On the road to Outpost 7.5. USB virus protection

Here's another article in Outpost 7.5 series.

Have you ever considered security dangers associated with USB storage devices? The new feature will prevent malware-infested memory sticks, flash drives etc. from bringing harm to your PC!


In order to combat malware which spreads via USB storage devices by using Windows autorun vulnerability, Outpost 7.5 now includes specific USB virus protection that may operate in a few scenarios. Advanced users can opt to:

  • Disable the launch of autorun.inf file without blocking the programs
  • Completely block the USB device
  • Block ALL executable files and scripts on the USB device / just executables and scripts unverified with the publisher's digital signature

Moreover, the autorun section of storage devices is checked for malware before all other data to immediately pinpoint suspicious activity and save resources.

Stay tuned for more postings as we approach the public beta of Outpost 7.5!

Pavel Goryakin
Agnitum

Spyware compromises 150,000+ Symbian devices

A new variant of spyware "Spy.Felxispy" on Symbian devices causing privacy leakage has recently been captured by the National Computer Virus Emergency Response Centre of China.

According to NetQin Mobile, there are more than a dozen variants of the spyware since the first was spotted, and the latest has affected 150,000+ devices.

Once installed, the spyware will turn on the Conference Call feature of the device without users' awareness. When users are making phone calls, the spyware automatically adds itself to the call to monitor the conversation.

"The Conference Call feature allows more than two parties to join a conversation, and it's easily available to most smart-phone users. The privacy stealers exploit the vulnerability of this feature for financial purposes. The privacy protection on mobile devices becomes more important than ever," said Dr. Zou Shihong, Vice President of R&D from NetQin.

NetQin Cloud Security Centre detects that the spyware can remotely turn on the speaker on the phone to monitor sounds around users without the users' awareness. Apart from that, the spyware is also capable of synchronizing the messages the user received and delivered to the monitoring phone. These performances will compromise users' privacy.

The privacy stealers usually install the spyware on the phone or send MMS containing the spyware to users to lure them to click. As the spyware is artfully disguised, users will easily be trapped.

NetQin warns that smart-phone users are exposed to more mobile security threats than ever and users should always be cautious whenever performing operations on their mobile devices.

To stay safe, NetQin experts give the following tips in using your phone:

1. Never click open MMS from unknown numbers as they may get your phone infected. Instead, delete them upon receipt.
2. Be on alert for unusual behavior on your phone, such as unusual SMS.
3. Don't leave your phone out of your sight in public environments.
4. Install a trusted security application to protect your phone from security threats.

Article taken from HELP NET SECURITY

Arachni v0.2.2.1 is out!

Updated: Added link to CDE package.
Update #2: Watch the new WebUI v0.1-pre screencast on Vimeo.

Hello good people,
I’m very glad to announce the release of the v0.2.2.1 version of the Arachni framework which bears a lot of new features, improvements, optimizations and a brand new, although experimental, Web user interface.
There are new plugins, new modules, new system components, support for high-level meta-analysis using meta-module components, a brand new HTML report and much more.
Acknowledgements

Before continuing, I’d like to thank all the people who helped make this release as good as it turned out to be.
First and foremost, I’d like to thank Christos Chiotis (of Survive the Internet ) for volunteering his time, designer talent and good taste in order to create the new HTML scan report.
I’d also like to thank Matt and Michelangelo for their relentless testing and plethora of feature suggestions.

If you don’t feel like installing anything at all you can download the self-contained Linux CDE package from the downloads section.
The CDE package will allow you to run Arachni out of the box without requiring installation or any sort of root access.
ChangeLog
- Web UI v0.1-pre (Utilizing the Client - Dispatch-server XMLRPC architecture) (New)
   - Basically a front-end to the XMLRPC client
   - Support for parallel scans
   - Report management
   - Can be used to monitor and control any running Dispatcher
- Changed classification from "Vulnerabilities" to "Issues" (New)
- Improved detection of custom 404 pages.
- Reports updated to show plug-in results.
- Updated framework-wide cookie handling.
- Added parameter flipping functionality ( cheers to Nilesh Bhosale )
- Major performance optimizations (4x faster in most tests)
   - All modules now use asynchronous requests and are optimized for highest traffic efficiency
   - All index Arrays have been replaced by Sets to minimize look-up times
   - Mark-up parsing has been reduced dramatically
   - File I/O blocking in modules has been eliminated
- Crawler
   - Improved performance
   - Added '--spider-first" option  (New)
- Substituted the XMLRPC server with an XMLRPC dispatch server  (New)
   - Multiple clients
   - Parallel scans
   - Extensive logging
   - SSL cert based client authentication
- Added modules  (New)
   - Audit
      - XSS in event attributes of HTML elements
      - XSS in HTML tags
      - XSS in HTML 'script' tags
      - Blind SQL injection using timing attacks
      - Blind code injection using timing attacks (PHP, Ruby, Python, JSP, ASP.NET)
      - Blind OS command injection using timing attacks (*nix, Windows)
   - Recon
      - Common backdoors    -- Looks for common shell names
      - .htaccess LIMIT misconfiguration
      - Interesting responses   -- Listens to all traffic and logs interesting server messages
      - HTML object grepper
      - E-mail address disclosure
      - US Social Security Number disclosure
      - Forceful directory listing
- Added plugins  (New)
   - Dictionary attacker for HTTP Auth
   - Dictionary attacker for form based authentication
   - Cookie collector    -- Listens to all traffic and logs changes in cookies
   - Healthmap -- Generates sitemap showing the health of each crawled/audited URL
   - Content-types -- Logs content-types of server responses aiding in the identification of interesting (possibly leaked) files
   - WAF (Web Application Firewall) Detector
   - MetaModules -- Loads and runs high-level meta-analysis modules pre/mid/post-scan
      - AutoThrottle -- Dynamically adjusts HTTP throughput during the scan for maximum bandwidth utilization
      - TimeoutNotice -- Provides a notice for issues uncovered by timing attacks when the affected audited pages returned unusually high response times to begin with.
           It also points out the danger of DoS attacks against pages that perform heavy-duty processing.
      - Uniformity -- Reports inputs that are uniformly vulnerable across a number of pages hinting to the lack of a central point of input sanitization.
- New behavior on Ctrl+C
   - The system continues to run in the background instead of pausing
   - The user is presented with an auto-refreshing report and progress stats
- Updated module API
   - Timing/delay attacks have been abstracted and simplified via helper methods
   - The modules are given access to vector skipping decisions
   - Simplified issue logging
   - Added the option of substring matching instead of regexp matching in order to improve performance.
   - Substituted regular expression matching with substring matching wherever possible.
- Reports:
   - Added plug-in formatter components allowing plug-ins to have a say in how their results are presented (New)
   - New HTML report (Cheers to Christos Chiotis for designing the new HTML report template.) (New)
   - Updated reports to include Plug-in results:
      - XML report
      - Stdout report
      - Text report

I sincerely hope that you enjoy and find it useful, if you have any suggestions or problems don’t hesitate to open a ticket @ https://github.com/Zapotek/arachni/issues.

Cheers,
Tasos “Zapotek” Laskos (Lead Developer)

To download this tool, please click this link:
https://github.com/Zapotek/arachni/zipball/v0.2.2.1
To watch a video about this tool:
http://vimeo.com/19928281

Emergency Message to all Inj3ct0r Users

Dear Inj3ct0r users =]

Inj3ct0r blocked the domain again. =\
Nothing! Inj3ct0r Team will live forever. Our new domain : http://www.1337day.com/
Official sources with Inj3ct0r.com is:
http://twitter.com/inj3ct0r
http://www.facebook.com/inj3ct0rs

mr.inj3ct0r@gmail.com
if the domain is unavailable, Inj3ct0r project is available at http://77.120.120.218/
------------------------------------------------

Unavailable :
inj3ct0r.com , inj3ct0r.org , inj3ct0r.net , 0xr00t.com , 0x0day.com, 1337db.com
------------------------------------------------

Help us financially. We will be very happy.
As more domains will be closed the more we'll register ;)
Please distribute this message on their blogs!
Underground h4x0r forever!

//r0073r
# 1337day.com [2011-02-21]

How to Get Rapidshare Premium Account

Today I will show how you can earn money online and that too without much difficulty. Just follow the steps given below:

1. Create a Paypal Premium Account( Don’t Worry its free) https://www.paypal.com/ . When asked for credit card details simply say cancel. You do not need to fill it.

2. Then Go to the following link:

3. On joining this website, you will get 27 USD just for writing 7 simple surveys which will take not more than 30 minutes.

4. Now the only problem is that the minimum payout limit for this website is 75 USD. But you can earn 1.25 USD on referring this website to your friend.

5. So you just take the referral link from this website and paste it on your facebook status. Don’t forget to mention about it benefits so that your friends register through that link.

6. Suppose you have 500 friends on facebook and out of them only 10% register through your link then also you earn 62.5 USD which gets added to 27 USD that you had earned from surveys. Thus the total 89.5 USD crosses the Payout limit.

7. Now you can get that money into your Paypal Account use it not only to buy your own Rapidshare premium account but also for buying other stuff online.

8. That’s it. So Simple and I swear it works.

Update: Some people have a compliant that Awsurveys doesn’t pay them what they have earned and that it is a SPAM. I would like to tell you that I have already used this website earlier and I had received the payment every time. I am not saying that these guys are lying about their experience with Awsurveys but there are few reasons why they may not have received the payment. The only problem with this website is that it doesn’t communicate with the user if he is violating any terms and conditions instead of that it just cancels their payments. When you request some payout from this website, they have a policy to verify if the accounts that were referred by the user are not fraudulent and they remove the amount gained from these fraudulent accounts from the total amount in your account. Sometimes the reduced amount is less than the amount redeemed by the user and their harsh policy is to cancel the whole payment without even reimbursing the remaining amount. Now you might be thinking how to avoid this? One advice i would give you is to keep atleast 20-25 USD in excess when you are redeeming the amount. In this way you are making sure that even if there were 15 accounts which the website found to be fraudulent still the total wont get below the amount requested by you. Another condition is  of the maximum amount that one can redeem in a year. A user can redeem at max 550 USD in one year if you request for payout more than that then hey will just cancel that payment without reimbursing the money in your account. I already faced the latter one which indicates that I have atleast earned upto 550 USD

Pyrit Tool- GPU Cracker for Attacking WPA/WPA2 PSK Protocols

Pyrit allows to create massive databases, pre-computing part of the IEEE 802.11 WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Exploiting the computational power of Many-Core- and other platforms through ATI-StreamNvidia CUDAOpenCL and VIA Padlock, it is currently by far the most powerful attack against one of the world's most used security-protocols.
WPA/WPA2-PSK is a subset of IEEE 802.11 WPA/WPA2 that skips the complex task of key distribution and client authentication by assigning every participating party the same pre shared key. This master key is derived from a password which the administrating user has to pre-configure e.g. on his laptop and the Access Point. When the laptop creates a connection to the Access Point, a new session key is derived from the master key to encrypt and authenticate following traffic. The "shortcut" of using a single master key instead ofper-user keys eases deployment of WPA/WPA2-protected networks for home- and small-office-use at the cost of making the protocol vulnerable to brute-force-attacks against it's key negotiation phase; it allows to ultimately reveal the password that protects the network. This vulnerability has to be considered exceptionally disastrous as the protocol allows much of the key derivation to be pre-computed, making simple brute-force-attacks even more alluring to the attacker. For more background see this article on the project's blog.
The author does not encourage or support using Pyrit for the infringement of peoples' communication-privacy. The exploration and realization of the technology discussed here motivate as a purpose of their own; this is documented by the open development, strictly sourcecode-based distribution and 'copyleft'-licensing.
Pyrit is free software - free as in freedom. Everyone can inspect, copy or modify it and share derived work under the GNU General Public License v3+. It compiles and executes on a wide variety of platforms including FreeBSD, MacOS X and Linux as operation-system and x86-, alpha-, arm-, hppa-, mips-, powerpc-, s390 and sparc-processors.
Attacking WPA/WPA2 by brute-force boils down to to computing Pairwise Master Keys as fast as possible. Every Pairwise Master Key is 'worth' exactly one megabyte of data getting pushed through PBKDF2-HMAC-SHA1. In turn, computing 10.000 PMKs per second is equivalent to hashing 9,8 gigabyte of data with SHA1 in one second. The following graph shows various performance numbers measured on platforms supported by Pyrit.

You can see Youtube how to use this tool:
http://www.youtube.com/watch?v=HY9Y99bOyhE

To download the latest Pyrit 0.40, please see this link:

For more information about this Pyrit  tool, please see the link below:

On the road to Outpost 7.5. Clipboard and screen content protection

Next blog posting in Outpost 7.5 series refers to clipboard protection, a new direction to safeguard users against inadvertent data disclosure and ID theft.

Aside from keyloggers and keyboard spyware, both of which are detected by Outpost's antimalware and proactive protection technologies, new type of malicious software has recently appeared which grabs personal data (passwords, credit card numbers, etc.) from the clipboard (so called *clipboard-loggers*) or sends randomly-taken screenshots (*screenloggers*) to hackers.


Clipboard content protection functionality is now included in the anti-leak module, to prevent data leaks and inadvertent information disclosure during copy operations. You don’t have to worry about cutting and pasting personally-identifiable information while you’re online, or entering confidential information into an on-screen form.

Stay tuned for more updates on Outpost 7.5! We're planning a public beta of this new product line soon!

Pavel Goryakin
Agnitum

Inguma - Penetration Testing Toolkit

Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.
While the current exploitation capabilities in Inguma may be limited, this program provides numerous tools for information gathering and target auditing. Inguma is still being heavily developed so be sure to stay current and check back for news and updates.
You can see more details about Inguma and documentations here:
http://code.google.com/p/inguma/

Mantra - Free and Open Source Browser Based Security Framework

The Mantra is a powerful set of tools to make the attacker's task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. You can also always suggest any tools/ scripts that you would like see in the next release.

  • Access Me
  • Add N Edit Cookies+
  • Chickenfoot
  • CookieSwap
  • DOM inspector
  • Domain Details
  • Firebug
  • Firebug Autocompleter
  • Firecookie
  • FireFTP
  • Firesheep
  • FormBug
  • FoxyProxy
  • Google Site Indexer
  • Greasemonkey
  • Groundspeed
  • HackBar
  • Host Spy
  • HttpFox
  • iMacros
  • JavaScript Deobfuscator
  • JSview
  • Key Manager
  • Library Detector
  • Live HTTP Headers
  • PassiveRecon
  • Poster
  • RefControl
  • Refspoof
  • RESTClient
  • RESTTest
  • Resurrect Pages
  • Selenium IDE
  • SQL Inject ME
  • Tamper Data
  • URL Flipper
  • User Agent Switcher
  • Vitzo WHOIS
  • Wappalyzer
  • Web Developer
  • XSS Me
You can download Mantra from this link:
http://www.getmantra.com/download/index.html

Outpost Security Suite FREE 7.1: Double the anti-malware for double the protection

As promised, we've got some great news for Outpost FREE fans!

We are proud to present the second iteration of the first comprehensive security suite to protect Windows users from the full range of cyberthreats at no charge - Outpost Security Suite FREE, version 7.1.

What's new?

OSS Free v7.1 includes a second anti-malware engine, this one specifically focused on spyware, adware and Trojan horses. The unique combination of two modules (Antivirus and Antispyware) as an integral part of Agnitum’s comprehensive anti-malware brings more targeted security to Windows users.

Users of the free edition can also now switch between Automatic (default) and Manual update settings. Automatic updates arrive for Outpost Free when available at Agnitum’s update servers, and can be downloaded at any time. The only difference between Outpost Free and Outpost Pro in this instance is that the Pro product is assigned greater bandwidth and operates in Priority Update mode.

In addition to the increased security protection, Agnitum has added a German-language interface to support its second largest global audience. Courtesy of Outpost users in Germany, Austria and Switzerland, Outpost Security Suite FREE now offers the same German interface as the PRO version.

As the previous edition, the new Outpost Security Suite Free 7.1 English-German edition brings ease-of-use and transparency for non-expert users who want to feel protected online without the expense and sometimes steep learning curve of many commercial products. As soon as it’s installed, OSS Free provides robust, easy-to-use protection with optimal default settings to address web-borne threats including known and zero-day viruses, spyware, hacker attacks and intrusions, spam, and more.

Benefits of OSS Free

  • The first fully-comprehensive free security suite
  • The latest technology – based on Outpost Security Suite Pro 7
  • VB100-certified antivirus
  • Best-of-breed award-winning personal firewall
  • Leak-test certified by Matousec.com
  • Automatic and manual signature updates
  • Automatic optimal configuration immediately on installation
  • Lightweight solution that doesn’t slow systems down
  • Full compatibility with Windows 7, Vista, XP, 2000 – both 32- and 64-bit.
Check out the updated free product at http://free.agnitum.com!

Pavel Goryakin
Agnitum Ltd.

What Is Debian ?

Debian Project is an association of individuals who have made common cause to create a free operating system. The operating system we have created is called Debian GNU / Linux, or simply Debian for short.

An operating system is a set of basic programs and utilities that make your computer run. At the core of an operating system is the kernel. The kernel is the most fundamental program on the computer and do all the basic household and lets you start other programs.

15 steps debian linux installation

STEP 1

Preparing to Install Linux (Debian)
Turn on the computer, and then press [Delete] to enter the bios,
Once in the bios, select the menu
BIOS FEATURES SETUP
press [ENTER]
After that, choose the Boot Sequence menu in order to be CDROM, C, A

Installing Yahoo Messenger in Linux Redhat 9

  • Download YAHOO Messenger
friends in this section are just extra for you all, there may be a do not know can read this and for those who already know please give advice if there is something wrong. :)

To download a file RPM (Redhat Package Manager) please open the website with direct to http://messenger.yahoo.com/download/unix/redhat# for redhat distros. Make sure you've logged in as root and have no problem if you'll live move login and retrieve it on a normal user login and install Yahoo Messenger for the root user. Why must be root? root is required because this form of RPM package must be installed by root, because there is a folder / directory which will be given access by the RPM is where the user is not operator have permission to access this.
 
 
Blogger Templates