hakin9_02_2007(1).pdf

~ t q w ~

~ t q w ~

~ t q w ~

hakin9

The art of defense

In brief

Should we be rather skeptical when it comes to IT

security? Is it an appropriate idea to secure your PC just

like it was a vault full of gold and money? YES. It's better

be safe than sorry.

If you still have some doubts, let me remind you some

of the most spectacular events.

In May 2006, security researchers discovered a

backdoor in Diebold's AccuVote-TS touch-screen voting

machines that could allow an attacker to manipulate votes,

cause malfunctions, or create a voting virus that spreads

from machine to machine – all in under a minute and with

little fear of detection.

Also in 2006 the keylogging devices could have easily

cracked the login technology used by HSBC and another

major high street banks. Cardiff University researchers

discovered the law, which enabled to break into accounts

within just nine attempts.

AOL apologized after the data from its search logs on

over 600,000 customers' search habits was released.

Google's oficial blog has fallen into unauthorized

hands twice last year. First, Google staffers deleted the

Google Blog by mistake and someone briely took control

of the Web address, then, someone exploited a bug in

Blogger and published a note riddled with grammatical

and spelling errors, saying that Google had ended its

click-to-call advertising project with eBay because it was

monopolistic.

Eugene H. Spafford said: The only truly secure system

is one that is powered off, cast in a block of concrete and

sealed in a lead-lined room with armed guards – and even

then I have my doubts.

We agree thus we bring the next issue of hakin9 maga-

zine to you. hakin9 team believes it is better to be safe

than sorry; but it is the best to be safe, not-sorry and to

have fun and improve skills at the same time.

As usually we present interesting and up-to-date tech-

niques of breaking into computer system and defending it.

Our aim is to help you to be well informed in regards to the

methods crackers use and the techniques and tools that

can be used when protecting your network from various

intrusions. We wish to enable you to eficiently protect

your personal PC or the whole company network and to

deepen your passion for IT security.

In this edition you will ind information on how Metasploit

or VCG work; what fuzzing is and last but not least – how

timing attacks can be run.

Also, we would like to invite you to a new game pre-

pared by Paul Sebastian Ziegler especially for hakin9

readers. You will be given interesting tasks to complete

which can bring you either attractive prizes or a great

satisfaction. Enter the game and check or improve your

hacking skills.

Magdalena Błaszczyk

A selection of news from the world of IT security.

CD contents

Magdalena Błaszczyk

What's new in the latest hakin9.live version (3.2-aur.)

and what must-have applications we grant you, Cisco

Certiied Network Associate course, part 2 and War-

game on our CDs.

Tools

Aimject

Jon Oberheide

The author presents a tool which facilitates man-in-

the-middle attacks against AOL instant Messenger's

OSCAR protocol via a simple GTK interface.

Nmap

Diman Todorov

The author describes Network Mapper developed by

Fyodor enabling user to explore the network and audit

the security level.

Basics

Metasploit – exploring framework

Michal Merta

Thanks to his article you will acquire a general knowl-

edge on how exploiting works as well as some more

detailed information on The Metasploit Project – an

interesting security initiative.

Attack

Fuzzing technique

Paul Sebastian Ziegler

Having read this article you will know what fuzzing

exactly is, what are its theoretical basics and what

makes it so eficient.

In remembrance of timing attacks

Stavros Lekkas, Thanos Theodorides

This text sheds the light on performing timing analysis

over the execution path of a program, leading to valid

usernames identiication on Unix and other services.

Testing Intrusion

Detection Systems

Magdalena Błaszczyk

magdalena.blaszczyk@haking.org

Rodrigo Rubira Branco, Lúcio Correia

The authors illustrate the dificulties behind shellcode

generation tool and many more of the technique's

features.

hakin9 2/2007

www.en.hakin9.org

~ t q w ~

Hard Core IT Security Magazine

Attacking adjacent memory

stack regions and software

vulnerabilities complexity theory

Editor in Chief: Ewa Dudzic ewal@software.com.pl

Executive Editor: Marta Ogonek marta.ogonek@hakin9.org

Editor: Magdalena Błaszczyk magdalena.błaszczyk@hakin9.org

Editorial Advisory Board: Clement Dupuis, Matt Jonkman,

Jay Ranade, Terron Williams , Shyaam Sundhar R. S.

DTP Director: Marcin Pieśniewski marcin.piesniewski@software.com.pl

Art Director: Agnieszka Marchocka agnes@software.com.pl

CD: Rafał Kwaśny

Proofreaders: N. Potter, D. F. Leer, K. Dawson, P. S. Rieth

Top betatesters: Wendel Guglielmetti Henrique, Justin Seitz,

Peter Hüwe, Damian Szewczyk, Peter Harmsen, Kevin Bewley

Angelo P.E. Rosiello

This writing presents how to exploit adjacent memory

regions in the stack and what is the easiest way of

classifying attacks and vulnerabilities in regards to

vulnerability complexity theory.

Defense

President: Monika Godlewska monikag @software.com.pl

Senior Consultant/Publisher: Paweł Marciniak pawel@software.com.pl

National Sales Manager: Monika Godlewska monikag@software.com.pl

Production Director: Marta Kurpiewska marta@software.com.pl

Marketing Director: Ewa Dudzic ewal@software.com.pl

Advertising Sales: Marta Ogonek marta.ogonek@hakin9.org

Subscription: subscription@software.com.pl

Prepress technician: Marcin Pieśniewski

marcin.piesniewski@software.com.pl

Spam – Virus Checking Gateway

Pierpaolo Palazzoli, Mateo Valenza

Thanks to this writing the reader will learn how to

analyze the spam issues and how to conigure and

customize an antispam-antivirus system.

Consumers tests

Publisher: Software Media LLC

(on Software Publishing House licence www.software.com.pl/en )

Postal adderss:

Software Media LLC

1461 A First Avenue, # 360

New York, NY 10021-2209

USA

Tel: 004822 8871010

www.en.hakin9.org

Firewall leak testing

David Matousek, Paul Whitehead

Especially for hakin9 readers specialists prepared

professional leak-tests of personal irewalls.

Software LLC is looking for partners from all over the World. If you are

interested in cooperating with us,

please contact us by e-mail: cooperation@software.com.pl

Rants from the Bleeding Edge

Print: 101 Studio, Firma Tęgi

Printed in Poland

Matt Jonkman

News from Bleeding Edge Threat. You wanna rant?

Distributed in the USA by: Source Interlink Fulfillment Division, 27500

Riverview Centre Boulevard, Suite 400, Bonita Springs, FL 34134

Tel: 239-949-4450.

Interview

Distributed in Australia by: Gordon and Gotch, Australia Pty Ltd.

Level 2, 9 Roadborough Road, Locked Bag 527, NSW 2086, Sydney, Australia

Tel: + 61 2 9972 8800

Strenght of awareness

Whilst every effort has been made to ensure the high quality

of the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only

for informative purposes. All rights to trade marks presented

in the magazine are reserved by the companies which own them.

Ewa Samulska

This month, hakin9 talks to Matt Jonkman known to

our readers as hakin9 columnist.

Self Exposure

To create graphs and diagrams we used program by

company.

John Viega's IT career

CDs included to the magazine were tested with AntiVirenKit by G DATA

Software Sp. z o.o

Magdalena Błaszczyk

It is a section presenting to our readers how interesting

and complex working in the IT security ield might be.

Books reviews

Stefan Turalski, Carlos Ruiz Moreno

Reviews of books: In Search of Stupidity: Over 20

Years of High-Tech Marketing Disasters; Hacking the

Cable Modem. What cable companies don't want you

to know.

Upcoming

Magdalena Błaszczyk

The next hakin9 edition overview.

The editors use automatic DTP system

ATTENTION!

Selling current or past issues of this magazine for prices that are

different than printed on the cover is – without permission of the

publisher – harmful activity and will result in judicial liability.

DISCLAIMER!

The techniques described in our articles may only be

used in private, local networks. The editors hold no

responsibility for misuse of the presented techniques

or consequent data loss.

www.en.hakin9.org

hakin9 Nr 2/2006

~ t q w ~

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: