Archive for October 2015
There is no particular way to identify that your computer has been infected with malicious code. Some infections can completely destroy files and shut down your computer, while others can only affect your computer’s normal operations.
Be aware of any unusual or unexpected behaviors. If you are running anti-virus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can’t, you will need to take additional steps.
What can you do if you are infected?
Minimize the damage :- If you are at work and have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network. If you are at your home computer or a laptop, disconnect your computer from the internet. By removing the internet connection, you prevent virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your computer to attack other computers.
Remove the malicious code:- If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. If you do not have anti-virus software, you can purchase it at a local computer store . If the software can’t locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. After reinstalling the operating system and any other software, install all of the appropriate patches to fix known vulnerabilities.
How can you reduce the risk of another infection?
Dealing with the presence of malicious code on your computer can be a bad experience that can cost you time, money, and data. The following recommendations will build your defense against future attacks:-
Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current .
Change your passwords – Your original passwords may have been compromised during the infection, so you should change them. This includes passwords for web sites that may have been cached in your browser. Make the passwords difficult for attackers to guess .
Keep software up to date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities . Many operating systems offer automatic updates. If this option is available, you should enable it.
Install or enable a firewall – Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer . Some operating systems actually include a firewall, but you need to make sure it is enabled.
Use anti-spyware tools – Spyware is a common source of viruses, but you can minimize the number of infections by using a legitimate program that identifies and removes spyware.
Follow good security practices – Take appropriate precautions when using email and web browsers so that you reduce the risk that your actions will trigger an infection .
To gain refined skills and expertise and to increase pay, many IT professionals choose to pursue a certification.
Certifications in IT security, networking, and systems management are at the top of the certification pay scale. What may surprise you are the business-related certifications holding their own on this year's list.
The IT Skills and Salary Survey is a nationwide survey. Variations exist based on respondents' work location, years of experience, and company type (government, nonprofit, etc.).
1. Certified in Risk and Information Systems Control (CRISC)
The nonprofit group ISACA offers CRISC certification, much in the way that CompTIA manages the A+ and Network+ certifications. Formerly, "ISACA" stood for Information Systems Audit and Control Association, but now they've gone acronym only.
The CRISC certification is designed for IT professionals, project managers, and others whose job it is to identify and manage risks through appropriate Information Systems (IS) controls, covering the entire lifecycle, from design to implementation to ongoing maintenance. It measures two primary areas: risk and IS controls.This is not a case where you can just take a class and get certified. Achieving CRISC certification requires effort and years of planning.
2. Certified Information Security Manager (CISM)
ISACA also created CISM certification. It's aimed at management more than the IT professional and focuses on security strategy and assessing the systems and policies in place more than it focuses on the person who actually implements those policies using a particular vendor's platform.
It also requires at least five years of experience in IS, with at least three of those as a security manager. As with CRISC, requirements for CISM certification demand effort and years of planning.
3. Certified Information Systems Security Professional (CISSP)
Offered by the International Information Systems Security Certification Consortium (ISC)2, CISSP is designed to provide vendor-neutral security expertise, similar to the certifications ISACA offers.
Launched in 1994, CISSP consists of an exam based around ten different areas in computer security, including risk analysis, cloud computing, security when developing applications, mobile, cryptography, physical security, business continuity and disaster recovery planning, and legal and compliance issues.
4. Project Management Professional (PMP®)
The fourth highest paying and the first that is not security related, the PMP certification was created and is administered by the Project Management Institute (PMI®). It is the most recognized project management certification available. There are more than 630,000 PMPs worldwide.
The PMP certification exam tests five areas relating to the lifecycle of a project: initiating, planning, executing, monitoring and controlling, and closing. PMP certification is for running any kind of project, and it is not specialized into sub types, such as manufacturing, construction, or IT.
5. Certified Information Systems Auditor (CISA)
The fifth highest-paying certification is also from ISACA, and this one is for IS auditors. CISA certification is ISACA's oldest, dating back to 1978, with more than 106,000 people certified since its inception. CISA certification requires at least five years of experience in IS auditing, control, or security in addition to passing an exam that is only offered three times per year.
The CISA certification is usually obtained by those whose job responsibilities include auditing, monitoring, controlling, and/or assessing IT and/or business systems. It is designed to test the candidate's ability to manage vulnerabilities, ensure compliance with standards, and propose controls, processes, and updates to a company's policies to ensure compliance with accepted IT and business standards.
6. Microsoft Certified Systems Engineer (MCSE)
This certification ranked number 11 with an average salary of $96,121 for those who didn't list an associated Windows version and $96,726 for those who listed MCSE on Windows 2003, for the weighted average of $96,198 listed above.
The Microsoft Certified Systems Engineer is an old certification and is no longer attainable. It has been replaced by the Microsoft Certified Solutions Expert (yes, also MCSE). The Engineer certification was valid for Windows NT 3.51 - 2003, and the new Expert certification is for Windows 2012. There is an upgrade path if you are currently an MCSA or MCITP on Windows 2008. There is no direct upgrade path from the old MCSE to the new MCSE.
7. ITIL v3 Foundation
ITIL® was created by England's government in the 1980s to standardize IT management. It is a set of best practices for aligning the services IT provides with the needs of the organization. It is broad based, covering everything from availability and capacity management to change and incident management, in addition to application and IT operations management.
ITIL Foundation certification is the entry-level one and provides a broad-based understanding of the IT lifecycle and the concepts and terminology surrounding it. Anyone wishing for higher-level certifications must have this level first, thus people may have higher certifications and still list this certification in the survey, which may skew the salary somewhat.
8.Certified Ethical Hacker (CEH)
The International Council of E-Commerce Consultants created and manages CEH certification. It is designed to test the candidate's abilities to prod for holes, weaknesses, and vulnerabilities in a company's network defenses using techniques and methods that hackers employ.
The difference between a hacker and a CEH is that a hacker wants to cause damage, steal information, etc., while the CEH wants to fix the deficiencies found. Given the many attacks, the great volume of personal data at risk, and the legal liabilities possible, the need for CEHs is quite high, hence the salaries offered.
9.Cisco Certified Design Associate (CCDA)
Cisco's certification levels are Entry, Associate, Professional, Expert, and Architect. Those who obtain this Associate-level certification are typically network design engineers, technicians, or support technicians.
They are expected to design basic campus-type networks and be familiar with routing and switching, security, voice and video, wireless connectivity, and IP (both v4 and v6). They often work as part of a team with those who have higher-level Cisco certifications.
10.Cisco Certified Network Professional (CCNP) Routing and Switching
CCNP Routing and Switching certification is a follow on to Cisco Certified Network Associate (CCNA) Routing and Switching certification and a prerequisite to Cisco Certified Internetwork Expert (CCIE) Routing and Switching. Many CCNA-level engineers move on to CCNP Routing and Switching to show greater knowledge and depth in networking and to earn higher salaries.
CCNPs in routing and switching typically have at least a couple of years of experience (though that experience is not required) and have demonstrated the ability to plan, deploy, and troubleshoot both LAN and WAN scenarios and work with experts in related fields, such as voice and wireless. CCNP Routing and Switching certification requires separate exams in switching, routing, and troubleshooting.
Also Read ..
As of early 2012 BackTrack was used by over amateur and professional security researchers and professionals. Clearly it is extremely popular but there are other Linux pentesting distributions out there! Just like a good plumber needs his tools so does the budding pentester or curious hacker. Every information security professional needs to work with a penetration testing distro but also, most, if not all, training requires that use pentesting tools within a Linux Pentesting/ Forensics Box.
OK, none of the following Pentesting distributions were in the top 100 list over at Distro Watch but we don’t care – we are talking about penetration testing tools – or specifically the creation of distro’s that have all the necessary open source tools that help ethical hackers and penetration testers do their job. Like everything else when it comes to choices, every pentesting distro has its own pros, cons and specialty. Some distro for example are better at web application vulnerability discovery, forensics, WiFi cracking, reverse engineering, malware analysis, social engineering etc.
Saturday, 17 October 2015
Posted by RISC
XKEYSCORE: The NSA’s most intrusive spying software you have never heard of
Collecting the metadata from user’s cell phones has been in the news lately. The expiration of the Patriot Act and passage of the USA Freedom Act have been touted as curbing the worst abuses of the NSA for spying on American citizens, but metadata collection is not the only weapon in the NSA arsenal and XKEYSCORE, a secret program for intelligence gathering, is exponentially more intrusive and effective in collecting data from anyone with an email address.
In an interview with The Guardian newspaper in 2013, Edward Snowden said, “I, sitting at my desk, could wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email.”
This controversial statement caused major headaches within the American intelligence community and denials from politicians and government agency heads.
“He’s lying. It’s impossible for him to do what he was saying he could do,” countered Mike Rogers (R-Mich.) chairman of the House intelligence committee.
However, XKEYSCORE does just that. The program allows a user with access to an email address to collect data on that person across email, the internet and phone conversations. This data is stored for three to five days and the metadata collected is stored for an additional 30 to 45 days.
According to the Intercept, XKEYSCORE uses the fiber optic network to collect “pictures, documents, voice calls, webcam photos, web searches, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, Skype sessions and more.”
XKEYSCORE has been likened to Google for surveillance. You type in the search query, and the program will determine who and what has been sent about it. If within the collection time frame, that information is available to whoever is using the program.
Information about XKEYSCORE has been available for years, but the sheer amount of information that can be collected by the program is just now coming to light. As more documents are released from the Edward Snowden trove, the details of these intelligence programs show that the NSA and the American Government have kept the full truth of their surveillance activities secret.
Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials.
Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record every thing victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.
Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are software's specially designed to capture the saved passwords stored in the victims Internet browser.
4. Session Hijacking
Session Hijacking can be often very dangerous if you are accessing Facebook on a http (non secure) connection. In Session Hijacking attack, a hacker steals the victims browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and WiFi connections.
5. Sidejacking With Firesheep
Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same WiFi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards WiFi users.
6. Mobile Phone Hacking
Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victims mobile phone then he can probably gain access to his/her Facebook account. Their are a lots of Mobile Spying software's used to monitor a Cellphone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.
7. DNS Spoofing
If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.
8. USB Hacking
If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.
9. Man In the Middle Attacks
If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.
The volume of distributed denial of service (DDoS) attacks in Q2 increased by almost a third (32%) on the previous quarter, according to the latest stats from security vendor Corero Network Security.
The firm’s Trends and Analysis report for the first half of the year revealed customers experienced on average 4.5 DDoS attacks per day in the second quarter.
However, the vast majority (95%+) were less than 10Gbps and lasted less than 30 minutes.
Corero claimed that the increase was driven by the growing availability of cheap DDoS attack tools including botnets which can be hired to launch anonymous attacks very easily.
It added that shorter attacks were being launched more often in a bid to circumvent legacy cloud DDoS scrubbing tools and in some cases distract IT teams while information-stealing malware is used to grab sensitive data.
Corero Networks CTO Dave Larson explained that the vast majority of DDoS vectors aren’t used to cause service outages in the traditional sense.
“Additionally, security teams are not always aware that there is a connection between DDoS and other forms of cyber-attacks or data exfiltration attempts, so statistics that track the association are only just emerging,” he told Infosecurity.
“Historically, DDoS has been known for the ‘denial of service’, as the acronym would indicate, however we are seeing DDoS being used as a ‘denial of security’ more frequently – taking down or profiling existing network security layers in order to carry out more malicious activity. A more recent and public example is Carphone Warehouse falling victim to DDoS as a distraction; subsequently the personal details of 2.4 million customers was breached.”
Larson warned IT managers who have not yet suffered a major DDoS attack not to be lulled into a false sense of security.
“Invest some time familiarizing yourself with the trends in the DDoS landscape and start looking more closely at lower-level activity within your environment,” he added.
“When a breach does happen, claiming you had never had an outage before and so you thought your protections were just fine is not going to be very convincing to your management. The online enterprise requires a proactive and real-time approach to dealing with the onslaught of DDoS attacks targeting their networks.”
The landmark TPP deal allows a judicial review over violation of Digital Rights Management technologies and could lead to the destruction of your devices if found guilty.
Forget the good old days when the kids used to open up the electronics at their homes in quest of knowledge and sometimes even tweak the original to create a multi-purpose device. So, no more playing around with the gadgets, because if you are caught, your device would be seized and destroyed as per the recently signed Trans Pacific Partnership (TPP) agreement.
Wikileaks has released the official documents regarding the copyrights chapter which forbids anyone to circumvent the copyright and product infringement laws and thereby make changes in the original devices or proprietary technology (software/hardware) for any purpose. Such are called DRM or Digital Rights Management technologies.
Well, DRM was always there but what comes new with the TPP is that judicial authorities would have the authority to confiscate and order the destruction of such devices and products found to be involved in any such DRM violation.
TPP is touted as the 21st-century landmark for trade liberalization and hog around 40% of the world’s economy and had been pushed aggressively since many years. The agreement has already come under fire for favoring the corporates and stifling the rights of consumers. Similar penal laws have been adjudicated against the free-flowing information on Internet, again with an intent to smother small businesses and create a corporate monopoly.
Worst affected by these new developments will be the white-hat hackers as bypassing the manufacturer’s exclusive system and finding the zero-day vulnerabilities is their job. Even individuals who want to improvise their devices are prohibited. As in the case of the Internet copyright violations, the punishment is from a monetary fine to a term in jail.
Wikileaks has also the leaked the device-destroying proposal in the TPP back in 2014 as well. After a long slumber, the whistle blowing forum has revived itself and lately has been crowdfunding to offer bounty in order to get confidential government documents such as this one and the US bombings in Doctors Without Borders Hospital in Afghanistan few days back.