INTRODUCTION TO FIREWALLS

You have heard so many times “use firewalls to protect your computer”, in this article we are going to talk about firewalls. You may even already have a firewall management program in place. But what exactly is firewall security.

The word firewall means to a wall, which was constructed to halt the spread of a fire. In computing firewall refers to the network device which blocks certain kind of traffic by limiting the number of ports.

 Either firewall is a software based or a combination of hardware and software that are used for protecting purpose.

There are two different types of firewalls available:

1. Hardware Firewall:

A hardware based firewall is a physical device that place between your computer and the internet, it acts as a gateway to all the computer inside the network.

An example of a hardware based firewall is a broadband router. The main advantage of using hardware based firewall is that you need not to install or configure  any software because the firewall is external to the computer.

The main disadvantage is that, if your computer is mobility like your notebook than you cant use hardware based firewall.

2. Software Firewall:

A software firewall perform all the task like a hardware firewall, however software based firewalls  must be installed as a program on your computer. You can install and configure software firewall by using a dick or you can download from internet.

Software firewall has to installed on each host on the network while a hardware firewall used on the gateway of network.

Software firewalls are used for your laptop or for a single computer.

An Introduction To Encryption

Encryption is a method or a technique used to encode a message so that it can’t be read by a normal user/person. Its an art of secret writing, It can also be defined as converting information from plain text using an algorithm or a cipher to make it unreadable, So that the converted information can only be read by the person who is having the special knowledge. The process of encoding is known as Encryption and its reverse process i.e. decoding it is known as Decryption. Encryption is very useful when it comes to protecting your confidential data from being stolen. It is helpful when data is transmitted over the network, it safe guards you data from sniffers. When data is needed to be encrypted over a network, SSL Protocol is used for encryption purpose. SSL stands for Secure Socket Layer.

Types of Encryptions


Symmetrical Key : This type of encryption is also know as Shared Key Secret. In symmetrical encryption, the key which is used in the process of encryption, that same key is also used in the process of decryption. If two parties want to exchange the encrypted data securely, both of them should have the same copy of symmetric key.

Asymmetrical Key : This type of encryption is also know as Public Key. In this type of encryption, keys are generated in pairs, public key and private key. In asymmetrical encryption key used to encipher is different from the key used to decipher. Therefore the two partners have two different keys, one is made public and other one is made private. Let’s take up an example to understand the concept in an easy way.

Suppose, John wants to send a message to Mike, he just ciphers the message with the public key and sends it to Mike. Since Mike is having the secret key, he can and decipher the message and read its content.

Bugtraq 2 - Black Widow

Bugtraq-2 Black Widow is unique in its security sector, which will revive the real spirit of what isa distribution of hacking. Some people are starting to call it “The all in one of hacking”. Welcome to the new era…

Features:

Bugtraq system offers the most comprehensive distribution, optimal, and stable with automated services manager in real time. This distribution based on the 3.2 and 3.4 kernel PAE has a huge range of penetration, forensic and laboratory tools. Bugtraq is available with XFCE, Gnome and KDE based on Ubuntu, Debian and OpenSuse. The systems are available in 12 different languages. The Bugtraq-Team has no limits, and they think that each user tends to use a different distribution for various reasons. That's why the team wanted to surprise us with this assortment of possibilities to use Bugtraq-2.

Tools:

 

One of the novelties of bugtraq is its huge range of tools in different branches. We can find mobile forensic tools, malware testing laboratories, tools of the Bugtraq-Community, audit tools for GSM, wireless, bluetooth and RFID, integrated Windows tools, tools focused on ipv6 and typical pentesting and forensics tools that should not miss in Bugtraq-II. Each tool performs all the services that they need to function and are configured for optimal performance. In the case of the installations, the team has created scripts that allow better

management and speed when installing certain tools such as Nessus. This not only makes Bugtraq like the only distribution with more hacking tools to date, Bugtraq-2 is a quick and dynamic system that which a few clicks you can install or perform all the tasks that you

require, without having to search on internet tutorials to configure and install tools.

Install:

 

You can install our distribution from a Live DVD or USB drive. Depending on your desktop environment, the features are different. The minimum

Requirements are based on XFCE.

• 1GHz x86 processor & 512 MB of system memory (RAM)

• 15 GB of disk space for installation

Official Website http://www.bugtraq-team.com/web/

What is: Sky Net Technology

This must be the holy grail of hacking: a cheap, do-it-yourself flying drone that can break into Wi-Fi networks and turn computers into zombies that can be controlled remotely. The coolest part for evildoers: it makes the hacking untraceable.

Technical Information:

The SkyNET drone is a modified $300 Parrot quadcopter with a Linux computer, 3G card, a GPS unit and two Wi-Fi cards.

How It works:

Controlled by a botmaster using 3G, the drone or group of drones fly over any urban area looking for Wi-FI networks. As they find them, they automatically try to break in. Once they get inside the network, it searches for personal computers that can be compromised. Any computer that falls to the attack gets turned into a zombie without the user ever knowing it.
After the infection process, the hackers can easily control the zombies remotely through the Wi-Fi drone-to-host connection. The zombies can be used to perform any attack through their internet connections, receiving commands from SkyNET but with no traceable internet ties to the hacker botmaster:
Subsequent drone flights are used to issue command and control without ever linking the botmaster to the botnet via the Internet. Reverse engineering the botnet, or enumerating the bots, does not reveal the identity of the botmaster.
It's a perfect idea. Total cost: a mere $600. Anyone can easily build a complete fleet of these.

SMS Bombers- How Most of them WOrk

A lot of people are getting annoyed by the amount of rubbish messages they are getting just because of this SMS bombing fact. In fact I have also edited some SMS bombers and have come to know certain facts about them. Mostly, researches may vary from them but you must be aware also from what I got to you today. Many internet users just pay for these SMS bombers just to annoy someone since they have some bad intentions. Lets, see how these SMS bombers work:

Top Reasons on how these SMS bombers Work:

1. Mostly Mobile Sites offer some subscription service from their websites and user just has to input his mobile number there, After that an automated confirmation message is sent to user’s cell phone. Any bad minded guy can easily exploit this easily by just tempering the page requests to the server and by understanding the mechanism on how it works to process the entered number.
2. A paid SMS bomber can also use some online SMS sending service, there are a lot paid services available which can be used to send as many texts as you want. But such SMS bombers are never free ones, Such SMS bombers can also have spoofing feature.

Thus, An SMS bomber takes the mobile number of the victim as the input and then forwards that to specific website which then send automated message to the victim’s number.
SMS bomber makes this process to repeat at a rate of thousands of time. And victim mind just blows off and he turns off his mobile.

How to prevent such SMS bombers to be fully functional:

• This part is for websites admin who offer sms services, It would be better to use some captcha as per security reasons. I know captcha can also be bypassed but still its better than nothing.
• Not more than 10 messages should be sent by the website again and again to same number. Within 24 hours, Some filtering techniques should be implemented.

Sandcat Browser Pen-Tester Browser

Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team, the same creators of the Syhunt Web Application Security Scanner. The Sandcat Browser is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support. 

Sandcat Browser includes the following pen-test oriented features:

• Live HTTP Headers
• Sandcat Console - an extensible command line console; Allows you to easily run custom commands and scripts against a target website
• Request Editor extension
• Fuzzer extension with multiple modes and support for filters
• JavaScript Executor extension — allows you to load and run external JavaScript files
• Lua Executor extension — allows you to load and run external Lua scripts
• Syhunt Gelo — simplifies and accelerates the development of exploit-oriented extensions.
• PageInfo extension — allows you to view the page headers, JavaScript objects and more.
• Tor extension — Anonymity for standard browsing and for sending requests
• HTTP Brute Force, CGI Scanner scripts, Encoders/Decoders and more.

Limitations

In comparison with the full-featured Sandcat Browser application included with Syhunt Hybrid, this Sandcat Browser edition doesn't come with:

• the Sandcat Pro extensions
• Scanner integration — allows you to perform manual crawling

• Spider cache integration
• Request replay capabilities
• CatSense™ — which offers instant page analysis information 

Download