Shopping online isn’t just as safe as handing over your credit card in a store or restaurant. However, if you take care of few things it can be a safe deal. Following are the things you should take care of:

1. Never respond to an email request for credit card details. All reputable companies will conduct transactions with you over a secure website connection.
2. Remember to never respond to any email advertisement, and only visit sites you know or have book marked, and verify the address before browsing further.
3. Only buy from trusted brands and websites.
4. To ensure that you only do business with legitimate companies check to see if they have a contact number, an actual retail store and a printed catalogue to browse.
5. Check a website’s returns and privacy policy before going ahead with a purchase.
6. Check that you are entering your details through a secure payment connection. You should notice when you click through to the transaction page of a company’s website that the URL in the address bar begins https:// (instead of the normal http://). This is the standard encrypted communication mechanism on the internet and means that your credit card details are being sent securely.
7. Beware of deals that seem too good to be true.
8. Beware of the limitations of the internet. The internet may not the best place to buy clothes or other products you need to see, touch or try on.
9. All reputable websites use secure payment systems. These are either a company’s own system or a 3rd party system such as Worldpay or Paypal.
10. When conducting a transaction over the internet, look for the yellow padlock in the grey status bar at the bottom of your browser page. This is an indication that the transaction is being conducted over a secure connection.
11. As an extra precaution check to see if there’s a gold lock at the bottom of the right hand corner of the browser. If they don’t include any of these reliable indicators, you might want to think twice before handing over your credit card number.
12. To be on the safe side, and avoid Internet fraudsters, it’s also a good idea to install and use security software such as Kaspersky Internet Security. It can provide you with industry-leading security services that will provide you more protection against the latest threats.

Myth 1 – I don’t keep important things on my PC, so I don’t have to worry about security. Your PC can be infected over internet

Long time ago,this was partially true… but the hybrid worms and viruses of today like Blaster, hidrag and others blindly spread across internet to thousands or millions of PCs in a matter of hours, without regard for who owns them, what is  stored there, or the value of the information they hold for the sole purpose of wreaking havoc. Even if your computer is not attacked directly, it can be used as a zombie to launch a denial-of-service or other attack on a network or to send spam or pornography to other PCs without being traced. Therefore, your civic responsibility is to protect your PC so that others are protected.

Myth 2 – I can protect my PC if I disconnect from the Internet or turn it off when I’m not using it.

Wrong. You are a target, If you connect to the Internet at all. You could download a virus when you connect to internet and it may not be activated immediately, not until you read your email offline days after. Viruses nowadays spread wildly through USB/Pen drives, pirated cd’s or torrents or file from networks. But now you can protect your business from internet threats with the top web security software

Myth 3 – I can protect myself from viruses by not opening suspicious e-mail attachments. Some viruses simply get activated by reading or previewing an e-mail

Wrong again. The next virus you get may come from your best friend’s or boss’ computer if his e-mail address book was compromised for simulating an attack. Hybrid worms can enter through the Web browser through loopholes and it is possible to activate some viruses simply by reading or previewing an e-mail. You simply must have a PC-based antivirus package or a firewall.

Myth 4 – I have a Macintosh (or a Linux-based system), not a Windows system, so I don’t have to worry about being attacked.

It is true that most attacks target Microsoft Windows–based PCs, but there have been attacks against Mac OS and Linux systems as well. Some experts have predicted that the Mac virus problem will get worse, because Mac OS X uses a version of Unix. And although these systems have some useful security features, they can still be attacked.

Myth 5 – My system came with an Anti-virus package, so I’m protected.

Not quite. Firstly, if you haven’t activated your antivirus to scan incoming web traffic automatically, you don’t have a good Anti-virus and malware protection software. Secondly, new threats appear daily, so an antivirus package is only as good as its last update so its a must to activate the auto-update features to keep your guard up against the latest  threats. Thirdly, an antivirus package can’t protect you from every threat. Malwares, spywares are running in the wild out there and every now and then malicious code penetrate weak systems. You need a combination of solutions, including, at minimum, antivirus, a personal firewall ,an anti spyware/malware package and a plan for keeping your operating system and software up to date with security patches.

Most pre-Pentium motherboards do not have a Flash BIOS. The following instructions therefore do not apply to these boards. If your motherboard does not have a Flash BIOS (EEPROM) you will need to use an EPROM programmer to re-program the BIOS chip. See your dealer for more information about this.

Please read the following instructions in full before starting a Flash BIOS upgrade:
A. Create a Bootable Floppy (in DOS)

•With a non-formatted disk, type the following:

format a:/s

•If using a formatted disk, type:

sys a:

This procedure will ensure a clean boot when you are flashing the new BIOS.

B. Download the BIOS file

•Download the correct BIOS file by clicking on the file name of the BIOS file you wish to download.

•Save the BIOS file and the Flash Utility file in the boot disk you have created. Unzip the BIOS file and the flash utility file. If you don’t have an “unzip” utility, download the WinZip for Windows 95 shareware/ evaluation copy for that one time use from _www.winzip.com or _www.pkware.com. Most CD ROMs found in computer magazines, have a shareware version of WinZip on them.

•You should have extracted two files:

Flash BIOS utility eg: flash7265.exe (for example)

BIOS eg: 6152J900.bin (example)

Use the latest flash utility available unless otherwise specified (either on the BIOS update page or in the archive file). This information is usually provided.
[eminimall]
C. Upgrade the System BIOS

During boot up, write down the old BIOS version because you will need to use it for the BIOS backup file name.

Place the bootable floppy disk containing the BIOS file and the Flash Utility in drive a, and reboot the system in MS-DOS, preferably Version 6.22

•At the A:> prompt, type the corresponding Flash BIOS utility and the BIOS file with its extension.

For example:

flash625 615j900.bin

•From the Flash Memory Writer menu, select “Y” to “Do you want to save BIOS?” if you want to save (back up) your current BIOS (strongly recommended), then type the name of your current BIOS and its extension after FILE NAME TO SAVE: eg: a:\613J900.bin

Alternatively select “N” if you don’t want to save your current BIOS. Beware, though, that you won’t be able to recover from a possible failure.

•Select “Y” to “Are you sure to program?”

•Wait until it displays “Message: Power Off or Reset the system”

Once the BIOS has been successfully loaded, remove the floppy disk and reboot the system. If you write to BIOS but cannot complete the procedure, do not switch off, because the computer will not be able to boo, and you will not be given another chance to flash. In this case leave your system on until you resolve the problem (flashing BIOS with old file is a possible solution, provided you’ve made a backup before)

Make sure the new BIOS version has been loaded properly by taking note of the BIOS identifier as the system is rebooting.

For AMI BIOS
Once the BIOS has been successfully loaded, remove the floppy disk and reboot the system holding the “END” key prior to power on until you enter CMOS setup. If you do not do this the first time booting up after upgrading the BIOS, the system will hang.

BIOS Update Tips
note:
1.Make sure never to turn off or reset your computer during the flash process. This will corrupt the BIOS data. We also recommend that you make a copy of your current BIOS on the bootable floppy so you can reflash it if you need to. (This option is not available when flashing an AMI BIOS).

2. If you have problems installing your new BIOS please check the following:

Have you done a clean boot?

In other words, did you follow the above procedure for making a bootable floppy? This ensures that when booting from “A” there are no device drivers on the diskette. Failing to do a clean boot is the most common cause for getting a “Memory Insufficient” error message when attempting to flash a BIOS.

If you have not used a bootable floppy, insure a clean boot either by

a) pressing F5 during bootup

b) by removing all device drivers on the CONFIG.SYS including the HIMEM.SYS. Do this by using the EDIT command.

Have you booted up under DOS?
Booting in Windows is another common cause for getting a “Memory Insufficient” error message when attempting to flash a BIOS. Make sure to boot up to DOS with a minimum set of drivers. Important: Booting in DOS does not mean selecting “Restart computer in MS-DOS Mode” from Windows98/95 shutdown menu or going to Prompt mode in WindowsNT, but rather following the above procedure (format a: /s and rebooting from a:\).

Have you entered the full file name of the flash utility and the BIOS plus its extension?
Do not forget that often you will need to add a drive letter (a:\) before flashing the BIOS. Example: when asked for file name of new BIOS file which is on your floppy disk, in case you’re working from c:\ your will need to type a:\615j900.bin, rather than 615j900.bin only.

The fact that hardly any information on this file downloading data is available by Microsoft makes things quite suspicious about it. It has even been noted that it looked as if it was transferring data to major companies like Comcast, Road Runner, Time Warner, BTC and Verizon.

The good news is, it turns out this file duplicates data that is sent/received, so wherever you go, it will also transfer the data to that file but it does not leave the computer/network so it’s not spyware. So it’s not as much of a big brother situation then it looks like. It simply performs internal communication tasks and stands for NDIS user I/O, hence, NDISUIO. NDISUIO is also used as a driver by many developers as it makes certain wireless network tasks easier such as implementing it for 802.11x connections. Some firewalls also use it as it can get the data in order to filter it.
[eminimall]
But duplicating this data can hog resources for no reason, so disabling it is the best thing to do. The data rate of this file’s received data is huge, so that indicates that the data transfer is not over the Internet, but locally. So it’s just a duplicate of network activity but because it’s local everything transfers faster but uses more resources then casual internet usage as there’s more data involved at a given time span of 1 second, for example.

To disable this file, go to the control panel, administration tools, services, Wireless Zero Configuration, double click and disable it. This file is probably required to run if you use any linksys wireless devices.

I m considering writing a series of guides which for now I m calling “Hungry Hackers Guide”. i do have my malicious streaks (mainly on my own stuff though, I enjoy breaking my own machines), but I am mostly white hat. I guess these guide will basically aim to give white hat hackers a security lecture from a black hat perspective. i dunno. *shrugs*

Basic access control in apache

At it’s most basic level, access control in apache is specified in the httpd.conf (or equivalent file. these were previously three files, now merged into one for simplicity’s sake). the most basic directives are allow from and deny from. the default permissions for any given directory is allow from all (which will allow any client to get pages from that directory).

the format for these directives is as follows:

<Directory /> Order Deny,Allow Deny from All </Directory>

This will disallow any client from retrieving any file on your server, unless you explicitly allow files further up the tree. However, since sometimes normal users will want to control their own web directories, and it’s impractical (at least, at most, unsafe) to allow webmasters to modify the httpd.conf, we can specify to allow users to override certain directives using the allowoverride directive.

Allow override

Allowoverride (as stated above) allows non-root users to override access controls on a directory. you simply specify which directives you want the user to be able to override (the default is everything), and then apache looks in each directory for a .htaccess file (or other, specified with the AccessFilename directive) and applies the contents of that to it’s access control.

Part of the access control, the part which we will be covering (given the scope of this document) is the authconfig directives. below we’ll view a typical .htaccess file for most sites with moderate to poor security (most porn sites simply use these, porn sites can actually be great practice to crack passwords).

/* a typical .htaccess file */ AuthName "Marvin Martian's Porn Emporium" AuthType Basic AuthUserFile /home/marvin/public_html/members/.htpasswd require valid-user

As you can see above, there aren’t many directives required to provide password protection to a directory. as you can see, in this case, the webmaster has been pretty lazy and stuck the .htpasswd file inside the same directory. the format of the .htpasswd file is simple: <user>:<encryptedpassword>

[eminimall]

A Bad case

On a poorly secured server, there are no access restrictions on the .htpasswd file. since the .htpasswd file is in a web-accessible directory, and user which is able to authenticate to the directory is able to obtain the password list.

Simply enter the url /members/.htpasswd, and you should receive a full userlist as well as all the encrypted passwords. very silly indeed. if the file doesn’t exist, on a poorly configured server one merely has to read the .htaccess file to obtain the location. if it is below the “web-root”, then it would require a cgi-exploit of some sort to obtain the file. but on any other directory, simply use the browser to obtain the file:

webmaster:TTn.VQRliM8c2 hornyguy:ZpgNeARi106aM fatmike69:drXj18zVxxBVc

Unfortunately, these passwords aren’t of much use in their current form. they require cracking.

Cracking Passwords

Most unix passwords are encrypted using a “one way hash” or “trapdoor hash” – which entails actually losing data from the password in such a way that the original password simply cannot be obtained by reversing the algorithm.

The only way to crack such passwords is using brute force guessing attacks. a simple perl script can be used to achieve this:

#! /usr/bin/perl # crack.pl by fwaggle <root@fwaggle.net> open (PASSFILE, ".htpasswd"); my @passfile = <PASSFILE>; close PASSFILE; open (DICTFILE, "dictionary.txt"); my @dictfile = <DICTFILE>; close DICTFILE; foreach $line (@passfile) { my ($username, $encpass) = split(/:/, $line); foreach $attempt (@dictfile) { if ($encpass eq crypt($attempt, $encpass)) { print("Cracked: ${username}:${attempt}\n"); } } }

The above perl script is a simple brute force password cracker. it may or may not work, i didn’t actually test it before writing this article – but it closely resembles one i released to alt.hacking quite a while ago. whether it works or not, you should hopefully be able to see the process which password cracking requires (even for perl, the syntax is almost plain english).

[eminimall]

Better Cracking Performance

Perl isn’t the quickest of languages, and using the standard crypt() calls aren’t exactly optimized for high speed cracking. a far better solution is to download a purpose-built, c coded password cracker such as john the ripper. john the ripper is optimized to crack passwords extra fast, as well as it includes an “incremental mode” in case your dictionary should fail to crack a password. ie, in the above example, if the user’s password doesn’t happen to be in the dictionary, then you won’t be able to crack it.

Using an incremental password cracker, every character combination is tried, in an intelligent order (in a vain attempt to save time in something that is wholely unpredictable), so that absolutely any password will be cracked, eventually.

The one problem with john the ripper is that it’s picky about the files that it gets inputted. in order to crack the .htpasswd files, you must edit them to make them appear like regular unix /etc/passwd files. this means adding extra fields, like this:

<username>:<password>:1:1:user:/bin/sh:/root

for example, the entries above could look like this:

webmaster:TTn.VQRliM8c2:1:1:webmaster:/bin/sh:/root hornyguy:ZpgNeARi106aM:3:3:hornyguy:/bin/sh:/root fatmike69:drXj18zVxxBVc:3:3:hornyguy:/bin/sh:/root

The windows version doesn’t seem to require this for some reason, so you can just feed it a regular .htpasswd file. note that the windows version may have markedly poor performance when compared to the unix versions.

Finding vulnerable servers

Now that we’ve discussed how to break these passwords, it’s almost time to talk about securing them. if you’re only interested in hax0ring passwords from sites, chances are you’re probably well equipped to crack any password files you might stumble accross. if you’re just looking to hack anything, try searching in google or altavista for a phrase like .htpass, and wade through the results and see if you find a file that says “Index of /something” that contains a .htpasswd file.

if you have permission to read the file, you’ve basically hacked it already. this is admittedly a lame hack, but if you’re bored – do the net in general a favour. crack the passwords, and email them to the admin. that’s all i ever used to do, and you get the same sense of achievement and hacker cred, without the legal problems of defacements.

on a side note, the same results can be achieved by searching for service.pwd. this is the password file for fp-apache, the frontpage server extensions for apache. some really lame admins don’t check permissions on this file, and you can easily gain access to these kinds of systems (and if you’re feeling particularly malicious, just connect with a frontpage client and upload a defacement).

Putting an end to this Nonsense

if you’re running your own site, then here’s the section you’ll really be interested in – stopping someone from doing this to you. the first thing you need to do is prevent users from reading your .ht* files. the easiest way to hinder this is to put the .htpasswd file someplace that’s not web-accessible (such as your home dir, out of ~/public_html).

the next step, as an admin of a server, is to prevent apache from serving these pages from the web. there is no (i repeat NO) reason that a web client should ever need to see these pages, they are for server side configuration only.

so, we can easily accomplish this using the <Files> directive, and a niftylittle regular expression:

<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>

this particular example (taken from apache’s httpd.conf, now thankfully included in default distributions to keep lame admins from unknowingly putting themselves at risk) prevents the server from serving any files that begin with .ht. thus, .htaccess and .htpasswd are both protected.

the final step from here is to ensure that the files are protected on the server – meaning file permissions. the ideal situation is to have suEXEC for apache running, and to have the files accessible only by the httpd (but still owned by you). that way, you can chmod the files when you need to edit them, but cgi exploits will not allow users to read the files.

Wrapping it up

well, this concludes my little rant about .htpasswd and .htaccess files. hopefully you learnt something from this. comments are always welcome, just email me. also, if you’re looking for a unix/unix-like irc channel to lurk on, come on my irc network (irc.mooircd.org) and join #hackerzlair – it’s lag free, packet kiddie free, and quite nice.

That about does it I think. Maybe I’ll write some more of these files if I think about it.

Nessus

The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.

Ethereal

Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Snort

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.

Netcat

Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol

TCPdump

TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.

Hping

Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).

DNSiff

DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

GFI LANguard

GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.

Ettercap

>Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.

Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.

John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix.

OpenSSH

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

TripWire

Tripwire is a tool that can be used for data and program integrity assurance.

Kismet

Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.

NetFilter

NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.

IP Filter

IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.

pf

OpenBSD Packet Filter

fport

fport identifys all open TCP/IP and UDP ports and maps them to the owning application.

SAINT

SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.

OpenPGP

OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.