hakin9_2010_11_36.pdf
(
6939 KB
)
Pobierz
429835261 UNPDF
PRACTICAL PROTECTION
IT SECURITY MAGAZINE
11/2010 (36)
team
Dear Readers,
First of all, Hakin9 team would like to wish you Merry
Christmas and Happy New Year! Maybe it is a bit too early
but we will „see” each other in January next time and it will be
too late:)
Since 2010 is coming to an end it is time for new
resolutions. We have one – make Hakin9 magazine better
– more popular and more reliable source for our readers. That
is why we are constantly in touch with our team of authors and
betatesters to get the most fresh and valuable opinions on
each issue. So at this point we would like to thank all people
who are helping us every day getting in return just a simple
thanks. Without your support Hakin9 wouldn’t be as it is now
– not only a magazine but a community of great people.
I hope we will be working together
next year as good as we did this
year!
Once again – Merry
Christmas and Happy New
Year! I hope all your wishes
and hopes for the future will
come true.
Editor in Chief:
Karolina Lesińska
karolina.lesinska@hakin9.org
Editorial Advisory Board:
Matt Jonkman, Rebecca Wynn,
Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt
DTP:
Ireneusz Pogroszewski
Art Director:
Ireneusz Pogroszewski
ireneusz.pogroszewski@software.com.pl
Proofreaders:
Henry Henderson aka L4mer, Michael Munt,
Jonathan Edwards, Barry McClain
Top Betatesters:
Rebecca Wynn, Bob Folden, Carlos Ayala, Steve
Hodge, Nick Baronian, Matthew Sabin, Laszlo Acs, Jac van den
Goor, Matthew Dumas, Andy Alvarado
Special Thanks to the Beta testers and Proofreaders who helped
us with this issue. Without their assistance there would not be a
Hakin9 magazine.
Senior Consultant/Publisher:
Paweł Marciniak
CEO:
Ewa Łozowicka
ewa.lozowicka@software.com.pl
Production Director:
Andrzej Kuca
andrzej.kuca@hakin9.org
Marketing Director:
Karolina Lesińska
karolina.lesinska@hakin9.org
Warm regards
Enjoy your reading
Karolina Lesińska
Editor-in-Chief
Subscription:
Iwona Brzezik
Email:
iwona.brzezik@software.com.pl
Publisher:
Software Press Sp. z o.o. SK
02-682 Warszawa, ul. Bokserska 1
Phone: 1 917 338 3631
www.hakin9.org/en
Whilst every effort has been made to ensure the high quality of
the magazine, the editors make no warranty, express or implied,
concerning the results of content usage.
All trade marks presented in the magazine were used only for
informative purposes.
REGULARS
All rights to trade marks presented in the magazine are
reserved by the companies which own them.
To create graphs and diagrams we used program
by
6 in Brief
Latest news from the IT security world
Armando Romeo, eLearnSecurity
ID Theft Protect
The editors use automatic DTP system
Mathematical formulas created by Design Science MathType™
DISCLAIMER!
The techniques described in our articles may only
be used in private, local networks. The editors
hold no responsibility for misuse of the presented
techniques or consequent data loss.
8 Tools
Flexcrypt
by Shyaam Sundhar
46 ID fraud expert says...
A brief analysis of the cyber security threat
by Julian Evans
50 Emerging Threats
Cyber State-Bullying
by Matthew Jonkman
4
11/2010
4
CONTENTS
BASICS
10 The Spyware Within You
by Rajat Khare
Yes, today’s spyware though resides in your computer or mobile but it’s
pretty much inside you. Whatever we do, wherever we go it’s stored in a
computer or an embedded device like mobile phone.
12 The Ear of Sauron
by John Aycock
In The Lord of the Rings, Sauron wiles away the time peering out over
Middle Earth with the Eye – lacking Internet access, Sauron couldn’t
occupy himself flaming hobbits online.Sauron’s Eye has been realized,
in a small way, by the webcams perched atop our monitors and
embedded into our laptops and mobile devices.
14 dasbot: controlling IRC via bash
by Israel Torres
dasbot is an intuitive bash file driven IRC bot. It was created on a Mac
and runs in a progressive
environment where it can be updated with ease at a moments notice. It
doesn’t require a compiler, sudo permissions or static path. You can run
it until you decide to restart your uptime.
20 Knowing VoIP Part II – Getting deeper to the settings
by Winston Santos
In the last chapter we talked about what is VoIP, its advantages and
disadvantages etc. But this time I will take you to the inside of the
process when people place/receive a call. I will take the opportunity to
explain what is required to properly configure a device to work + some
tips to help people in taking the best of the service.
ATTACK
24 TDSS botnet – full disclosure. Part II
Andrey Rassokhin and Dmitry Oleksyuk
After breaking into the world’s biggest botnet, which was covered in the
previous issue of Hakin9, we performed thorough analysis of the botnet’s
undercover logic. In this final article of the series the following details
are revealed: The C&C server general configuration; Bots accounting
system; Distribution partners accounting system; The C&C protocol
layout: bot requests and commands; Available control commands and
payload modules; Detailed botnet statistics by countries, distribution
partners, operating systems and bot versions.
DEFENSE
40 Search Engine Security and Privacy – Part 2
by Rebecca Wynn
It is always surprising to see how much information is available to anyone
with an Internet connection and little tenacity. Since Part 1 was published
in the July 2010 Hakin9 magazine, there have been huge changes within
the search engine world. I will name a few key changes here.
www.hakin9.org/en
5
Plik z chomika:
TirNaNog
Inne pliki z tego folderu:
Hakin9.07.(04.2004).PL.pdf
(49821 KB)
Hakin9.29.(09.2007).PL.pdf
(12061 KB)
Hakin9.17.(03.2006).PL.pdf
(58743 KB)
Hakin9.05.(02.2004).PL.pdf
(51314 KB)
Hakin9.01.(01.2003).PL.pdf
(3572 KB)
Inne foldery tego chomika:
ACE
AcornUser
AmigaComputing
AmigaFormat
AmigaShopper
Zgłoś jeśli
naruszono regulamin