Top 5 Security Peeve’s You Must Be Aware Of.

Most of the programmers ,deployment engineers and web surfers have a very casual approach when it comes to Security of the application. This post describes Top 5 Security Peeve’s referred to by such folks for whom security is secondary.

This post is an effort to remind you that Security should always be an important agenda in whatever application you develop and that Prevention is always better than cure and knowledge is the ultimate weapon in this age of Information Technology.

1.) Nobody would attack this: This is one of the most commonly heard reason for not building in enough security around the application. It would be interesting to know that as per a research, around 10 percent of the application owners usually never come to know that they have already been attacked. Recently an attacker was able to hack into a web application and insert malicious code inside the website’s javascript. This then caused Google to completely de-index the website. 

2.) Our Application is behind a secure Firewall: This is another most commonly heard Security peeve. Even if your application is behind a secure firewall, it doesnt mean you cannot be attacked. There are various kinds of attacks which can still be made, for example; SQL Injection Attacks. You can even learn to hack and also do a hacking practise on Ruby on Rails application to learn more about such attacks. 

3.) We haven’t coded that, we are re-using the Third Party Code: This is another often heard and most ignored of all Peeve’s. Its also interesting to note that most of us usually do use a lot of third party codes and re-usable code samples available freely over the internet. However, most of the developers, most of the times, never actually go and read the code behind those freely available samples and thereby imposing a security risk to the entire application using that bit of code. As a suggestion, i would say, always do read the code of the third party library to ensure that everything in it is as expected. This will also help you get rid of some of the annoying behaviour you might be noticing with your application since you started using the third party code.

4.) Our Development Methodology is Quality Focussed: Good that your development methodology is Quality focussed, but do have at the back of your mind that even if you focus on quality, security wont come attached. Defect free doesnt mean secure anymore in today’s world.

5.) I often use Free Wi-Fi at hotels, airports and coffee shops: If you are someone who uses free wi-fi at Hotels, Airports and Coffee Shops, ensure that you are enough protected. Have a good firewall, ensure that your OS is updated and you have an updated Antivirus and Spyware software. Free Wi-fi also brings with it free trouble if not administered properly. Also, its important you keep your Wifi protected so that you can ensure that your wifi doesn’t get used for illegal purposes.

You might also want to take another look at your Web Application Security Testing and also read Some Notes On Ethical Hacking

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Advertisements

Microsoft releases 6 Critical and 2 Important Security Patches

Microsoft has released 8 security patches yesterday. Out of the 8 security patches, 6 are critical and 2 are important patches. Below is the list of various security patches released by Microsoft. First 6 in the list are the critical patches and the rest are Important patches. These updates will be the part of Windows Updates. You can even Control Automatic Updates in Windows.

 

Microsoft.

Microsoft.

1.) Critical Vulnerabilities in Visual Basic 6 Runtime extended files: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content.

2.) Security Vulnerability in GDI: This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3.) Security Vulnerability in Microsoft Office Word: This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file.

4.) Security Update for Internet Explorer: This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

5.) Security Vulnerability in Microsoft Excel: This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

6.) Security Vulerabilities in Windows Search: This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. 

7.) Security Vulnerability in Windows Media Components: This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

8.) Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege: This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.

 

Also ReadSome notes on Ethical Hacking

Hacking Ruby on Rails.

[How-To] Recover Windows Passwords

If you are stranded in a situation where you either don’t remember the password to your Windows account or are trying to help a Windows user by logging to a machine whose user has forgotten the password, this post will be of help to you.

There are a lot of Password Cracking Utilities available, and to this, I will use ophcrack

Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

Follow the steps below to recover Windows user id and password information

1.) Point your browser to http://ophcrack.sourceforge.net/ and download ophcrack live cd image for your OS depending on whether you run Windows XP or Vista.

Download ophcrack live-cd for Windows XP or Windows Vista

Download ophcrack live-cd for Windows XP or Windows Vista

2.) Once you have downloaded the image, you can write this image into a cd or dvd for use.

3.) Insert the DVD with the live cd image and reboot your computer. Ensure that you make CD Drive as the primary boot device. The computer should now boot using the Live CD you burnt on the DVD earlier.

Computer boots up using the ophcrack live cd.

Computer boots up using the ophcrack live cd.

4.) Select the first mode which says ” ophcrack graphic mode” and hit Enter.

5.) Upon hitting enter, the software will take you to a user interface and will begin scanning for the userid’s and passwords.

ophcrack gives you the list of userid and password combinations after completing the scan.

ophcrack gives you the list of userid and password combinations after completing the scan.

6.) Once you have the userid and password, you can remove the CD and login again to the Windows terminal using the userid and password obtained.

You can also setup your computer to bypass windows password, however, keep in mind that you use this trick only if you are the only person who accesses the computer.

Read more posts on Hacking.

Also read: [How-To] View Webcontent without Passwords

Serial Numbers and CD Keys of Softwares brought to you by Google.
Spoofing Explained : Another attempt to cover Hacking fundas

[How-To] Track a Stolen Laptop

 

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey

Default Password List for various Routers

This post introduces you to an interesting link which has default user id’s and passwords for a wide variety of routers. Check it out here.

Worth going through in case you are stuck with a situation wherein you need a default userid or password.

For those of you who are tech savvy, i would suggest, do change the default User id and password of your Routers, thereby allowing your Wifi to be more secure.

Linksys-Router

Linksys-Router

Here are some of the Tips i wrote about in my previous post about Tips to stay safe from the WPA hack:

1.) Have a MAC level filtering at your router.

2.) Change the default settings of your router’s Web-based administration

3.) Turn off broadcasting of your SSID.


Hope you enjoyed reading this post and hope it helps you save a day.

Also read: [How-To] Password Protect your Word and Excel Files

Recover lost wireless network key using WirelessKeyView

 

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey

[How-To] Protect your Wifi access from the WPA hack

Earlier you learnt that WPA was hacked by some security researchers in just 15 minutes, now Lifehacker has an interesting post which describes how you can still protect yourself. 

As per the blog, the key to protect yourself is to switch off TKIP encryption mode and switch to AES only.

WPA Hacked

WPA Hacked

This is what the blog says

The key: Just log into your router, switch off Temporal Key Integrity Protocol (TKIP) as an encryption mode, and use Advanced Encryption System (AES) only. TKIP is the only protocol that the hack applies to, so switching to AES-only will ensure that your Wi-Fi network is safe again. It’s quick and easy, so do yourself a favor and make the adjustment now so you don’t run into any problems in the future.

I would suggest a few more points to all those who are worried about this news:

1.) Have a MAC level filtering at your router.

2.) Change the default settings of your router’s Web-based administration

3.) Turn off broadcasting of your SSID.

Do you have any other strategies for the other readers? Do share in the comments, i also promise to update the post with your link ( if you comment something really useful)

Also read: WPA Encryption cracked in 12 minutes

[How-To] Find out the location of person using your Wireless network

Recover lost wireless network key using WirelessKeyView

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey



WPA Encryption cracked in 12 minutes

One of the most recommended and widely used Wifi Encryption algorithm WPA is known to have been cracked within 12 to 15 minutes flat by a team of Security Researchers as per PC World

WPA Protected Wireless Network

WPA Protected Wireless Network

Wi-Fi Protected Access (WPA and WPA2) is a certification program administered by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. This protocol was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP)

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

Definitely this will have a huge impact primarily on the Enterprise customers who have been adopting WPA and WPA2 for the security of their Wi-fi networks.

Update: Read my new post [How-To] Protect your Wifi access from the WPA hack to understand the various options still available to you in order to protect yourself from this hack.

Also read: Understanding TCP Connection Basics.

Understanding NULL Session Attacks

Some notes on Ethical Hacking

Hacking Ruby on Rails.

 

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey

Understanding TCP Connection Basics.

During a TCP connection, their are 6 TCP flags which are set in the packets which are transported to the target computer from the source computer. These flags indicate the state of the packet.

Valid values for the flags are

SYN -- Initial Request, sent by the source.
ACK -- Acknowledgement to the initial request. Sent by the target confirming the receipt of SYN.

FIN -- Finish Request.

URG -- Urgent Request.

PSH -- Push Request.

RST -- Reset. 

The combination of these above mentioned flags sets the control connection session at various times.

The real implementation of these flags starts from the very time a source computer tries to establish a session with a target computer.

The process flow for the same goes as mentioned below

1.) Source Computer sends a SYN request.

2.) Target computer, upon the receipt of a SYN request, sends back a SYN-ACK request/response. 

3.) Source computer again sends back an ACK message to the target computer. This confirms the connection.

TCP-Connection basics

TCP-Connection basics

The above mentioned process is known as a 3-Way handshake process for TCP connections. 

Now, while at this topic, lets also take up the importance of these flags and the TCP communication basics to see if an alteration in the flag setting can lead to a Denial of Service (DoS) for the Web application. 

Lets assume a scenario where in a malicious machine is only sending SYN packets for the connections and has been configured to not send any ACK flag. 

1.) Source computer sends a SYN request to the target computer. 

2.) Target computer responds back with a SYN-ACK. 

3.) Source computer instead of sending ACK, sends back a SYN request. 

Understanding How modifying TCP flags can lead to DoS attack

Understanding How modifying TCP flags can lead to DoS attack

The above process leads to the scenario wherein the target computer always opens up a new connection upon the receipt of SYN request, allocates specific memory for the connection and keeps the memory allocated till the connection times out. This may lead to a situation wherein the target computer runs out of the memory pool and denies any further connections. This is called Denial of Service.

Also read: Understanding NULL Session Attacks

Hacking Ruby on Rails

Learn to Hack )

Serial Numbers and CD Keys of Softwares brought to you by Google.

[How-To] Bypassing Passwords in Windows

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey