Tuesday, June 23, 2009

Encryption

In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).

Encryption has long been used by militaries and governments to facilitate secret communication. Encryption is now commonly used in protecting information within many kinds of civilian systems. For example, in 2007 the U.S. government reported that 71% of companies surveyed utilized encryption for some of their data in transit.[1] Encryption can be used to protect data "at rest", such as files on computers and storage devices (e.g. USB flash drives). In recent years there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Encrypting such files at rest helps protect them should physical security measures fail. Digital rights management systems which prevent unauthorized use or reproduction of copyrighted material and protect software against reverse engineering (see also copy protection) are another somewhat different example of using encryption on data at rest.

Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years.[2] Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks.

Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature. Standards and cryptographic softwaretraffic analysis, TEMPEST, or Trojan horse. and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single slip-up in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See, e.g.,

One of the earliest public key encryption applications was called Pretty Good Privacy (PGP), according to Paul Rubens. It was written in 1991 by Phil Zimmermann and was purchased by Network Associates (now PGP Corporation) in 1997.

There are a number of reasons why an encryption product may not be suitable in all cases. First, e-mail must be digitally signed at the point it was created to provide non-repudiation for some legal purposes, otherwise the sender could argue that it was tampered with after it left their computer but before it was encrypted at a gateway according to Paul. An encryption product may also not be practical when mobile users need to send e-mail from outside the corporate network.
Posted by zeroro at 7:09 PM 0 comments
Labels:

Steganography

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter.

The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal.[1] Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.


For more info, please click here :

http://en.wikipedia.org/wiki/Steganography/


Posted by zeroro at 7:03 PM 0 comments
Labels:

Monday, June 22, 2009

Tips for Installation

The first thing you should do before doing installation is PLEASE download the software & get ready to get its CRACK.

  • Run file .exe to install
  • Use this method ( RTFM @ Read The Fxxking Manual )
  • Ask!!!
Posted by zeroro at 8:15 PM 0 comments
Labels:

Tuesday, June 16, 2009

Keylogger ( cont. )


Keylogger Software : -

Blazing Tools Perfect Keylogger

User Manual :-

Blazing Tools Perfect Keylogger
Posted by zeroro at 12:27 AM 0 comments
Labels: , ,

Monday, June 15, 2009

Keylogger

Keystroke logging (often called keylogging) is the practice of noting (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware- and software-based to electromagnetic and acoustic analysis.

Software-based keyloggers

These are software programs that are designed to work on the target computer’s operating system. From a technical perspective there are four categories:

  • Hypervisor-based: The keylogger can theoretically reside in a malware hypervisor running underneath the operating system, which remains untouched, except that it effectively becomes a virtual machine. See Blue Pill for a conceptual example.
  • Kernel based: This method is difficult both to write and to combat. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications. They are frequently implemented as rootkits that subvert the operating system kernel and gain unauthorized access to the hardware which makes them very powerful. A keylogger using this method can act as a keyboard driver for example, and thus gain access to any information typed on the keyboard as it goes to the operating system.
  • Hook based: Such keyloggers hook the keyboard using functionality provided by the operating system for applications to subscribe to keyboard events legitimately. The operating system notifies the keylogger each time a key is pressed and the keylogger simply records it.
  • Passive Methods: Here the coder uses operating system APIs like GetAsyncKeyState(), GetForegroundWindow(), etc. to poll the state of the keyboard or to subscribe to keyboard events. These are the easiest to write, but where constant polling of each key is required, they can cause a noticeable increase in CPU usage and can miss the occasional key. A more recent example simply polls the BIOS for preboot authentication PINs that have not been cleared from memory.[1]
  • Form Grabber based logs web form submissions by recording the web browsing .onsubmit event functions. This records form data before it is passed over the internet and bypasses https encryption.

Remote access software keyloggers

These are local software keyloggers programmed with an added feature to transmit recorded data out of the target computer and make the data available to the monitor at a remote location. Remote communication is facilitated by one of four methods:

  • Data is uploaded to a website or an ftp account.
  • Data is periodically emailed to a pre-defined email address.
  • Data is wirelessly transmitted by means of an attached hardware system.
  • It allows the monitor to log into the local machine via the internet or ethernet and access the logs stored on the target machine.

Hardware-based keyloggers

Main article: Hardware keylogger

Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.

  • Firmware-based: BIOS-level firmware that handles keyboard events can be modified to record these events as they are processed. Phyical access or root-level access is required to machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.
  • Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboards and the computer, typically inline with the keyboard's cable connector. More stealthy implementations can be installed or built into standard keyboards, so that there's no device visible on the external cable. Both types logs all keyboard activity to their internal memory, which can subsequently be accessed, for example, by typing in a secret key sequence.[2] A hardware keylogger has an advantage over a software solution; because it is not dependent on installation on the target computer's operating system, it will not interfere with any program running on the target machine and also cannot be detected by any software. However its physical presence may be detected, for example if it's installed outside the case as an inline device between the computer and the keyboard. Some of these implementations have the ability to be controlled and monitored remotely by means of a wireless communication standard.[citation needed]

Wireless keyboard sniffers

These are passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver. As encryption may be used to secure the wireless communications between the two devices, this may need to be cracked before if the transmissions are to be read.

Keyboard overlays

Criminals have been known to use keyboard overlays on ATM machines to capture people's PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal's keypad that is placed over it. The device is designed to look like an integrated part of a the machine so that bank customers are unware of its presence.[3]

Acoustic keyloggers

Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each character on the keyboard makes a subtly different acoustic signature when stroked. It is then possible to identify which keystroke signature relates to which keyboard character via statistical methods such as frequency analysis. The repetition frequency of similar acoustic keystroke signatures, the timings between different keyboard strokes and other context information such as the probable language in which the user is writing are used in this analysis to map sounds to letters. A fairly long recording (1000 or more keystrokes) is required so that a big enough sample is collected.[citation needed]

Electromagnetic emissions

It is possible to capture the electromagnetic emissions of a keyboard, without being physically wired to it.[4]

Optical surveillance

Not a keylogger in the classical sense, but an approach that can nonetheless be used to capture passwords or PINs. A strategically placed camera, such as a hidden surveillance camera at an ATM, can allow a criminal to watch a PIN or password being entered.[5]

Posted by zeroro at 6:02 PM 0 comments
Labels: ,

Saturday, June 13, 2009

Backdoor

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.

The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference.[1] They noted a class of active infiltration attacks that use "trapdoor" entry points into the system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning. More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J.P. Anderson and D.J. Edwards in 1970.[2]

A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. A famous example of this sort of backdoor was as a plot device in the 1983 film WarGames, in which the architect of the "WOPR" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode and direct interaction with the artificial intelligence).

An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change can be.[3] In this case a two-line change appeared to be a typographical error, but actually gave the caller to the sys_wait4 function root access to the system.[4]

Although the number of backdoors in systems using proprietary software (that is, software whose source code is not readily available for inspection) is not widely credited, they are nevertheless periodically (and frequently) exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.

It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust (see below).

Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures — and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.

A traditional backdoor is a symmetric backdoor: anyone that finds the backdoor can in turn use it. The notion of an asymmetric backdoor was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology: Crypto '96. An asymmetric backdoor can only be used by the attacker who plants it, even if the full implementation of the backdoor becomes public (e.g., via publishing, being discovered and disclosed by reverse engineering, etc.). Also, it is computationally intractable to detect the presence of an asymmetric backdoor under black-box queries. This class of attacks have been termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric backdoors is part of a larger field now called cryptovirology.

There exists an experimental asymmetric backdoor in RSA key generation. This OpenSSL RSA backdoor was designed by Young and Yung, utilizes a twisted pair of elliptic curves, and has been made available.

Posted by zeroro at 10:35 PM 0 comments
Labels: ,

Sniffer

Sniffers: there are sniffers for every type of network media. Ethernet is the most common network architecture. An Ethernet sniffer is a software that works with the network interface card (NIC) to capture all the traffic of the listening system, rather than only the traffic addressed t the sniffing host. An Ethernet network interface controller (NIC) will discard any traffic not specifically addressed to itself or the network broadcast address, so the card must be put in a special state called promiscuous mode to enable it to receive all packets floating by on the wire. The sniffer software can capture and analyze any traffic that pass through the local Ethernet segment if NIC is in promiscuous mode. This limits the range of a sniffer somewhat because it will not be able to listen to traffic outside of the local network’s collision domain (beyond routers, switches, or other segmenting devices). Clearly, a sniffer placed on a backbone, internetwork link, or other network aggregation point will be able to monitor a greater volume of traffic than one placed on an isolated Ethernet segment [1]. Some popular sniffers freely available are: Dsniff, Snort, Wireshark, Tcpdump 3.x, etc.
Posted by zeroro at 10:14 PM 0 comments
Labels:

Sunday, June 7, 2009

Gateway

A gateway is a network point that acts as an entrance to another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes.

In the network for an enterprise, a computer server acting as a gateway node is often also acting as a proxy server and a firewall server. A gateway is often associated with both a router, which knows where to direct a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet.

Posted by zeroro at 9:33 PM 0 comments

Extra Solution



If you were given an order from your higher officer that you need to link or can ping to each other in your company. What's the best solution for this case.

  1. Change all computer to a new IP.
  2. Change subnet mask to 255.255.0.0
  3. Change gateway the same as the computer IP (this solution makes all computer can ping to each other/inside the company only. But can't access outside of the parameter[internet]).
  4. Use switches to connect the same IP. Example computer A & C can be connected through 1 switch, while computer B & D can connected with other switch. Then this switches connect to a router. Model below show the example for this solution.

Posted by zeroro at 8:06 PM 0 comments
Labels:

Subnetting ( Cont. )

Formula to identify Network & Broadcast Address.

  • Network Address = Host No. * (segment - 1)
  • Broadcast Address = Network Address + (host no. - 1)

eg. Identify Network & Broadcast Address for this subnet 255.255.255.1111 0000

Host No. = 2^4 = 16 host

Network Address at subnet 10
NA = Host No. * (segment -1)
= 16 * (10-1)
= 16 * 9 = 144
NA = 192.168.1.144

Broadcast Add, BA = NA + (Host No. - 1)
= 144 + (16 - 1)
= 144 + 15 = 159
BA = 192.168.1.159
Posted by zeroro at 6:39 PM 0 comments
Labels:

Thursday, June 4, 2009

Subnetting

Applying a subnet mask to an IP address allows you to identify the network and node parts of the address. The network bits are represented by the 1s in the mask, and the node bits are represented by the 0s.

Default subnet masks:
  • Class A - 255.0.0.0 - 1111 1111 . 0000 0000 . 0000 0000 . 0000 0000
  • Class B - 255.255.0.0 - 1111 1111 . 1111 1111 . 0000 0000 . 0000 0000
  • Class C - 255.255.255.0 - 1111 1111 . 1111 1111 . 1111 1111. 0000 0000
For an IP range = 256 ( 0 - 255 )
0 is a Network Address, while 255 is a Broadcast Address. This number can't be used/set as an IP address. Any IP number that were set as a Network/Broadcast Address can't be used.


eg. A customer/client needs you to set 4 subnet for her/him. What can you do?
255 . 255 . 255 . 0
0000 0000
1100 0000
2^n = 4
2^2 = 4
▒ 4 -> segments
▓ Subnet mask = 128 + 64 = 192
▓ Subnet = 2 (1's) = 2^2 = 4
▓ Hosts = 2 (0's) = 2^6 = 64

Table of Network, Broadcast, & IP range
NetworkHostsBroadcast Address
fromto
192.168.1.0192.168.1.1192.168.1.62192.168.1.63
192.168.1.64192.168.1.65192.168.1.126192.168.1.127
192.168.1.128192.168.1.129192.168.1.190192.168.1.191
192.168.1.192192.168.1.193192.168.1.254192.168.1.255

eg. In KISMEC, there were 9 dept. You were ask to create 9 subnet for them. Calculate it?
255 . 255 . 255 . 0
0000 0000
1111 0000
2^n = 16
2^4 = 16
▒ 16 -> segments
▓ Subnet mask = 128 + 64 + 32 + 16 = 240
▓ Subnet = 2 (1's) = 2^4 = 16
▓ Hosts = 2 (0's) = 2^4 = 16

Table of Network, Broadcast, & IP range
NetworkHostsBroadcast Address
fromto
192.168.1.0192.168.1.1192.168.1.14192.168.1.15
192.168.1.16192.168.1.17192.168.1.30192.168.1.31
192.168.1.32192.168.1.33192.168.1.46192.168.1.47
192.168.1.48192.168.1.49192.168.1.62192.168.1.63
192.168.1.64192.168.1.65192.168.1.78192.168.1.79
192.168.1.80192.168.1.81192.168.1.94192.168.1.95
192.168.1.96192.168.1.97192.168.1.110192.168.1.111
192.168.1.112192.168.1.113192.168.1.126192.168.1.127
192.168.1.128192.168.1.129192.168.1.142192.168.1.143
192.168.1.144192.168.1.145192.168.1.158192.168.1.159
192.168.1.160192.168.1.161192.168.1.174192.168.1.175
192.168.1.176192.168.1.177192.168.1.190192.168.1.191
192.168.1.192192.168.1.193192.168.1.206192.168.1.207
192.168.1.208192.168.1.209192.168.1.222192.168.1.223
192.168.1.224192.168.1.225192.168.1.238192.168.1.239
192.168.1.240192.168.1.241192.168.1.254192.168.1.255

For more help on calculating subnet mask, click here.
For information on IP Classes, click here
Posted by zeroro at 12:24 AM 0 comments
Labels:

Wednesday, June 3, 2009

what is TCP/IP?

TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or an extranet). When you are set up with direct access to the Internet, your computer is provided with a copy of the TCP/IP program just as every other computer that you may send messages to or get information from also has a copy of TCP/IP.

TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. The lower layer, Internet Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Even though some packets from the same message are routed differently than others, they'll be reassembled at the destination.

TCP/IP uses the client/server model of communication in which a computer user (a client) requests and is provided a service (such as sending a Web page) by another computer (a server) in the network. TCP/IP communication is primarily point-to-point, meaning each communication is from one point (or host computer) in the network to another point or host computer. TCP/IP and the higher-level applications that use it are collectively said to be "stateless" because each client request is considered a new request unrelated to any previous one (unlike ordinary phone conversations that require a dedicated connection for the call duration). Being stateless frees network paths so that everyone can use them continuously. (Note that the TCP layer itself is not stateless as far as any one message is concerned. Its connection remains in place until all packets in a message have been received.)
Many Internet users are familiar with the even higher layer application protocols that use TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol (HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers, and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together with TCP/IP as a "suite."

Personal computer users with an analog phone modem connection to the Internet usually get to the Internet through the Serial Line Internet Protocol (SLIP) or the Point-to-Point Protocol (PPP). These protocols encapsulate the IP packets so that they can be sent over the dial-up phone connection to an access provider's modem.
Protocols related to TCP/IP include the User Datagram Protocol (UDP), which is used instead of TCP for special purposes. Other protocols are used by network host computers for exchanging router information. These include the Internet Control Message Protocol (ICMP), the Interior Gateway Protocol (IGP), the Exterior Gateway Protocol (EGP), and the Border Gateway Protocol (BGP).
Posted by zeroro at 11:10 PM 0 comments
Labels:
Subscribe to: Posts (Atom)