

San, TLS please?

 

~@~

ne0 29-Nov-10 12:18:14            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

Wikileaks.com which has leaked thousands of secret documents was taken down by a hacker who calls himself "the jester". I wonder if he is affiliated with some government body??

Read at CNN: http://edition.cnn.com/2010/US/11/29/wikileaks.hacker/index.html?hpt=C1

SAAJHA 08-Dec-10 15:30:37            Login in to Rate this Post:     0       ?        
Posted under: SECURITY

visa.com and mastercard.com DDoS'd by Wikileaks supporters:

http://www.huffingtonpost.com/2010/12/08/visa-down-wikileaks-suppo_n_794039.html

 

pyaradeshbasiharu 15-Dec-10 11:29:37            Login in to Rate this Post:     0       ?        
Posted under: SECURITY
ne0 27-Aug-13 10:35:23            Login in to Rate this Post:     0       ?        
Posted under: SECURITY
Some malwares are good at locking your computer so you cannot install/run any anti virus or anti malware.

If you have experienced any slowness, or unwanted behavior on your computer and you are unable to install any anti virus or anti malware then do the following:

1. Download Malwarebytes installation file to a USB flash drive *using a different computer* from this link:  download Malwarebytes
2. Start the infected computer in "SAFE MODE" - See number 4 on how to start computer in SAFE MODE
3. After you start in Safe Mode, you can install Malwarebytes using the USB flash drive. Then run a full scan. After scan is complete it will give you option to delete all the malwares. Make sure you delete it. Also there should be a "Quarantine" tab, make sure you delete everything from the quarantine tab as well.

4. How to start in safe mode:

Safe mode starts Windows with a limited set of files and drivers. Startup programs don't run in safe mode, and only the basic drivers needed to start Windows are installed. For more information, see What is safe mode?

Safe mode is useful for troubleshooting problems with programs and drivers that might not start correctly or that might prevent Windows from starting correctly. If a problem doesn't reappear when you start in safe mode, you can eliminate the default settings and basic device drivers as possible causes. If a recently installed program, device, or driver prevents Windows from running correctly, you can start your computer in safe mode and then remove the program that's causing the problem. For more information about troubleshooting problems in safe mode, see Diagnostic tools to use in safe mode.

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

    Click the Start button Picture of Start button, click the arrow next to the Shut Down button Picture of Shut Down button, and then click Restart.
  2. Do one of the following:

    • If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

    • If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to start in safe mode, and then press F8.

  3. On the Advanced Boot Options screen, use the arrow keys to highlight the safe mode option you want, and then press Enter. For more information about options, see Advanced startup options (including safe mode).

  4. Log on to your computer with a user account that has administrator rights.

When your computer is in safe mode, you'll see the words Safe Mode in the corners of your monitor. To exit safe mode, restart your computer and let Windows start normally.


Viewed 25532 times
Sajha.com Privacy Policy

Like us in Facebook!

↑ Back to Top
free counters