Skip navigation

Tag Archives: Technology

The Cloud…Does it Matter?

Ok, First I want to say people are over exaggerating on the idea of the cloud and its technology. My definition of the cloud is as follows.

“The Cloud and its technology behind it is a very simple definition but complex network of machines, this can be software as a service to the user in a web site GUI or even just a file transfer service. If you have a network of machines in one location or multiple and with one interface for its users, that can be a cloud interface. Its just a service. It can be used via application on your desktop to any protocol or service type. The main way to access the cloud is via a web GUI.”

That is my definition of the cloud. I do not know why people are in a big storm of is the cloud safe? How secure are their network? What compliance do they have on their servers? The list goes on. Ok, it is as safe as going to any site was before but now they have a bigger infrastructure. I think you should never rely totally on the cloud for your data or especially personal or important. Their were many cases when people lost their privacy, data and more to the cloud. I think it is a good alternative backup solution to store your photos or stuff but make sure its in some encrypted rapper. Also make sure you keep to the 3 step backup solution when you are backing up data. Step 1: Keep one on a portable media device preferably a DVD and make new backups of old data every few years just in case it gets damaged, stolen. Step 2: Keep one local for editing prosperous, and a good place if your backup on a media is loosed, damage or stolen. Step 3: You should use the cloud, make sure you have control of the key, encrypt you data then send it to the cloud service that you trust and is known like Carbonite found at http://www.carbonite.com/.If you listen to any of www.twit.tv shows you may get a discount.

So, I think that they should have a normal audit every few months that will do a vulnerability assessment and even better a pen tester to tell you if he/she could get in and how to fix it. They should have tools to monitor traffic on their servers and any unauthorized access should result in termination on access, logged and contact the authorities if necessary.

In a recently aired episode of Security Now, episode # 163 GoogleUpdate & DNS Security. He talks about, in great detail about a type on DNS in some parts of the world ow being offered now. The DNS is more secure and every site is signed with keys. Only problem is that low performance and uses up to much bandwidth. Also this way is easyer to do an DDOS (Denial-of-service attack) This attack suts down a server or in this case a DNS.

“A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers.”

http://en.wikipedia.org/wiki/Ddos

another quote from wikipedia for someone who wants mor detail on DNSSEC is ”

The Domain Name System Security Extensions (DNSSEC) are a suite of IETF specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers):

  • Origin authentication of DNS data
  • Data integrity
  • Authenticated denial of existence

It is widely believed that deploying DNSSEC is critically important for securing the Internet as a whole, but deployment has been hampered by the difficulty of:

  1. Devising a backward-compatible standard that can scale to the size of the Internet
  2. Preventing “zone enumeration” (see below) where desired
  3. Deploying DNSSEC implementations across a wide variety of DNS servers and resolvers (clients)
  4. Disagreement among key players over who should own the .com (etc) root keys
  5. Overcoming the perceived complexity of DNSSEC and DNSSEC deployment”

http://en.wikipedia.org/wiki/DNSSEC

Steve talked about that the main domains have to all agree on this and implement it for it to work so they can be a party to sign a key, to confirm that site you are on is the site you want to be on not a fake site that has changed the url or infected you PC or even the DNS. So if all the party’s agree it will be confirmed that the site you are on is the one you want.

For more info on DNS if you don’t even know what a DNS is go to:

http://en.wikipedia.org/wiki/Domain_name_system

or read a small part of the site that might solve your answer.

“The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource participating in the Internet. It associates various information with domain names assigned to such participants. Most importantly, it translates humanly meaningful domain names to the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices world-wide.

An often used analogy to explain the Domain Name System is that it serves as the “phone book” for the Internet by translating human-friendly computer hostnames into IP addresses. For example, www.example.com translates to 208.77.188.166.”

Like I said the fallowing in “quotes” is from the site http://en.wikipedia.org/wiki/Domain_name_system.

For more info on DNSSEC go to the links I provided or go to: http://www.dnssec.net/.

Be safe, and secure on the web, with out it we wont have “E-bay” (http://www.ebay.com/)or “Amazon” (http://www.amazon.com/) LOL :).

The Guide to Locking Down a PC

By: Brett Leahy

Blog: https://tysonmax20042003.wordpress.com

First of all, you want to get a list of security programs that you want to implement and do research of new and old variability’s on the OS that you can change manually. First of all windows variability’s are now and not changed on XP to this day but I don’t know about Vista is. UPNP (Universal Plug & Play), Windows Raw Sockets, Windows Messenger Service (NOT MSN), Windows MICE Detection, DECOM Modulator (Taming Windows’ Dangerous DCOM / RPC System), Also, you should try some free programs from GRC.com (Gibson Research Center) (Steve Gibson) to get rid of all the variability’s listed above. And other programs such as

Windows XP Critical Variability fix

<  Patch Work (Finds holes in windows that hackers used and holes found that can be used)

Securable (finds how secure your CPU is and vendibilities in 32 or 64 bit version of windows and variability’s in motherboard)

Windows MICE Detection

Noshare/Letshare (allows or does not allow NetBIOS traffic on local network )

Or you can also add

Secunia (finds software on the PC that has vendibilities and also your operation system, also free for home users but businesses have to pay a small fee.)

MSAL (Microsoft Security Assessment Tool) (this gives you a survey you answer to see how secure your network or PC security is.)

MBSA (Microsoft Baseline Security Analyzer) (for IT Professionals) (Scans for vendibilities in windows and windows settings and more)

Now you are done the basic of protection, now you can:

Virus protection and threat protection:

You can now pick one of the fallowing Anti-Virus programs:

Norton (I had bad experiences with Norton…Great firewall when it works and does not conflict with OS firewall)/MacAfee/AVG/Zone Alarm/Panda/Eeyed (Commercial)

avast! antivirus Home Edition (Avast! Is free for home use but you have to pay if it is for small to large businesses)

Moon Secure/ClamAV (Free open source)

Spybot Search and Destroy (Stops spyware and also adds rouge internet sites to the Windows host file)

Free AVG (Grisoft)/ Lavasoft Stuff Paid

AVG offers programs such as anti-virus and other features for home use but for extra protection you have to pay for.

Ad-Aware (this stops pop-up’s and adware)

Anti-rootkit (stops rouge viruses or software that is doing harm to your system)

Now the following is a program that is used to track and block bad IP’s and IP’s from governments and schools, research facilities and MPAA and Anti-Piracy IP’s.

Peer Guardian (monitors all internet traffic from UDP and TCP communication and Stops traffic from rouge internet sites)

The following is a program from grc.com called leaktest it tests your firewall to see if any non authorized programs like itself and viruses can access the web without your permission.

Leak Test (Finds if your firewall will stop internet activity from rogue programs or viruses)

Other Software you Might Need:

Tor (gives you anonymous on the web and encrypts all TCP traffic through 3 random tor nodes and gives each connection a 256 bit AES encryption)(Free and Open Source)

I2P (gives you anonymous on the web and encrypts all TCP and UDP traffic through 4 random nodes and gives each connection a 256 bit AES encryption) (Free and Open Source)

Firefox (Very secure FREE open source Web browser with many web extensions that can make your web experience more safe and convenient at the same time. ) (Free and Open Source)

True Crypt (encrypts your hard drive so no one can open it without the password) (Free and Open Source)

Defraggler (rearranges files to free up room) (Freeware)

CCleaner (Crap Cleaner)(Gets rid of temporary files that you don’t need and takes up unneeded room)(Freeware)

Links for items you see on this page!

avast! antivirus Home Edition

http://www.avast.com/eng/avast_4_home.html

Windows XP Critical Variability fix

Patch Work (Finds holes in windows that hackers used and holes found that can be used)

Securable (finds how secure your CPU is and vendibilities in 32 or 64 bit version of windows and variability’s in motherboard)

<!  Windows MICE Detection

Noshare/Letshare (allows or does not allow NetBIOS traffic on local network )

Leak Test (Finds if your firewall will stop internet activity from rogue programs or viruses)

And more…

http://www.grc.com/freepopular.htm

Secunia (finds software on the PC that has vendibilities and also your operation system, also free for home users but businesses have to pay a small fee.)

http://psi.secunia.com/

MSAL (Microsoft Security Assessment Tool) (this gives you a survey you answer to see how secure your network or PC security is.)

http://www.microsoft.com/downloads/details.aspx?FamilyID=6d79df9c-c6d1-4e8f-8000-0be72b430212&displaylang=en

MBSA (Microsoft Baseline Security Analyzer) (for IT Professionals) (Scans for vendibilities in windows and windows settings and more)

http://www.microsoft.com/downloads/details.aspx?FamilyID=f32921af-9dbe-4dce-889e-ecf997eb18e9&DisplayLang=en

Moon Secure/ClamAV (Free open source)

http://sourceforge.net/project/showfiles.php?group_id=169560

Spybot Search and Destroy (Stops spyware and also adds rouge internet sites to the Windows host file)

http://www.safer-networking.org/en/mirrors/index.html

Peer Guardian (monitors all internet traffic from UDP and TCP communication and Stops traffic from rouge internet sites)

http://phoenixlabs.org/pg2/

I2P (gives you anonymous on the web and encrypts all TCP and UDP traffic through 4 random nodes and gives each connection a 256 bit AES encryption) (Free and Open Source)

http://www.i2p2.de/download.html

Tor (gives you anonymous on the web and encrypts all TCP traffic through 3 random tor nodes and gives each connection a 256 bit AES encryption)(Free and Open Source)

http://www.torproject.org/download.html.en

Firefox (Very secure FREE open source Web browser with many web extensions that can make your web experience more safe and convenient at the same time. ) (Free and Open Source)

http://www.mozilla.com/en-US/products/download.html?product=firefox-3.0.1&os=win&lang=en-US

True Crypt (encrypts your hard drive so no one can open it without the password)(Free and Open Source)

http://www.truecrypt.org/downloads.php

Defraggler (rearranges files to free up room) (Freeware)

http://www.defraggler.com/download

CCleaner (Crap Cleaner)(Gets rid of temporary files that you don’t need and takes up unneeded room)(Freeware)

http://www.ccleaner.com/download

Anti-Rootkit (stops rouge viruses or software that is doing harm to your system)

http://download.grisoft.cz/softw/70/filedir/inst/avgarkt/avgarkt-setup-1.1.0.42.exe (Direct Link)

Ad-Aware (this stops pop-up’s and adware)

http://lavasoft.com/products/ad_aware_free.php

AVG (Home Edition/Business)(Full Protection)

http://www.grisoft.com/ww.home-and-office-security

AVG FREE Edition

http://free.avg.com/ww.download?prd=afe

Eeye (Free Edition but have to sign up)

http://free-antivirus.eeye.com/

Eeye (Commercial)(Full Protection)

http://shop.eeye.com/servlet/ControllerServlet?Action=DisplayHomePage&SiteID=eeyeinc&Locale=en_US&Env=BASE

Zone Alarm (Free!!!!!!! Firewall ONLY!!!!!)

http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall.jsp

Zone Alarm (Full Protection)

http://www.zonealarm.com/store/content/catalog/catalog_main.jsp

Panda (Full Protection/ Free) (requires registration)

http://www.pandasecurity.com/activescan/register/

Norton (I had bad experiences with Norton…Great firewall when it works and does not conflict with OS firewall) (Full Protection)

http://www.symantec.com/norton/theme.jsp?themeid=new-2008

McAfee (Full Protection)

http://us.mcafee.com/root/package.asp?pkgid=276&cid=25636

DNS patching during the critical time from July 7th, 2008 to August 3rd, 2008:

http://www.youtube.com/watch?v=Ff5WBDOwueI

Dan Kaminsky on the DNS Bug of 2008

http://www.youtube.com/watch?v=B0dHDD9fFM4&NR=1

DNS ATTACK!!!!!!! Hackers move first, in this war game of chess, We failed to hear the warning of Dan Kaminsky, but OpenDNS and BIND and don’t forget the smart ISP’s that took the FREE patch won the battle well stood up atleast and the customers of the ISP’s never knew what happned…Triumphed.

Exploit required to send more than 130 thousand of requests for the fake records like 131737-4795-15081.blah.com to be able to match port and ID and insert poisoned entry for the poisoned_dns.blah.com.”

“BIND used fully randomized source port range, i.e. around 64000 ports. Two attacking servers, connected to the attacked one via GigE link, were used, each one attacked 1-2 ports with full ID range. Usually attacking server is able to send about 40-50 thousands fake replies before remote server returns the correct one, so if port was matched probability of the successful poisoning is more than 60%.

Attack took about half of the day, i.e. a bit less than 10 hours.
So, if you have a GigE lan, any trojaned machine can poison your DNS during one night…” -tservice.net.ru

If you want more info listen to Steve Gibson talk about it in episode Security Now! Episode #157. DON’T FORGET TO READ MY POST ON Test your DNS NOW!!! and DNS Servers, The ISP Will not update!. For MORE INFO.

Do you think your DNS Server is compromise you can do two things.

1.You can check if your DNS Server is OK at a few sites:

http://member.dnsstuff.com/tools/vu800113.php

http://entropy.dns-oarc.net/test/ (This on takes a few times just refresh the page about 5-7 times)

http://www.doxpara.com/ (Dan Kaminsky Security Blog)

https://www.grc.com/dns (Steve Gibsons DNS Nameserver Spoofability Test)

2. The way to see if your DNS is good is to see if the port randomization is great if it says “poor” then TELL YOU ISP AND TELL THEM TO PICK UP THE SLACK AND UPDATE IT AND ALSO ITS FREE TO UPDATE!!!!!!!!!!!!!!!!!! All of the sites I listed can check if your DNS is good or bad but remember it can spoof DNS so from sites can give you a false positive witch means can lie to you. The way to know for sure is you can make sure you have an https:// at the beginning or your URL which means secure connection witch can’t be spoofed. If your DNS is compromised you can use a service called OpenDNS witch is free and probity a lot faster then your DNS and more secure because the only thing the do is keep their DNS Servers up-to-date always. They have a network of them all across the world witch means it is also more reliable. If one DNS is different than all the rest then it will change back. That is why it is more secure also they are not comprised because all of their DNS Servers were patched on the day it came out. It is faster, more secure, more reliable and the best thing it is FREE!!!!!!!!!! For more info about OpenDNS go to http://opendns.com/

That is the only advice i can give you to keep your DNS Servers safe and spread the word about this flaw and we might change the way we shop online and feel safer on it too.  Everyone deserves a safer and faster web for half the cost…well we can do the safer and faster for now.

P.S. Open DNS servers isp is 208.67.222.222 and secondary server id 208.67.220.220 just if you want to know.

In News of the DNS flaw Kaminsky (finally) provides DNS flaw details. “In his first public comments since his Domain Name System (DNS) cache poisoning flaw was made public, Dan Kaminsky said in a conference call on Thursday he doesn’t want to parse who said what when. He just wants everyone to understand that they must patch their systems now.” -Cnet.com Also Steve Gibson talks about the flaw in his podcast he does every week in episode #155 Bailiwicked Domain Attack & also episode Listener Feedback #47.

“This would be less of an issue if the widely released patch from two weeks ago had been fully deployed, but a number of companies or ISPs don’t seem to have gotten the memo. Accordingly to Kaminsky, some 52 percent of DNS servers are still vulnerable to the attack. This is a marked improvement from the 86 percent vulnerability rate in the days immediately following the patch’s release, but it’s still far too high, especially with dangerous code now squirreling its way across the Internet. Patch deployment is not an instant process, even if the company is on the ball, but we’ll hopefully see the number of patched DNS servers skyrocket in the next few days.

Some publications have dubbed the attack Metasploit, but that term refers to the open-source Metasploit Framework that was used to develop it. As for the exploit itself, it’s a new variation on a classic DNS poisoning theme. It disrupts the normal translation functions of a DNS server, causing it to redirect users to websites other than the ones they intended to visit. A poisoned DNS server, for example, could send someone to http://www.RussianMalware.com when they had actually typed http://www.google.com into the address bar. DNS poisoning isn’t new—vulnerabilities have existed for over a decade—but the one Kaminsky discovered increases the power of a successful attack.

Kaminsky has now detailed the methodology of a standard DNS poisoning attack and provides additional information on the vulnerability he discovered. As he describes it, a DNS lookup request is essentially a race between a good guy and a bad guy, each of whom possess certain advantages. The good guy knows when the race begins, and he knows the secret code that’s been sent along with that request in order to verify that the response coming back is actually authentic. The bad guy doesn’t have this code, but he actually decides when the request goes out, and he knows about the request before the good guy does.” -arstechnica.com

This problem was found by Dan Kaminsky a wile ago and ISP’s did not listen to him so he went public and now the world knows the problem and how to exploit it.  “He just wants everyone to understand that they must patch their systems now.”

“While most of the burden is on the Domain Name System servers and the various systems that support them, the nature of the flaw is such that desktop clients also need to patch their software as well.”

“Still, in the end, protection from any DNS exploit also depends on your upstream ISP providers. As of Monday, researcher Neal Krawetz was reporting that servers at several high-profile ISPs remained vulnerable. ”

You can get more info about this DNS Flaw at

Microsoft Security Bulletin MS08-037

-Cnet.com

If you want more info about your DNS and if it is safe go to my other post called “Test your DNS NOW!!!” also if you want more info listen to Steve Gibson on episode #155 Bailiwicked Domain Attack & also episode Listener Feedback #47, at  https://www.grc.com/securitynow.htm (Secure connection) or SSL or at http://www.grc.com/securitynow.htm for unsecure. If you want to visit Dan Kaminsky at his blog at http://www.doxpara.com/ or on twitter at dakami. Ohh… one more thing Steve Gibson said that if you go to any site that is on an SSL (Secure Connection) This will be the right sight and can’t be spoffed because they would not allow the certificite for the site to go through because it goes on 443 not 80. Also if you want to laugh or cry or whatever you think this is you can read a poem about the DNS flaw and Dan Kaminsky.

“He decided than rather to disclose all at once he’d instead only tell people who’d fix it in months So some meetings were had and work soon began vendors wrote patches coordinated by Dan Fast forward some time out the closet it came some researcher types got into the game Dan’s rules were quite simple, that in 30 days he’d present during Blackhat and we’ll all be amazed A bunch of big egos called Dan on a bluff said his vuln was a copy of 10 year old stuff So Dan swore them on handshakes and details were provided and those same cocky claims soon all but subsided It seems that Dan’s warnings weren’t baseless at all Said the same skeptical hackers ‘the risk isn’t that small!’ So Blackhat was nearing the web didn’t break then out came a theory from our friend Halvar Flake No sooner had he posted and described the vuln’s guts than Matasano’s blog surfaced, kicked the web in the nuts It said ‘Halvar’s right!’ we’ll no longer keep quiet. The post’s ripple effect caused a nasty ‘net riot The blog quickly was pulled but the cat’s out of the bag the arms race began since there’s no longer a gag Meanwhile the issues of honor and trust rehashed the debate of when disclosure goes bust So Dan’s days of thirty we never did see thirteen is OK but I issue this plea When researchers consider how to disclose and thus when will you think of the users? How it might affect them? This ego-fueled rush to put your name on a vuln has a much bigger impact than you might have known If the point here is really to secure and protect then consider what image you really project In this case the vuln. is now in the wild an exploit is coming DNS soon defiled The arms race has started and the clock now is ticking If you haven’t yet patched you’ll soon take a licking I’m not taking sides really on the disclosure debate but rather the topic of patch early or late What good is disclosure if the world couldn’t cope with the resultant attacks if we’ve all got just hope? There’s two sides to this issue both deserve merit but Dan’s rep has been smeared I say let’s just clear it”

-Christofer Hoff.

Welcome to your source of security for your computer. Every OS is welcome (Unix based, Linux, Windows and Mac) This blog will show you security holes in the OS browsers, programs and Now even worse privacy.