|
Anatomy of pharming - how your money is stolen (5/2005)  »Pharming – DNS cache poisoning attacks We explain how DNS cache poisoning attacks work, then demonstrate how such attacks are used in the new financial fraud technique called pharming. Finally, we test the most popular DNS cache server resistance to DNS cache poisoning attacks. »Robot Wars - How Botnets Work We discuss the concept of bots and botnets, then explain how they operate and how victim computers are infected. A practical example of creating a botnet using one of the available tools is presented. We also teach how to protect a computer from being exploited by a botnet. »Voice over IP security - SIP and RTP protocols We provide a detailed overview of protocols used in Voice over IP (VoIP) transmissions, particularly of the SIP protocol. Then we take a look at seven most common, most effective and best-described methods of attacking VoIP, and how these methods can be applied in practice. »Exploiting Java VM security vulnerabilities We present the security model of the Java virtual machine, then describe several methods of attacking it. Described techniques include taking advantage of sandbox holes, direct access to memory and a differential analysis of power consumption. Finally, we describe how an audit of Java VM is conducted. »Advanced SQL Injection Techniques We demonstrate how to execute advanced attacks against syntax and logic of the SQL language. Several interesting tricks involving SQL injection are presented. Finally, we discuss basic methods of protecting applications against SQL injection attacks. »Linux shellcode optimisation Let's write four simple shellcodes from scratch, starting with programs in C, then converting them into assembly. Afterwards let's prepare them for shellcode use and finally optimise them. »Bad Tools Make Bad Software - an interview with Dan J. Bernstein Dan, well-known for his controversial opinions, and for creating such systems as qmail or djbdns, talks with us about non-ethical approach of *NIX distributors, alleged bugs in qmail, methods used to write secure applications, DNS and hash function security, and more »A new RFC proposal This document specifies the User Awareness Factor (UAF) - a new standard for security measurements. The User Awareness Factor is based on one, simple principle, which is believed to hold for an infinite time: most users are lame. »Security Tools - Firestarter 1.0.3 A graphical interface for creating simple rules for a netfilter/iptables-based firewall. |
|
