hakin9_2010_09_34.pdf

(4312 KB) Pobierz
374231995 UNPDF
374231995.007.png
374231995.008.png
374231995.009.png
PRACTICAL PROTECTION IT SECURITY MAGAZINE
9/2010 (34)
team
Dear Readers,
Together with the appearance of the first PC the communication
channel totally changed.
Everyday we send and receive hundreds of messages either for
private or business purposes.
We have the guarantee that the received will get the message
quickly and no serious problem should occur (as all of us used to face
with snail mail I am sure). But is it really 100% reliable?
In this issue our expert analyses email security issues for end-users.
I think this article is a must-read for everyone who would like to use his
email safely and keep the messages private.
Another great article is the third part of our web malware series.
This time, the author focuses on some of the interesting methodologies
which are commonly used in web malwares such as script obfuscating,
iframes, Mpack and more. In the attack section you will also find an
article on IPv6 security implications. The idea behind this article is to
help penetration testers and malware analysts become familiar with IP
protocol version 6, as attacks and new malware spreading on the top of
this protocol are already out there.
For a dessert I highly recommend the article by Gary Miliefsky – The
Greatest Hacking Breach In Cyber History. The author will answer the
questions: How did it happen? How can we learn from it? Are there
more to come?
I hope you will find the articles we prepared for you this time very
informative and interesting. See you next time!
Editor in Chief: Karolina Lesińska
karolina.lesinska@hakin9.org
Editorial Advisory Board: Matt Jonkman, Rebecca Wynn,
Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt
DTP: Ireneusz Pogroszewski
Art Director: Ireneusz Pogroszewski
ireneusz.pogroszewski@software.com.pl
Proofreaders: Henry Henderson aka L4mer, Michael Munt,
Jonathan Edwards, Barry McClain
Top Betatesters: Rebecca Wynn, Bob Folden, Carlos Ayala, Steve
Hodge, Nick Baronian, Matthew Sabin, Laszlo Acs, Jac van den
Goor, Matthew Dumas, Andy Alvarado
Special Thanks to the Beta testers and Proofreaders who
helped us with this issue. Without their assistance there would
not be a Hakin9 magazine.
Senior Consultant/Publisher: Paweł Marciniak
CEO: Ewa Łozowicka
ewa.lozowicka@software.com.pl
Production Director: Andrzej Kuca
andrzej.kuca@hakin9.org
Marketing Director: Karolina Lesińska
karolina.lesinska@hakin9.org
Subscription: Iwona Brzezik
Email: iwona.brzezik@software.com.pl
Enjoy your reading
Karolina Lesińska
Editor-in-Chief
Publisher: Software Press Sp. z o.o. SK
02-682 Warszawa, ul. Bokserska 1
Phone: 1 917 338 3631
www.hakin9.org/en
Whilst every effort has been made to ensure the high quality of
the magazine, the editors make no warranty, express or implied,
concerning the results of content usage.
All trade marks presented in the magazine were used only for
informative purposes.
REGULARS
6 in Brief
Latest news from the IT security world
Armando Romeo, eLearnSecurity
ID Theft Protect
All rights to trade marks presented in the magazine are
reserved by the companies which own them.
To create graphs and diagrams we used program
by
8 Tools
Ad-Aware Pro Internet Security
Don Iverson
The editors use automatic DTP system
Mathematical formulas created by Design Science MathType™
DISCLAIMER!
The techniques described in our articles may only
be used in private, local networks. The editors
hold no responsibility for misuse of the presented
techniques or consequent data loss.
40 ID fraud expert says...
Julian Evans
BASICS
10 Knowing VoIP Part I
Winston Santos
telling me how the VoIP works! Honestly this has something
50/50 of valid and invalid. As you may know, residential
4
09/2010
4
374231995.010.png 374231995.001.png 374231995.002.png 374231995.003.png 374231995.004.png
 
CONTENTS
telephone has played a very important role in our lives, for more than 130
years and some well situated people have been using our old and friendly
POTS (Plain Old Telephony Services) for personal or even business usage,
but all has changed thanks to the VoIP.
ATTACK
14 Web Malwares – part 3
Rajdeep Chakraborty
infection related to Web Malwares. We had also seen some of the tricks
or flaws which are used by the Malware authors and how vulnerable
browsers, vulnerable browser plugins or components or even vulnerable
Web applications, unknowingly, aids to keep the threat of Web Malware
alive. In the third and the concluding section, we would focus on some
of the interesting methodologies which are commonly used in Web
Malwares.
24 Ipv6 Security Implications
Antonio Merola
analysts become familiar with IP protocol version 6, as attacks and new
malware spreading on the top of this protocol are already out there. As
most of us already know, the widespread IP protocol currently being
used is IP version 4, we also know that due to IPv4 address exhaustion IP
protocol version 6 has been introduced. With workarounds such as NAT/
PAT, proxies, gateways etc. IPv4 is still on the stage, but the complexity
of the networks are increasing and this usually leads to frustrating
troubleshooting.
36 Session Riding
Miroslav Ludvik
doubts same is the security of web applications. (Does anyone?) There are
really plenty of ways webs can be designed insecure and yet much more
ways these security holes can be utilized for evil’s benefit.
DEFENSE
44 The Greatest Hacking Breach In Cyber History
Gary Miliefsky
In my last article, I described how malware functions and why I believe
anti-virus is dead. In this article, I want to delve into the story of a most
notorious hacker and how he masterminded the greatest hacking breach
in cyber history using techniques that are actually not that novel and
could have most likely been prevented, had the victim networks been
better prepared and the IT staff better trained in cyber defense. Let’s begin
with who he is, where he is today and how he landed behind bars…
www.hakin9.org/en
5
374231995.005.png 374231995.006.png
 

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin