 |
| |
|
Announcement: Labrova Web IDS/IPS Started
|
|
IDSs are considered one of the most effective Technical Access Control Systems. Their function varies among being Detective controls only or Detective and Preventative (IPS) as well. Apart from that, there is a fact that Businesses are migrating most of their services and operations to be Web-Enabled. This fact enhanced the trend of attacks known as Web-Attacks including SQL Injections methods. Combining the facts about IDS and the increasing amount of Web Attacks, a new type of IDS should be developed. IRAX project is officially started on http://www.dokfleed.net/labrova/ , taking after the former CGI-Shield. IRAX (project name) is capable of acting as a Deterrent, Detective and Preventative Control against web attacks. It intercepts all submitted parameters and compares them with its Knowledge-base, if parameters passed are identified as a threat, values will be blocked, report will be shown to the attacker and the attack details will be logged into the IRAX database. Applying this solution, even if a web application is vulnerable, still it can not be exploited, since the malicious values can not be passed to the application. When this solution is widely spread, a banner on the website noting that it uses IRAX services, will deter most of the attacks , since they know IP and other machine information will be logged. Even if an attacker desguises using a HTTP Proxy, the attack will be detected and prevented. The IRAX knowledge base is extendable and will be updated periodically and only requires a web server with PHP enabled.
|
Posted by DokFLeed on Saturday, February 12 @ 12:55:26 EST (4189 reads)
(Read More... | Score: 4.66)
|
|
|
Announcement: Hitchhiker's World - issue #9
|
|
AnonyDok writes "Hitchhiker's World - issue #9
http://www.infosecwriters.com/hhworld/
The Infosec Writers e-zine features mainly open source/coding and various projects
relevant to security technology, though as well a forum for personal expression.
This issue attempts to address the recent skepticism over e-voting. Entrepreneur
& innovator Vipul Ved Prakash outlines an entirely new system complete with
protocol details called "Athens".
"Electronic voting, if implemented correctly, could be a major qualitative
leap, not only changing the way in which we approach democratic elections, but
also the way in which we expect a democratic government to function."
Other topics explored in this issue:
- Designing backdoors for the 2.6 kernel
- Stealth sniffing to the extreme using receive-only UTP cables
- A clever hack introduced to speed up password auditing "
|
|
Announcement: Hackers of the Lost Ark
|
|
AnonyDok writes ""Counter Hack" author Ed Skoudis
presents HACKERS OF THE LOST
ARK, another of his popular Crack-the-Hacker challenges.
Going along with Ed's usual flair of adventurous back-story (this one no doubt
inspired by the 1981 blockbuster "Raiders of the Lost Ark") we learn
that just after archeologist Indiana Jones had retrieved the all powerful Ark
of the Covenant from the Nazis, it was secretly stored away in a giant warehouse
by the United States Government, never to be found again...
That is until of course, a group of evil Neo-Nazis hacks into the Government's
prototype server holding sensitive information of the Ark's exact location...and
suddenly a whole new adventure begins and your forensics skills are beckoned!
Ed himself is offering prizes to the top three sleuths.
The challenge runs until July 2nd and is available here:
http://www.infosecwriters.com/lost_ark.php
"
|
|
Announcement: Port Blocker
|
|
Added 2 Free port blockers,
Port blocker , that Blocks both UDP & TCP Protocols.
MyBlocker, that blocks only TCP protocols.
|
|
Announcement: IRCFutureNet
|
|
AnonyDok writes "Hello people..
i invite you to visit our website www.ircfuture.net or join us from irc useing /server irc.ircfuture.net
then #chat
to enjoy meeting nice people and having fun as chat was before fun fun fun
:)
thanks
"
|
|
Announcement: Virus Targeting DokFLeed.net
|
|
Name: W32.Hobble.C@mm
Aliases: W32/Hobbit.b@MM,W32/Hobbit.c@MM,W32/Hobbit.979c-mm,
WORM_HOBBIT.B,I-Worm.Alcaul.ab,I-Worm.generic,Win.32.Hobbit.G
Variants:
Type: E-mail worm
Platforms: Windows 32-bit
Status: not known to be in the wild
Threat: V-CON 2 (low)
Due to increased media attention we are issuing this On-Line Alert.
The following has been derived from information provided by Symantec and Network Associates.
Virus Characteristics
W32.Hobble.C@mm is a worm that attempts to spread across the KaZaA file-sharing network. It has mass-mailing capabilities. It can send itself to email addresses that it retrieves from .htm and .html files that it finds in the Internet cache, and to all addresses in the Microsoft Outlook Address Book. The email messages have the following characteristics:
Message 1
This is sent to all addresses in the Microsoft Outlook Address Book.
Subject: Fwd: Scan your computer for this new virus threat...
Message Body: This is a fix and removal for the new internet worm known as BugBear.1 in ever 4 computers in
infected with this virus. When run, it will scan your computer and notify you if you're infected or not, then
clean if infected
Attachment: Anti-Bug.exe
Message 2
The second mass-mailing portion of the worm scans all .htm and .html files in the Internet Explorer cache and
retrieves email addresses from mailto: links. The retrieved addresses are stored in a file named Email.txt,
which the worm drops into the same folder. It then retrieves the user name, email address, and SMTP server
and sends itself to the retrieved contacts in the following format:
Subject: AntiVirus Updates:
Message Body: A Removal to scan for the new BugBear Virus. Recommended by
Attachment 1: One of many with the .scr, .exe, .bat, or .pif file extension.
Attachment 2: One of many with the .theme, .zip, or .bat file extension.
When the attachment is run, the worm copies itself to the %WinDir% directory as Shizzle.exe and Anti-Bug.exe. A registry run key is created to load the worm at startup:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion Run "WinSrv"=C:WINDOWSShizzle.exe
It also adds the value WinSrv %windir%Shizzle.exe to the registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
To replicate across the KaZaA file-sharing network, the worm copies itself as these file names:
WIN XPCrack.exe
All GamesHack.exe
ICQ Password Hack.exe
HotMailHack.exe
Unreal Tournament 3 FullDownloader.exe
WarCraft III Full.exe
Swat 3 Full Download.exe
Macromedia Flash MX.exe
Tacony.exe
HotMailHack.exe
Credit Cards.exe
into these folders (if they exist):
C:KaZaAMy Shared Folder
C:Program FilesKaZaAMy Shared Folder
The worm then displays following message: System Not Infected With Bugbear
The virus contains a payload to use PING to initiate a Denial of Service attack against www.dokfleed.net
Payload
Large scale e-mailing: Sends itself to all contacts in the Outlook Address Book, and to addresses it finds in .htm and .html files.
Initiates a Denial of Service attack against www.dokfleed.net
Preventative Measures
Block the following attachments at the Internet Gateway where possible:
Attachment: Anti-Bug.exe
Block the following file extentions at the Internet Gateway where possible:
.scr, .exe, .bat, or .pif, .theme, .zip, or .bat
Clean out the Internet Explorer cache.
Fixes Available
Network Associates:
Minimum DAT: 4228
Release Date: 10/09/2002
Minimum Engine: 4.1.60
Symantec:
Virus Definitions (Intelligent Updater) October 10, 2002
Virus Definitions (LiveUpdate) October 16, 2002
Trend: No information available at time of alert.
|
|
Announcement: DokFLeed.Net DokBar
|
|
An Internet Explorer Toolbar for the site has been released, it will enable you to jump to any of the links and search the site all the time . you can know more about it by clicking here
Note: Get Your Own DokBar At www.dokfleed.com/Dokbar.html
|
|
Announcement: Dok Script V8
|
|
the New Structered DokScript is out , you will be able to upgrade it with simple task only.
read the attached ReadMe1st.htm included within the downloaded zip file. Click Here To Download
|
|
Announcement: mIRC Virus Scanner
|
|
This Scanner will deal with the URL spamming [ma/inv] and the $decode xploits on mIRC , as well it will only SCAN for the well know trojan on your machine. got Live Update Feature with a mIRC socket monitor .Please read the ReadMe1st.txt
Download Here
|
|
Announcement: MSN Removal
|
|
Removes the PIC() and Bush.exe MSN viruses. direct download here
|
| |
|
|
