You've seen the fancy, expensive drives that feature encryption, ie Ironkey, but what if you don't want to spend exorbitant amounts of money to have some encrypted space on your drive? TrueCrypt is the answer. Truecrypt allows you several options for encrypting a volume or part of a volume and choose from several encryption options.
The flexibility is really nice, you have the option to choose from several encryption types such as AES, Serpent, and Twofish and combinations of the three. You can encrypt the whole drive, a file within the drive, or even implement multiple layers of encryption to create a hidden volume. The GUI interface is intuitive and simple to use and allows you to manage many volumes at once.
This would be an excellent solution for people who carry sensitive data for work but don't want to shell out the big bucks for specialized drives. The only thing to think about is that if you intend on using TrueCrypt to encrypt your entire drive, you'll have to have TrueCrypt on any computer where you may need to access that data (or on another thumbdrive you carry with you). If you're using the Windows version of TrueCrypt you can run the Traveler Disk Setup from the Tools menu which installs TrueCrypt to the root of the thumbdrive so you can access that encrypted partition (file) from any computer without having to install TC to that pc. Unfortunately, this isn't available in the Linux version.
TrueCrypt is an excellent solution for encrypting sensitive data. It works on Windows, Linux, and OSX so you can access your data anywhere and it uses the highest encryption level available to civilians, which is also good enough to encrypt documents labeled Top Secret by the US Government. By the way, the Corsair Flash Voyager USB drive comes with TrueCrypt ready for you to encrypt your data. Not sure if any other drives come with TC, but there are a variety of drives that come with other solutions. If you have any preferences, let us know!
There is a whole realm of hacking that isn't necessarily to do with computers. Hacking is the art of learning how things work and implementing them in new and interesting ways. I've found a website that specializes in this form of hacking. Kipkay Videos features some very interesting articles on how to modify everyday items in order to make them work for you in ways you may not have thought of before.
You can find videos on everything from making your own illumninated keyboard to improving your gas mileage, or even using your phone line to provide power for a lamp during a power outage! Pretty much anyone can take advantage of this form of information. Hacking of this nature can be used by anyone, anywhere without the intense technical knowledge needed by computer hackers.
There are lots and lots of places to find information like this. One of my favorites is Instructables.com. On Instructables, you'll find so many projects your head will swim with ideas. Not only does it provide a great number of things for you to try, but it also can ignite personal inventiveness and inspire you to create your own projects. This form of hacking is very rewarding and very readily available to anyone. You can hack anything, anytime, anywhere as long as you've got a vision of doing so. If you can think of a cool hack, do it and tell us about it. Post it some information about it so we can do it too!
The latest issue of the free pdf-based security magazine publication, (IN)Secure Magazine, has been released. (IN)Secure Magazine is an absolute must read for anyone interested in security as it contains tons of great information and insight that you don't find anywhere else.
Here is what you can find in this latest issue:
- Security standpoint by Sandro Gauci: when best intentions go wrong - Review: Red Condor Hosted Service - Reverse engineering software armoring (part 1) - Security training and awareness: strengthening your weakest link - Hacking Second Life - Building a secure wireless network for under $300 - Assessing risk in VoIP/UC networks - Open redirect vulnerabilities: definition and prevention - Migration from e-mail to web borne threats - Bypassing and enhancing live behavioral protection - Point security solutions are not a 4 letter word - The future of security is information-centric - Corporate due diligence in India: an ICT perspective - E-mail encryption service: a smart choice for SMBs - Securing the enterprise data flow against advanced attacks - How to prevent identity theft - Security flaws identification and technical risk analysis through threat modeling
The venerable authentication auditing app, Cain & Abel has released their latest version with some additional features. As most security professionals know, C&A is an indispensable tool when it comes to auditing network security and now it has even more features.
At first glance, it doesn't look like much is added. That's understandable since it does so much already but if you'll look a little deeper you'll find that the things it does add are very important to auditing modern networks. Some of the new features from the changelog are:
- Added Oracle TNS Password Cracker (Dictionary and Brute-Force Attacks for DES and 3DES hashes). - Added Oracle TNS sniffer filter for DES and 3DES authentications. - Fixed a bug in VNC sniffer filter for new RFB protocol versions. - Fixed a bug with TCP/UDP/ICMP traceroute and Windows raw socket error code 10022. - Fixed a bug in RSA SecurID Calculator for keyfobs with serial numbers of more than 8 digits. - Fixed a bug in Dictionary Attack crackers regarding mixed Hybrid and Case Permutations variants. - Fixed a bug in challenge spoofing and NTLM downgrading when one of the victim hosts is a gateway. - OpenSSL library upgrade to version 0.9.8h.
It has finally arrived! The long awaited version 3 of the most popular and most powerful penetration testing livecd is here! Backtrack 3 takes what you loved about Backtrack 2 and pumps it full of steroids. With a bunch of new tools and a snazzy new bootsplash, Backtrack is back and it's kickin ass! It looks like the Remote-Exploit team has seen the need for more application layer and fuzzing tools and delivered the best of the best tools for web application testing and fuzzing. There are a couple neat new tools you've never seen before and might get you excited to try the new BT.
I will highlight the tools that really stood out to me here but keep in mind that there are plenty more that may be more suitable for the testing you're more accustomed to so don't think this is all the disc has to offer. The first tool I found and played with for a couple hours is metagoofil. metagoofil is a simple little application that lets you utilize google to search domains for several filetypes and automatically download the files it finds. metagoofil can cut information gathering time down to nothing and give you a nice directory full of everything it finds. Very simple concept, but also a tool I bet alot of penetration testers will drool over.
hackomatix is an automated SQL injection tool that you can configure via an ini file. It looks to be very versatile and customizable to whatever db structure you can think of. Very handy tool, but I'll have to test it more to get a real feel for it. Worth a look for anyone that does alot of SQL security testing.
Something new and original in Backtrack 3 is EzPWN. EzPWN is a "Backtrack companion" that allows you to do some common things with minimal effort, such as nmap, amap, unicorn, etc scans, access to Metasploit, and access to common utilities such as XHydra. This is clearly just a jumpoff point to those standard utilities that every pentester uses and while it may not add alot of NEW features, it sure does add some convenience.
Something else I had never seen before is Metasploit's companion webapp (no, not msfweb), FastTrack. FastTrack allows you to quickly run some popular attacks with Metasploit, such as the MSSQL Root SQL Injector, SQL Bruter, Metasploit Mass Client Attacker, Remote Command Shell, and "Metasploit Autopwn Automated" which portscans a target and runs some common exploits against ports it finds open. Given, this won't work on a properly secured host, but pentesters aren't looking for properly secured hosts, now are they?
Something else I should mention, they have 3 distinct versions of Backtrack 3 to download. There's the USB version, which you can either install on a USB drive or burn to a DVD; there's the stripped down version that will fit on a CD; and there's the VMWare image of Backtrack 3 that you can just plug into your VMWare implementation and run with it. Very cool to have these options.
There are lots of interesting tools to play with in BT3. Far too many for me to mention here. Go download it and have fun. Great job, Backtrack team!
There have been tools around for a long time that will allow you to change your mac address. The most famous of which probably being SMAC. Most (if not all) of them are proprietary programs that cost money. If you've ever bought one of these programs, I've got bad news for you, you paid money for a program that changes a single registry entry. That's right, you've been had.
To get technical, the registry entry in question is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002Be10318\<XXXX>\Ndi\params\NetworkAddress where <XXXX> is the id of the NIC you're working with. If the value of that key is set, Windows will use that value as the MAC address of the NIC, otherwise it uses the hardcoded MAC address on the NIC itself. But that's the hard way of doing it. Now there is a free program that lets you do this and gives you some pretty nice options to tweak it to your liking.
Technitium MAC Address Changer is a free tool that lets you choose from a list of manufacturers' MAC addresses, use a custom MAC, use a random MAC, use a random MAC from a certain vendor, restart the card and apply the changes instantly, save and load presets, and a load of other options. If you need a Windows program to manage your MAC address, and any security professional will need this at some point, TMAC is your best choice.
Now, on to how to do it in Linux. Just open up a terminal and run the following as root:
ifconfig eth0 down ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX ifconfig eth0 up
Where the X's are the hex for the mac address. Of course, if you don't want to change eth0, you can replace that with ethX or athX or whatever your interface is called. Or you can do it the easy way and use a program called macchanger which is readily available in most package management schemes. macchanger's website has some great examples of how to use it.
After a long wait, the definitive penetration testing livecd, Backtrack, has reached the final version and is released to the public. BT3 offers some tools new to the BT arsenal such as SAINT and Maltego.
SAINT has provided BT3 with a working version but you do have to request an IP range license with SAINT which is valid for 1 year (get 10.0.0.0/8 that ip range will work with any other range).
Paterva has provided BT3 with a special version of Montego with a community license especially for Backtrack users. Montego is a network inventory application with alot of nice features. Paterva has usage guides and videos on their website to check out.
Unfortunately, Tenable would not allow distribution of Nessus on Backtrack 3. This is unfortunate as Nessus is an essential part of any pentester's arsenal. Fortunately, Backtrack now comes in 3 flavors, livecd, USB, and VMWare. For the USB and VMWare versions, you can install Nessus on your own and have it there. I wish there was an open alternative to Nessus though, it seems like its always becoming more and more restricted. Then again, we do now have SAINT but I'll have to see if its restricted in any way by having been modified for distribution with Backtrack.
Great job, Backtrack Team. I'll be giving BT3 a looksee over the next few days and I'll give it a more thorough review once I'm more familiar with it.
Lynis is a nice little application that checks a linux (or possibly other UNIX-type operating systems) for standard misconfigurations and possible security threats. Unlike system integrity verifiers, like tripwire or aide, Lynix doesn't monitor file changes, rather system configurations and installed software for possible security threats.
It generates reports for review and includes a cron option that optimizes output for automated scanning (removes text color, uses certain switches automatically to decrease line lengths, prints only the warnings). You could even write a script to cron that emails you the results every time it runs so you can be kept up to date on its findings with minimal effort.
Lynis is still under development and it really doesn't do a great deal at the moment, but it does have plugin features so you can expand on its functionality. I'm sure with time, this software will evolve into something really useful. Don't be scared to contribute to this, if you're a system administrator or penetration tester, get in there and write some plugins or contribute code upstream.
Many of the internet attacks these days are DDoS, distributed denial of service attacks, that are carried out by an attacker that has infected hundreds if not thousands of PCs with a trojan designed to flood a target at his command. This is called a botnet, and the infected computers are called zombies. These zombie computers can be any computer in the world, the attacker doesn't care who his zombies are, just that they exist. That means that you could be the unwitting tool of a malicious user. Trend has released a new tool called RUBotted that runs in the background and looks for signs of zombie infections. I haven't personally tried this and I know very little about it but it can't hurt to run it once and see if you're infected. Even if you're not infected, it may not be a bad thing to keep it running in the background to make sure you stay that way. This could be an option for IT departments that worry about the PCs on their networks from becoming zombied, which is happening more often.
This is by no means a cureall and you should still run your antivirus and antispyware software regularly and use smart downloading practices as a first line of defense. RUBotted would only be a supplement to catch things your antispyware solution didn't catch.
SecurityTube.net is a new entry in the *tube genre of video aggregation websites. It specializes in security videos of all types. While YouTube and other sites have been a great resource for me, SecurityTube has the potential to be so much better. It is still in beta and new features are being added but its a fully functional site with lots of interesting videos to watch. The interface is a little bare to be honest but I think they're trying to seperate themselves from the rest of the crowd, but it does need some polishing, there are some features missing (like volume controls). Also, some of the videos are a bit hard to understand because the speaker is not a native English speaker, but you should be able to understand it enough.
Here is a sample video about IP packet injection.
The videos are divided into sections labeled Coding, Tools, Basics, and Fun so you should be able to find what you're looking for relatively fast. The site does have a search feature, of course so if you know exactly what you need, you can find that as well. Keep in mind that this is a new site, so it needs some people to upload content. I encourage everyone to do so and help make this site big!
