Monday, August 31, 2009

Indonesian Hackers Launch Independence Day Attack on Malaysian Web Sites

A ring of Indonesian hackers on Monday claimed to have attacked a list of more than 120 Web sites as retribution for Malaysia’s alleged theft of Indonesian cultural items and abuse of migrant workers.

A statement was posted on a Blogspot blog titled "Terselubung" saying that a number of Malaysian Web sites had been hacked and defaced to “celebrate” Malaysia’s Independence Day, which fell on Monday August 31.

“Today, August 31, 2009, an uncreative country, a country who likes to steal Indonesian culture, a country whose citizen is the mastermind of bombings in Indonesia, a country who has tortured many of our sisters — the migrant workers who worked there, a country who abused our national anthem, a country who harassed Indonesia on the Internet, a country that has stolen Sipadan and Ligitan islands, a country which has trespassed our water illegally, a country which received their independence from Britain, is celebrating its anniversary,” the Web site stated.

From HITB website

If you want to see original article from Terselubung blog is here:
http://terselubung.blogspot.com/2009/08/perang-online-dengan-malaysia-di-mulai.html

Friday, August 28, 2009

DNSenum

DNSenum is a pentesting cool created to enumerate DNS info about domains.
The purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations:

1) Get the host's addresse (A record).
2) Get the namservers (threaded).
3) Get the MX record (threaded).
4) Perform axfr queries on nameservers (threaded).
5) Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain").
6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
7) Calculate C class domain network ranges and perform whois queries on them (threaded).
8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
9) Write to domain_ips.txt file ip-blocks.

Thursday, August 27, 2009

Hacking Exposed:Network Security Secrets and Solutions

I'm still reading this Hacking Exposed 6th Edition book. I hope i will finish this week.
Hacking Exposed established this entire genre of books. Now in its 6th (and 10th anniversary) edition, and having sold millions of copies throughout the world, the book remains the #1 best-selling computer security book in the world and it is still just as useful and valuable as it ever was. Kurtz, McClure, and Scambray have once again update this highly resected title to include the latest and greatest in attacks and exploits, as well as the cutting edge countermeasures and security controls you can implement to protect your PC or your network.
New and updated material:

-New chapter on hacking hardware, including lock bumping, access card cloning, RFID hacks, USB U3 exploits, and Bluetooth device hijacking
-Updated Windows attacks and countermeasures, including new Vista and Server 2008 vulnerabilities and Metasploit exploits
-The latest UNIX Trojan and rootkit techniques and dangling pointer and input validation exploits
-New wireless and RFID security tools, including multilayered encryption and gateways
-All-new tracerouting and eavesdropping techniques used to target network hardware and Cisco devices
-Updated DoS, man-in-the-middle, DNS poisoning, and buffer overflow coverage
-VPN and VoIP exploits, including Google and TFTP tricks, SIP flooding, and IPsec hacking
-Fully updated chapters on hacking the Internet user, web hacking, and securing code

Table of contents

Part I: Casing the Establishment
Chapter 1. Footprinting
Chapter 2. Scanning
Chapter 3. Enumeration
Part II: System Hacking
Chapter 4. Hacking Windows
Chapter 5. Hacking Unix
Part III: Infrastructure Hacking
Chapter 6. Remote Connectivityand VoIP Hacking
Chapter 7. Network Devices
Chapter 8. Wireless Hacking
Chapter 9. Hacking Hardware
Part IV: Application and Data Hacking
Chapter 10. Hacking Code
Chapter 11. Web Hacking
Chapter 12. Hacking the Internet User
Part V: Appendixes
Appendix A. Ports
Appendix B. Top 14 Security Vulnerabilities
Appendix C. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
Index

Auto SQL injection co-opts thousands of sites

An automated attack using SQL injection has compromised tens of thousands of Web pages with code that tries to upload a data-stealing Trojan horse program to visitors' computers, security firm ScanSafe said last week.

The attack, which had inserted iframe scripts into as many as 130,000 Web pages as of Tuesday, uses the compromised pages to attempt to infect visitors with a backdoor Trojan horse that includes keylogging and download functionality, Mary Landesman, senior security researcher for ScanSafe, said in an e-mail interview on Tuesday. The initial Web site compromises appear to have been accomplished through an automated database injection attack, which matches with a trend seen by Landesman and others.

"SQL injection attacks are the most commonly observed compromise vector," Landesman stated. "Web attacks have been growing at the rate of 1 percent per day over the past year, with over half of all observed attacks the result of SQL injection."

Web attacks using SQL injection have become a lot more popular in recent years. Last week, a federal indictment of an alleged data thief stated that all five corporate victims -- including Heartland Payment Systems and Hannaford Bros. -- had initially been compromised through an SQL injection attack. In 2008, about 20 percent of the 5,600 vulnerabilities entered into the National Vulnerability Database were related to SQL injection, according to the service's statistics page.

In the latest spate of attacks, the Trojan horse programs downloaded to compromised computers are poorly recognized by most security software, Landesman said.

"Signature detection ranges, with a high of roughly 50 percent of signature vendors detecting some of the malware and a low of less than 10 percent," she said. "The attackers are continually swapping domains, using multiple exploits, and swapping out the eventual malware binaries to ensure low detection rates from signature-based technologies."

This article from Securityfocus.com