Geek Memos (Page 2)

Sign in Subscribe

My journey towards OSCP

I’ve started studying for Offensive Security Certified Profession [http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/] (OSCP) certification also called Penetration Testing with Kali (PWK). This certification claims to give you good grip on penetration testing which includes network and application side of things. When you sign up for 30, 60,

SSL3 Vulnerability code-named 'Poodle'

SSL version 3 is still being supported across all platforms. That is , even though this encryption mechanism for the web is 15 years old, almost as old as Windows XP. Google researchers revealed today that SSL 3 might be vulnerable to Man in the Middle (MITM) attacks. Basically, an attacker

Six Stages of Incident Response

A six stage methodology can be implemented to respond to a network security breach. These six stages are, preparation, detection, containment, eradication, recovery, and follow up. Preparation includes a set of defenses to deal with threats, preparing staff by providing security awareness, and creating procedures to deal with incidents as

TCP Sequence Prediction Attack

TCP sequence prediction attack, also known as Christmas day attack, makes use of guessed TCP sequence numbers. Although associated vulnerability was pointed out by Bellovin in 1989, it became prominent only in 1994 when it was used by Kevin Mitnick against Tsutomu Shimomura on Christmas day of 1994. Luckily, this

Information Leakage

Contents 1) Introduction. 2 2) Information Leakage. 2 3) Types of Information Leakage. 4 1. a) Intentional Leaks. 4 2. i) Internal Agents. 5 3. ii) External Agents. 6 4. b) Accidental Leaks. 6 4) Exploitation Channels. 8 1. a) Electronic Mail 8 2. b) Hard Copy. 9 3. c)

Run ifconfig without root privileges

So I couldn’t run ifconfig on a client’s RedHat Enterprise system today because my account didn’t have sudo rights. 01:31:06 # ifconfig bash: ifconfig: command not found Here is how I got it to work: > 01:43:05 # whereis ifconfig ifconfig: /sbin/ifconfig esmadmin@ahsflmdbus65:

A Senate in the Gun Lobby’s Grip

Took from NY-Times By GABRIELLE GIFFORDS | Published: April 17, 2013 SENATORS say they fear the N.R.A. and the gun lobby. But I think that fear must be nothing compared to the fear the first graders inSandy Hook Elementary School [http://topics.nytimes.com/top/reference/timestopics/subjects/s/

HTTPS Security Encryption Flaws Found

Mathew J. Schwartz [http://www.informationweek.com/authors/Mathew-Schwartz] | March 19, 2013 10:09 AM http://www.informationweek.com Security researchers have discovered weaknesses that could be exploited to crack some types of encrypted Web communications. The flaw exists in theRC4 encryption algorithm [http://en.wikipedia.org/wiki/RC4#Security]

Australian central bank computers hacked

Computer networks at the Reserve Bank of Australia have been hacked, some reportedly by Chinese-developed malware searching for sensitive information, officials said Monday. The central bank revealed the attacks after investigations by The Australian Financial Review found multiple computers had been compromised by malicious software seeking intelligence. The newspaper said

Spy Chief Says Little Danger of Cyber ‘Pearl Harbor’ in Next Two Years

BYKIM ZETTER [http://www.wired.com/threatlevel/author/kimzetter/]03.12.13 at Wired.com Contrary to much of the fear-mongering that has been spreading through the nation’s capital on cybersecurity matters lately, the director of national intelligence bucked that trend on Tuesday when he told a senate committee

Securing Remote Desktop Connection

Recently I’ve gotten tired of using logmein. Their servers are getting slow and finishing my daily tasks is getting difficult. So what am I gonna do? Remote Desktop. Well of course, I will have to do this in three steps: 1. Use Dyndns to connect remotely to my home

Nokia Performing Man-in-the-Middle Attacks

From Bruce Schneier’s Cryptogram: Man-in-the-Middle Attacks Against Browser Encryption [http://www.schneier.com/crypto-gram-1302.html#8] Last week, a story broke about how Nokia mounts man-in-the-middle attacks against secure browser sessions. “The Finnish phone giant has since admitted that it decryption secure data that passes through HTTPS connections — including

Symantec and NY Times hack

So Chinese hacked NY Times and Symantec didn’t do its job — it’s nothing new. Symantec has proven to be a bad antivirus solution over the years. During my internship at Health Solutions Plus, Inc., I had the pleasure of comparing Symantec, McAfee, Kaspersky, and Bitdefender head-to-head. For testing

Safe Online Practices

Safety is a natural concern. Over past decade, it has become one of our top priorities. We have spent a lot of money safe guarding ourselves from physical. To the contrary, we have not mastered the art of cyber defense yet. We keep our children from talking to strangers on

Facebook session hijacking

In previous blog, I taught you how to hide your identity when browsing internet. This time, I will take it furthure and teach you how to hack Facebook. Now many of you will use this to spy on your girlfried or boyfriend. I’d rather use to understand how vulnerable

Surf Anonymously

Big brother is watched you. Like they say, “In God we trust, everyone else we monitor”. They do monitor, all the time. Internet Service Providers (including Time Warner and Frontier) are required to hold your internet history for 18 months. Even if you delete your web browser’s internet history,