Thursday, June 30, 2005
Why do we need mailing lists in the age of RSS?
In this age of RSS feeds, why cant the banks and similar institutions starting generating RSS feeds and have people subscribe to it. There is no sign-up or sign-out process. The very act of subscribing to a feed becomes the sign-up process. For any update or marketing material they want to send out (what else do they send out in their mailing lists anyway), they put it in the feed. If you dont like their feed, you just hit delete remove it from your feed aggregator or reader. No "you will be removed in 48-76 hours from this list" messages. Its a win-win situation for everyone.
Tuesday, June 28, 2005
Understanding email headers
First, lets talk about how to view an email header information using various clients:
Yahoo: Open an email. There is an option on the right side that says "Full Headers".
Hotmail: Goto Options -> Mail Display Settings -> Message Headers. Then select "Advanced". Now you will start seeing the headers along with each email.
Here are some of the interesting headers:
- Message-ID: It is a unique ID that is assigned, usually, by the first mail server. Looks something like this: 26371062.1119955958999.JavaMail.root@fac501 Infact, having a JavaMail in this field, indicates that the backend used to send out emails is Java. This can be useful information for hackers/crackers.
- Return-Path: This is usually an email address that receives an "bounced message" if the delivery fails. This is part of the trace field group.
- Received: Every relay MTA (Mail Transfer Agent) will add its own "Received" header to the message. This field is also used by SMTP gateways to detect message looping. Going through all the Received headers can give you a trace of how the message was passed around before reaching you. Also, this field usually contains an IP address and/or domain name. You can easily find out information about the various MTA's by doing an IPWHOIS search on the IP address. (check out my Find who what where from IP Address post).
- From: This field contains the email of the sender. This field can easily be forged.
- Reply-To: This field contains an email address that will be used when you hit the reply button on your email client. Usually this field has the same value as the From field.
- X-Mailer: Usually this field indicates what kind of application/client was used to send out the email. If someone sent you an email using Outlook the X-Mailer would look like: Microsoft Outlook, Build 10.0.6626. This is an optional field, but if present it can reveal the environment of the guy sending you the email. So dont reply to spam emails. You might end up giving information about your environment.
- X-Headers: Basically any header field starting with an X- is a custom field and is used by many applications/services for proprietory reasons. These fields also reveal some nice inner details/workings of the application/client/service that sent out the email. X-Mailer (above) is an example of an X-Header.
Saturday, June 25, 2005
Finding who what where from an IP address
The dnsstuff site has a lot of tools that can assist in finding out more about your visitors through their IP addresses. You can do a IPWHOIS lookup, which besides showing you the owner of the IP address block, will also show you the city from which this IP address originates.
Some of the tools that I use regularly from that site are:
- City From IP
- Reverse DNS Lookup
- URL Deobfuscator (this is a nice one - it breaks/decodes complex URLs into an easy to read format)
Login using your fingerprints
Yesterday evening I went to Costco for some shopping. As usual, I do go around the computer/electronics aisle just to check out what things they are selling. I saw this Microsoft Fingerprinting device that they were selling for under 40 bucks. Now that is pretty affordable, considering the amount of security you are going to get. It might not appeal to desktop users, but I'd recommend this device for guys who go around traveling places and carry their notebooks around with them.
The Microsoft site also lists a Keyboard and a Mouse with a built-in fingerprint reader. Check out one of my earlier posts, in which I wondered why dont hardware manufacturers build fingerprinting hardware into keywords and mouse. Now only if websites start accepting fingerprints as a login mechanism, it would solve the too many passwords problem to an extent.
Tuesday, June 21, 2005
Foobar Search Alerts update
You can create an alert for a feed that you want to monitor for certain keywords. Whenever your keywords apppear in the feed, you will receive an email containing the link to the new postings.
So, lets say you want to monitor craigslist for new postings containing the word "iPod" or "Shuffle". Start monitoring "www.craigslist.org/ele/" and FSA will automatically detect the feed for that particular web page. Once some new posting(s) appear that contain the word "iPod" or "Shuffle" you will receive an email with links to the actual postings on craigslist. Not only craigslist, you can monitor any site out there which publishes a feed for its content. Popular sites like NPR, CNN, Slashdot and almost all of the blogs publish a feed these days.
Neat feature, eh? Create your alert here
FSA currently supports RSS (0.90, 0.91 Netscape, 0.91 Userland, 0.92, 0.93, 0.94, 1.0 and 2.0)and Atom 0.3 feeds.
FSA can also be used to monitor sites that dont publish a feed, but you will not receive content update links in your notification email.
Monday, June 13, 2005
Tips for exporting contacts
* Microsoft Office Outlook
* Outlook Express
* MSN Hotmail
* Google gmail
* .Mac Mail
Check out this page, it lists down the steps through which you can export your "contacts" from all the services listed above.
Friday, June 10, 2005
Black hat is a skilled hacker who uses his or her ability to pursue their interest illegally. They are often economically motivated, or may be representing a political cause. The term comes from old Western movies where heroes typically wore white or light-colored hats and outfits, and the villains wore black outfits with black hats.
Grey hat hackers:
Grey hat is a skilled hacker who sometimes acts legally and in good will and sometimes not. They are a hybrid between white and black hat hackers. They hack for no personal gain and do not have malicious intentions, but commit crimes.
White hat hackers:
White hat is a hacker who is ethically opposed to the abuse of Computer systems. S/he generally focuses on securing IT Systems
Also, a hacker as described by Wikipedia:
Hacker is a term used to describe different types of computer experts. Currently, "hacker" is used in two main ways, one pejorative and one complimentary: in popular usage and in the media, it generally describes computer intruders or criminals; in the computing community, it describes a particularly brilliant programmer or technical expert (for example: "Linus Torvalds, the creator of Linux, is a genius hacker.").
HTTP Request Smuggling
Here is the executive summary from their whitepaper:
HTTP Request Smuggling works by taking advantage of the discrepancies in parsing when one or more HTTP devices/entities (e.g. cache server, proxy server, web application firewall, etc.) are in the data flow between the user and the web server. HTTP Request Smuggling enables various attacks – web cache poisoning, session hijacking, cross-site scripting and most importantly, the ability to bypass web application firewall protection. It sends multiple specially crafted HTTP requests that cause the two attacked entities to see two different sets of requests, allowing the hacker to smuggle a request to one device without the other device being aware of it. In the web cache poisoning attack, this smuggled request will trick the cache server into unintentionally associating a URL to another URL’s page (content), and caching this content for the URL. In the web application firewall attack, the smuggled request can be a worm (like Nimda or Code Red) or buffer overflow attack targeting the web server. Finally, because HTTP Request Smuggling enables the attacker to insert or sneak a request into the flow, it allows the attacker to manipulate the web server’s request/response sequencing which can allow for credential hijacking and other malicious outcomes.
Wednesday, June 08, 2005
Cracking WEP in 10 minutes
What is Whoppix?
Whoppix is a stand alone penetration testing live cd based on Knoppix. With the latest tools and exploits, it is a must for every penetration tester and security auditor. Whoppix includes Several exploit archives, such as Securityfocus, Packetstorm, SecurityForest and Milw0rm, as well as a wide variety of updated security tools. The new custom kernel also allows for better WIFI support, for tools such as Aireplay.
Monday, June 06, 2005
Building your own Linux distribution
Friday, June 03, 2005
Are online Web tours an invitation to burglars?
Virtual tours are commonplace at most real estate Web sites, allowing prospective buyers to closely inspect a property from the privacy of their PCs.
Try it yourself. Go to Realtor.com, the leading real estate Web site, and plug in a ZIP code. (I experimented with 94121 for San Francisco's tony Sea Cliff neighborhood and 94109 for Nob Hill.) Click where it asks whether it should display properties with virtual tours first. Then click "show properties."
In houses selling for millions of dollars, I saw a wide variety of art objects and attractive furnishings. I saw the places in people's bedrooms where jewelry or other valuables likely would be kept. And I saw front entrances that clearly didn't have alarm panels. Side windows that could be opened easily by breaking a single pane. Kitchen doors that didn't look very formidable.
As far as virtual tours go, be aware that they're as convenient for bad guys as they are for buyers.
Thursday, June 02, 2005
OpenVPN - your free VPN solution
OpenVPN runs on Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris. It can be run as a daemon, service, or from the command line, it is also possible to control OpenVPN through a GUI.
OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls (articles) (examples) (security overview) (non-english languages).
OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.
Download and save MMS streams
gmms is a simple MMS-stream downloader based on mmsclient that works on both Windows® and Linux. MMS-streams are multimedia streams broadcasted on the Internet, following the MMS-protocol. The simple explanation is that with gmms, you can save every kind of stream having mms:// at the start of the download URL to your hard-disk. The stream can be and audio or video stream, as long as it's URL starts with mms://.
Download gmms: http://gmms.sourceforge.net/
MiMMS, a maintained version of "mmsclient", is a simple client to download streaming audio and/or video media from the internet using the MMS protocol (i.e. from mms:// type URLs, generally found in asx files). Downloaded streams can then be replayed offline at your leisure, using any compatible media player of your choice.
Download MiMMS: http://savannah.nongnu.org/download/mimms/
Wednesday, June 01, 2005
Of the 2,800 regular Internet users quizzed by Harris, a significant number (49 percent) did not believe that browser choice is a key factor in protecting their computers from malicious software attacks: 17 percent thought it had no effect and 32 percent admitted they don't know whether the choice of browser makes a difference. Most participants said security would prompt them to change browser, however, with 66 percent confirming they would consider using another browser for improved security.Interestingly, this article states that there is no safe browser out there. What can an average Joe do? As I have said in the past, users shouldnt have to keep up with security vulnerabilities and issues. It should be taken care by people who write software and people who provide services.
Protecting your WiFi network using WPA2
Interior antenna placement and low power.
Limiting your use to 802.11a or Bluetooth.
Obviously using WEP to secure your Wifi doesnt even make it to his list. As I had mentioned earlier, it takes just minutes to break a WEP key. Check out this article that walks you through using WPA2 to secure your Wifi network.
So throw away your old 802.11b or 802.11a adapters/routers and get the new ones that have WPA2 support. The price point has also come down in the affordability range of $25 - $50.
Lull before the storm
Copyright Anand Jain 2004, 2005. All rights