Skip navigation

Monthly Archives: August 2008

The Guide to Locking Down a PC

By: Brett Leahy

Blog: https://tysonmax20042003.wordpress.com

First of all, you want to get a list of security programs that you want to implement and do research of new and old variability’s on the OS that you can change manually. First of all windows variability’s are now and not changed on XP to this day but I don’t know about Vista is. UPNP (Universal Plug & Play), Windows Raw Sockets, Windows Messenger Service (NOT MSN), Windows MICE Detection, DECOM Modulator (Taming Windows’ Dangerous DCOM / RPC System), Also, you should try some free programs from GRC.com (Gibson Research Center) (Steve Gibson) to get rid of all the variability’s listed above. And other programs such as

Windows XP Critical Variability fix

<  Patch Work (Finds holes in windows that hackers used and holes found that can be used)

Securable (finds how secure your CPU is and vendibilities in 32 or 64 bit version of windows and variability’s in motherboard)

Windows MICE Detection

Noshare/Letshare (allows or does not allow NetBIOS traffic on local network )

Or you can also add

Secunia (finds software on the PC that has vendibilities and also your operation system, also free for home users but businesses have to pay a small fee.)

MSAL (Microsoft Security Assessment Tool) (this gives you a survey you answer to see how secure your network or PC security is.)

MBSA (Microsoft Baseline Security Analyzer) (for IT Professionals) (Scans for vendibilities in windows and windows settings and more)

Now you are done the basic of protection, now you can:

Virus protection and threat protection:

You can now pick one of the fallowing Anti-Virus programs:

Norton (I had bad experiences with Norton…Great firewall when it works and does not conflict with OS firewall)/MacAfee/AVG/Zone Alarm/Panda/Eeyed (Commercial)

avast! antivirus Home Edition (Avast! Is free for home use but you have to pay if it is for small to large businesses)

Moon Secure/ClamAV (Free open source)

Spybot Search and Destroy (Stops spyware and also adds rouge internet sites to the Windows host file)

Free AVG (Grisoft)/ Lavasoft Stuff Paid

AVG offers programs such as anti-virus and other features for home use but for extra protection you have to pay for.

Ad-Aware (this stops pop-up’s and adware)

Anti-rootkit (stops rouge viruses or software that is doing harm to your system)

Now the following is a program that is used to track and block bad IP’s and IP’s from governments and schools, research facilities and MPAA and Anti-Piracy IP’s.

Peer Guardian (monitors all internet traffic from UDP and TCP communication and Stops traffic from rouge internet sites)

The following is a program from grc.com called leaktest it tests your firewall to see if any non authorized programs like itself and viruses can access the web without your permission.

Leak Test (Finds if your firewall will stop internet activity from rogue programs or viruses)

Other Software you Might Need:

Tor (gives you anonymous on the web and encrypts all TCP traffic through 3 random tor nodes and gives each connection a 256 bit AES encryption)(Free and Open Source)

I2P (gives you anonymous on the web and encrypts all TCP and UDP traffic through 4 random nodes and gives each connection a 256 bit AES encryption) (Free and Open Source)

Firefox (Very secure FREE open source Web browser with many web extensions that can make your web experience more safe and convenient at the same time. ) (Free and Open Source)

True Crypt (encrypts your hard drive so no one can open it without the password) (Free and Open Source)

Defraggler (rearranges files to free up room) (Freeware)

CCleaner (Crap Cleaner)(Gets rid of temporary files that you don’t need and takes up unneeded room)(Freeware)

Links for items you see on this page!

avast! antivirus Home Edition

http://www.avast.com/eng/avast_4_home.html

Windows XP Critical Variability fix

Patch Work (Finds holes in windows that hackers used and holes found that can be used)

Securable (finds how secure your CPU is and vendibilities in 32 or 64 bit version of windows and variability’s in motherboard)

<!  Windows MICE Detection

Noshare/Letshare (allows or does not allow NetBIOS traffic on local network )

Leak Test (Finds if your firewall will stop internet activity from rogue programs or viruses)

And more…

http://www.grc.com/freepopular.htm

Secunia (finds software on the PC that has vendibilities and also your operation system, also free for home users but businesses have to pay a small fee.)

http://psi.secunia.com/

MSAL (Microsoft Security Assessment Tool) (this gives you a survey you answer to see how secure your network or PC security is.)

http://www.microsoft.com/downloads/details.aspx?FamilyID=6d79df9c-c6d1-4e8f-8000-0be72b430212&displaylang=en

MBSA (Microsoft Baseline Security Analyzer) (for IT Professionals) (Scans for vendibilities in windows and windows settings and more)

http://www.microsoft.com/downloads/details.aspx?FamilyID=f32921af-9dbe-4dce-889e-ecf997eb18e9&DisplayLang=en

Moon Secure/ClamAV (Free open source)

http://sourceforge.net/project/showfiles.php?group_id=169560

Spybot Search and Destroy (Stops spyware and also adds rouge internet sites to the Windows host file)

http://www.safer-networking.org/en/mirrors/index.html

Peer Guardian (monitors all internet traffic from UDP and TCP communication and Stops traffic from rouge internet sites)

http://phoenixlabs.org/pg2/

I2P (gives you anonymous on the web and encrypts all TCP and UDP traffic through 4 random nodes and gives each connection a 256 bit AES encryption) (Free and Open Source)

http://www.i2p2.de/download.html

Tor (gives you anonymous on the web and encrypts all TCP traffic through 3 random tor nodes and gives each connection a 256 bit AES encryption)(Free and Open Source)

http://www.torproject.org/download.html.en

Firefox (Very secure FREE open source Web browser with many web extensions that can make your web experience more safe and convenient at the same time. ) (Free and Open Source)

http://www.mozilla.com/en-US/products/download.html?product=firefox-3.0.1&os=win&lang=en-US

True Crypt (encrypts your hard drive so no one can open it without the password)(Free and Open Source)

http://www.truecrypt.org/downloads.php

Defraggler (rearranges files to free up room) (Freeware)

http://www.defraggler.com/download

CCleaner (Crap Cleaner)(Gets rid of temporary files that you don’t need and takes up unneeded room)(Freeware)

http://www.ccleaner.com/download

Anti-Rootkit (stops rouge viruses or software that is doing harm to your system)

http://download.grisoft.cz/softw/70/filedir/inst/avgarkt/avgarkt-setup-1.1.0.42.exe (Direct Link)

Ad-Aware (this stops pop-up’s and adware)

http://lavasoft.com/products/ad_aware_free.php

AVG (Home Edition/Business)(Full Protection)

http://www.grisoft.com/ww.home-and-office-security

AVG FREE Edition

http://free.avg.com/ww.download?prd=afe

Eeye (Free Edition but have to sign up)

http://free-antivirus.eeye.com/

Eeye (Commercial)(Full Protection)

http://shop.eeye.com/servlet/ControllerServlet?Action=DisplayHomePage&SiteID=eeyeinc&Locale=en_US&Env=BASE

Zone Alarm (Free!!!!!!! Firewall ONLY!!!!!)

http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall.jsp

Zone Alarm (Full Protection)

http://www.zonealarm.com/store/content/catalog/catalog_main.jsp

Panda (Full Protection/ Free) (requires registration)

http://www.pandasecurity.com/activescan/register/

Norton (I had bad experiences with Norton…Great firewall when it works and does not conflict with OS firewall) (Full Protection)

http://www.symantec.com/norton/theme.jsp?themeid=new-2008

McAfee (Full Protection)

http://us.mcafee.com/root/package.asp?pkgid=276&cid=25636

Advertisements

DNS patching during the critical time from July 7th, 2008 to August 3rd, 2008:

http://www.youtube.com/watch?v=Ff5WBDOwueI

Dan Kaminsky on the DNS Bug of 2008

http://www.youtube.com/watch?v=B0dHDD9fFM4&NR=1

DNS ATTACK!!!!!!! Hackers move first, in this war game of chess, We failed to hear the warning of Dan Kaminsky, but OpenDNS and BIND and don’t forget the smart ISP’s that took the FREE patch won the battle well stood up atleast and the customers of the ISP’s never knew what happned…Triumphed.

Exploit required to send more than 130 thousand of requests for the fake records like 131737-4795-15081.blah.com to be able to match port and ID and insert poisoned entry for the poisoned_dns.blah.com.”

“BIND used fully randomized source port range, i.e. around 64000 ports. Two attacking servers, connected to the attacked one via GigE link, were used, each one attacked 1-2 ports with full ID range. Usually attacking server is able to send about 40-50 thousands fake replies before remote server returns the correct one, so if port was matched probability of the successful poisoning is more than 60%.

Attack took about half of the day, i.e. a bit less than 10 hours.
So, if you have a GigE lan, any trojaned machine can poison your DNS during one night…” -tservice.net.ru

If you want more info listen to Steve Gibson talk about it in episode Security Now! Episode #157. DON’T FORGET TO READ MY POST ON Test your DNS NOW!!! and DNS Servers, The ISP Will not update!. For MORE INFO.

Do you think your DNS Server is compromise you can do two things.

1.You can check if your DNS Server is OK at a few sites:

http://member.dnsstuff.com/tools/vu800113.php

http://entropy.dns-oarc.net/test/ (This on takes a few times just refresh the page about 5-7 times)

http://www.doxpara.com/ (Dan Kaminsky Security Blog)

https://www.grc.com/dns (Steve Gibsons DNS Nameserver Spoofability Test)

2. The way to see if your DNS is good is to see if the port randomization is great if it says “poor” then TELL YOU ISP AND TELL THEM TO PICK UP THE SLACK AND UPDATE IT AND ALSO ITS FREE TO UPDATE!!!!!!!!!!!!!!!!!! All of the sites I listed can check if your DNS is good or bad but remember it can spoof DNS so from sites can give you a false positive witch means can lie to you. The way to know for sure is you can make sure you have an https:// at the beginning or your URL which means secure connection witch can’t be spoofed. If your DNS is compromised you can use a service called OpenDNS witch is free and probity a lot faster then your DNS and more secure because the only thing the do is keep their DNS Servers up-to-date always. They have a network of them all across the world witch means it is also more reliable. If one DNS is different than all the rest then it will change back. That is why it is more secure also they are not comprised because all of their DNS Servers were patched on the day it came out. It is faster, more secure, more reliable and the best thing it is FREE!!!!!!!!!! For more info about OpenDNS go to http://opendns.com/

That is the only advice i can give you to keep your DNS Servers safe and spread the word about this flaw and we might change the way we shop online and feel safer on it too.  Everyone deserves a safer and faster web for half the cost…well we can do the safer and faster for now.

P.S. Open DNS servers isp is 208.67.222.222 and secondary server id 208.67.220.220 just if you want to know.

In News of the DNS flaw Kaminsky (finally) provides DNS flaw details. “In his first public comments since his Domain Name System (DNS) cache poisoning flaw was made public, Dan Kaminsky said in a conference call on Thursday he doesn’t want to parse who said what when. He just wants everyone to understand that they must patch their systems now.” -Cnet.com Also Steve Gibson talks about the flaw in his podcast he does every week in episode #155 Bailiwicked Domain Attack & also episode Listener Feedback #47.

“This would be less of an issue if the widely released patch from two weeks ago had been fully deployed, but a number of companies or ISPs don’t seem to have gotten the memo. Accordingly to Kaminsky, some 52 percent of DNS servers are still vulnerable to the attack. This is a marked improvement from the 86 percent vulnerability rate in the days immediately following the patch’s release, but it’s still far too high, especially with dangerous code now squirreling its way across the Internet. Patch deployment is not an instant process, even if the company is on the ball, but we’ll hopefully see the number of patched DNS servers skyrocket in the next few days.

Some publications have dubbed the attack Metasploit, but that term refers to the open-source Metasploit Framework that was used to develop it. As for the exploit itself, it’s a new variation on a classic DNS poisoning theme. It disrupts the normal translation functions of a DNS server, causing it to redirect users to websites other than the ones they intended to visit. A poisoned DNS server, for example, could send someone to http://www.RussianMalware.com when they had actually typed http://www.google.com into the address bar. DNS poisoning isn’t new—vulnerabilities have existed for over a decade—but the one Kaminsky discovered increases the power of a successful attack.

Kaminsky has now detailed the methodology of a standard DNS poisoning attack and provides additional information on the vulnerability he discovered. As he describes it, a DNS lookup request is essentially a race between a good guy and a bad guy, each of whom possess certain advantages. The good guy knows when the race begins, and he knows the secret code that’s been sent along with that request in order to verify that the response coming back is actually authentic. The bad guy doesn’t have this code, but he actually decides when the request goes out, and he knows about the request before the good guy does.” -arstechnica.com

This problem was found by Dan Kaminsky a wile ago and ISP’s did not listen to him so he went public and now the world knows the problem and how to exploit it.  “He just wants everyone to understand that they must patch their systems now.”

“While most of the burden is on the Domain Name System servers and the various systems that support them, the nature of the flaw is such that desktop clients also need to patch their software as well.”

“Still, in the end, protection from any DNS exploit also depends on your upstream ISP providers. As of Monday, researcher Neal Krawetz was reporting that servers at several high-profile ISPs remained vulnerable. ”

You can get more info about this DNS Flaw at

Microsoft Security Bulletin MS08-037

-Cnet.com

If you want more info about your DNS and if it is safe go to my other post called “Test your DNS NOW!!!” also if you want more info listen to Steve Gibson on episode #155 Bailiwicked Domain Attack & also episode Listener Feedback #47, at  https://www.grc.com/securitynow.htm (Secure connection) or SSL or at http://www.grc.com/securitynow.htm for unsecure. If you want to visit Dan Kaminsky at his blog at http://www.doxpara.com/ or on twitter at dakami. Ohh… one more thing Steve Gibson said that if you go to any site that is on an SSL (Secure Connection) This will be the right sight and can’t be spoffed because they would not allow the certificite for the site to go through because it goes on 443 not 80. Also if you want to laugh or cry or whatever you think this is you can read a poem about the DNS flaw and Dan Kaminsky.

“He decided than rather to disclose all at once he’d instead only tell people who’d fix it in months So some meetings were had and work soon began vendors wrote patches coordinated by Dan Fast forward some time out the closet it came some researcher types got into the game Dan’s rules were quite simple, that in 30 days he’d present during Blackhat and we’ll all be amazed A bunch of big egos called Dan on a bluff said his vuln was a copy of 10 year old stuff So Dan swore them on handshakes and details were provided and those same cocky claims soon all but subsided It seems that Dan’s warnings weren’t baseless at all Said the same skeptical hackers ‘the risk isn’t that small!’ So Blackhat was nearing the web didn’t break then out came a theory from our friend Halvar Flake No sooner had he posted and described the vuln’s guts than Matasano’s blog surfaced, kicked the web in the nuts It said ‘Halvar’s right!’ we’ll no longer keep quiet. The post’s ripple effect caused a nasty ‘net riot The blog quickly was pulled but the cat’s out of the bag the arms race began since there’s no longer a gag Meanwhile the issues of honor and trust rehashed the debate of when disclosure goes bust So Dan’s days of thirty we never did see thirteen is OK but I issue this plea When researchers consider how to disclose and thus when will you think of the users? How it might affect them? This ego-fueled rush to put your name on a vuln has a much bigger impact than you might have known If the point here is really to secure and protect then consider what image you really project In this case the vuln. is now in the wild an exploit is coming DNS soon defiled The arms race has started and the clock now is ticking If you haven’t yet patched you’ll soon take a licking I’m not taking sides really on the disclosure debate but rather the topic of patch early or late What good is disclosure if the world couldn’t cope with the resultant attacks if we’ve all got just hope? There’s two sides to this issue both deserve merit but Dan’s rep has been smeared I say let’s just clear it”

-Christofer Hoff.

Welcome to your source of security for your computer. Every OS is welcome (Unix based, Linux, Windows and Mac) This blog will show you security holes in the OS browsers, programs and Now even worse privacy.