hakin 12/2007

How spam is sent

Spammers often use insufficiently secured systems. The trouble and cost of sending tens or hundreds of thousands of messages are transferred to third parties. You will learn what techniques spammers use and how to protect yourself. Author: Tomasz Nidecki Source: https://hakin9.org Hakin9 12/2007…

Dangerous Google – searching for secrets

Information which should be protected is very often publicly available, revealed by careless or ignorant users. The result is that lots of confidential data is freely available on the Internet – just Google for it. Author: Michał Piotrowski Source: https://hakin9.org Hakin9 12/2007 What…

Knock Knock Knocking On Firewall’s Door

Firewall technologies today are still a critical component to protect systems and networks. Standard filtering solutions can be complemented with more advanced techniques to secure the services behind a firewall. Author: Raul Siles Source: https://hakin9.org Hakin9 12/2007 What you will learn… How to…

Introduction to Firewall Rulebases

Firewalls – We have all heard of them in some way or the other and most of us have worked on them as well. Although prevalent to our network security infrastructure, not a lot of us in the IT world…

Introduction to Firewalls: From ISO/OSI to DMZ

I’ve been using, configuring and administrating firewalls for at least 3 years, in which I’ve seen and tested the most used of those like Iptables, BSD’s PF, Ipfilter, Checkpoint, common firewalls in embedded devices, and almost all software firewalls. Author: Michele…

Pharming – DNS cache poisoning attacks

Visiting online banking services and other secured sites is becoming increasingly dangerous. Entering your credit card number on a website which looks deceptively similar to that of your bank might end with a considerable sum disappearing from your account. Unfortunately,…

Voice over IP security – SIP and RTP protocols

Voice Over IP (VoIP) is one of the hottest buzzwords in contemporary IT, even more so since the last CeBit in March 2005, and a new hope for both service providers and device manufacturers. Countries with good network infrastructure typically…

Robot Wars – how botnets work

One of the most common and efficient DDoS attack methods is based on using hundreds of zombie hosts. Zombies are usually controlled and managed via IRC networks, using socalled botnets. Let’s take a look at the ways an attacker can…

Internal penetration tests

Penetration tests are one of the techniques used to expose holes in the security of an IT system. They are carried out by simulating the actions of a potential intruder. Since they are supposed to resemble what could happen in…

Bluetooth connection security

Bluetooth is rapidly gaining popularity throughout the world, with some 1.5 billion devices expected to support the technology by the end of 2005. However, Bluetooth can also be used for malicious purposes, such as snooping into private data, causing financial…

Safe storage of confidential data under GNU/Linux

The only way to guarantee safe storage of data is to use advanced cryptographic algorithms. There are Linux tools which allow the encryption of single files, directories and even whole partitions. Let’s have a look at the methods of encrypting…

Man in the Middle Attacks

A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be…