How To Protecting Critical DNS Infrastructure Against Attack

How To Protecting Critical DNS Infrastructure Against Attack

DNS is a critical infrastructure of the Internet as every web transaction involves a DNS service provided by an ISP.

What is DNS DDOS Attack?
A DNS amplification attack is a reflection-based distributed denial of service (DDos) attack. Here attacker can sends a DNS lookup request by using the spoofed IP address to the vulnerable DNS servers. This is most popular attack in the history

This white paper outlines the recent DDoS attacks on DNS services and challenges of mitigating those attacks.

Learn how:

• DNS DDoS attacks take advantage of weaknesses in the DNS protocol
• Attackers launch a high bandwidth sophisticated attack on their victim
• Attackers use amplification effect
• Securing DNS service requires rethinking on perimeter security with dedicated tools to identify and mitigate these new breed of attacks on DNS services.

You can download this book as free offered by Radware Inc.

Download Now

Nuke-IOS An Auditing Tool To Test ARP Attacks For iOS

Nuke-IOS An Auditing Tool To Test ARP Attacks For iOS.

Its an auditing tool to test ARP attacks, can easily be avoided using Static-ARP entries on hosts or with AP isolation. Nuke-IOS (beta) Automated ARP poisoning script for IOS.

What Is ARP Poisoning?
ARP Poisoning attack is a type of attack. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing may allow an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.

The attack can only be used on networks that use the Address Resolution Protocol.  Soon its support for SBsettings toggle, yes, one simple button that takes down an entire /24 network in seconds.

Depends on:
mptcp network-cmds

Download

The Hactivist Group Anonymous Take Over Dozens Of ISIS Social Media Accounts

The Hactivist Group Anonymous Take Over Dozens Of ISIS Social Media Accounts.

The online "hacktivist" group Anonymous has just hit a massive blow against ISIS and destroyed its months of recruiting efforts. Yes, the Islamic State of Iraq and Syria (ISIS) — the radical Islamic terrorist group known for its haematic, terrible propaganda videos. 

ISIS has a huge social media presence, with multiple Facebook, Twitter, YouTube and Instagram accounts. But, the Anonymous group recently took control of over dozens of Facebook and Twitter accounts used by ISIS recruiters to bring in new members.

Anonymous also released a video on Friday saying, "We are Muslims, Christians, Jews alike. We hackers, crackers, Hacktivist, phishers, agents, spies, or just the guy next door… students, administrators, workers, clerks, unemployed, rich, poor."

"We are young, or old, gay or straight… from all races, countries, religions, and ethnicity. United as one, divided by zero," and most important point made by the video is that the Anonymous believes that "the terrorists that are calling themselves [the] Islamic State (ISIS) are not Muslims."

The group further issued a warning to ISIS in its own statement, which is as follows:

"We will hunt you, take down your sites, accounts, emails, and expose you. From now on, no safe place for you online. You will be treated like a virus, and we are the cure. We own the internet. We are Anonymous; we are Legion; we do not forgive, we do not forget. Expect us."

The Anonymous group then said it made good on its pledge by launching cyber attacks and disabling several Twitter and Facebook accounts linked to ISIS which were used for recruiting purposes. Under the Twitter hashtag #OpISIS, Anonymous released a list of what it said were ISIS sites crippled by the cyber attack.

Some of ISIS Twitter accounts, that were taken offline by the online Hackivist group as part of #OpISIS are as follows:

• https://twitter.com/Daash
• https://twitter.com/DaashISIS
• https://twitter.com/DaashConnect
• https://twitter.com/DaashISIS
• https://twitter.com/ISISConnect
• https://twitter.com/D3ichy1
• https://twitter.com/Nour_zalam
• https://twitter.com/fadou7_ilma3bar
• https://twitter.com/Faysal_da3iche
• https://twitter.com/sam7anA7mar
• https://twitter.com/Salman7asoun
• https://twitter.com/far7at_naser_3
• https://twitter.com/Asad3oumran
• and many more

Anonymous says the following Facebook accounts are in close contact with ISIS in Syria and Iraq. They advise us to “keep a close eye” on them.

• https://www.facebook.com/azizi.salina  
• https://www.facebook.com/mujahiddin.bolzan  
• https://www.facebook.com/sinar.cahaya.73
• https://www.facebook.com/putraijamarul77  
• https://www.facebook.com/profile.php?id=100007817504822
• https://www.facebook.com/najmi.mie.9  
• https://www.facebook.com/mohdazril.matsoom  
• https://www.facebook.com/mohdrahemyl.remy  
• https://www.facebook.com/safwan.wan.5661  
• https://www.facebook.com/cikgu.ihsan  
• https://www.facebook.com/buxy.bux
• and more to come

According to Anonymous, it’s just the beginning of their operation and warned ISIS that there will be "more to come."

About the Author:

Swati Khandelwal - She is an Cyber Security Expert and Technical Writer at 'The Hacker News. 

Latest Global Black Market Intelligence And Security Threats

Latest Global Black Market Intelligence And Security Threats.
Havoscope: Information About The Global Black Market.

In today’s interconnected world, black markets have the power to wreak havoc on all industries and across all regions. Whether denying needed tax revenues to governments, destabilizing societies or damaging the environment, the global black market impacts nearly everyone on a daily basis.

Despite billions of dollars spent combating the activities of the black market, little attention has been given to producing clear and useful data about those activities. When information and market statistics have been produced, they generally have been used as marketing tools designed to promote a certain agenda rather than to objectively describe the actual situation.

Havocscope addresses this need for accurate, unbiased data by providing a centralized location for all information about the black market. By collecting and analyzing hundreds of pieces of data every day, we provide only the highest quality of information to our global users.

“We have checked the sources provided by Havocscope and have found
that Havocscope accurately records the reported amounts.”

-“Economic Analysis of the Proposed CACP Anti-Counterfeiting and Piracy Initiative”
LECG in a report prepared for the Coalition Against Counterfeiting and Piracy (CACP)

As the premier global provider of information on black market activities, the World Economic Forum used our data in its 2011 Global Risks Report to highlight the issue of illicit trade. In 2012, the Council on Foreign Relations utilized our research when researching the issue of transnational crime for their Global Governance Monitor Project.

All Havocscope data on the black market is available for free to the public for personal use. Ranking totals and other information collected by Havocscope may be cited, so long as Havocscope is properly sourced and credited with a link back to our website when applicable.

About The Author:
This article is written by Mayur Agnihotri. I'm Not a Master, I'm Still a Learner. NO-BODY is Safe in  Cyber World. Use Knowledge to Save Yourself & Your Country.Respect your Country's Cyber Law. " For Digital India We Should Think About Digital Terrorism First.....!! " - Hakon 

ANATEL - Brazilian National Telecommunications Agency Hacked

ANATEL - Brazilian National Telecommunications Agency was hacked this week and hackers leaked the database and various information online.

Everything indicates that it is a form of protest against the telephone companies and the country's internet, Marco Civil and Internet freedom.

The hacker who identifies himself as [?] 1NC0GN1T0 [?], Also left a message for telephone operators GVT, Oi, Claro, Vivo, Tim, NET, Embratel and others.

Watch full detail:

ANATEL Hacked & exposed - Ghostbin

MSN.COM Affected By Multiple Flash Cross-Site Scripting Vulnerabilities

MSN.COM Affected By Multiple Flash Cross-Site Scripting Vulnerabilities!

Basically a Flash Cross-Site Scripting Vulnerability isn't so different from the other XSS Attacks and infect they have the same High Impact like the others! but the unique difference is that it works via Flash Object Files (.SWF).

Christian Galeone a youngest cyber security researcher has been found vulnerability in Microsoft domain. He describe as follows:

Into my Bug Hunting Carrier i had the opportunity to find Several High Issues, one of them is the Flash Cross Site Scripting Vulnerability!.

So, here is how it works!:

For these reasons, i have Recently found that the domain " ads1.msn.com " from Microsoft Inc. had Several Vulnerable Flash Objects for this type of Attack!

**Affected URL(s) Link:**

http://ads1.msn.com/ads/7188/0000007188_000000000000000633582.swf

http://ads1.msn.com/ads/76434/0000076434_000000000000000600751.swf

http://ads1.msn.com/ads/83264/0000083264_000000000000000674697.swf

http://ads1.msn.com/ads/60380/0000060380_000000000000000471735.swf

http://ads1.msn.com/ads/73102/0000073102_000000000000000411337.swf

http://ads1.msn.com/ads/68526/0000068526_000000000000000626606.swf

http://ads1.msn.com/ads/76434/0000076434_000000000000000600754.swf

http://ads1.msn.com/ads/53428/0000053428_000000000000000567342.swf

http://ads1.msn.com/ads/9911/0000009911_000000000000000610871.swf

http://ads1.msn.com/ads/65522/0000065522_000000000000000526160.swf

I have downloaded the SWF Object(s) and analyzed their Internal Code with SWFScan (from HP), here you can see the code:

As i saw, the ?ClickTag= Parameter was Vulnerable (after have tested it manually) and so i was able to Inject the PoC Payload Script into it, as you can see below,

Javascript:prompt(document.domain)//

The document.domain indicate where the Script Execution will come from, so the PoC Link will look as below:

http://ads1.msn.com/ads/7188/0000007188_000000000000000633582.swf?clickTAG=Javascript:prompt(document.domain)//

Let's see the main SWF Screen

This is our Result - (Click into the Banner)!

Where about:blank it indicates the Origin of the Script, in our Case the 0000007188_000000000000000633582.swf Object!.

I've then reported the issue to Microsoft Security Team and they decided to Credit me into their Acknowledgement Page for the month of January 2015!

Let's say is an awesome Gift ;-)
Marry Christmas and Happy New Year to Everybody!!

More Details:
http://www.acunetix.com/blog/articles/elaborate-ways-exploit-xss-flash-parameter-injection/

About the Author :
Christian Galeone is a Cyber Security Researcher from Italy, he's currently studying to ITCL Marco Polo ( Vocational Technical Institute | Vo-Tech ) attending the IT Programming Class.
He has been Acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc.
He is currently working with HOC as author of Cyber Security & Critical Tools Research Articles.

NoGoToFail: A Network Security Testing Tool For HTTPS And TLS/SSL Bugs

NoGoToFail: A Network Security Testing Tool For HTTPS and TLS/SSL Bugs. An on-path blackbox network traffic security testing tool.

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Design

Nogotofail is composed of an on-path network MiTM and optional clients for the devices being tested. See docs/design.md for the overview and design goals of nogotofail.

Dependencies

Nogotofail depends only on Python 2.7 and pyOpenSSL>=0.13. The MiTM is designed to work on Linux machines and the transparent traffic capture modes are Linux specific and require iptables as well.

Additionally the Linux client depends on psutil.

According to Google blog,
"Google is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere” is not enough; it also needs to be used correctly. Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.

The Android Security Team has built a tool, called nogotofail, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works for Android, iOS, Linux, Windows, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy."

Download

Do you think HTTPS is Secure? But its Not !

Do you think HTTPS is Secure? But its Not !

Do you want to test your Server for BEAST & CRIME Attacks?

Do you want to have an overview on how secure is your encryption also indicating the Supported Suites & Protocols?

TestSSLServer will give you all of them in just one tool!.

All you have to do is visit their main website:

Link: http://www.bolet.org/TestSSLServer/

Then run which package you desire:

-) Java Application

   Link: http://www.bolet.org/TestSSLServer/TestSSLServer.jar

-) Windows Executable Version

   Link: http://www.bolet.org/TestSSLServer/TestSSLServer.exe

Once you will have downloaded it, just drag the app into the Windows Command-Promt and press Enter:

When you are there, you will need to enter the server details, for this use this syntax:

usage: TestSSLServer servername [ port ]

Example: mysubdomain.apple.com 443 **(You can also insert your local address if you have any Server running into it)

As you can see, one of Apple's subdomain is Vulnerable to POODLE Attack since it has SSLv3 Enabled.

It can be attacked from the HTTPS Secure Port - :443 .

We can see that the Vulnerable SSLv3 Cipher Suites are:

RSA_WITH_RC4_128_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA

...but our Target is also Vulnerable to BEAST Attack as reported below!.

BEAST status: vulnerable

But it's not the end!.

This great Tool also give you relevant informations regarding the Security of your Keys!

My target got it STRONG, it means that a Possible Attacker may concour in some difficulties for Crack the Server Key!.

See Below!:

Minimal encryption strength:    strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)

If is STRONG, The Hacker may be not facilited but NOT unabilited for CRACK your Web-Server Keys.

At the end, this tool also give you the details about the Security Certificate that the server is running!.

Example mine comes from Cupertino, California!.

Definitively, you should try it at all!.

About the Author :
Christian Galeone is a Cyber Security Researcher from Italy. He has been acknowledged by the TOP 5 Companies including Yahoo!, Microsoft, AT&T, Sony etc.

Do You Think Your Network is Secure ? Might Be Not

A Cybercriminal's Guide to Exploiting DNS for Fun and Profit.

Stories about devastating cyberattacks are plaguing the news every week. You might be thinking your network is secure. You have a sophisticated, layered, defense-in-depth strategy in place.

Your customer data—and your business reputation—are undoubtedly secure, but is it? Take a look at yourself through the eyes of the cyber criminals who are making today's headlines. 

They know that there is a hole in most defenses and how to exploit it. Carrying out a DNS attack is relatively simple for the bad guys because the DNS protocol is easy to exploit. Additionally, there are dozens of types of DNS attacks for them to choose from. These attacks can be used to hijack your systems, steal your data (or your customers' money), or bring your business to a screeching halt. For a look at a serious and deadly threat, read this white paper; and see your network the way hackers do—as an easy target. Learn how you can effectively secure your external and internal DNS infrastructure today.

-> Download Free White Paper 

India to Host 3rd Annual 'The Hackers Conference' this Year in August

The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to -face to join their efforts to co-operate in addressing the most topical issues of the Internet Security space.

The conference was attended by several Black-hat hackers along with cyber-crime specialists and security experts. The Conference provided a platform for open dialogues between two extremes to bridge the existing gaps in the internet security arena and make the internet safer. The participation from Government and Defense intelligence along with Hackers and Corporates made it a first ever conference of its kind.

Call For Papers

Important Dates:

    1.) Abstract Submission deadline: July 31st, 2014

    2.) Announcement of selected Abstracts: August 5th, 2014

    3.) Full Paper Submission deadline: August 10th, 2014

    4.) Conference Date: August 30th, 2014

Call for Papers is open till July 31st, 2014 so if you have interesting topics to present at The Hackers Conference 2014 you are welcome to submit! Email your submission to: cfp@thehackersconference.com and email subject should be: CFP THC 2014.

HOC gives 10% offer for our readers registration just mail us on hackersonlineclub.com@gmail.com

Read more about THC 2014 

Indian Security Researcher Got Bounty For Facebook Logical Comment Bug

Indian Security Researcher Manjesh S. Got Bounty For Found Facebook Logical Comment Bug. Manjesh shared with us that how he found the Bug in Logical Comment.

Facebook Logical comment bug
[#] Title:  Logical comment bug on facebook group.
[#] Worth: $500 USD
[#] Status: Fixed
[#] Severity: Low
[#] Author: Manjesh S
[#] Twitter: @Manjesh24

Description:
We can make others comments unremovable on a OPEN group using this bug - its a privacy issue.

Sample example: Assume that someone posted on a OPEN group as :
"Facebook magic!! Comment your email and password here, your email and pass will change automatically to ****@****.com and ********* , Try it now"

Whenever some person sees this post he thinks that it is a new feature from  fb, and will plans to try it, also plans to delete the comment after trying it..

So when a user comments on this post with the email and password we can make this comment unremovable, What happens here is , user primary email and password is publicly viewable and user cannot remove his own comment forever.. Any group members and non group members can view the comments ..

User will never be able to delete his own comment..

Steps to Reproduce:

1. User need to comment on others post on a OPEN group Admin have to remove the user from the group
2. Facebook was aware of this privacy issue hence a DELETE option was available to our comment when removed.

But that option was not working :D
When we click on delete, it was showing some error and the the comment was not deleted. 

But this bug was rejected as:
"This is intentional behavior in our product. We do not consider it a security vulnerability."

I didn't mentioned that I was trying it on OPEN group so it was rejected .
As of https://www.facebook.com/help/www/220336891328465 this bug is valid when we consider OPEN group only..

I had some proofs to prove that this is not a intentional behavior, I sent them some proofs + example and the bug was accepted :)

HOC team congrats to Manjesh S. for got $500 bounty by Facebook Bug Bounty program.

---

About the Author:

Manjesh S,  Engineer Student & Security researcher from India found facebook bug.

Traffic Analysis and Capture Passwords

Traffic Analysis and Capture Passwords

ABSTRACT

It is known that Wireshark is a powerful tool that goes far beyond a simple sniffer. What many do not know is that there are several ways to harness the potential of this tool, readers, this article will introduce. Let us learn to sniff the network effectively, create filters to find only the information we want, see it as a black hat would use this tool to steal passwords and finally, how to use Wireshark to diagnose network problems or if a firewall is blocking packets correctly.

INTRODUCTION

Your password is hard to be broken? Has many characters and you trade with a certain regularity and one day you're surprised to receive allegations of invasion. Evidence indicates that the invasions third party accounts departed from your account and you have no idea what is happening. That is, someone may have made use of your account and performed such acts as you. How could this have happened? A strong possibility is that you have been the victim of an attack of "sniffer".

UNDESTAND THE MAIN CONCEPT

What are Sniffers? Well... Are very useful software, so great is the use of them, even the IDS systems are made based sniffers. A sniffer is a program that can capture all traffic passing in a segment of a network.

Programs that allow you to monitor network activity recording names (username and password) each time they access other computers on the network.

These programs are monitoring ("sniffing") network traffic to capture access to network services, such as remote mail service (IMAP, POP), remote access (telnet, rlogin, etc.), file transfer (FTP) etc.. Accesses made, captured packets. Always aiming to get identification for access the user's account.

When we called the HUB computer and send information from one computer to another, in reality these data are for all ports of the HUB, and therefore for all machines. It turns out that only the machine on which the information was intended to send the operating system.

If a sniffer was running on other computers, even without these systems send the information travels there for the operating system, the sniffer will intercede at the network layer, data capturing and displaying them to the user, unfriendly way. Generally the data are organized by type of protocol (TCP, UDP, FTP, ICMP, etc...) and each package shown may have read your content.

YOUR PASSWORD CAN BE CAPTURED BY SNIFFERS

Many local area networks (LANs) are configured sharing the same Ethernet segment. Virtually any computer of the network can run a "sniffer" program to "steal" users passwords. "Sniffers" work monitoring the flow of communication between computers on the network to find out when someone uses the network services previously mentioned. Each of these services uses a protocol that defines how a session is established, such as your account is identified and authenticated and how to use the service.

To have access to these services, you first have to have a "log in". Is the login sequence - the part of these authentication protocols, which occurs at the beginning of each session - the "sniffers" are concerned, because it is this part that is your password. Therefore, it is the only filter "strings" keys that the password is obtained.

STEP BY STEP

Currently, almost all environments using switches and not hubs, which makes sniffing a little more difficult because the switches do not send the data to all ports as a hub does, it sends directly to the port where the host destination, so if you try to sniff a network switch you will only hear what is broadcast, or its own connection. To be able to hear everything without being the gateway of the network, an ARP spoof attack is necessary, or burst the CAM table of the switch.

Basic Usage

Now let's put our hands dirty: I'm assuming you already have the program installed, if you do not download. When starting Wireshark, the displayed screen will look something like Figure 1:

Figure 1) Wireshark.

Before you can start capturing packets, we have to define which interface will "listen" to the traffic. Click Capture > Interfaces

Figure 2) Interfaces.

From there, a new window will appear with the list of automatically detected interfaces, simply select the desired interface by clicking the box next to the name of the interface, as in figure 3:

Figure 3) Capture Interfaces.

If you click Start, it will begin automatically captures. You can only select the interface and only then start the capture if necessary.

When the capture process starts, you will see several packets traversing the screen Wireshark (varying according to the traffic of your machine / network). Will look something like the figure 4:

Figure 4) Capturing.

To stop the capture, simply click the button, "Stop the running live capture".

Figure 5) Stop.

It is important to remember that you must take care if your network is busy, the data stream may even lock your machine, then it is not advisable to leave the Wireshark capture for a long time, as we will see, we will leave it running only during the process debug a connection. The greater the amount of packets, the longer it takes to apply a filter, find a package, etc.

With this we have the basics of the program, we can set the capture interface, start and stop the capture. The next step is to identify what interests among many packages. For this, we will start using filters.

Using Filters

There is a plethora of possible filters, but at this moment we will see just how to filter by IP address, port and protocol.

The filters can be constructed by clicking on "Filter", then selecting the desired filter (there is a short list of pre-defined filters), or by typing directly into the text box. After you create your filter, just click "Apply", if you wanted to see the entire list of packages again just click "Clear", this will remove the filter previously applied.

Figure 6) Filter.

I will use a small filter list as an example:

Figure 7) Example by Rafael Souza (RHA Infosec).

It is also possible to group the filters, for example:

ip.src == 10.10.10.1 && tcp.dstport==80 OR ip.src == 10.10.10.1 and tcp.dstport==80

Source address 10.10.10.1

And destination port 80

CAPTURING PASSWORDS

Now we will see how you can capture passwords easily, just by listening to traffic. For this example we will use the POP3 protocol, which sends the data in clear text over the network. To do this, start capturing packets normally and start a session with your server pop3 email. If you use a safer as imaps or pop3s and I just wanted to see the functioning of the mechanism, protocol is possible to connect via telnet pop3 without having to add / modify your account, simply run the following:

telnet serveremail.com 110

user user@rhainfosec.com

pass rhainfosecpasswd

Now stop the capture, filter and put "pop" and then click "Apply". That done, you see only the packets of pop3 connection. Now click on any of them right, and then click "Follow TCP Stream".

Figure 8) POP3.

With this he will open a new window with the entire contents of the ASCII connection. As the pop3 protocol sends everything in plain text, you can see all the commands executed, including the password.

Figure 9) Pass.

This can be transported to any connection in plain text, such as ftp, telnet, http, etc.. Just to let you change the filter and examine the contents of the connection.

Importing External Captures

Usually in servers, there is no graphical environment installed and with that you cannot use Wireshark directly. If you want to analyze traffic on this server and you cannot install Wireshark, or if you do not have to capture this traffic elsewhere, the best one can do is write traffic with tcpdump locally and then copy this dump to a machine with Wireshark for a more detailed analysis is made.

We will capture everything that comes or goes to the host 10.10.10.1 with destination port 80 and save content in capturerafaelsouzarhainfosec.pcap file from the local folder where the command was executed. Run the server:

tcpdump -i eth0 host 10.10.10.1 and dst port 80 -w capturerafaelsouzarhainfosec.pcap

Once you're finished capturing, simply use CTRL + C to copy the file to the machine Wireshark capture and import by clicking on File -> Import. Once imported, you can use the program normally as if the capture had occurred locally.

EVOLUTION OF THINKING

Why steal your password?

There are various reasons that lead people to steal passwords from simply to annoy someone (sending email as you) up to perform illegal activities (invasion on other computers, theft of information, etc.) An attractive to crackers is the ability to use the identity of others in these activities.

One of the main reasons that attackers try to break systems and install "sniffers" is able to quickly capture the maximum possible accounts. Thus, the more accounts this attacker has , the easier it is to hide your stash.

How can you protect yourself?

Do not be thinking that "sniffers" can make all the insecure Internet. Not so. You need to be aware of where the risk is , when you're at risk and what to do to be safe .

When you have your stolen credit card or suspect that someone may be using it improperly, you cancel the card and asks another. Likewise, as passwords can be stolen, it's critical that you replace regularly. This precaution limited the amount of time that a stolen password can be used by an attacker.

Never share your password with others. This sharing makes it difficult to know where your password is being used (exposed) and is harder to detect unauthorized use.

Never give your password to anyone claiming access your account needs to fix some problem or want to investigate a breach of the system. This trick is one of the most effective methods of hacking, known as "social engineering."

Use networks you can trust

Another aspect you should take into consideration is what network you can trust and which cannot. If you're traveling and need to access their computers remotely organization. For example, pick any file in your home directory and you have available is a "LanHouse" or network of another organization . Are you sure you can trust the network?

If you have no alternative for secure remote access and only have available resources such as telnet, for example, you can "mitigate" this effect by changing the password at the end of each session. Remember that only the first packet (200-300 bytes)of each session carry information from your "login". Therefore, to always change your password before logging out, this will not be captured and password before it was exposed to the network is no longer valid. Of course it is possible to capture everything going across the network, but has no intention of attacking fill the file system quickly and so easily discovered.

Why networks remain vulnerable to "sniffers" long?

There are several reasons and there is no quick solution to the problem.

Part of the problem is that companies tend to invest in more new features than add security. New security features can leave the most difficult systems to configure and less convenient to use.

Another part of the problem is related to added costs for Ethernet switches, hubs, network interfaces that do not support the particular "promiscuous" that sniffers can use.

CONCLUSION

The question that remains is how can we protect ourselves from this threat...

ü  Network cards that cannot be put into "promiscuous" mode. Thus, computers cannot be mastered and transformed into "sniffers".

ü  Typically, the Ethernet interface only passes packets to the highest level protocol that are intended for local machine. This interface into promiscuous mode allows all packets are accepted and passed to the higher layer of the protocol stack. This allows the selection you want.

ü  Packages that encrypt data in transit over the network, thus avoiding to flow passwords "in the clear".

I would remind you that the safest is to adopt and encourage the use of software which enable remote access encrypted sessions, help much to make your environment more secure.

One fairly common encryption technology currently in secure communication between remote machines SSH (Secure Shell). SSH is available for different platforms. Its use does not prevent the password captured, but as this is not encrypted serve to the attacker. SSH negotiates connections using RSA algorithm. Once the service is authenticated, all subsequent traffic is encrypted using IDEA technology. This type of encryption is very strong.

In the future, security will increasingly intrinsic to the systems and infrastructure networks. No use having all the "apparatus" of security you need, but do not use them. Security is not something that can be completely secure. Remember, no one is 100% secure.