HAKIN9 12/11: TOR PROJECT

Latest News From IT Security World
By Armando Romeo, eLearnSecurity and ID Theft Protect

Duqu: The Precursor Stuxnet Attack
By Rebecca Wynn
Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors, or those that have access to the Stuxnet source code, and the recovered samples have been created after the lastdiscovered version of Stuxnet. Duqu’s purpose is to gather intelligence data and assets from entities such as industrial infrastructure and system manufacturers, amongst others not in the industrial sector, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on various industries, including industrial control system facilities. This article summarizes the white papers by Symantec and the CrySyS Duqu Detector Toolkit. (References: Symantec Security Response, W32.Duqu: The precursor to the next Stuxnet Version 1.3, November 1, 2011; CrySyS Duqu Detection Toolkit version 1.02)

Duquv5
By Narainder Chandwani
The landscape of malware has drastically changed in the last few years. It has hardly been a year that the security community identified Stuxnet, which some believe was the most menacing malware in history and now we have Duqu making the news. The Laboratory of Cryptography and System Security (CrySyS) at Budapest University of Technology and Economics identified a worm on October 14th 2011 and named the threat Duqu [dyü-kyü] because it creates files with the name prefix “~DQ”. Duqu carries build dates of February 2008 and its drivers go back to August 2007. From this it would appear to seem that its creators have worked on the code for at least 4 years. The driver was most likely created specifically for Duqu by the group responsible for the attacks. It is also believed that the Duqu team had access to the Stuxnet code or both pieces of malware were authored by the same team. Duqu is far more sophisticated than Stuxnet and corrects a number of the mistakes that were observed in Stuxnet. Duqu unlike stuxnet is not self replicating.

How safe is our personal information?
By Andreas Veniris
The actual incident that this article is based on was 100% real but for privacy reasons all referred user names are not the real ones and they have been chosen randomly. According to the same reason all images have been obscured. The existence of the Internet, among other things, saves us from many tedious tasks as well as speeding up many real life obligations, such as: account payments, bank account monitoring and checking, purchasing almost all goods (from books to bookstores …!) from online stores, avoiding going at the post-office for our mail and many others that could easily fill up all the pages of this magazine! We can do all these amazing feats, calmly and nicely from the sofa of our home. It is much better than running on roads in the cold or heat, in crowds etc. Isn‘t it? The problem is that these pros have (always) some cons! In this article we will play the role of
a bad guy.

Anonymizing your online presence with TOR
By Jesus Rivero
End to End communications over the internet are comprised of a number of intermediate systems, or hops, that help the request from a client machine (e.g. your computer) to reach a server machine (e.g. a web server). In general, these intermediate machines know exactly the whole route taken from the origin to the destination making it easy to record or reconstruct that information at any given time. Even if you encrypt the data payload portion of the IP packets sent by your computer, the IP headers can reveal a lot of your identity to interested parties, such as timing information, origin of the packet, destination, interests and behavior, among other things.Whatever your source for privacy concern is, be it legislation like the USA-PATRIOT Act, visits to internet-unfriendly countries, commercial research or
if you are just paranoid, like me, and you want to avoid attackers knowing about your behavior while surfing on the internet, then TOR can help you.

Secure OpenLDAP Infrastructure
By Leonardo Neves Bernardo
This article will discuss how to install OpenLDAP and increase security level using TLS to implement confidentiality and ACLs to implement access control. At the end, we’ll see how to improve availability using syncrepl method of replication. You will learn how to use install OpenLDAP, secure OpenLDAP with TLS and ACL and configure OpenLDAP replication using syncrepl. The Lightweight Directory Access Protocol, or LDAP, is a standard technology for network directories. LDAP is both a network protocol and a standard architecture based on X.500 to store information related to computer networks. X.500 is a series of computer networking standards developed by ITU-T. In the X.500 directory architecture, the client queries and receives responses from one or more servers in the server directory service. To control the communication between clients and information, ITU-T created a protocol named DAP (Directory Access Protocol). DAP is a heavyweight that runs over a full OSI stack and consequently, like almost all OSI protocol, was not popular.

Information on iOS devices
By Juan Manuel Altamirano Argudo
Lately mobile devices have become a great source of information about us, it is our personal assistant and it knows every one of our secrets, if it falls into the hands of a bad person, we could suffer big damage. You will learn how to access to iOS filesystem, apps installation via SSH, explore and get information on iOS devices.

Wireshark: The Secrets of the Shark
By Mervyn Heng
This column was inspired by the international screening of the Tintin movie by Steven Spielberg and Peter Jackson. Just like Tintin, Wireshark is an international icon too. It is primarily harnessed for network troubleshooting and packet analysis but did you know that there are other applications of this powerful tool?

Risky Business
By Drake
Cyber insurance is an area that an increasing number of insurance
companies around the world are looking at. In part, this is a function of their ongoing search for new products to offer, in the same mode as the ever-increasing proliferation of car insurance options. But what, exactly, is cyber insurance ? This is big business; one recent UK government report estimated the annual cost of cyber crime to the UK economy alone as something in the order of L27billion (USD 43billion).

INTERVIEW
Interview with Kevin Beaver
By Hakin9 Team
Kevin Beaver is an information security consultant, author, expert witness and professional speaker with Atlanta-based Principle Logic, LLC. With over 22 years of experience in the industry, Kevin specializes in performing independent security assessments revolving around minimizing business risks. He has authored/co-authored 10 books on information security including one of the best-selling information security books Hacking For Dummies (Wiley). In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go.