IT technologies and concepts explorer and analyser in the web.

  • RSS
  • Delicious
  • Digg
  • Facebook
  • Twitter
  • Linkedin

New IT Concepts

Share Your Comments

  • Virtualization - The new technology evelution

    Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources.....

  • http://ittechnologies.blogspot.com/2011/04/common-security-vulnerabilities-in-e.html

    Security Vulnerabilities in E-Commerce Systemin

    Most of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software and poor design of such websites. Other factor is user awareness of security vulnerabilities.

  • VPN - Virtual Private Network

    VPN is a technology which is making secure private network through the public accessible network infrastructure. Virtual Private Network represent by the short name VPN. ...

  • Saas - Cloud Computing

    The cloud computing : is based on this three concepts. IaaS (Infrastructure as a service), PaaS (Platform as a Service) and SaaS (Software as a Service).

Posted by Priyan Fernando - - 0 comments

In computers, a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan horse was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.


The term comes from Greek mythology about the Trojan War, as told in the Aeneid by Virgil and mentioned in the Odyssey by Homer. According to legend, the Greek



presented the citizens of Troy with a large wooden horse in which they had ecretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city.


The most important difference between a trojan virus/trojan horse and a virus is that trojans don’t spread themselves. Trojan horses disguise themselves as valuable and useful software available for download on the internet. Most people are fooled by this ploy and end up dowloading the virus disguised as some other application. The name comes from the mythical “Trojan Horse” that the Ancient Greeks set upon the city of Troy.
A trojan horse is typically separated into two parts – a server and a client. It’s the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks, or unauthorized download websites. Once the client Trojan executes on your computer, the attacker, i.e. the person running the server, has a high level of control over your computer, which can lead to destructive effects depending on the attacker’s purpose.
Trojan Virus Trojan Virus
A trojan horse virus can spread in a number of ways. The most common means of infection is through email attachments. The developer of the virus usually uses various spamming techniques in order to distribute the virus to unsuspecting users. Another method used by malware developers to spread their trojan horse viruses is via chat software such as Yahoo Messenger and Skype. Another method used by this virus in order to infect other machines is through sending copies of itself to the people in the address book of a user whose computer has already been infected by the virus.

Types of Trojan Horse Viruses

Trojan Horses have developed to a remarkable level of cleverness, which makes each one radically different from each other. For an inclusive understanding, we have classified them into the following:
Remote Access Trojans
Remote Access Trojans are the most frequently available trojans. These give an attacker absolute control over the victim’s computers. The attacker can go through the files and access any personal information about the user that may be stored in the files, such as credit card numbers, passwords, and vital financial documents.
Password Sending Trojans
The intention of a Password Sending Trojan is to copy all the cached passwords and look for other passwords as you key them into your computer, and send them to particular email addresses. These actions are performed without the awareness of the users. Passwords for restricted websites, messaging services, FTP services and email services come under direct threat with this kind of trojan.
Key Loggers
Key Loggers type of Trojans logs victims’ keystrokes and then send the log files to the attacker. It then searches for passwords or other sensitive data in the log files. Most of the Key Loggers come with two functions, such as online and offline recording. Of course, they can be configured to send the log file to a specific email address on a daily basis.
Destructive Trojans
The only purpose of Destructive Trojans is to destroy and delete files from the victims’ computers. They can automatically delete all the core system files of the computer. The destructive trojan could be controlled by the attacker or could be programmed to strike like a logic bomb, starting on a particular day or at specific time.
Denial of Service (DoS) Attack Trojans
The core design intention behind Denial of Service (DoS) Attack Trojan is to produce a lot of internet traffic on the victim’s computer or server, to the point that the Internet connection becomes too congested to let anyone visit a website or download something. An additional variation of DoS Trojan is the Mail-Bomb Trojan, whose key plan is to infect as many computers as possible, concurrently attacking numerous email addresses with haphazard subjects and contents that cannot be filtered.
Proxy/Wingate Trojans
Proxy/Wingate Trojans convert the victim’s computer into a Proxy/Wingate server. That way, the infected computer is accessible to the entire globe to be used for anonymous access to a variety of unsafe Internet services. The attacker can register domains or access pornographic websites with stolen credit cards or do related illegal activities without being traced.
FTP Trojans
FTP Trojans are possibly the most simple, and are outdated. The only action they perform is, open a port numbered 21 – the port for FTP transfers – and let anyone connect to your computer via FTP protocol. Advance versions are password-protected, so only the attacker can connect to your computer.
Software Detection Killers
Software Detection Killers kill popular antivirus/firewall programs that guard your computer to give the attacker access to the victim’s machine.
FTP Trojans
Note: A Trojan could have any one or a combination of the above mentioned functionalities. Some might also come on USB drives, usually as “Autorun.inf” viruses.
The best way to prevent a Trojan Horse Virus from entering and infecting your computer is to never open email attachments or files that have been sent by unknown senders. However, not all files we can receive are guaranteed to be virus-free. With this, a good way of protecting your PC against malicious programs such as this harmful application is to install and update an antivirus program.
[ Read More ]

Posted by Priyan Fernando - - 0 comments


An Ethical Hacker is an expert hired by a company to attempt to attack their network and computer system the same way a hacker would. Ethical Hackers use the same techniques and tactics as those used by illegal hackers to breach corporate security systems. The end result is the company's ability to prevent an intrusion before it ever occurs.



A company can't know if their security system is solid unless they test it. It's hard, though, for a company's IT team to thoroughly ring out the system. Try as they might, the techs can't go at the system with all the malicious or mischievous motives of a true illegal hacker. To thoroughly uncover vulnerabilities, the theory goes; you must examine your security system through the eyes of an illegal hacker.
The word hacking has strongly negative connotations, and, for the most part, rightly so. But ethical hacking is much different. It takes place with the explicit permission of the company whose system is being attacked. In fact, their "good guy" role is underscored by the nickname "white hat" Ethical Hackers have been given. The nickname is a throwback to old Westerns where the good cowboys could be identified by their white hats.
The company and the Ethical Hacker enter into a legally binding contract. The contract, sometimes called a "get out of jail free card," sets forth the parameters of the testing. It's called the "get out of jail free card" because it's what harbors the Ethical Hacker from prosecution. Hacking is a felony, and a serious one at that. The terms of the agreement are what transform illegal behavior into a legal and legitimate occupation.
Once the hacker has exhausted his attempts, he reports back to the company with a list of the vulnerabilities he uncovered. The list in and of itself, however, is not particularly useful. What's most valuable is the instructions for eliminating the vulnerabilities that the Ethical Hacker provides.
An Ethical Hacker works to uncover three key pieces of information. First, he determines what information an illegal hacker can gain access to. Next, he explores what an illegal hacker could do with that information once gained. Last, the Ethical Hacker ascertains whether an employee or staff member would be alerted to the break-in, successful or not.
At first it might sound strange that a company would pay someone to try to break into their system. Ethical hacking, though, makes a lot of sense, and it is a concept companies have been employing for years. To test the effectiveness and quality of product, we subject it to the worst case scenario. The safety testing performed by car manufacturers is a good example. Current regulatory requirements including HIPAA, Sarbanes Oxley, and SB-1386 and BS 799 require a trusted third party to check that systems are secure.
In order to get the most out of the assessment, a company should decide in advance the nature of the vulnerabilities they're most concerned with. Specifically, the company should determine which information they want to keep protected and what they're concerned would happen if the information was retrieved by an illegal hacker.
Companies should thoroughly assess the qualifications and background of any Ethical Hacker they are considering hiring. This individual will be privy to highly sensitive information. Total honesty and integrity is of the utmost importance.
Paul Walsh, of Protocol Solutions asks the scariest question out there: Think your network is safe from malicious attack? Find out for sure - a quick, complimentary chat will help you sleep better.


Article Source: http://EzineArticles.com/842484
[ Read More ]

Posted by Priyan Fernando - - 0 comments

INTRODUCTION

The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting.



Consumer privacy is becoming the most publicized security issue replacing theft and fraud as top concerns in e-commerce. The DDOS attacks demonstrated that business sites did not maintain adequate security protection and intrusion detection measures. Some of the sites did not detect the compromise, which occurred months before the DDOS attacks. The hackers who penetrated these sites had the ability to deliver a data integrity attack on the compromised business for the same amount of time. Businesses were spared simply because the hackers chose not to attack them in that manner. No customer will want to use a business that distributes sensitive customer data such as credit card information, SSN information or credit limits without the knowledge or permission of the customer.

User and system administrator awareness is becoming more important in the effort to counter e-commerce attacks. Consumers are slowly becoming aware of some security features such as encrypted web transactions, privacy statements by companies, etc. Internet service providers are becoming more responsive to complaints about Internet abuse originating from their sites.

E-commerce security needs to be addressed not only at the business site with its servers/network, but also on the client side, which includes direct connected home computers. It is this group of computers that are the most vulnerable to attack because the level of user security training or awareness is not high at all.


 The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting. 

Today rapidly increasing using online transaction on online payment systems.the attacks for such systems is increasing more than that. Most of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software and poor design of such websites. Other factor is user awareness of security vulnerabilities.

Today there many types of attacks for e-commerce applications. such ass SQL injection, denial of service attacks, Cross-site Scripting (XSS) attack ant etc.


  • SQL Injection - this will use sql quarries to get information, update or damage the system.attacker's queries are executed by the back-end database.SQL injection techniques differ depending on the type of database being used.


  • Price Manipulation - This is almost completely unique to online shopping carts and payment gateways.attacker can get and change the hidden information while transaction.
  • Buffer overflows - Sending in a large number of bytes to web applications can damage and get important information while the application is generating the errors.


  • Cross-site scripting XSS - The XSS attack requires a web form that takes in user input, processes it, and prints out the results on a web page, which also contains the user's original input.
  • Remote command execution - When CGI script allows an attacker to execute operating system commands due to inadequate input validation. This is most common with the use of the 'system' call in Perl and PHP scripts. 


Vulnerabilities                                                                 

There are a number of reasons why security vulnerabilities arise in shopping cart and online payment systems. The reasons are not exclusive to these systems, but their impact becomes much greater simply because of the wide exposure that an online website has, and because of the financial nature of the transactions.
One of the main reasons for such vulnerabilities is the fact that web application developers are often not very well versed with secure programming techniques. As a result, security of the application is not necessarily one of the design goals. This is exacerbated by the rush to meet deadlines in the fast-moving e-commerce world. Even one day's delay in publishing a brand new feature on your website could allow a competitor to steal a march over you. It is found that there are cases where e-commerce sites need to add functionality rapidly to deal with a sudden change in the business environment or simply to stay ahead of the competition. In such a scenario, the attitude is to get the functionality online; security can always be taken care of later.
Another reason why security vulnerabilities appear is because of the inherent complexity in most online systems. Nowadays, users are placing very demanding requirements on their e-commerce providers, and this requires complex designs and programming logic.
Let’s look at the common security vulnerabilities that have been discovered in E-Commerce sites.

Using denial of service attacks                                      

The denial of service attack is one of the best examples of impacting site availability. It involves getting the server to perform a large number of mundane tasks, exceeding the capacity of the server to cope with any other task. For example, if everyone in a large meeting asks you your name all at once, and every time you answer, they ask you again. You have experienced a personal denial of service attack.

Distributed DoS is a type of attack used on popular sites, such as Yahoo!®. In this type of attack, the hacker infects computers on the Internet via a virus or other means. The infected computer becomes slaves to the hacker. The hacker controls them at a predetermined time to bombard the target server with useless, but intensive resource consuming requests. This attack not only causes the target site to experience problems, but also the entire Internet as the number of packets is routed via many different paths to the target.

SQL Injection                                                                   

SQL injection refers to the insertion of SQL meta-characters in user input, such that the attacker's queries are executed by the back-end database. Typically, attackers will first determine if a site is vulnerable to such an attack by sending in the single-quote (') character. The results from an SQL injection attack on a vulnerable site may range from a detailed error message, which discloses the back-end technology being used, or allowing the attacker to access restricted areas of the site because he manipulated the query to an always-true Boolean value, or it may even allow the execution of operating system commands.
SQL injection techniques differ depending on the type of database being used. For instance, SQL injection on an Oracle database is done primarily using the UNION keyword and is much more difficult than on the MS SQL Server, where multiple queries can be executed by separating them with the semi-colon. In its default configuration, MS SQL server runs with Local System privileges and has the 'xp_cmdshell' extended procedure, which allows execution of operating system commands.

 

 

Price Manipulation                                                          

This is a vulnerability that is almost completely unique to online shopping carts and payment gateways. In the most common occurrence of this vulnerability, the total payable price of the purchased goods is stored in a hidden HTML field of a dynamically generated web page. An attacker can use a web application proxy such as Achilles to simply modify the amount that is payable, when this information flows from the user's browser to the web server. Shown below is a snapshot of just such a vulnerability that was discovered in one of the author's penetration testing assignments.


Achilles web proxy

The final payable price (currency=Rs&amount=879.00) can be manipulated by the attacker to a value of his choice. This information is eventually sent to the payment gateway with whom the online merchant has partnered. If the volume of transactions is very high, the price manipulation may go completely unnoticed, or may be discovered too late. Repeated attacks of this nature could potentially cripple the viability of the online merchant.

Buffer overflows                                                                                       


Buffer overflow vulnerabilities are not very common in shopping cart or other web applications using Perl, PHP, ASP, etc. However, sending in a large number of bytes to web applications that are not geared to deal with them can have unexpected consequences. In one of the author's penetration testing assignments, it was possible to disclose the path of the PHP functions being used by sending in a very large value in the input fields. As the sanitized snapshot below shows, when 6000 or more bytes were fed into a particular field, the back-end PHP script was unable to process them and the error that was displayed revealed the location of these PHP functions.


PHP timeout error
Using this error information it was possible to access the restricted 'admin' folder. From the structure of the web site and the visible hyperlinks there would have been no way to determine that there existed the 'admin' directory within the 'func' sub-directory below the main $DocumentRoot.

Cross-site scripting                                                    

The Cross-site Scripting (XSS) attack is primarily targeted against the end user and leverages two factors:

1.      The lack of input and output validation being done by the web application
2.      The trust placed by the end-user in a URL that carries the vulnerable web site's name.

The XSS attack requires a web form that takes in user input, processes it, and prints out the results on a web page, which also contains the user's original input. It is most commonly found in 'search' features, where the search logic will print out the results along with a line such as 'Results for <user_supplied_input>'.

In this case, if the user input is printed out without being parsed, then an attacker can embed JavaScript by supplying it as part of the input. By crafting a URL, which contains this JavaScript, a victim can be social engineered into clicking on it, and the script executes on the victim's system. A typical XSS attack URL would look like this: http://www.vulnerablesite.com/cgi-bin/search.php?keywords=&lt;script>alert("OK")&lt;script>. In this case, when the victim clicks on this link, a message box with the text "OK" will open up on his system.

 







Remote command execution                                         


The most devastating web application vulnerabilities occur when the CGI script allows an attacker to execute operating system commands due to inadequate input validation. This is most common with the use of the 'system' call in Perl and PHP scripts. Using a command separator and other shell meta-characters, it is possible for the attacker to execute commands with the privileges of the web server. For instance, Hassan Consulting's Shopping Cart allowed remote command execution, because shell meta-characters such as |;& were not rejected by the software. However, directory traversal was not possible in this software.




Weak Authentication and Authorization                        

 

Authentication mechanisms that do not prohibit multiple failed logins can be attacked using tools such as Brutus. Similarly, if the web site uses HTTP Basic Authentication or does not pass session IDs over SSL (Secure Sockets Layer), an attacker can sniff the traffic to discover user's authentication and/or authorization credentials.

Since HTTP is a stateless protocol, web applications commonly maintain state using session IDs or transaction IDs stored in a cookie on the user's system. Thus this session ID becomes the only way that the web application can determine the online identity of the user. If the session ID is stolen (say through XSS), or it can be predicted, then an attacker can take over a genuine user's online identity vis-à-vis the vulnerable web site. Where the algorithm used to generate the session ID is weak, it is trivial to write a Perl script to enumerate through the possible session ID space and break the application's authentication and authorization schemes.


Conclusion


The most important point is to build security into the web application at the design stage itself. In fact, one of the key activities during the design phase should be a detailed risk assessment exercise. Here, the team must identify the key information assets that the web application will be dealing with. These could include configuration information, user transaction details, session IDs, credit card numbers, etc. Each of these information assets needs to be classified in terms of sensitivity. Depending upon the tentative architecture chosen, the developers along with security experts must analyze the threats, impact, vulnerabilities and threat probabilities for the system. Once these risks are listed out, system countermeasures must be designed and if necessary the architecture itself may be modified. Countermeasures should also include strict input validation routines, a 3-tier modular architecture, use of open-source cryptographic standards, and other secure coding practices.

 

The vulnerabilities are not only present in shopping carts or online payment systems but also present in other types of web applications as well. However, in the case of e-commerce systems, the vulnerabilities acquire a graver dimension due to the financial nature of transactions. What is at stake is not only a direct loss of revenues, but companies may face a serious loss to their reputations as well. It is of paramount importance for designers and developers of web applications to consider security as a primary design goal and to follow secure coding guidelines in order to provide the highest possible degree of assurance to their customers.



 





























[ Read More ]

Posted by Priyan Fernando - - 0 comments

 Install VNC Server to operate SUSE with GUI remotely from Windows client





mail:~ # vi .vnc/xstartup
#!/bin/sh

xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
gnome-session &


#xrdb $HOME/.Xresources
#xsetroot -solid grey
#xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm &



Then Run

mail:~ # vncserver -kill :3
Killing Xvnc process ID 4229
mail:~ # vncserver :3


 Install VNC viewer on client computer next. Download from the site below to install.

http://www.realvnc.com/products/free/4.1/download.html

Start VNC viewer after installing. Then following scrren is shown. Input [(Server's hostname or IP address):(display number)] like following example.

Go to VNC Client on your PC

go to session 3



Good Luck
[ Read More ]