IntelligentIT: October 2011

Monday, October 31, 2011

Adria Richards Discusses Race Problems In Silicon Valley

Adria Richards shares her views on the comments made by Michael Arrington:

Gamer's Corner 10/31/11: Battlefield 3, Modern Warfare 3, Uncharted 3, and More!

Bomb Detecting Device From Ink Jet Printers

A new inexpensive bomb detection device made from ink jet printers has been developed thanks to scientists from Georgia Tech. Techeater reports:

"The amonia detecting sensor is constructed from silver nanoparticles, which are transformed into carbon nanotubes which attract ammonia (a component of explosives) in trace amounts. The nanoparticles are found in the ink, which is treated with ultrasonic waves during a process known as sonification. This process alters the viscosity, thus making the solution more homogeneous for greater effectiveness. Once the ink is set it then forms into nanotubes."

Wednesday, October 26, 2011

Today's Tech Deals: 10/27/11

Geeks: Fresh New Arrivals
website: http://tinyurl.com/67ptevf
http://tinyurl.com/3b5gm6x
http://tinyurl.com/3mdupt5

CompUSA: 16GB DDR3 Memory $49...8GB Quad 1TB PC Kit $259...FREE* Software Deal...OCZ 120GB SSD $139...Ultra
website: http://tinyurl.com/3j8opzu
http://tinyurl.com/5so4cg6

Academic Superstore: No Tricks and All Treats!...SAVE up to 85% on Popular Software!
website: http://tinyurl.com/44trosb

PCMall: Designed to Impress - Up to 70% Off
website: http://tinyurl.com/3remamt

PriceGrabber: Act Fast! Samsung 32-inch LED TV - only $527.00, and more!
website: http://tinyurl.com/6ak9s5h

Corel: [Deal Alert] Exclusive gifts and savings of up to 50% off on the latest pro products
website: http://tinyurl.com/66ylkho

MusiciansFriend: Call & Save on Any Item Over $199
website: http://tinyurl.com/4xz4rse

NewEgg: Get Geared Up for BATTLEFIELD 3 -- AVAILABLE NOW! $179.99 AMD FX-6100 Processor...
website: http://tinyurl.com/42jzmeg

MicroCenter: $399.99 Core i3 Laptop...$249.99 Compaq Dual-Core Desktop...$159.99 Samsung 24" LCD...$39.99 D-Link Wireless-N Router...$59.99 AMD 840 Processor
website: http://tinyurl.com/669eou6

Tuesday, October 25, 2011

Lockergnome Videos: 10/25/11

Time to get your Chris Pirillo fix with these Lockergnome videos:

OmniTouch Depth-Sensing & Projection System

Could you imagine being able to use your body, desk, wall, or just about any surface you can think of (within reason) touch screen? That is exactly what researchers are working towards. I have to admit that the whole concept of using any surface as a touch screen is cool, but beyond the cool factor I can already imagine uses for such a system in the military where soldiers may not have time to use a laptop.

Something like the OmniTouch system in the hands of military personnel in extreme situations could prove to be a vital piece of technology to have over a laptop or other equipment.

Do yourself a favor and click here to learn about these systems and take a few minutes to watch the video:

@ITSecPr0

Tech Quote of the Day: 10/25/11

"Helpdesk: There is an icon on your computer labeled "My Computer". Double click on it.
User: What's your computer doing on mine?"

Monday, October 24, 2011

Tech Quote of the Day: 10/24/11

"After Perl everything else is just assembly language."

Sunday, October 23, 2011

Important Info About The Intelligent IT Blog

I recently received a comment from a reader on the 'Beauty of the Baud' blog entries. The user thought I was taking information from a website and posting it to this blog as if it were my own work. So I want to make something clear to my readers.

I receive anywhere from 50 to 85 emails daily from various IT sources and I actually read each and everyone of them. When I come across interesting or informative emails I share them by porting them to this blog. There was never a time when I sought to deceive my readers into believing I was the originator of those things.

What to look for
When I port an email to a blog entry the email subject is the title of the blog, and the body of the email is ported as the body of the blog. I do this instead of only providing a link to the info.

When I write an original piece for my blog my twitter tag 'ITSecPr0' is placed at the end of the entry. The truth of the matter is I want my readers to benefit from the info I receive on a daily basis. I'm working on ways to share that info in the best manner so the originators of the material can get their due credit. If you have any thoughts on how to acheive this goal, or how to make this blog better please leave a comment below or contact me via twitter.

@ITSecPr0

Friday, October 21, 2011

Beauty Of The Baud: Virtual Network Computing- Top VNC for Windows

Source: EHacking.net

"VNC or virtual network computing is a desktop sharing system that uses remote framebuffer protocol for remote access. However there are SSH (secure shell) and telnet to connect remote computer but VNC is desktop sharing system that will allow you to take complete command on a remote operating system. Virtual network computing (VNC) basically has two component one is VNC client (viewer) and the other is VNC server, a VNC software can be act as a client and as a server too. So many VNC client can be connect with a single VNC server at a same time.

If you are using Linux distribution like Ubuntu, backtrack and others than you may have some VNC client on it but for windows OS you need to get a VNC software for remote access. Below is the list of some VNC software that we have created according to our best knowledge. These VNC software's are for windows operating system."

Check out the rest of this article here.

Application Development for iPhone(R), iPad(R), Android(TM) devices and Blackberry(R) Playbook(TM)

One tool, one framework, multiple devices. Do it all with Flex and Adobe Flash Builder 4.5. Watch now>

Develop for the iPhone®, iPad®, Android™ devices and BlackBerry® Playbook™ with one code base

Taking an app to multiple devices no longer requires writing separate code for each platform. Watch how Flex and Adobe® Flash® Builder® 4.5 software let you develop dynamic, high performance apps for multiple platforms

Gamer's Corner: 10/21/11- Forza 4, Ace Combar Assault Horizon., and more

Thursday, October 20, 2011

Beauty Of The Baud: Privacy Problem in New Facebook Layout- Infographic

Source: EHacking.net

"Social privacy and social security is one the most common issue that a user is facing and has been faced, however social networking websites has a smart privacy setting and you can control your own privacy. Social networking website like Facebook has just changed their layout and they are going to launch timeline soon, but before anything as a security analyst we must focus on the new layout. What would be the privacy issue? Has Facebook solved the privacy issue? New layout has a strong privacy setting or not?

These are the important question that a normal user is asking because they are worrying about their privacy and security. Well here is a great infographic that will discuss the privacy issue and concern with the new Facebook layout."

Check out the rest of the article here.

Wednesday, October 19, 2011

Smart Card Man In The Middle Attack

Smart Card Man-in-the-Middle attack (Montage Video) from Neil Pahl on Vimeo.

Monday, October 17, 2011

Beauty Of The Baud: NodeXL Social Media Network Analysis Tool

Social networking website has changed the way of social life now a days everybody using Facebook, Twitter, Google plus and other social networking website, there are different pros and cons of social networking website but as a penetration tester and ethical hacker aspect we have to discuss about privacy and security issue of a person in social networking website. As discussed about the security of different social networking website this time I will let you know the importance of social networking website in a penetration testing.

Social networking are now a best source for penetration tester and even for hacker to get the information about a victim, social networking websites easily lead towards the social engineering attack.
There are different tools and techniques out there to get and analyze the data from different websites to make the plan of action like as discussed about Maltego. Maltego is also available on backtrack 5 but maltego is not the point of this article, in this I will discuss NodeXL.

What Is NodeXL ?

NodeXL is a free, open-source template for Excel 2007 and 2010 that lets you enter a network edge list, click a button, and see the network graph, all in the Excel window. You can easily customize the graph’s appearance; zoom, scale and pan the graph; dynamically filter vertices and edges; alter the graph’s layout; find clusters of related vertices; and calculate graph metrics. Networks can be imported from and exported to a variety of file formats, and built-in connections for getting networks from Twitter, Flickr, YouTube, and your local email are provided. Additional importers for Exchange Email, Facebook, and Hyperlink networks are available.

Download

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.

Flash Apps on iPhone(R) and iPad(R)

Take the expressway to mobile app development. Flex and Adobe Flash Builder 4.5 make it possible. Watch now>

Fast, high-performing apps for iPhone® and iPad®

Building fast, high-performing iPhone and iPad apps with smooth transitions and touch responsiveness is now easy. The same codebase can be used to build apps for Android™ and BlackBerry® Playbook™. Watch Adobe Evangelist Serge Jespers walk through the steps of building and packaging iOS applications using Flex and Adobe® Flash® Builder® 4.5.

Sunday, October 16, 2011

EH-Net Newsletter- Sep 2011

Course Review: Digital Mobile Forensics Deep Dive

David Caissy, CISSP, GPEN, GSEC, CEH, PMP, B.Sc.A.

Digital Mobile Forensics Deep Dive is a 3-day course written and taught by Wayne Burke of Sequrit. I decided to take this course to expend my knowledge into a field I barely knew. Being a penetration tester with a background in web application development, I was completely new to the forensic world. Since the official web site stated that this was a “highly advanced and technical course,” I honestly expected to be completely lost. I thought I would learn more from home after the class, trying to slowly digest what the instructor said. With the site also stating that “about 80% of the course is focused on practical REAL WORLD hands-on lab scenario exercises,” I decided to buy an airplane ticket and give it a try.

I received the lab requirements by email directly from the instructor, Wayne Burke. The email included the laptop specifications and software that had to be installed such as VMware Workstation. The instructor also mentioned needing Backtrack 5 and CAINE (Computer Aided INvestigative Environment) virtual machines. So I cleaned up some space on my laptop, downloaded what I needed and installed the two VMs. I was eager to start the class.
Read on...

Book Review: The IDA Pro Book 2nd Ed

Review by Ryan Linn, CISSP, MCSE, GPEN
It seems like yesterday that I was reviewing Chris Eagle's book, but in reality it's been 3 years. So when I had an opportunity to review The IDA Pro Book: The Unofficial Guide To The Worlds Most Popular Disassembler, 2nd Edition, I looked forward to seeing what had changed. And thus a change in the normal extensive EH-Net book review is in order and brevity is the word of the day.
A few things haven’t changed since my last review. I am still not a reverse engineer, although I occasionally use the tools clumsily for Capture The Flag (CTF) exercises. I’m not a professional programmer, although I can program and do so frequently. Although this isn’t material that I suspect I will master in the near future, this is material in which I have an interest. If you have basic programming skills, an interest in learning, and are willing to sit down and spend time with this material, you will definitely benefit from this book.

After the break, look for a link to a free download of Chapter 24: "The IDA Debugger."

Read on...

New Cert Listing: CSTA - Certified Security Testing Associate

Exam Details:

Questions: 50
Time: 60 Minutes
Passing Score: 50% - 80% (Distinction)
Format: Multiple choice
Cost: Included in Course
Renewal: None currently

Editors' Quick Thoughts

Here's a worthy up-and-comer for all of you budding pen testers. It's run and maintained by a UK company named 7Safe. It is a 4-day course that was recently updated (June 2011) and is poised to take on industry stalwarts like EC-Council and SANS. Offered in many countries by a variety of training companies, this certification follows the Microsoft model of licensing its courses and certs. Key highlight of this course is the lab environment on the provided computers during the class. Very well done with Windows & Linux machines customized to give you the feel of a pen test throughout the course. Now available in 6 countries including England and the US, this one is poised for steady growth and acceptance in the industry. For a full review and comparisons to other courses, see the EH-Net Review, An American Hacker in London.

From the Horse's Mouth (7Safe's Web Site Content):

This 4-day ethical hacking training course is a hands-on journey into the hacking mindset, examining and practically applying the tools and techniques that hackers use to launch “infrastructure” attacks. Practical exercises reinforce theory as you experiment with a Windows 2008 domain (server and workstation) plus a Linux server. The course demonstrates hacking techniques - there’s no better way to understand attacks than by doing them yourself - but this is always done with defence in mind and countermeasures are discussed throughout. The course is therefore suited to system administrators, IT security officers and budding penetration testers. Read on...

Stay Tuned:
- Product Review: Cloud-Based On Demand Penetration Testing by iViZ Security
- Oracle Web Hacking Part II by Chris Gates
- Course Review: eLearnSecurity Student
- Interviews with Courseware Developers and Instructors
- More Course & Book Reviews

Upcoming Events

DerbyCon 2011 Sept 30 - Oct 2

Rochester Security Summit 2011 Oct 4 - 5

Mobile & Smart Device Security Oct 4 - 5

ITAC 2011 Oct 4 - 6

Global AppSec Latin America 2011 Oct 4 - 7

IANS Southeast InfoSec Forum Oct 5 - 6

Secureworld Expo Detroit 2011 Oct 5 - 6

ToorCon 2011 Oct 5 - 9

BSidesPDX 2011 Oct 7

OWASP BASC 2011 Oct 8

HITBSecConf2011 – Malaysia Oct 10 - 13

RSA Conference Europe 2011 Oct 11 - 13

SANS NCIC 2011 Oct 11 - 14

SecTor 2011 Oct 17 - 19

BSidesMo 2011 Oct 21

Hack3rCon II Oct 21 - 23

Hacker Halted USA 2011 Oct 21 - 27

BSidesNewDelhi 2011 Oct 22 - 23

SANS Chicago 2011 Oct 23 - 28

BSidesKC 2011 Oct 26

Techno Forensics Conference 2011 Oct 31 - Nov 1

* Add your event to EH-Net's Global Calendar: events(at)ethicalhacker(.)net

Beauty Of The Baud: Celebrities Twitter Accounts Hacked [INFORGRAPHIC]

Twitter is one the best and popular social media networking website among different social networking web like Facebook and Google plus. Twitter is famous because it is easy to use and most of the celebrity and high profile person can easily find on twitter, twitter is on the hit list of the hackers and an attacker usually tries to hack famous accounts. There are many techniques can be use to hack any twitter account, but this is not our topic of this article.

You must have heard about Lady gaga, Justin bieber, Shakira and other people got hacked on twitter, you have also heard that twitter was hacked by Iranian cyber army . So below you can see a Info-graphic means a graphical representation of these account.

Infographic by Veracode Application Security

Beauty Of The Baud: Importance of Cisco CCNA 640-553 IINS exam

Cisco the leader among the network solution providers offer different certificate from beginning level to advance level, Cisco offers certificates for IT security person like the Cisco 640-553 IINS (Implementing Cisco IOS Network Security) exam is associated with the CCNA Security certification. This exam covers all the security related issues. The exam tests the candidate's skills and knowledge of implementing, configuring, and securing the Cisco routers, switches, and their associated networks.

Features of the Cisco CCNA 640-553 IINS exam

Cisco 640-553 IINS exam tests the ability of a candidate of implementing, configuring, and securing the Cisco routers, switches, and their associated networks. Other basic features of this exam are as follows:

You can register for the 640-553 IINS (Implementing Cisco IOS Network Security) exam online, by telephone, or by walk in.
You will be required to attempt approximately 55 to 65 questions. The exam test consists of multiple choice questions, drag and drop, case study type questions.
You are required to attempt all questions in 90 minutes.

Job roles after passing the 640-553 exam

After passing the 640-553 exam, you can achieve various job roles, such as Network Security Specialist, Security Administrator, Security Support Engineer.

Cisco 640-553 Exam Requirements

Candidates who are interested in the 640-553 exam, they must have to take and pass a 640-553 exam. For the IINS exam, a valid CCENT certification can act as a prerequisite.Benefits of taking the 640-553 Exam

The 640-553 exam provides a platform for the CCNA Security certification. This certification provides an elaborate knowledge on the network security, a platform to develop your career in a secure networking field and new career opportunities for your future.

Beauty Of The Baud: Fern wifi Cracker- A Wireless Penetration Testing Tool

WiFi is now become the way for short distance Internet, for long distance we have WiMAX standard but WiFi is very important because you can find WiFi hot-spot everywhere like at the airport, coffee shop and at the educational places. There are so many people out there who are using WiFi at there home and at offices. Cracking a WiFi connection is a essential part of wardriving but for a penetration tester and a ethical hacker WiFi or wireless network security is an important part.

If you are doing a job as a IT security engineer and your task is to do a pen test on the wifi network. What tools are you going to use?

Operating system for this case is usually Linux or specially Ubuntu or backtrack, backtrack 5 contain different tools for WiFi cracking like aircrack-ng but in this article I will discuss something about Fern WiFi Cracker.

What Is Fern WiFi Cracker ?

Fern wifi cracker is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools. It can be run on any linux distribution like Fern wifi cracker is use in ubuntu or even you can use fern wifi cracker in windows but you must have some dependencies to run fern wifi cracker on windows.

Requirements of Fern wifi Cracker:

python
python-qt4
macchanger
aircrack-ng
xterm
subversion

Download Fern Wifi Cracker

Fern wifi cracker can easily be install on ubuntu and backtrack, backbox,gnackbox and other distribution.

Fern wifi Cracker Tutorial

After downloading the file locate the directory and type.

root@host:~# dpkg -i Fern-Wifi-Cracker_1.2_all.deb

Click the refresh button to display monitor interfaces:

Please Note, the scan button is a dual button, meaning, by clicking it the first time it scans for networks,then by clicking the button again, it stops any scan that was initialized (vise versa).

Fern wifi is a GUI and it can crack WEP and WPA as well.

Beauty Of The Baud: Smartphone Security & Protection- Mobile Malware

Smart phones are now every where and everyone are using it, mobile technology has changed the way of communication. Now a days the most famous smart phones operating systems are Android, iOS, Symbian and Microsoft mobile operating system, mobile devices are now the popular target of the attacks like malware and data theft. There are many tools out there that has been designed to hack a mobile device like there are many applications to hack into Android.

Below is the wonderful inforgraphic that has created by bullguard, this infography will discuss

What is mobile malware
How mobile devices are affected
How the an attacker get you
Tips to protect your mobile devices

Beauty Of The Baud: Metasploit Remote Desktop Exploit-Backtrack 5

Metasploit the father of all the exploits is nothing but a database and a great tool that contain exploits for different services for different operating system that can be listen on different ports. Metasploit for remote hacking and metasploit for remote exploits, these are the most important question that most of the people are asking about. We have got different request to write about Metasploit and SET remote exploits or remote hacking so in this tutorial we will look around metasploit remote desktop hacking.

Metasploit is based on different modules like, exploits, payload and so on. We can launch an attack against any operating system if and only if we find the suitable exploits against the operating system, however there is a autopwn that can search all the available exploits against a vulnerability but it takes time for remote or metasploit wan hacking.

Requirement

Operating system (backtrack 5 in my case)
Metasploit
Brain

If you are behind a router than you need to forward a port of your IP to connect with remote computer normally port number 445 seems to be open and I am going to use.

Metasploit Remote (WAN) Hacking Tutorial

Open the terminal and type “msfconsole”
Use the best exploit for remote hacking

msf > use exploit/windows/smb/ms08_067_netapi

Than we need to set the payload “reverse_tcp” for meterpreter is the best payload but for remote exploits vnc inject is good.
There is a need of IP of the remote computer (how to get IP of a computer is another topic) let suppose we have a target IP.

msf exploit(ms08_067_netapi) > set payload windows/vncinject/bind_tcp
msf exploit(ms08_067_netapi) > set RHOST target IP

Default port number for this attack is “445” but if you want to use some other port than you set.
Type exploit and hit enter if the target is vulnerable than you must have a session on remote computer, but remember you need to forward your port if it is not open.

P. Diddy Hacked

Over the weekend Sean "P. Diddy" Combs was hacked. His personal information was stolen and place on the internet for sale. The data that was stolen included some racy pictures of him and songstress Cassie, his social security number, passport info, bank accounts, and passwords from his personal computer.

The private phone numbers of Diddy's personal friends and business associates were extracted from his cell phones when they were also hacked. It's been reported that Diddy has hired security professionals and identity theft professionals to help him investigate the situation.

Damn Vulnerable Linux & App - Tools to Practice Hacking

Penetration testing and ethical hacking is a fast and growing field, there are so many student and learner around the world wants to learn penetration testing and some of them enrolled in different courses like CISSP, CEH and Cisco security. Practice makes a man perfect a famous proverb that is also applicable in the field of information security. So many people are using virtual machines to practice penetration testing but there are different tools and software are also available that give you the feature and learn and practice hacking.

Yes I am talking about Damn vulnerable application, different tools like damn vulnerable web application and Linux has been created for the sake to practice the penetration testing in ethical way. Below is the list of some tools that has been designed for hacking.

Damn Vulnerable Web Application

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

It is a best platform to practice web application hacking and security.

Damn Vulnerable Linux

Unix based Linux operating system is now become the most famous OS in server side, Linux seems to be most secure and reliable OS so if you want to practice your skills for Linux environment Damn vulnerable Linux is for you. Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.

Hacking-Lab

This is the LiveCD project of Hacking-Lab. It gives you OpenVPN access into Hacking-Labs Remote Security Lab. The LiveCD iso image runs very good natively on a host OS, or within a virtual environment (VMware, VirtualBox).
The LiveCD gives you OpenVPN access into Hacking-Lab Remote.You will gain VPN access if both of the two pre-requirements are fulfilled.

HackXor

Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc.

Web Security Dojo

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.

WebMaven

WebMaven (better known as Buggy Bank) was an interactive learning environment for web application security. It emulated various security flaws for the user to find. This enabled users to safely & legally practice web application vulnerability assessment techniques. In addition, users could benchmark their security audit tools to ensure they perform as advertised.