The Misadventures of Penoi

beware of this scam, i just received a call claiming they are from microsoft and said that my computer was sending malicious info in the net. Curiously, i removed my network connection(for safety reason) and followed their instruction..they asked me to go to the Event Viewer and asked if theres any error.. obviously there wil be erros in windows.they requested me to delete the error logs.. obviously i wasnt able to delete the logs.. after that he told me that a microsoft certified technician will scan my computer online by opening something which irritates me.. if theres any issues with my pc.. i will deal with it.. i can reformat anytime or use Linux.. and i dont want microsoft support to mess around with my pc.. the caller even says that if there will be any problem with my computer, it will not be Microsoft's fault.. to hell Microsoft cares???i hung up the phone.

Did some research on this scam and found the following sites.. please be warned and this kind of modus operandi is still on the loose

http://www.computerrepairtips.net/phone-call-from-microsoft-about-virus-is-a-scam/

http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/i-received-a-phone-call-from-someone-claiming-i/4489f388-d6de-416d-9158-0079764bb001

 

I just came from my night shift and found AVG was updated and needed for a computer reboot. To my amaze, the New AVG Internet Security 2011 update causes Windows 7 to crash. Even in Safe Mode, it wont boot at all. As of now, AVG haven't release a quick fix yet. Or in worst case scenario, reinstall Windows.

====

Update

How to fix your computer after AVG Internet Security 2011 update windows crash

1. download and burn AVG Rescue CD http://www.avg.com/ww-en/download-file-cd-arl-iso

2. Boot thru AVG rescue CD. Go to Utilities > File Manager then navigate to /mnt/sda(x) where x depends on the partition of your computer.

3. Rename the following files

\Program Files(x86)\AVG\AVG10\avgrs*.exe     >>  avgrs*.exe.bak
\Program Files(x86)\AVG\AVG10\avgchsv*.exe >> avgchsv*.exe.bak

4. Press ctrl+alt+del to reboot your computer. Make sure that you remove your AVG Rescue CD.

5. Once your computer successfully booted. Download the latest AVG Internet Security 2011 Installer http://www.avg.com/ww-en/download-trial

6. Run the installer and click Repair. After the repair, reboot your computer

(or you skip step 5  and 6. Uninstall AVG and install other free Antivirus software)

You can also use Linux-based live CDs as an alternative to AVG Rescue CD

As of now, the issue is being tracked on the following sites:

AVG Official Fix: AVG FIX FOR WIN 7 64 BIT CUSTOMERS NOW RELEASED

AVG Forum : Some Windows 7 operating systems cannot be started after latest update

AVG Facebook : http://www.facebook.com/avgfree

#AVG Twitter: http://twitter.com/#!/search?q=%23AVG

I'm using Trendmicro Internet Security Pro for almost one year and my license will expire Jan 2011. Since it will be SITEX this coming weekend, its time for me to hunt and try other antivirus system. First choice is Kaspersky. When im trying to check the pricing online, i was amazed that Kaspersky's online store was tagged as Dangerous by Trendmicro's Web filter. Now thats what i call "killing the competition" :)

But i wont settle with Kaspersky as the review is not that quite good. Will try AVG or Nod32 or avast. Lets see..

Last week i received an email asking if I'm in posting their ads. To check out their ADS Unit, i must click a Google Picasa Web album url. Curious, I clicked on the URL from the email and it forwarded me on a Google Account authentication page.

Hmm smells fishy. Remember that my wife’s yahoo account was hacked after someone from her friend’s hacked YM asked her to check out the pictures on his flicker. In just a minute, her username and password was harvested by the hacker and we have to call Yahoo just to retrieve the credentials.

You wont notice that this is a bogus page.



http://picasaphotos21.t35.com/photoalbum.htm

hmmm, ok. Not your usual Google URL and looks like a subdomain of t35.com

Let’s check out www.t35.com



Boom!!! t35.com is a free website service. So the hacker uses a free web service to host his fake Google Picasa page. The minute you entered your Google Account username and password it will be harvested.

How will you identify if the page is bogus or not? Here are some of the basic steps that you can use:

1. Google always use webpage SSL certificates. You will notice that the URL starts with https://…. instead of http://… on its page authentication.

2. Update your internet browsers. New browsers are intelligent enough if the SSL certificates is fake or not.

3. Always check the URL of the page. Most of the hackers uses free web service hosting to host their bogus site.

Internet security awareness will always save your butt and your hard earned ADS payments.

After yesterday hacking incident on my gf's yahoo mail account, we called and emailed yahoo customer service and answered all of the security question just to prove that she owns the yahoo id. Yahoo then emailed  us the new password and we were able to retrieve the account from the bastard.

So how the hacker did it???? It was just a simple page that collects username and password. But he is skilled on "social engineering". At first you will not notice anything because the flow of conversation is friendly.

The yahoo mail phishing webpage was so simple. Last night i debug the page by using fiddler2, a free web debugging tool. So after the victim entered the username and password and clicked the fake Sign On button, the account information will be then be saved in a clear text file that the hacker then can retrieve and used to logon unto the victim's account. After that he will change your password and 0wn your account.



Debugging yahoo mail phishing page using Fiddler2



Saves username and password on clear text

So if you are a victim of such incident, call Yahoo Customer Service, email them and never forget all information that you used during the creation of your account, alternate email, pet's name, birthday, etc. War against cyber crime is true so always be on guard.

My gf yahoo mail account was hacked. A friend of her chatted thru yahoo messenger and asking for a load. At first you will not notice the scam because the chat was in Tagalog (native language in the Philippines). And after that the hacker asked her to check a URL for him.

http://ymphotos.my3gb.com/yahoo.html

The page looks like a yahoo mail login page. She then mistakenly entered her username and password.. and boom, her account was hacked.

The hacker then used my gf's yahoo account and chat her friends in yahoo messenger asking again for a load. After a series of conversation on one of her friends. A former officemate in Manila called her and asked if she were in the Philippines and if she is online on YM. They were puzzled why would she then asked for a cellphone load. Rachel notified me to check her Yahoo  but no avail, the hacker already changed the password.

I tried to reset the password but she forgot her alternate email. We called yahoo's customer service but they are already closed for the day.

We spent the night changing all of our account's password and calling friends not to chat her YM ID just to avert further damage.

Tired of unorganized ssh putty sessions and don't have the budget for SecureCRT??? Use PuttyTabs!!! PuttyTabs is a utility use to organize your ssh on tabs. It has its own docking window that you can hide in your desktop.

Installing Security Auditor's Research Assistant(SARA) in backtrack linux 

Install tcsh. Perl needs the csh shell to execute SARA
#wget http://mirror.muntinternet.net/pub/slackware/slackware_source/a/tcsh/tcsh-6.15.00.tar.bz2
#bunzip2 tcsh-6.15.00.tar.bz2
#tar xvf tcsh-6.15.00.tar
#cd tcsh-6.15.00
#./configure
#make
#make install
#ln -sf /usr/local/bin/tcsh /bin/csh

Download and install SARA
#wget http://www-arc.com/sara/downloads/sara-7.5.2.tgz
#tar xvzf sara-7.5.2.tgz
#cd sara-7.5.2
#./configure
#make
#make install

Add sara user
./add_user

Scan a host
./sara -a4 <ip.address>

Run SARA in daemon mode
./sara -D

Now browse to http://localhost:666

my 30 days lab access ended last February for the security course that im attending. Im still waiting for a May slot and extend another 30 days access. For the meantime, im struggling to learn perl and python programming needed in some of the course lab exercises.

[root@localhost]# postgres
"root" execution of the PostgreSQL server is not permitted.
The server must be started under an unprivileged user ID to prevent
possible system security compromise.  See the documentation for
more information on how to properly start the server.
[root@localhost]#

im starting to like PostgreSql...

 

My Toshiba Satellite M50 laptop now runs Backtrack v3 Linux!!!! The installation manual was straightforward although i have to mess around with lilo bootloader and the computer's mbr. Copying the livecd's xorg.conf to my HD installed xorg.conf fixed the LCDs resolution :)

Nessus is a free, up to date and easy to use vulnerability scanner. You can find the official documentation of how to install Nessus here.

Download and install Nessus rpm package from the Nessus download page

[root@nessus chris]# rpm -ivh Nessus-3.0.6-es5.i386.rpm
Preparing... ########################################### [100%]
1:Nessus ########################################### [100%]
nessusd (Nessus) 3.0.6. for Linux
(C) 1998 - 2007 Tenable Network Security, Inc.
Processing the Nessus plugins...
[##################################################]
All plugins loaded
- Please run /opt/nessus//sbin/nessus-add-first-user to add an admin user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
- You can start nessusd by typing /sbin/service nessusd start

[root@nessus chris]#

Add the first Nessus user, it will be the admin account

[root@nessus chris]# /opt/nessus/sbin/nessus-add-first-user
Using /var/tmp as a temporary file holder
Add a new nessusd user
----------------------

Login : admin
Authentication (pass/cert) [pass] :
Login password :
Login password (again) :

User rules

----------

nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser(8) man page for the rules syntax
Enter the rules for this user, and hit ctrl-D once you are done :

(the user can have an empty rules set)

Login : admin
Password : ***********
DN :
Rules :
Is that ok ? (y/n) [y] y
user added.

Thank you. You can now start Nessus by typing :

/opt/nessus//sbin/nessusd -D

Start Nessus service daemon

[root@nessus chris]# /opt/nessus/sbin/nessusd -D &
[2] 1454
[root@nessus chris]# nessusd (Nessus) 3.0.6. for Linux
(C) 1998 - 2007 Tenable Network Security, Inc.

Processing the Nessus plugins...
[##################################################]
All plugins loaded
[2]- Done /opt/nessus/sbin/nessusd -D

[root@nessus chris]#

Obtain your Nessus registration code in the Nessus website and register your nessus installation.

[root@nessus chris]# /opt/nessus/bin/nessus-fetch --register putyourregcodehere
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Your Nessus installation is now up-to-date.
If auto_update is set to 'yes' in nessusd.conf, Nessus will
update the plugins by itself.

[root@nessus chris]#

If you want a Windows-based Nessus admin console. Download and install Nessconnect

Singapore  IT Security Seminar
Training Fee: P 59,500.00 (+VAT)
Holiday Inn Hotel, Singapore
March 13-14, 2008 | Thur-Fri  |  9am-5pm

 

Fee includes: Airfare (Roundtrip), Hotel accommodation (sharing) for 2 days and 1 night, food, 6 training manuals and 6 Global Knowledge certificates.

 

TOPICS:

 

System Forensics, Investigation & Response

- Mr. Ariel Ilumin, enCase Certified, CIDG Philippines

           

Do you know what to do if your organization's security is compromised? Threats of computer crime against an organization's infrastructure have grown substantially, but there are steps you can take. In this course, you apply the latest Windows-based computer forensic techniques to uncover illicit activity and recover lost data. Every crime leaves behind clues. With the right tools, you can effectively respond to and counteract security threats.

 

Network Penetration Testing & Ethical Hacking

- Mr. Ariel Ilumin, enCase Certified, CIDG Philippines

 

Find Security Flaws Before the Bad Guys Do

Security vulnerabilities such as weak configurations, unpatched systems, and botched architectures continue to plague organizations. Enterprises need people who can find these flaws in a professional manner to help eradicate them from our infrastructures. Lots of people claim to have penetration testing, ethical hacking, and security assessment skills, but precious few can apply these skills in a methodical regimen of professional testing to help make an organization more secure. This class covers the ingredients for successful network penetration testing to help attendees improve their enterprise's security stance.

 

Assessing and Security Wireless Networks

- Mr. Eric Macatunggal, CCNA, Wireless Technology expert

           

As organizations provide greater mobility to their users, the risk of threats to security grows and the need for secure wireless networks becomes of paramount concern. In this course, you gain the skills to defend against attacks and maintain security within your wireless network. You learn to detect weakness in your existing network and design and configure a cost-effective security solution.

 

Securing Windows

- Mr. Wilbert Ontoy, MCSE, MCSA, Oracle Certified, Certified Ethical Hacker

 

The Securing Windows course is a comprehensive curriculum for securing Windows networks. This program brings the confusing complexity of Windows security into clear focus by starting with foundational security services, such as Active Directory and Group Policy, and advancing in a logical progression to particular products or features which rely on these foundations, such as IIS and IPSec.

 

 

Securing Oracle

- Mr. Wilbert Ontoy, MCSE, MCSA, Oracle Certified, Certified Ethical Hacker

 

Experts agree that Oracle is one of the most complex software packages available today. Unfortunately, complexity often introduces an increased risk for vulnerabilities. These vulnerabilities are being increasingly targeted by attackers.

 

Throughout the course the student will be exposed to the database as seen through the eyes of an attacker, including public and unreleased techniques that are used to compromise the integrity of the database or escalate a user's privileges. In this fashion, the student gains a better understanding of how an attacker sees a database as a target, and how we can configure the database to be resistant to known and unknown attacks.

 

Securing Unix / Linux

- Mr. Mike Liguit, Linux expert, Network Security specialist

           

The courses designed to teach individuals about securing Linux and Unix. Content is obviously dictated by course duration, but a good course will instruct the student about the various threats to the *nix platform and the countermeasures that can be brought to bear to defend against them. In most cases the student would be expected to have a reasonable understanding of *nix and be able to navigate around it.

           

Experience in-depth coverage of Unix security issues. Examine how to mitigate or eliminate general problems that apply to all Unix-like operating systems including vulnerabilities in the password authentication system, file system, virtual memory system, and in common network protocols such as NFS, NIS, and the Unix RPC mechanism. Learn the exact steps necessary to secure the two most common Unix flavors-- Solaris and Linux-- and get specific advice for securing some of the most common Internet services on the Unix platform, including Apache, WU-FTPD, Sendmail, and BIND

 

Terms: Schedules are subject to reconfirmation.

 

Register Now!

 

Global Knowledge Associates, Inc.

2502B West Tower, PSE Bldg. Exchange Road, Ortigas Center, Pasig City, Philippines

Tel. Nos. (632) 683-0969  |  637-3657

Mobile: (0921) 532-8150; (0918) 314-0542

Email: sandra@globalknowledgeph.com; sandra_medalla@yahoo.com

URL: www.globalknowledgeph.com

One way of bypassing internet perimeter is using Internet Proxies, but there is another way of surfing anonymously by means of TOR networks. Xerobank incorporated TOR networks and Firefox in its XBank browser. It also offers services of high speed browsing from 200kbps, 1,500Kbps and 40Mbps bandwidth. You can also install XeroBank browser in your USB stick and have your privacy any where you go.

One disadvantage of this technology is empowering users to bypass corporate Internet Security which is a major threat. There are many ways of how to out-smart your IT guys, but it will be an endless cat-and-mouse chase :)

oh my!!! my google was redirected to Nederland by XeroBank browser

 

 

Want to surf the net anonymously??? use Proxybeat.com list of available proxies in the internet. Or, you can use proxybeat's list in your URL filter's/black lists

I need a tool that can list all of my server's vulnerabilities. Sigvi does it all. Although the process is not yet automatic. It will compare the vulnerabilities that it has received from Common Vulnerabilities and Exposures (CVE) with the softwares that we installed on our servers.

"SIGVI is an Open Source application, under GPL license.

Basically, SIGVI is an application to detect vulnerabilities on our network.

It is not magic (still ...), simply compares the vulnerabilities that it has received from the sources with the software that we have installed on our servers. Those vulnerabilities are stored into the database creating a vulnerability repository.

When finds a software version that is vulnerable, it creates an alert and send notifications to all the administrators of this server.

The SIGVI has been (and is being) developed at UPCnet, from Politechnical University of Catalonia (UPC), Spain."