Web Vulnerabilities and Search Engines

Interesting finding:

Vulnerability scans via search engines. Includes Google scans and Bing reflections.

Using hosts file to protect your computer

A handy resource:

1. If you are using Spybot Search & Destroy on Windows32 systems, enter

C:\Windows\System32\drivers\etc\hosts

2. Spybot Search & Destroy will list all blocked connections; i.e. those that are redirected to the localhost.

3. You can manually add/delete entries.

4. It is a another layer of security!!

For details, check:

http://winhelp2002.mvps.org/hosts.htm

http://en.wikipedia.org/wiki/Spybot_%E2%80%93_Search_%26_Destroy

 

Launching The Net Miner Tool Set

As part of the migration of Mi Islita to a new home at
http://www.miislita.com
, I’m happy to announce the initial release of The Net Miner Tool Set, v. 1

The tool set has been around for about a week with some few speed issues, but now you can enjoy it for good. So, what you can do with it? Well, visit the site, try it, and let me know if you like it or if there is room for improvement.

With The Net Miner Tool Set, now anyone can do some basic network security tests. You would be surprise to learn of how many sites are exposing things like php.ini files, making easy the life of attackers, or leaking unnecessary information in their configuration headers.

Checking if your DNS has been compromised

Worry about July 9, 2012? Check your DNS.

The simplest solution. Visit http://www.dns-ok.us and if you see a green background, you are ok. If the background is red, you might be in trouble.

Want to do the check manually? Do this

Open a command window and at the prompt, type or paste:

ipconfig/allcompartments/all

The output will probably be very long. Look for the IPv4 information under “Ethernet adapter…” Then Look for the “DNS Servers line, and write down these numbers. “Compare them with the IP numbers of the malicious Rove DNS changer listed in http://www.dcwg.org/detect/checking-windows-7-for-infections/

If a match, you might be in trouble.

Electronic Drugs and Hackers

I Doser has been called an addictive electronic drug. It is a common hype in social networks. But, actually it is nothing new, but a well-repacked business.

You can get all kind of e-drugs: from e-marihuana to e-….anything by just using earphones. A dangerous mixture if you are driving a car!

Such e-drugs are based on binaural beats, discovered in 1839 by Dove. These are slow modulations that are perceived when tones of different frequency are presented to each ear. Such auditory beats in the brain can have unexpected results, altering consciousness: A virtual LSD?

In 1973 Oster discovered that binaural beats can be detected by humans when carrier tones are below approximately 1000 Hz. According to Lane et al (see references below)

WHEN two pure auditory signals of similar frequency are mixed together, the phase interference between their waveforms produces a composite signal with a frequency midway between the upper and lower frequencies and an amplitude modulation that occurs with a frequency equal to the difference between the two original frequencies. For example, mixing tones of 100 Hz and 110 Hz yields a signal with a perceived frequency of 105 Hz that rises and falls in amplitude with a frequency of 10 Hz. The amplitude-modulated composite signal is called an auditory beat.

A similar phenomenon occurs when auditory signals of similar frequency are presented separately to the left and right ear through stereo headphones. Although each ear hears only one of the frequencies, the listener perceives the middle frequency and the amplitude modulation, even though the auditory beat does not exist in physical space. This phenomenon, called a ‘‘binaural auditory beat,’’ and described more than 25 years ago (6), is created by the brain’s processing of the two separate auditory signals at the level of the olivary nuclei of the brainstem.

It was a matter of time to see some looking for making a quick cash doing a 2 + 2 math, mixing hungry with necessity (“se juntó el hambre con la necesidad”). So now we can see low level forms of life looking for an escape to their reality through I Doser.

Hackers may soon be able to misuse these e-brain technologies to cause physical harm. A WMD in the making or accident waiting to happen?

References

Binaural Auditory Beats Affect Vigilance Performance and Mood
Auditory Beats in the Brain
Inducing Altered States Auditory and Visual Stimulation
Entraining Tones and Binaural Beats
Research_Frequencies
Audio-Visual Entrainment

DOS Attacks with Links using URL Shorteners

This is interesting: How to launch a DOS attack without ever having to infect a single PC machine. This is done through URL shorteners:

Doz.me Can Launch DDoS Attacks Using Shortened URLs

URL Shortener Is Also A DDOS Tool

Beware of clicking on links with URLs shortened.

Ho, Ho, Ho.

Hackers in your Cell Phone, Car, and TV

Thanks to the Internet, hackers are -or soon will be- invading your cell phones, car, and TV.

Cell Phones:

The Energizer DUO Trojan: What You Need to Know, reports that the Energizer USB charger has been infected with a nasty Trojan.

Cars:

Ford Motor Rolls Out New Security Features To Prevent Car-Hacking, reports that Ford is taking steps to prevent hackers from literally car-jacking your vehicle.

TV:

Google, DISH Network in Set-top Tests, reports that Google is moving to provide search services through your TV. With TV soon hitting the market with Internet Widgets and similar technologies, soon your TV sessions will be subject to hacking.

So, very soon: hackers, spammers, and marketers in your car, phone, and TV.

To secure a job, get certified in Internet Security related technologies. Or how about, Multimedia Search Marketing (MSM)? That’s a new great acronym to think about.

Stop the Press: RSA Encryption Cracked!

According to this news:

Researchers have found that by playing with the voltage on a device, it is possible to crack the popular RSA encryption keys. Hackers are having a field day with this research.

The article says:

“Researchers at the University of Michigan say they have uncovered a way to circumvent encryption used on many devices.

The research is the work of Valeria Bertacco, Todd Austin and Andrea Pellegrini. According to their paper, entitled ‘Fault-Based Attack of RSA Authentication’ (PDF), the trio demonstrated a way to beat the popular encryption method, which is used in media players, laptop computers, smartphones and other devices. It is also used by retailers to secure customer information online.

The researchers found that by varying the voltage on a device it was possible to get their hands on the ‘private key’ needed to beat the security feature. Using what they described as an inexpensive device specially-built for the experiment, the trio manipulated the voltage and caused the computer to make small mistakes in its communications with other clients. This ultimately revealed small pieces of the private key, which they eventually used to reconstruct the key offline.”

Beware of search results

Obliviously clicking on search results can be risky, as it can be read from this news:
http://www.msnbc.msn.com/id/35456838/ns/technology_and_science-security/

Although nothing new, this shows how hackers can poison the quality of search engine results and end users computer systems. Killing two birds with one stone.

Now, imagine a spammer recycling the very same poisoned search results and you have and additional bird smashed.

OOM (On other matters), the current issue of the IRW newsletter will be delayed a bit more. Sorry for the inconvenient.

What does Scraping is good for?

The current issue of IRW features Web Scraping as a vehicle for conducting Web Mining.

As mentioned in the newsletter, there are so many things that can be done with scrapers. For instance, the below is a comparative of the number of script tags (<script …>…</script>) and link tags  (<link …./ >) declared in several index pages and extracted with two scrapers mentioned in the IRW article: the Script and Link Tag Scrapers. As expected, pages with a lot of content are prone to have  more scripts.

Search Engines	Script Tags	Link Tags
Yahoo.com *	15	2
Bing.com	12	1
Ask.com	10	0
Google.com	4	0
Gigablast.com	1	0

 

Socially-oriented Sites	Script Tags	Link Tags
Searchenginewatch.com	38	5
Twitter.com	9	3
Seomoz.org	7	13
Facebook.com	5	4
Wikipedia.com **	1	6

 

* At the time of the analysis, Yahoo.com redirects to the m.yahoo.com alias, but same results are obtained.

** Wikipedia.org and Wikipedia.com return same results.

On the other hand, Web Scraping can unveil potential Web Vulnerabilites in an architecture, so there is a positive side to the story.  

In the good hands, scrapers can do great things. In the wrong ones, they can be a nightmare.

Unfortunately, hackers know well that scrapers can be embedded into malware and get their hands on source codes. Ask victims of such scrapers like Google and other companies (
http://www.wired.com/threatlevel/2010/01/google-hack-attack/
).

Besides legal issues and an unfriendly landscape (censorship), it appears they got tired of chinese hackers picking on them so they are pulling out of China  -or treatening to do so.

http://online.wsj.com/article/SB10001424052748704362004575000440265987982.html?mod=rss_Today’s_Most_Popular

Beaten in their own game: brain power.