Security Related

Guy Mizrahi about Security and Technology.
Subscribe

Archive for March, 2008

Find other sites on a specific IP

March 29, 2008 By: Guy Mizrahi Category: Uncategorized 2 Comments →

It can be very useful to see what other sites are sitting on your site’s IP.

When you are using a shared host for your site or blog, you basically risk your site.

If an attacker is targeting other sites on the same server, his attack can hit you as well as other sites on the server.

More other sites on the hosting server = More chances your site can be hit in their attack process.

So how can you check the sites on your hosting server?

You can do it using this tool:

http://www.yougetsignal.com/tools/web-sites-on-web-server/

Internet in hotels

March 14, 2008 By: Guy Mizrahi Category: Uncategorized No Comments →

Surprise surprise – we are in Eilat ๐Ÿ™‚

My mom placed an order for hotel and flights to Eilat but she and my dad couldn’t go.

My wife and me got the vacation.. thanks mom and dad ๐Ÿ™‚

When we arrived into the hotel, we upgraded our vacation to VIP and therefore we can get into the business lounge.

We enjoy free food and drinks, breakfast in the 12’th floor with an amazing view.

The business lounge has two computers in it with a (more or less) fast Internet connection.

When I got to the computers both had their Internet browsers open.

One quick look and I saw that one computer was on Google. The guy who surf there before me left his Gmail account logged on.. You don’t even need to hack into his Gmail ๐Ÿ™‚

The other computer was in stock’s site. A few clicks “back” in the browser’s toolbar and I was logged as him.

It didnโ€™t end there…

A quick review of the computer show that it is full with spywares, Trojan horses, and other malware. The computer had Spy Sweeper installed but it didnโ€™t help..

So how can you work safely?

1. Donโ€™t leave your account logged in when you finish using it. It is better if you will not get into sites that require User and Password.

2. Delete the browser history, temp files and cookies when you finish.

3. Close the Internet Browser. Restart the computer. (If the policies do not allow this you can disconnect the computer from the electricity โ€“ it works too ๐Ÿ™‚ )

4. Best if you disconnect the computer from the network and use your laptop.

5. Work with cellular modem and donโ€™t rely on the hotel.

In my Hebrew blog I wrote once how to bypass Captive Portals.

Got some fire when I wrote that..

killing using hacking skills?

March 12, 2008 By: Guy Mizrahi Category: Uncategorized No Comments →

Yes, It is possible.

Security researchers managed to hack to defibrillator and pacemaker using Wireless (Yes, it is possible to hack it when the stuff is in one’s chest).

When they made POC the researchers put a defibrillator in a bag full of meat and managed to make it give a strong electric shock.

Scary..

The research here:

http://www.secure-medicine.org/PervasiveIMDSecurity.pdf

G-Archiver is exposing your Gmail account details.

March 12, 2008 By: Guy Mizrahi Category: Hacking, Security No Comments →

“G-Archiver is your one click Gmail backup solution. Backup Gmail email messages”

The developer forgot to mention that G-Archiver also give him the ability to hack into your Gmail account.

read about it here:

http://www.codinghorror.com/blog/archives/001072.html

MacBook Air – The bad stuff..

March 12, 2008 By: Guy Mizrahi Category: Technology No Comments →

So you want that MacBook Air, Ha?

You go, buy this awesome laptop and then what?

1. You throw it to the garbage?

2. You are suspected as a terrorist when trying to take it to flight (And loosing your flight)?

3. All of the above..

Physical Security

March 08, 2008 By: Guy Mizrahi Category: Hacking, Security 1 Comment →

Johnny from IhackStuff give a great 1 hour lecture about physical security, No Tech Hacking and Ninja way of hacking ๐Ÿ™‚

He talks great, give a lot of stuff to think about.

You have to see this.

1 hour but worth every second.

Internet Explorer 8

March 06, 2008 By: Guy Mizrahi Category: Tips and Tricks No Comments →

So.. Want to download Internet Explorer 8?

You have the guts to surf with Microsoft Beta 1 product?

Good for you (some people I know will tell you to begin the line with: I am not so sure it’s)

you can get it here:

Download Internet Explorer 8 Beta 1

GoolagScan

March 06, 2008 By: Guy Mizrahi Category: Hacking No Comments →

Cult of the Dead Cow – the same guys that created Back Orifice (isn’t it amazing that the site is still online?) released a tool that turning google into a vulnerability search machine.

This new tool: Goolag Scan allow everyone to detect web site vulnerabilities easily.

There is no new stuff here. google hacking is known for years and Johnny‘s site is full of this kind of search phrases.

cDc just gave everyone (even guy’s with no knowledge) the option to test a site for vulnerabilities.

http://www.goolag.org

Liquid Bomb gave me an Idea..

March 04, 2008 By: Guy Mizrahi Category: Security No Comments →

Bruce Schneier wrote a few days back about "Liquid Bomb" – something he wanted to know better about.

Mr Schneier read this article about A television documentary team said it had made a bomb by mixing a series of odourless and colourless chemicals that could be brought into an aircraft by passengers.

While everyone that read that post commented on the bombs and chemicals, I thought about plugins.

 

Why Plugins?

I think that if you’ll create plugin or add-on to any software or web site that allow it, this piece of software can be checked for malicious  code inside of it.

If you’ll write some plugins, each contains a part of a malicious code, a single function or procedure, that can work only if a user add a few more plugins – it can pass the detection procedure for problematic code (If there is one).

A single function that is hiding in a few hundred lines of code is not so simple to detect.

 

So let’s say you’ll create a series of plugins for wordpress or maybe some facebook applications and you’ll cut your malicious code to separate functions and distribute this – There can be a way to create an attack using this distributed code.

 

Yes, we don’t have bottles and liquid here but it looks the same to me..


Bad Behavior has blocked 143 access attempts in the last 7 days.

FireStats icon Powered by FireStats