Tuesday, December 4, 2012
id "hackers" are targeting common name Twitter accounts and reselling these accounts for a pretty penny. [Attention: The reporting below requires referencing profanities that may make readers uncomfortable.] In case you needed yet another example of why a simple password can come back to haunt you, a recently hacked Twitter account should have you heading over to your account settings. Daniel Dennis Jones, who had the Twitter handle @blanket, discovered that he was not able to access his account and realized that his password had been changed. After digging into the issue further, he found an alarming number of security flaws and lack of preventative measures on Twitter’s end. There’s a black market for Twitter handles, where commonly used names are being sold for less than $100 or simply being handed out to friends for what’s come to be known as the “lulz” — an Internet meme meaning “just for laughs.” Turns out, this is exactly what Jones fell victim to. Jones’ entry into the world of Twitter jacking began on Saturday when he was notified that his password had been changed. However, he was still logged into Twitter on his phone and eventually was able to gain access to his account via his email address only to realize that his user name was changed to the very NSFW handle @FuckMyAssHoleLO. Otherwise, nothing else on his account had been changed. After some digging, Jones had discovered an underground network of young kids who were jacking Twitter accounts with common (and short) names for pocket change. @blanket, he found was selling for only $60. Jones recounted his experience in Storify: “Twitternames that would have high value due to brevity: @hah, @captain, @craves, @abound, @grinding.” The medium for selling cracked passwords that @blanket and other hijacked accounts were being auctioned off was ironically through Twitter, and also a forum called ForumKorner. If you visit the forum, you’ll find anonymous individuals selling anything from jacked Minecraft accounts to Twitter usernames. So why is it so simple to crack Twitter passwords? First at fault might be the user. Simple passwords that can be found in the dictionary can be easily uncovered using the Brute Force Dictionary method. If you’re using a password like “Zebra” for example, it’s only a matter of time before the algorithm that rapidly inputs dictionary words to crack an account eventually enters the correct password, “Zebra.” But in Jones’ case, as he explained to Digital Trends, the password that he used was not as easy to crack as you might expect. His was a combination of a name and some numbers. More notable is the way that Twitter built its security and account input system makes it easy for anyone with the right program to hack the account. What Jones discovered was that Twitter seeks to prevent a large number of attempts that a single IP address attempts to access a Twitter account. It’s a weaker system that makes it susceptible and easier to hack. Most social networks will only offer a limited number of attempts to access the account itself. What this means is that simply by using multiple IP addresses, through a proxy for example, and an algorithm that changes the IP address (before the CAPTCHA pops up), you can attempt to breach an account for as many times as the number of IP addresses that you’re using. There’s an underground, albeit rudimentary, economy for stolen social accounts that may not be at the forefront of our minds like identity theft and the sales of social security IDs, but does in fact thrive. Jones was briefly immersed in the world when he went so far as to talk to a purported Twitter jacker, who was just 14 years old, and explained to Jones that Twitter was particularly easy to crack when compared to a site like YouTube. He also learned that some of these kids are contracting hackers to hijack specific accounts, whether to use for themselves or to “give to a girl,” which was the reason that @blanket was targeted. ”These kids decide they want a username and just sit there and wait for the jacker to get it for them,” Jones explained. ”One kid I saw on Twitter, said it took him 3 or 4 hours to crack a password for a username that he wanted.” If you’re using a vulnerable password, it’s really in your best interest to change it fast. If you happen to get your account stolen it’s unlikely that you’ll ever get it back, although Jones did get his account reinstated but only likely after publicizing his experience Read more: http://www.digitaltrends.com/social-media/blanket-has-twitter-account-stolen/#ixzz2E2UJ7PSQ Follow us: @digitaltrends on Twitter / digitaltrendsftw on Facebook
Audio jack hacking
Indian Security Research Atul Alex presented his surprise paper at the International Malware Conference, MalCon
on what can be termed as the onset of next generation of hardware
based malware that can target mobile devices irrespective of Platforms.
Typically, one of the largest challenges for malware coders are to
target multiple platforms. A malware for Android will not work in
Windows phone, Symbian or Apple iOS, which come in way of malware
coders. Also, devices such as iPhone are extremely secure and there is
little that can be extracted from a locked / secure iPhone, unless they
are jailbroken.
Atul Alex's research abuses voice
dialing feature which is enabled by default on all mobile platforms -
and combines a bugged headset with a micro controller and code to steal
private data. The bugged headset can also dial a pre-defined number by
detecting if the device is in use or not and turn the phone into a spy
device. Further, it can steal contacts from all devices - Blackberry,
iphone, Symbian, Windows and Android, without putting a malware inside
the mobile phone.
The bugged headset can in fact mimic voice commands and send it to the
device discretely - and Alex mentioned that advanced software like SIRI
can infact aid hackers in future in sending unauthorized text messages
as well as extract personal data and device information.
Any mobile device running Google Android, Microsoft Windows Phone, Apple
IOS 5, or Blackberry OS provides voice command capabilities. Some of
the other possible things include knowing call duration and even record
incoming and outgoing calls of users. And all this is possible just by
plugging a bugged headset into the Audio jack.
This has long term future implications and provides a grim future with
electronics warfare. Malwares can now target people across all
platforms, irrespective of 0-days in browsers, OS etc present or not..
and the last thing one would suspect is a gifted headset or speaker dock
for your device.
Monday, December 3, 2012
Popularity of Windows Server 2012 Soaring
Nine in ten IT professionals plan to deploy Windows Server 2012 within two years
Private cloud deployment, server virtualisation cited as major factors in Windows Server 2012 roll-out.
Around 90 per cent of IT decision makers are planning to deploy
Windows Server 2012 in the next 24 months, according to new research.
The study, carried out by analyst firm Enterprise Strategy Group, found that the two major reasons for deployment were server virtualisation and private cloud enablement.
Research showed that for respondents familiar with Windows Server 2012, 51 per cent found Server virtualisation to be a key product capability, while 49 per cent cited Private Cloud enablement as another.
The study, commissioned by Microsoft, questioned 440 IT decision makers around the world. The results showed that 42 per cent of those surveyed said they were delivering IT services to users in their organisation today via a private cloud. Another 32 per cent of respondents cited elasticity as an important attribute of private cloud infrastructure, while 26 per cent cited scalability.
The survey highlighted reasons why organisations were deploying Microsoft’s hypervisor, Hyper-V. Nearly 40 per cent cited operating systems upgrade, while economics was a popular reason (36 per cent). Product capabilities were mentioned by 35 per cent of respondents while another 34 per cent quotes skills alignment as a reason for deploying the hypervisor.
Edwin Yuen, director of strategy for Windows Server and Management at Microsoft said that server virtualisation and private cloud enablement were areas where Microsoft had made significant investments to ensure that Windows Server 2012 could address demanding IT needs, “such as scaling up your virtualisation and private cloud environments, while also providing you with licensing programs to help keep your costs down.”
Yuen added that the combination of these capabilities alongside the economical licensing model of Windows Server 2012 Datacenter meant that organisations could maximise hardware “without being penalised for doing so.”
“You can build out your virtualised environment today, while laying the ground work for your own private cloud,” said Yuen.
The study, carried out by analyst firm Enterprise Strategy Group, found that the two major reasons for deployment were server virtualisation and private cloud enablement.
Research showed that for respondents familiar with Windows Server 2012, 51 per cent found Server virtualisation to be a key product capability, while 49 per cent cited Private Cloud enablement as another.
The study, commissioned by Microsoft, questioned 440 IT decision makers around the world. The results showed that 42 per cent of those surveyed said they were delivering IT services to users in their organisation today via a private cloud. Another 32 per cent of respondents cited elasticity as an important attribute of private cloud infrastructure, while 26 per cent cited scalability.
The survey highlighted reasons why organisations were deploying Microsoft’s hypervisor, Hyper-V. Nearly 40 per cent cited operating systems upgrade, while economics was a popular reason (36 per cent). Product capabilities were mentioned by 35 per cent of respondents while another 34 per cent quotes skills alignment as a reason for deploying the hypervisor.
Edwin Yuen, director of strategy for Windows Server and Management at Microsoft said that server virtualisation and private cloud enablement were areas where Microsoft had made significant investments to ensure that Windows Server 2012 could address demanding IT needs, “such as scaling up your virtualisation and private cloud environments, while also providing you with licensing programs to help keep your costs down.”
Yuen added that the combination of these capabilities alongside the economical licensing model of Windows Server 2012 Datacenter meant that organisations could maximise hardware “without being penalised for doing so.”
“You can build out your virtualised environment today, while laying the ground work for your own private cloud,” said Yuen.
Firewall is Enabled and Configured on Windows Server 2008/R2 Domain Controllers
There have been a few changes in Windows Server 2008/R2 as to where
to find things. The Windows Firewall is no different. Here, I will show
you the best way to view the firewall settings, based on my experience.
In order to view the Windows Firewall, you will want to get into the Server Manager. Server Manager is one of the default Administrative Tools for all Windows Server 2008/R2 computers, including domain controllers. You will find the Server Manager fastest if you go to the Start button, then select Administrative Tools, then Server Manager. When Server Manager starts, it will look like Figure 1.
Figure 1: Server Manager for Windows Server 2008/R2.
Now that you are in Server Manager, you can find the Windows Firewall by opening the Configuration node, then selecting the Windows Firewall with Advanced Security node. After selecting these nodes, you should see a window similar to that in Figure 2.
Figure 2: Windows Firewall with Advanced Security interface.
For Windows Server 2008/R2 the inclusion of “with Advanced Security” is just this… the inclusion of IP Security with the Windows Firewall.
In addition to IP Security being integrated with the firewall, there is a new summary interface and wizard to help create your firewall rules. You can create Inbound rules, Outbound rules, and Connection Security rules. Inbound and outbound rules seem pretty obvious. Connection security rules are those rules that specify how and when authentication occurs. Connection security rules don’t allow or deny connections, that is, where you use inbound or outbound rules.
If we take a look at the firewall rules for a standard domain controller, we will see that there are firewall rules as follows:
Figure 3: List of default firewall rules for a Windows Server 2008/R2 domain controller.
To use the local configuration option, you will use the Server Manager interface that we discussed earlier on in this article. From the Windows Firewall with Advanced Security node within Server Manager, you can just right-click on the Inbound, Outbound, or Connection Security node and create a new rule. You will need to know what you want to control, as the wizard will not automatically generate rules. So, for example, you will need to know one or more of the following to create your rules: the program, port, allow or deny action, encryption requirements, and scope of the connection. You can see the wizard in Figure 4.
Figure 4: Windows Firewall rule wizard.
The other option, to use Group Policy, has a very similar wizard to that of the local option. The big difference is that Group Policy can have a single instance for the configuration, but that single instance can affect many computers. To access the Windows Firewall configuration within a Group Policy, you will need to first access the Group Policy Management Console (GPMC), which is one of the Administrative Tools. Once in the GPMC, you can use an existing Group Policy Object, or create a new one. I suggest you create a new GPO by right-clicking on the Group Policy Objects node and selecting New.
After creating your new GPO, you will edit it by right-clicking on it and selecting Edit. This will open up the GPO in the Group Policy Management Editor. From here, you will expand the following nodes to get to the Windows Firewall configuration: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security, which can be seen in Figure 5.
Figure 5: Windows Firewall with Advanced Security in a GPO.
There is another Windows Firewall with Advanced Security node under the original one, but once you expand past this node, you will see the standard Inbound, Outbound, and Connection Security rules. Each of these has a wizard associated with it, just like the local version. Once these rules are established and saved in the GPO, you then only need to link the GPO to an Active Directory node, such as the domain or an Organizational Unit. (The Domain Admin will need to do this and should know the details on how the GPO application works.)
The Windows Firewall has been an under-utilized tool for many years. The interface has been unfriendly, the configurations confusing, and the overall capabilities less than impressive. Now, with the new integration of IP Security and the Windows Firewall, the capabilities and overall usefulness of the firewall in Windows Server 2008/R2 is not only a benefit, but a default, enabled service. The firewall for your Windows Server 2008/R2 domain controllers come with pre-defined rules, which control both inbound and outbound traffic. In the end, your Windows Server 2008/R2 domain controllers will be more secure from outbound attacks than with any other domain controller before.
thanks to windows security
http://www.windowsecurity.com/articles/Firewall-Enabled-Configured-Windows-Server-2008-R2-Domain-Controllers.html
In order to view the Windows Firewall, you will want to get into the Server Manager. Server Manager is one of the default Administrative Tools for all Windows Server 2008/R2 computers, including domain controllers. You will find the Server Manager fastest if you go to the Start button, then select Administrative Tools, then Server Manager. When Server Manager starts, it will look like Figure 1.
Figure 1: Server Manager for Windows Server 2008/R2.
Now that you are in Server Manager, you can find the Windows Firewall by opening the Configuration node, then selecting the Windows Firewall with Advanced Security node. After selecting these nodes, you should see a window similar to that in Figure 2.
Figure 2: Windows Firewall with Advanced Security interface.
How Windows Firewall is Better for Windows Server 2008/R2
One of the biggest changes that Microsoft has made to the Windows Firewall over the years is to integrate the firewall settings with IP Security settings. IP Security is one of the most powerful technologies that is around to help protect local computers. IP Security provides options for specifying which computers or networks can communicate with other computers or networks. The options are very granular and IP Security also includes the ability to encrypt the data communications.For Windows Server 2008/R2 the inclusion of “with Advanced Security” is just this… the inclusion of IP Security with the Windows Firewall.
In addition to IP Security being integrated with the firewall, there is a new summary interface and wizard to help create your firewall rules. You can create Inbound rules, Outbound rules, and Connection Security rules. Inbound and outbound rules seem pretty obvious. Connection security rules are those rules that specify how and when authentication occurs. Connection security rules don’t allow or deny connections, that is, where you use inbound or outbound rules.
Default Firewall Configuration
As was stated early in this article, Windows Server 2008/R2 domain controllers come with pre-configured firewall rules. Not only are there inbound rules, but there are outbound rules as well. This is a major step in the right direction with regard to protecting the computer by using the local firewall.If we take a look at the firewall rules for a standard domain controller, we will see that there are firewall rules as follows:
- Active Directory domain controller
- Core Networking
- DNS
- File and Printer Sharing
- File Replication
- Kerberos Key Distribution Center
- Remote Desktop
- Windows Management Instrumentation
Figure 3: List of default firewall rules for a Windows Server 2008/R2 domain controller.
Configuring Windows Firewall with Advanced Security
There are two options for configuring the Windows Firewall settings. Both have advantages, but as an auditor, you will appreciate one over the other. The first is to use the local computer configuration option, which means that each computer will need to be configured individually. The second is to use Group Policy, which allows for a single instance of configuration, which will then target many computers.To use the local configuration option, you will use the Server Manager interface that we discussed earlier on in this article. From the Windows Firewall with Advanced Security node within Server Manager, you can just right-click on the Inbound, Outbound, or Connection Security node and create a new rule. You will need to know what you want to control, as the wizard will not automatically generate rules. So, for example, you will need to know one or more of the following to create your rules: the program, port, allow or deny action, encryption requirements, and scope of the connection. You can see the wizard in Figure 4.
Figure 4: Windows Firewall rule wizard.
The other option, to use Group Policy, has a very similar wizard to that of the local option. The big difference is that Group Policy can have a single instance for the configuration, but that single instance can affect many computers. To access the Windows Firewall configuration within a Group Policy, you will need to first access the Group Policy Management Console (GPMC), which is one of the Administrative Tools. Once in the GPMC, you can use an existing Group Policy Object, or create a new one. I suggest you create a new GPO by right-clicking on the Group Policy Objects node and selecting New.
After creating your new GPO, you will edit it by right-clicking on it and selecting Edit. This will open up the GPO in the Group Policy Management Editor. From here, you will expand the following nodes to get to the Windows Firewall configuration: Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security, which can be seen in Figure 5.
Figure 5: Windows Firewall with Advanced Security in a GPO.
There is another Windows Firewall with Advanced Security node under the original one, but once you expand past this node, you will see the standard Inbound, Outbound, and Connection Security rules. Each of these has a wizard associated with it, just like the local version. Once these rules are established and saved in the GPO, you then only need to link the GPO to an Active Directory node, such as the domain or an Organizational Unit. (The Domain Admin will need to do this and should know the details on how the GPO application works.)
The Windows Firewall has been an under-utilized tool for many years. The interface has been unfriendly, the configurations confusing, and the overall capabilities less than impressive. Now, with the new integration of IP Security and the Windows Firewall, the capabilities and overall usefulness of the firewall in Windows Server 2008/R2 is not only a benefit, but a default, enabled service. The firewall for your Windows Server 2008/R2 domain controllers come with pre-defined rules, which control both inbound and outbound traffic. In the end, your Windows Server 2008/R2 domain controllers will be more secure from outbound attacks than with any other domain controller before.
thanks to windows security
http://www.windowsecurity.com/articles/Firewall-Enabled-Configured-Windows-Server-2008-R2-Domain-Controllers.html
Subscribe to:
Posts (Atom)
Proud Blogger
