Search

musings of extofer

and his secret identity, Gabriel Villa

Open Search
Category

Security

Call to Action: SecureKidsWeb


In recent news in the city I live in, a 12 and a half year old boy was severely injured at home. After a five day battle, the young man was taken off life support. This really hit home for us when we first heard of the news because it was my son’s first day of school and the young man went to the same school. The parents kept the accident private, but encourage these words:

“Please take good care of all your children and loved ones.
Watch closely what they look at on the Internet and things they talk about with friends. We feel we did not know enough and this lack of knowledge made us pay a high price !!”

It’s a shame when families don’t know enough about parental control. It is a vary sad thing to think this could of been prevented with simple, free Internet security tools or sites. I been using OpenDNS since my young ones were freely able to surf the web on their own computers. Not to mention, I was able to block out unwanted information from their Wii game console as well.

I want to share my quick lesson to anyone listening, and I encourage friends and families with children to do the same right now. I would also challenge and ask all my acquainted IT professionals that I know, personally or via Social Network, that we come forth and help. Please take a minute and share your Internet Parental Control knowledge and post and tag it #SecureKidsWeb

Create a free Opendns account at http://www.opendns.com/.

Go to the Set up page and follow the instructions to set up your home router: https://store.opendns.com/setup/

When set up, go to your OpenDNS Dashboard. You should be able to see a network address in the form of ###.###.###.####. That is called an IP address. Click the “Add Network” button and name your network.

Once you have added the Network, click on the Settings tab, and you will find the Web Content Filtering section. At this point, you can choose your filtering level, or customize your setting. By doing so, you can block content by category, i.e. Adult content, Sexuality, Drugs, Hate/Discrimination.

Once you have set up your OpenDNS, you may manage to see reports of site visited and judge for yourself whether you want to block addition site by name in the same manner by going to the Manage individual domains section.

Now you can have the ease to monitor and manage Web Traffic and content.

0

School of Hacks – Part 2

I continue to discuss the second part of the series, following the Hacker culture post in Part 1, now we discuss Part 2. Before I elaborate in programming in Python or other hacking languages, I want to discuss with you the second important skill in hacking. In case you have not guessed it, if you want to become a hacker, you need know an Open Source UNIX operating system.

linux-distro
Can you hack in Windows?  Yes. Windows is a good operating system, and you can install Python and run programs in C on Windows. But Windows is not Open Source. Windows is distributed in binary, in other words, you can only install Windows and not change nor manipulate the code of the operating system (OS). An open source OS has the option to download the source code and contribute to it by programming features, utilities or tools for it. There are two lessons to be thought in this here skill today, and they go hand in hand. One, if you want to be a hacker, you have use and contribute to the Free and Open Source Software (FOSS). This is a cultural trait. You can contribute in such a community as SourceForge, where you can download and develop FOSS. Hackers share software with their community, they test FOSS they didn’t program, write documentation for it, debug it, and eventually, write their own open source software. That is one reason why hackers use a FOSS UNIX Operating System. There are different variants of UNIX or UX operating systems, free or proprietary such as AIX, BSD, Solaris, SCO, HP-UX and the most popular, Linux, which leads us to the second lesson.

UNIX has been the operating system for scientist by scientists. It goes without saying, that hacking is a science. In the days before the Mac OS and Windows, UNIX was king and in the 1970’s, UNIX creators at Bell Labs, provided the source code to the OS to be taught in universities or enhanced by researchers. A US born professor at Vrije University in Amsterdam wrote his own UNIX (MINIX, or Minimal UNIX) and provided the 12,000 lines of C and Assembly code when you bought his book “’Operating Systems: Design and Implementation” by Andrew S. Tanenbaum. MINIX was created to teach university students how an operating system works. One student, Linus Torvalds, took the source code provided by the book in floppy disks, programmed a kernel, and according to his newsgroup post on compo.os.minix took “feedback on things people like/dislike in minix” and programmed “features most people would want”. As he shared it with the online community, like a good hacker boy that he was, it gained a lot of attention and within one month of releasing Linux 0.01 (or Linus UX) on the Internet, many hackers contributed to 0.02. Eventually Linux grew into the hundreds of Linux distributions today.

There are other Free OSS UNIX operating systems around that are used for hacking, these include FreeBSD and OpenSolaris. However, the importance to becoming a good hacker is to understand UNIX and how it works on the Internet. To do so, one must know the UNIX and Internet Fundamentals. The question here is now, what do you want read about next: should I contribute in detail on programming Python, or would you rather me show you the different ways to run Linux, including Live Distro, virtual or full installation or running Linux off a network. My next part of this series will depend on the reader, this is subliminally training you to a hacker lessons learned, contribute to this by commenting, and you’re on your way to becoming a hacker.

1

School of Hacks – Part 1

Programmer's aid
Some rights reserved by dunkv

I began this series for a blog and podcast called Mr. Cracker:


You never ask, “How do I become a hacker?” and you never say “I am a hacker.” Nowadays, you will run into countless YouTube Videos and blogs regarding “hacking.” I’m glad to hear Mr. Cracker’s first few episodes focused on what is a hacker and how does one hack. However, there are many stories that can be credited for tainting the term, like an incident in Los Alamos in 1982.

Webster’s dictionary defined a hacker as an expert at programming and solving problems with a computer. Hackers have otherwise been known as computer geeks or computer wizards; up until the word was tarnished by ruthless wizards that illegally gained access to systems and tamper with information. To this day, the word hacker is used to describe these geniuses that can force their way into an operating system and manipulate data. The term hacker derived from the reference to programmers “hacking away” at the bits and bytes. Since it takes an experienced hacker to gain unauthorized entrance into a secure computer to extract information and perform some prank or mischief at the site, the term has become synonymous with “cracker” or “blackhat”, a person who performs an illegal act. A technical professional that is paid to break into a computer system in order to test its security is called “Pentester” for Penetration Tester.

True hacking, is a culture of these programmers and pentesters that understand code and network security. To become one, is to be called one by an expert. If your friends proclaim you a “hacker” because you brute forced into an account in front of them, unless you wrote the algorithm, you are nothing but a “script kiddie”. If you wrote a program that is useful to the network security and you shared with the community and pentesters or system admins recognize your talent, then you are on your way.

But what is the way, you may ask. I will have to say, it’s a long way. It doesn’t happen overnight, and it doesn’t happen after reading this article of listening to every Mr. Cracker’s podcasts. Yet, there are certain steps you must follow, and I will elaborate in the articles to come. Let me get you started with the basics. A Hacker is a Programmer. Yes, not a MSCE or a CCNA but a programmer. Programming is a THE fundamental skill for hacking. I am a programmer. I began developing software over 10 years ago. I’m not the best, but I recommend you start by learning a language called Python. DO NOT start with a GUI based programming language like Java, or even Visual Basic or C#. Start with Python (http://www.python.org/) for two reasons. One, it’s free and powerful and two, it works on multiple platforms, i.e Windows or Linux. The importance of Linux is for another subject. Stick to semi-colon languages “;” like Perl and PHP, the object will be to move onto C and C++. It is best recommended in this subject that you learn or know all of the mentioned: Python, Perl, PHP, C and C++.

Utilize documentation provided on their site to learning Python. You would have to teach yourself in the next few days, months or years to be strong at that language. Then you can move onto another language, and it would become easier to learn once you understand data structuring and variables, etc. Hacking is the ability to use those languages and applying them to solve your problems. As you learn, keep in mind you are practicing how you think and you’re not really focusing on a particular language.

0

Securing your SQL Server

Become aware of some commonly overlooked practices in securing you SQL Server databases. Learn about physical security, passwords, privileges and roles, restricting or disabling system stored procedures and preventative best practices. And most importantly, discuss the most commonly used security threat: SQL injection and learn how to prevent them.

Securing you SQL Server

0

Installing Python on Linux

Installing Python on Linux

This is an article I contributed in a series of Hacking and Programming, particularly programming Python in Linux.

0

Password Strength and Protection

How does one protect their password, and what damage can be done if someone obtains your password? If you have a computer, you should know how important a password is by now. However, you probably are not sure how vulnerable your password might be. Obtaining a password can cause havoc, especially if you use the same password on all your accounts. Therefore, anything from your email to bank accounts can be access by unwanted crackers.
It’s very simple to do this. Remember the Sarah Palin incident with Yahoo mail, even Paris Hilton’s mobile phone book of celebrities. The majority of people have email accounts on multiple free networks such as MSN, Gmail or Yahoo. These services offer a password recovery page where anyone can access just by knowing your email address. The recovery pages asks a number of questions about you, and anyone that can guess the answer, can pretty much access your email. How is this relevant if it simply resets your password? Well, clever as one can be, they can attempt to access another account, maybe a bank or credit card account, and have the password sent to the email account they already have access to. And so it begins, anything tied to that email address, or forwarded to that address is now valuable to an attack.
How can this be avoided. I have recommendations to avoid a simple attack. First off, on your free email accounts, named above, make sure they are still active. If you haven’t used that account and it is disabled, anyone can reuse that account and receive email as you. Also, don’t use birthdates, or spouses middle names, even pet names as a recovery question. Select any question as your recover question and use a simple work you can remember, like “pancake” for the answer. This will be harder for anyone who knows you to attempt in recovering your password. Secondly, choose a strong password. With so many pins and account password one needs to remember, it’s easier for people to choose “oreocookie” or “iloveyou” as a password. These passwords are easier to crack. Simple words or compound words even can be cracked in seconds by dictionary brute force software.
A good password must be tested by security expert recommended tools. I suggest a convention where you use a long word and utilize numbers, uppercase and special characters on words you will remember. Take a word you will remember, in this case we’ll use my full name, gabrielvilla. My name is a weak password, however, if I utilize uppercase letters and a special character in the middle, Gabriel_Villa, it’s stronger. However, names can also be compromised with brute force attacks very easily. Therefore, I suggest using more special characters and numbers to lieu or letters, therefore you remember the password and you get in the habit of utilizing more special characters. For instance, use “$” instead of “S”, or “3” instead of “E”. Therefore, when plugging in the password, Gabri3l_Vill@, it results it to be a strong password. You can use password generators that create passwords like mvE@6m8!, also strong, however, it’s hard for one to remember that at times.
Now that you created a strong password, do you need to create a different password for every account you have? The real answer is “Yes”. However, I recommend a tip to utilize your same password and adding an extension to each account you use. For instance, think of the color of the header in the site your will log into, and perhaps that could be the extension, like at Yahoo, your password could be ‘Gabri3l_Vill@-white’ and at MSN ‘Gabri3l_Vill@-blue’.

0

Create a free website or blog at WordPress.com.

Up ↑

Design a site like this with WordPress.com
Get started