What is Denial Of Service (DoS) Attacks ?

Denial Of Service (DoS) Attacks

A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it’s users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:-

Ping Of Death

The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it’s commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536).
example:- c:/>ping -l 65540 hostname
Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack.

Teardrop Attack

Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below:
* packet 1 will carry bytes 1-1000.
* packet 2 will carry bytes 1001-2000.
* packet 3 will carry bytes 2001-3000.
In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other.
(bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500)
When the target system receives such a series of packets, it can not reassemble the data and therefore will crash, hang, or reboot.
Old Linux systems, Windows NT/95 are vulnerable.

SYN – Flood Attack

In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems’ memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent.

Land Attack

A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYN packet include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack.

Smurf Attack

There are 3 players in the smurf attack–the attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic.
Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging the network and preventing legitimate users from obtaining network services.

UDP – Flood Attack

Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.

Read More...

Firefox to introduce click-to-play option to protect against dangerous plugins

Jared Wein of Mozilla blogged last month about a new feature he was developing for Firefox 14 called "click-to-play". The idea is to block the default loading of plugins like Java and Flash when surfing to reduce the memory footprint and provide protection against exploitation of plugin vulnerabilities.

       

If you have ever used NoScript, ScriptNo or Flashblock you will be familiar with this idea. When you load a page like YouTube that has an embedded Flash/PDF/Java object, instead of it instantly loading the video you will see a black box with a logo representing the plugin. When you click on the box it will launch the plugin and the video or other content will be rendered.

Writing in ZDNet's Zero Day blog, Dancho Danchev expressed his opinion yesterday that all Firefox's adoption of this technique will accomplish is slowing down the systematic exploitation of plugins and not really provide meaningful protection.

Sorry Dancho, I don't think I agree with you on this one. While Danchev makes some valid points regarding the continuing prevalence of social engineering to propagate threats, implementing more secure default options are always a good thing.

Many drive-by exploits are invisible to the user and don't involve any social engineering. I would argue the vast majority of what we see in SophosLabs doesn't involve trickery, users simply visiting the wrong blog at the wrong time results in malware being installed without the user even being aware that the page contains a Java applet or Flash object.

This may lead the attackers to move toward social engineering more frequently, but isn't that a good thing? Make users aware of the content they are running and give them a chance to make a decision? I am sure many users will still make the wrong decision, but I certainly want the opportunity to make the correct decision rather than be instantly exploited.

The best example I can think of was a malicious PDF file that was part of an investigation I was involved with. The victim would receive an email with a plausible looking link. They click on the link and the website they are directed to pauses for a second, then proceeds to load with the promised content.

What happened? Their browser loaded a booby-trapped PDF without the user even knowing that a PDF file had been downloaded. After exploiting them the page simply redirected them to the originally promised content to allay suspicion.

My opinion? Good on ya' Mozilla. Keep making the bad guys job harder and giving Firefox users better security by default. No single feature wins the war, but every battle counts.

Read More...

Apple update to OS X Lion exposes encryption passwords

Apple's had a rough time lately on the security front. Last month it was caught out having delayed the release of a security update for Java, resulting in more than 600,000 Macs being recruited into a botnet. Now a quality assurance mistake can cause OS X users' FileVault encryption passwords to be exposed.

On Friday, David Emery posted to an encryption mailing list disclosing this flaw in the latest OS X Lion security update, 10.7.3, which was released in February.

It appears that a debug option was accidentally left enabled in FileVault, resulting in the user's password being saved in plain text in a log file accessible outside of
the encrypted area.

Anyone with access to the disk can read the file containing the password and use it to log into the encrypted area of the disk, rendering the encryption pointless and permitting access to potentially sensitive documents. This could occur through theft, physical access, or a piece of malware that knows where to look.

To my knowledge, this only applies to users of Snow Leopard who used the FileVault encryption option for their home directories. It does not impact users of FileVault2 who have turned on Apple's full disk encryption, nor does it impact users who did not upgrade from Snow Leopard.

The best course of action is to implement a full disk encryption solution like Sophos SafeGuard for Mac or Apple's included FileVault 2.

                 

Additionally, vulnerable users who do not encrypt their Time Machine backups risk replicating this log file to their backups, which could mean long-term storage of their unencrypted password.

This proves a very important point when it comes to encryption. While choosing a secure algorithm is important, it's rarely the most important factor. How products store, manage and secure keys and passwords is the most common failure point in assuring data protection.

This incident demonstrates the importance of implementation over technical arguments like key strength and password complexity. That Apple promises AES encryption doesn't mean anything if it chooses to store your password in an accessible log file.

Let's hope Apple is able to fix this problem quickly. However, the possibility that the plain text password has been backed up and the difficulty of ensuring both copies and the original plain text password are securely erased means retrieval could still be possible even after the fix is applied.

Once Apple users receive and apply the fix, they would be well advised to consider this password compromised, change it and ensure it is not used on any other systems.

Read More...

Microsoft cracks down on racy apps in Windows phone store

Microsoft is working with developers to clean up apps in the Windows Phone Marketplace that contain racy or sexual content. The company said in a blog post it would contact developers whose apps icons and tiles contain racy imagery and that it would enforce its sexual content guidelines more stringently.

In a similar fashion to Apple’s no-nonsense approach to sexual content in the App Store, Microsoft Windows Phone Marketplace guidelines already ban content that “a reasonable person would consider to be adult or borderline adult content.” But Todd Brix, Microsoft's senior director for Windows Marketplace, said, “a more stringent interpretation and enforcement of our existing content policy” will now be in place.

It’s easy to see what Microsoft is talking about. A simple search for the word sex in the Windows Phone Marketplace returns just under 100 results, and the icons and artwork used in some of these apps could be seen as overly revealing of what you expect to find inside. Because Microsoft wants mass adoption of Windows Phones, it will have to offer reassurances to parents that it’s safe for their kids to play with a Windows Phone without being exposed to racy content.

“This is about presenting the right content to the right customer and ensuring that apps meet our standards. We will also monitor customer reaction to apps and reserve the right to remove ones that our customers find offensive,” Brix explained. He said only “a handful” of developers will be affected by the changes, and they will have to address issues relating to the icons and titles of their apps, or they will be removed from the store.

Microsoft’s terms seem to be lenient enough though, as Brix said, “What we do permit is the kind of content you occasionally see on prime-time TV or the pages of a magazine’s swimsuit issue,” so the company is not actually banning sex-related apps. The suggestion for developers is to show male or female models in silhouette, or drawings, rather than provocative imagery.

The racy app purge from Microsoft is a part of wider changes the company is implementing for the Windows Phone Marketplace, which hosts some 70,000 apps (still a fraction of Apple’s 500,000 and Google’s 450,000). Other new measures include cleaning up keywords and categories, thus making searching for apps more effective.

Read More...

7 New Educational Startups Founded By Minorities in Tech

One of today’s most challenging yet promising markets is the educational system. If you want to see startups hungry to disrupt an industry, look no further. Founders are trying to solve the problems plaguing our education system: including reconciling student debt, providing students with the skills required to land a job both before and after graduation, and offering the best course material online regardless of age, location and educational level.

Millions of people are headed to the Internet to learn. And now everyone, from professors to entrepreneurs, are looking to launch a platform to solve the problem of a broken traditional educational system  – And many believe that Silicon Valley will have the answers.

If you look at the demographics (high school dropout rates, high unemployment and the number of people taking online courses) you’ll find a common denominator; minorities are leading in three categories. In 2011, only 57 percent of blacks and Latinos graduated from high school, compared to 80 percent of Asians and 78 percent of whites. While data reports that only 1% of tech startups are founded by African Americans, you’ll find a significant number of educational startups founded by minorities (women, Hispanics and African Americans) in the now-increasing 1% of minority tech startups.

So where are all these startups hiding you ask? Well here are seven up-and-coming educational startups founded by minorities that I believe will have an significant impact in the educational space  – not just for minorities but for anyone looking to learn online, current students and teachers alike.

1. UniversityNow

The mission of Universit
yNow is to help ensure that affordable, high quality post-secondary education is available to people everywhere. To accomplish this, UniversityNow is building a network of the most affordable and accessible accredited universities in the world, starting with the launch of New Charter University.
Gene Wade, Co-Founder

2. Houlton Institute

Houlton packages courses into credentialed and non-credentialed programs targeting adult learners. By revenue sharing with partnering institutions, partners are able to monetize their expertise. Houlton creates one-of-a-kind online programs from its unique and exclusive partner network, which are disseminated via Houlton’s scalable, personalized, web-based learning platform.
Dennis Robinson and Dan Merritts, Co-Founders

3. Demo Lesson

Demo Lesson is a revolutionary online hiring platform that gives teachers the power to market themselves.
Mandela Schumacher Hodge and Brian Martinez, Co-Founders

4. Qeyno Labs

Qeyno Labs works with local partners and schools to bring technology-enabled career discovery into under-served classrooms using game-like rewards and mentorship from successful professionals.
Kalimah Priforce, Co-Founder

5. StockOfU

StockOfU allows individuals and businesses to buy “shares” of college students in order to help subsidize a student’s education costs.
Ty McDuffie, Founder

6. Pathbrite

Pathbrite delivers next-generation solutions that help students and learners of all ages collect, track and showcase a lifetime of achievement, and recommend pathways for continuous success.
Heather Hiles, Founder and CEO

7. Code Academy

Code Academy is an 11-week program that teaches people how to build web applications.
Neal Sales-Griffin and Mike McGee, Co-Founders

With these seven startups, and many, many more launching shortly, the educational system is ready for disruption. And after that, the real question is “What impact will these educational startups will have on our economy?”  And “Will they prepare students to land qualified jobs after graduation? Or provide them the skills to launch their own businesses?”

Read More...

Amazon releases desktop app for its cloud storage service

If you have an Amazon account, you also have five gigabytes of free online storage for your files at your disposal through the Amazon Cloud Drive service. You may not have known that, though, because accessing that space hasn't been as easy as it is with services like Dropbox and SkyDrive.

That changed Wednesday with Amazon's release of a free desktop program for its cloud storage service. There are versions of the software for Windows Vista, Windows 7, and Mac 10.6 and 10.7.

The software is a cinch to install in Windows. After downloading the program from Amazon, you simply double-click the app's installer. A window will pop up. Click install. At the end of the install, click "finish" and another window will appear asking for your Amazon log-in information. Fill in the fields, and you're ready to start uploading files to the Amazon cloud.

When the drive app is running, you can send files to the cloud by right-clicking on a file on your computer, hovering over the "send to" option and choosing Amazon Cloud Drive from the "send to" menu.

You can also upload files to the cloud drive by dragging them to the cloud icon that appears in the system tray.

When you want to download or manage files on your cloud drive, you have to access it via a web browser. You can go directly to the drive at Amazon's website or right-click on the task tray icon and choose "Open Cloud Drive website" from a pop-up menu.

Website access to files doesn't seem as convenient to me as the kind of local file management that can be done with Dropbox, Google Drive, and SkyDrive.

For example, when you open Dropbox on a desktop, an Explorer-like window appears. You can drag files into the window to upload them Dropbox. You can drag files out of the window to download them. You can also create and delete folders and files--all without diddling with a web browser.

Nevertheless, the new Amazon software at least makes saving digital content to the company's cloud drive much easier and makes the service more useful.

By the way, if 5GB of free cloud storage isn't enough for you, Amazon offers pretty reasonable rates for paid storage: They start at 20GB for $20 a year to 1TB for a $1000 a year.

Read More...

Intel-McAfee developing cloud-security strategy

Intel, which last year acquired McAfee for its security expertise, today described work it is doing to provide enterprises with a way to secure data stored in public or hybrid cloud environments.

Jason Waxman, general manager of Intel's Cloud Infrastructure Group, joined with Greg Brown, vice president of network security at McAfee, to describe the strategy that's being pursued to let IT managers gain better understanding about the security of their cloud workloads.

McAfee's ePolicy Orchestrator (ePO) management console, which has long been a workhouse to aggregate multi-vendor security information in addition to McAfee's own products, is well-positioned to audit cloud environments.

By using McAfee ePO with Intel Trusted Execution Technology (TXT) in TXT-enabled Intel servers, it's possible to establish a baseline determination of assurance and confidence when undertaking tasks such as transferring workloads from server to server , for instance, using VMware's VMotion, they said.

"It's a hardware-based root of trust," said Waxman, noting the technology allows servers to be defined as "trusted" or "untrusted." When combined with McAfee's MOVE AV anti-malware for use in virtualized environments, it's possible to also learn if the server has any "issues identified." In addition, the McAfee Cloud Security Platform, which has been available for some time to allow IT departments to apply access and security policies in the cloud, is being developed further to provide integrity assessment, asset control and protection, and broader auditing capabilities, Intel said. Other McAfee security products, such as Identity Manager and Deep Defender, are also seen as contributing to the security assessment and protections under the strategy.

The end goal is to give IT managers a way to perform a wide variety of security checks on both the servers, usually virtualized, and the data they make use of in public cloud and hybrid cloud arrangements.

"We believe we have a pathway to deliver that vision," said Brown. He noted today the Cloud Security Platform can secure data traffic between the enterprise and the cloud. He said in the future, the goal is to enable perform a wide range of security assessments.

When asked whether the Intel/McAfee strategy for enterprise-to-cloud security will rely on Intel/McAfee products alone, Waxman replied TXT might work with other solutions, but "we'd like to see best practices where people use all of these technologies together." He said other announcements related to the Intel/McAfee cloud security strategy are soon expected in terms of product support.

Read More...

Android Network Toolkit (ANTI) Review - Pentest at the push of a button

Recently White-Hat Hacker, Itzhak "Zuk" Avraham, the founder of zImperium unveiled its new app in Blackhat / Defcon19, introducing a new concept where both home users and local IT can have the same tools to, at the push of a button, check for their security faults. The new zImperium product, named Android Network Toolkit (or in short - ANTI), allows professional penetration testers, ethical hackers, IT and home users to scan for security issues in their network.

In a few simple clicks ANTI covers the most advanced attack vectors in order to check for vulnerabilities, even those that up until now could only be performed by top-notch penetration testers. This means that while you might think that you’re safe because you have a firewall on, with ANTI you can check and prove it (or add it to your penetration testing report if you’re doing this as a job). Know if your desktop is easily hackable only a few clicks away by using the ANTI “Penetrate CSE” button, which will perform both MiTM and inject Client Side Exploit to check if you have the latest version of a vulnerable software (e.g: outdated java). You only need to imagine re-producing this using other currently available methods to appreciate why ANTI has gotten so much respect from our community.

“Penetrate CSE” is part of the newly released ANTI3, which covers more vulnerabilities than before. The authors at zImperium will keep improving this product and add even more vulnerabilities in the future.


Upon successful client-side / remote exploitation, the report is updated with the current findings that a specific computer wasn’t patched for a certain vulnerability. Performing MiTM and injecting exploits has never been so easy for the professional penetration tester and is now also available for the home-user and the IT - you don’t have to be a security guru to run security checks!

ANTI runs on Android version 2.1 and up, while CSE vector only one of several capabilities that makes this tool very powerful, especially when it runs on your smart phone!



The app is also capable of mapping your network, scanning for vulnerable devices or configuration issues. It is for use by the amateur security enthusiast home user to the professional penetration tester, ANTI provides many other useful features such as: easy connection to open ports, visual sniffing (URLs & Cookies) and - establishing MiTM attacks (using predefined and user-defined filters), Server Side / Client Side Exploits, Password cracker to determine password’s safety level, Replace Image as visual in demos and Denial of Service attacks. All this is packed into a very user-friendly and intuitive Android app (and soon to be released iOS app).

As zImperium chose to enable ANTI via their website, rather than through the market, thus the APK is installed manually by a few simple steps:
Go to http://www.zImperium.com/anti.html and follow the instructions there. You will receive a download link to your email. Open this link from your smartphone and then install the app as instructed. (Make sure that 3rd Party Applications is enabled in Settings->Applications->Unknown Sources.)

iOS users can join the list of upcoming (public) BETA testers in the same page, by clicking on the Apple icon.

On each run, ANTI will prompt to map the connected network, and when done, it will suggest scanning it for known vulnerabilities and misconfiguration on the targets found. Once a vulnerable target (to remote attacks) is found, it will be marked with red stamp and will appear on the report as a vulnerable device. Displayed in the report is the issue (e.g : MS08-067), how to solve the issue (Windows Update) and how to defend from similar threats in the future (Block port 445 on firewall).

We start by mapping the network - ANTI will scan and detect devices connected to the network. Each device will be displayed with a suitable icon identifying its hardware type and/or the operating system. We can then further scan for vulnerabilities on each of the devices found.

 Now that we have our available targets displayed, we can choose any of them to try and penetrate, connect, or sniff network traffic.

The sniffer captures network traffic and displays images, URL’s, user/password combinations, and cookies - all this is collected from the target in real-time, and displayed on ANTI for viewing and examining. We can click on any of the URL’s/cookies to visit the same site our target is visiting.

ANTI also allows us to connect to open ports on the targets, also displaying the opened ports that were found on previous scans.

After playing a bit with the app, I feel comfortable enough to try and penetrate one of my computers, running Windows7 or Mac OS X that are updated only to 1 month prior to this report. I choose the target and click ‘Penetrate CSE’. This plug-in is injecting javascript code using MiTM into target's traffic and redirect traffic to a URL serving Client Side Exploit. Once the target got exploited, ANTI reveals several functions that can be executed over the exploited target: Send screenshot of the current desktop, execute command. The controller functionality is implemented in a very easy-to-use and fun (!) way, allowing both advanced users and home-users to understand the risks of the found vulnerability - while zImperium censored any real possibility to cause real damage to the target, they allow basic information gathering and real life demos such as ejecting the CD-ROM, or grabbing a screenshot (for the assessment’s final report).

I decided to try the password-cracker on my router. I then realized (the good old hard way) that I better change my password ASAP since it took ANTI less than 30 seconds to crack! Next I executed the cracker on my target running a SQL server and, lo and behold, ANTI didn’t discover the passwords - due to use of high complexity passwords. These results were enough to get me to (finally!) change my router’s password.

There are additional functionalities built into ANTI, such as a unique and fully functional HTTP server that allows publishing files on your device, as well as uploading files to the device, visual traceroute using google-maps, and more.

Once we are done testing, the most important ANTI function is the Report - Everything we have found in the network, vulnerable devices, opened ports, and extra information that will later assist when preparing the assessment report - all is summed up in text and emailed. ANTI3 supports multiple networks so now you can fully use it for your daily penetration tests. And everything is extremely user-friendly!

Download ANTI3 from zImperium website

Read More...