hakin9_04_08_EN.pdf
(
9601 KB
)
Pobierz
CONTENTS
team
Editor in Chief:
Ewa Dudzic
ewa.dudzic@hakin9.org
Executive Editor:
Magda Błaszczyk
magda.b@hakin9.org
Editorial Advisory Board:
Matt Jonkman, Clement Dupuis,
Shyaam Sundhar, Terron Williams, Steve Lape
Editors:
Monika Drygulska
monika.drygulska@hakin9.org,
Sylwia Stocka sylwia.stocka@hakin9.org
Hacking the Time
F
inally the summer has arrived. I hope we all do not get too lazy and
DTP Management:
Robert Zadrożny
robert.zadrozny@hakin9.org
DTP:
Ireneusz Pogroszewski
ireneusz.pogroszewski@hakin9.org
Art Director:
Agnieszka Marchocka
agnieszka.marchocka@hakin9.org
CD:
Rafał Kwaśny rafal.kwasny@gmail.com
can get ourselves together to work efficiently. People always wait for
something, don’t they? Some of us wait for the summer to come, some
– just for the weekend. Why is it? Perhaps, we wish to make the time go faster
or, at least, pretend it does. The sense of time flow is so relative that it changes
along with our emotions, mood and, unfortunately, expectations. Can we actually
influence the time? There are scientists who have been trying to modify the time
and those who are trying to manipulate the way we experience the time flow.
They say: babies and children have no feeling of time passing. We acquire the
habit of perceiving time in a certain way, depending on which culture we grow
up in. Most people in the West are so attached to linear time that we they do not
realize it. Some cultures, however – for instance, some Native Americans – do
not learn to experience time the same way as the rest of the world. They live in
timelessness and I guess should be much happier.
A practice proving how strange and flexible is the time is the
season time change rule still applied in some countries. And so,
Poles, Germans and the other inhabitants of Europe sleep one hour
less or more (depending on the time of the year) while the Indians or
Japanese do not bother with anything like that. It is thought to be an
electricity saving method from a bygone era but nowadays the time
change seems to be more problematic than useful.
Dear Readers, instead of counting days that are left to the holidays
or to the weekend – relax, focus on your actions and emotions and
not on the clock ticking. Then turn the page, and the next one and
another and enjoy hakin9 articles and tutorials. First, read about FI
attack and its practical aspect. Then learn something new on dangers
of the wireless networks presented by Stephen Argent and move to the
second part of the series on Alternate Data Streams. We also have a
paper on RSS for you, written by Aditya Sood, as well as two articles
in the defense section: last part of the Postgres database security
series plus a short paper on Deploying Robustness Testing. When you
have enough of reading, explore the hakin9 CD and enjoy a new video,
Metasploit3 GUI with Postgres created by Lou Lombardy and Stephen
Argent’s tutorial on Man in the Middle attacks.
I hope you enjoy this edition of hakin9 magazine. Should you ever
have any suggestions or ideas to improve h9 – do let me know.
Proofreaders:
Neil Smith, Steve Lape, Michael Munt, Monroe
Dowling, Kevin Mcdonald, John Hunter
Top Betatesters:
Joshua Morin, Michele Orru, Clint Garrison, Shon
Robinson, Brandon Dixon, Justin Seitz, Donald Iverson, Matthew Sabin,
Stephen Argent, Aidan Carty, Rodrigo Rubira Branco, Jason Carpenter,
Martin Jenco, Sanjay Bhalerao, Monroe Dowling
Senior Consultant/Publisher:
Paweł Marciniak
pawel@hakin9.org
Production Director:
Marta Kurpiewska
marta.kurpiewska@hakin9.org
Marketing Director:
Ewa Dudzic
ewa.dudzic@hakin9.org
Circulation and Distribution Executive:
Wojciech Kowalik
wojciech.kowalik@hakin9.org
Subscription:
customer_service@hakin9.org
Publisher:
Software Media LLC
(on Software Publishing House licence
www.software.com.pl/en
)
Postal address:
Publisher: Software Wydawnictwo Sp.z.o.o
02-682 Warszawa, ul. Bokserska 1
Worldwide publishing
Business addres: Software Media LLC
1521 Concord Pike, Suite 301 Brandywine
Executive Center Wilmington, DE 19803 USA
Phone: 1 917 338 3631 or 1 866 225 5956
www.hakin9.org/en
Software Media LLC is looking for partners from all over the World.
If you are interested in cooperating with us,please contact us at:
cooperation@hakin9.org
Print:
101 Studio, Firma Tęgi
Printed in Poland
Distributed in the USA by:
Source Interlink Fulfillment Division,
27500 Riverview Centre Boulevard, Suite 400, Bonita Springs, FL
34134, Tel: 239-949-4450.
Distributed in Australia by:
Gordon and Gotch, Australia Pty Ltd.,
Level 2, 9 Roadborough Road, Locked Bag 527, NSW 2086 Sydney,
Australia, Phone: + 61 2 9972 8800,
Whilst every effort has been made to ensure the high quality of
the magazine, the editors make no warranty, express or implied,
concerning the results of content usage.
All trade marks presented in the magazine were used only for
informative purposes.
All rights to trade marks presented in the magazine are reserved by
the companies which own them.
To create graphs and diagrams
we used
program by
Cover-mount CD’s were tested with AntiVirenKit
by G DATA Software Sp. z o.o
The editors use automatic DTP system
Mathematical formulas created by Design Science MathType™
ATTENTION!
Selling current or past issues of this magazine for prices that are
different than printed on the cover is – without permission of the
publisher – harmful activity and will result in judicial liability.
hakin9 is also available in: Spain, Argentina, Portugal,
France, Morocco, Belgium, Luxembourg, Canada, Germany,
Austria, Switzerland, Poland, Czech, Slovakia, Singapore,
The Netherlands, Australia, The United States
hakin9 magazine is published in 7 language versions:
DISCLAIMER!
The techniques described in our articles may only be
used in private, local networks. The editors hold no
responsibility for misuse of the presented techniques
or consequent data loss.
Magdalena Błaszczyk
magdalena.blaszczyk@hakin9.org
4
HAKIN9
4/2008
CONTENTS
REGULARS
BASICS
06 In Brief
Selection of news from the IT security
world.
Zinho & www.hackerscenter.com
12 File Inclusion Attacks
ALI RECAI YEKTA, ERHAN YEKTA
After reading this article, you will come to know about File Inclusion Attacks'
methods and defense techniques against them.
08 CD Contents
What's new on the latest hakin9.live CD
– a great number of fully functioning
versions and special editions of
commercial applications and a video
tutorial on Metasploit GUI in a Windows
XP environment..
hakin9 team
ATTACK
20 Hacking RSS Feeds:
Insecurities in Implementing RSS Feeds
ADITYA K. SOOD
This paper discusses the infection vectors that occur due to insecure coding
by developers and includes other related security issues. It provides a detailed
analysis of the errors and efficient measures to correct those errors, while
keeping in mind the original security concerns.
10 Tools
eScan ISS from MicroWorld
Anushree Reddy
30 Alternate Data Streams or “Doctor Jekyll and Mr.
Hyde” Move to NTFS (Part II)
LAIC AURELIAN
The second part of the ADS series. This article reveals everything you should
know about ADS, focusing on its practical use. You will learn how to create, use
and delete ADS.
68 Emerging Threats
Global Thermonuclear War – Shall We
Play a Game?
Matthew Jonkman
70 Consumers Test
Choose the Right Router
Matthew Sabin & hakin9 team.
36 All in Memory Execution under Linux
ANTHONY DESNOS, FRÉDÉRIC GUIHÉRY, MICKAËL SALAÜN
A very useful paper on all in memory execution under Linux. The authors show
its rules, all in memory's tools and protection methods against the execution.
74 Interview
Interview with Nicolaas Vlok
Terron Williams
46 The Real Dangers of Wireless Networks
STEPHEN ARGENT
The paper explains how to break into Wireless Networks and use Ettercap,
Driftnet and Wireshark for sniffing. While reading this article, you will learn how
to manipulate packets and view MSN conversations over the network.
78 Self Exposure
Mike Chan, Bing Liu
hakin9 team
80 Book Review
IT Security Interviews Exposed. Secrets
to Landing Your Next Information
Security Job
Benjamin Aboagye
Risks, Controls, and Security: Concepts
and Applications, 1st Edition
Joshua F. Morin
DEFENSE
56 How to Deploy Robustness Testing
MIKKO VARPIOLA, ARI TAKANEN
In this article the authors explore various means of testing for the security
mistakes, with the focus on deploying robustness testing into the software
development lifecycle.
82 Coming Up
Topics that will be brought up in the
upcoming issue of hakin9
Monika Drygulska
60 Protecting Data in a Postgres Database
ROBERT BERNIER
Part III of the three-part series on Postgres. This article addresses the issue
of restricting access to data via the use of data encryption. After reading this
paper, you will manage to use cryptographic functions obtained from two
contributions modules.
5
4/2008
HAKIN9
Plik z chomika:
TirNaNog
Inne pliki z tego folderu:
Hakin9.07.(04.2004).PL.pdf
(49821 KB)
Hakin9.29.(09.2007).PL.pdf
(12061 KB)
Hakin9.17.(03.2006).PL.pdf
(58743 KB)
Hakin9.05.(02.2004).PL.pdf
(51314 KB)
Hakin9.01.(01.2003).PL.pdf
(3572 KB)
Inne foldery tego chomika:
ACE
AcornUser
AmigaComputing
AmigaFormat
AmigaShopper
Zgłoś jeśli
naruszono regulamin