Nov 20 2014

First impression — 1U App

password_screen_caricaturePassword, password and more passwords. If you are like me then you are  tired of tokens, passwords, two factor authentication and all of the other mystical things out there that is trying to keep us safe in this crazy technological world that we are living in.

I recently attended Ohio Linux Fest 2014  and saw an interesting talk on password security by Dru Streicher a security analyst for Sherwin Williams, you can view the slides  here. He basically gave us an overview on some of the different attacks sounding passwords, then went into a really nice open forum chat about password best practices. Keeping all that in mind, if I knew about the 1U app then, I might have skipped his talk, and spent that time testing the app instead :).

Now just incase you are asking yourself why  should anyone care about password security, or newer technology to help with your authentication process, I would like to point you to an article over at titled “How much does a data breach actually cost”. The number that was estimated  for the cost of an average data breach is $3.5 million.

The article then ended by making the following statement “So what’s the hold up? Experts say that banks and retailers have been at a bit of a standoff: Neither one wants to take the plunge to invest in new technology, and both are waiting for the other to overhaul the system. Meanwhile, consumers will just have to shop smart and keep a close eye on their transaction history.”

Luckily they are innovators like Hoyoslabs that wants to help change the landscape of this digital revolution. Before I jump into my experience with trying to setup and test the 1U  on my android Galaxy S4 mobile device I will begin by first explaining what 1U is.

Instead of trying to explain it in my own phones here is the official explanation “”1U™ ( is an app component of the HoyosID® Identity Assertion platform, serving as a replacement for all usernames, passwords, PINs and tokens of any kind, making users’ digital lives more convenient and secure. Using your mobile device’s camera, various biometrics are acquired and upon recognition, the app grants access to you and only you so you can complete transactions and log into secure sites without fear of breach or the hassle of a forgotten password.”

After reading an explanation like that you can see why I was  excited to be apart of the test group and couldn’t wait to install the application and start testing. Unfortunately  like all good things they soon come to an end.

I downloaded the application from the beta server, did they initial setup however each time got to the final step of the configuration process it kept starting over. This appear to have been a bug, so I reported this to support as well as the person who contacted me to be apart of the test group. Support confirmed it and mentioned it will be fixed in the final version that will be released in the  Appstore and Google Play store.

Until such  time I will be waiting to complete my review once I have a bug free version of the application.


Read more:

Oct 21 2014

Learning your history is important

It is said that if you don’t know your history you are bound to repeat the past. They same holds true even in the world of Malware. The below Infographics helps with bringing you up to speed with what occurred over the last 28 years in the wonderful world of Malware.

A big thanks to the ESET team for creating and sharing this with the community. I would like to pride myself on know a bit more about Malware than the average user, but even so I learned quite a lot form this Infographics.

So sit back and enjoy the journey that begins with Pakistani Brain in 1986 and ends with Windigo 2014.

Jan 23 2014

How Well Are You Protecting Yourself Online?

By Sandra Mills

How many passwords do you enter on a daily basis? With the prominence of the internet in the modern age, it’s probably quite a few. Most password-protected sites often contain extremely valuable personal information as well. Information many cyber criminals would love to obtain and abuse.

Since these passwords have become so intertwined with our personal and financial lives, shouldn’t we make it a goal to strengthen them? However, it seems that most people don’t see the issue, and are often complacent when creating new passwords. Some create weak passwords (such as “password”) without thinking much of what they’re really putting at risk.

With this in mind, we should all make a conscious effort to create high-quality, complex passwords to keep ourselves protected online. There is a lot of data that has been measured concerning this issue, such as what is most effective or most common, and with a few simple tips you too can help fight against weak internet security. Don’t put yourself at unnecessary risk any longer.

Below is a helpful infographic from Instant Checkmate, containing many tips and statistics that should be a good starting point for getting your personal security up to par in 2014. If you want to make sure that you really are protected online, this is the first step.


 A big thank you to Sandra for writing today’s blog entry, and what a timely posting since we are always seeing accounts being compromised daily because of weak passwords.

Nov 22 2013

Security Management from an Enterprise Perspective

Security Management from an Enterprise Perspective

By: Karthik

An enterprise invests considerable amount of time in its day to day scanning and managing patched for the infrastructure. But, an enterprise psychological analysis shows us otherwise i.e. most of the enterprises shy away from scanning and patching their business critical infrastructure in a fear of interrupting their already established critical applications. Another side of the story shows that, the enterprise test, scan and manage patches up to the staging elevation but fail to re-asses the same when they go live on production environment. The major challenge here is to convince the stakeholders about the end user impact after running a thorough security scanning and management of patches. Metasploit which is a famous exploit development toolkit adds several exploits to its repository on a monthly basis there by hinting to us that the threat vectors are increasing day by day. In this article we shall understand how to balance the security management with business operations.

Stakeholders generally frown on scanning and patching the critical infrastructure. This is because security teams are considered as a pain to the day to day operations for the rest of the enterprise and also the fact that security management in its real vigor is never atop the priority list for stake holders. For decades we have witnessed that, only after a breach, an enterprise strengthens its security infrastructure. Otherwise the security implemented is pretty mediocre.

Securosis Patch Management Cycle

Securosis Patch Management cycle:

In the above image, we see the securosis patch management cycle representing the activities across any technology platform. The importance towards implementing stringent security measures and infrastructure is gaining value in the current decade, as we have seen maximum number of Data breaches and exfiltration happening around the world. Instead of staying isolated, security teams must work closely with the operations team so that, they are no longer considered intrusive by the rest of the organization. Each cycle of vulnerability assessment for business critical applications should include a thorough analysis of its impact on the operations as well as the threat surface presented by the organization. Generally, internal security teams run a set of automated tools and end the story by patching the suggested patches by well-known tools like Nessus and Accunetix. Not all production environments of the enterprise are a plug-n-play environment for the patches. Each production environment undergoes its own share of customization before going live to the end user. A logical error might lead to vulnerability/Zero day which the general automated scanner cannot detect.

Vulnerability scanning and management of patches must be more than just a compliance check which enterprises go through. The difference between a vulnerability assessment and penetration testing matters in these scenarios. Organizations undergo vulnerability assessment to see the attack surface exposed to the hackers whereas a penetration test would determine which among the following vulnerabilities is exploitable. There must be a lot of interaction with the business stakeholders and the security teams for a successful security analysis of the business critical applications. Most of the time, stakeholders do not completely understand the process behind the approach of Security teams. Owing to these, the stakeholders shy away from completely trusting the end user impact after the inspection. The stakeholders should understand the core difference between application level security and infrastructural security. In the infrastructural security the knowledge required about the hosts and services is minimal compared to application level assessment. Automated tools fail to completely cover the customized APIs and applications. Passive scans have their own advantages of not actively probing the target, thereby not disturbing the operational state of the critical applications. On the other hand detecting XSRF, SQLi, XSS etc. are not covered under passive scans. Enterprises need to understand that attackers generally attack the application layer more compared to infrastructure. For a deeper look into enterprise security, check out the CISM training course offered by the InfoSec Institute.

Most security practitioners advocate the frequent scanning of patches to manage and mitigate undiscovered risks. Applying security scanning at all phases: development, QA, staging, production and maintaining a strict program to avoid any kind of unexpected data breach. Threat modeling can be implemented right from the development stages to combat the security bugs in early lifecycle. This makes sure that developers as well as QA would learn to develop and test products being security aware. It’s always advised to hire professional firms to find difficult to find bugs after the internal teams complete their rounds of security tests. This would make sure that production environment would go live with little or no major security flaws knows to the enterprise. Over the past decade, most of security breaches and data exfiltration attacks happened over the production environment and the reasons are discussed above in detail.

Experts suggest that mirroring production environment and running security tests without causing any dreadful impact to customers is the way to proceed in continual security assessments. Continual security assessment is needed because; an application with unknown vulnerability today might be explored tomorrow for a Zero Day. Vulnerabilities found in mirrored environments can be used to produce a daily dose patch and get validated on the production environment. Making the process granular is the key here. Bugs raised must not be forgotten and must be patched based on priority. The efforts of bug hunting are only fruitful when the bugs are patched in a timely manner. Handling the way a patch is deployed in a system can differ from system to system. Suppose a patch is being deployed for a web application, then a couple of changes in the code and uploading to the server does the trick. But in case of operating systems, they might require a reboot in order to be effective. Load balancers play a critical role in patching of systems which need 24/7 uptime.

Remedying vulnerabilities is a never ending process and not every security test would give you threatening bugs. The catch here is to understand the vulnerabilities that are exploitable and its impact on the business as well as the end users.

May 30 2013

Tails,cause we care about our privacy

tails-torTails, is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.

How does this work you might ask?

Tails relies on the Tor anonymity network to protect your privacy online: all software are configured to connect through Tor, and direct (non-anonymous) connections are blocked.

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

In short if you have every used a bootable Live CD/DVD/USB media before its the same concept just that this project focus on your privacy.

What’s under the hood?

A set of note worthy Firefox extension:

  • Adblock Plus
  • Cookie Monster
  • FoxyProxy Standard
  • HTTPS-Everywhere
  • NoScript
  • Torbutton

Screen Shot 2013-05-26 at 1.14.06 PM


A few extra bonus applications for the paranoid at heart:

  • Create ecycrpted volumes with TrueCrypt
  • Securely delete files with Nautilus
  • Manage passwords using KeePassX
  • By default your browser is pointed to, the world’s most private search engine.

Lastly, another option that felt was nice was the ability to use the “Windows Camouflage” mode, this basically makes Tails look more like Microsoft Windows XP. This is useful in public places in order to avoid attracting suspicion.

So now you have a new OS to enhanced your desire for privacy. Have fun and please let us know what other methods you are using.

Jan 13 2013

Domain Theft and the Possibilities for Recovery


On October 24th 2012, Diigo, a social bookmarking website allowing signed-up users to bookmark and tag web pages, had its domain,, stolen by a domain name thief. . As a result, Diigo’s more than 5 million registered users were not able to access the website.

Domain theft, also known as domain name hijacking, is not a new phenomenon. Back in 2005, the ICANN’s Security, Stability and Advisory Committee (SSAC) issued a Domain Hijacking report outlining several incidents of domain theft. The report defines domain name hijacking as “wrongful taking of control of a domain name from the rightful name holder.”

The present contribution describes the types of domain thefts (Section 2) and explains the possibilities for recovery of stolen domain names (Section 3). Finally, a conclusion is drawn (Section 4).

Types of domain theft

The Domain Hijacking report differentiates five basic types of domain theft, namely: impersonation of a domain name registrant in correspondence with a domain name registrar (Subsection 2.1); forgery of a registrant’s account information maintained by a registrar (Subsection 2.2), forgery of a transfer authorization communication from a registrant to a registrar (Subsection 2.3); impersonation or a fraudulent act that leads to the unauthorized transfer of a domain from a rightful name holder to another party (Subsection 2.4), and unauthorized DNS configuration changes that disrupt or damage services operated under a domain name (Subsection 2.5).

Impersonation of a domain name registrant in correspondence with a domain name registrar

This type of domain theft includes using forged fax or postal mail requests to modify registrant information. In some cases, stolen or copied company letterheads may be also used.

The incident is a typical example of impersonation of a domain name registrant. Hushmail was launched in 1999 by Hush Communications. In April 2005, a domain name thief convinced the support staff of Network Solutions, Inc. to modify the administrative email contact information in Hush Communications’ registration record. Then, the attacker used the administrative contact email to submit a password reset request for the Hush Communications account to Network Solutions, Inc. Afterwards, the attacker logged into the Hush Communications account, changed the password, and altered the DNS configuration to point the domain name to his own server. At the end, the thief posted a new home page demonstrating his achievement and embarrassing Hush Communications.

Forgery of a registrant’s account information maintained by a registrar

Domain name thieves may forge the account information associated with a domain name registration to conduct malicious activities, such as reselling the domain. For instance, the forged information may be used by a thief to deceive a buyer that the thief is the actual owner of the domain name.

Forgery of a transfer authorization communication from a registrant to a registrar

This type of domain theft includes acts where the domain name thief submits a fake transfer authorization communication to the registrar. The communication appears to be sent by the registrant, which would allow the thief to take control over the domain name.

For example, in the U.S. case Kremen v Cohen 2001, the California District Court found that the defendant fraudulently obtained the registration of the domain name by sending a forged letter to Network Solutions, Inc., the domain registrar. As a result, the court awarded $65 million for damages resulting from the fraud.
The court justified the award by stating that, in the five years the defendant operated the “” website, he reaped profits amounting to more than 40 million dollars. The damage award also included $25 million in punitive damages.

2.4 Impersonation or a fraudulent act that leads to the unauthorized transfer of a domain name from a rightful name holder to another party

This type of domain name theft includes actions that may or not may lead to changes in the DNS configuration. If the theft does not lead to changes in the DNS configuration, it could remain undetected for a considerable period of time. In this case, the motive of the thief is not to immediately disrupt the domain holder’s operation, but to acquire and resell the domain name.

An example of such a theft is the and incident. Both domain names were previously registered and managed by a U.S. company and registered through Go Daddy Operating Company, LLC. Suddenly, an unidentified and unauthorized person used the name and the password of the company manager to log into his account and transfer the Domain names to another Registrant and Registrar (OnlineNIC, Inc.). In this incident, no changes had been made to the DNS configuration, and the services of the two domain names had not been affected.

The manager of the company submitted a Uniform Domain Name Dispute Resolution Policy (UDRP) claim to the online ADR Center of the Czech Arbitration Court requesting the transfer of the domain names to his company. UDRP is an administrative procedure allowing trademark holders to submit complaints to ICANN-accredited dispute resolution providers for disputes involving domain names that have been registered by an ICANN-accredited registrar. On November 21, 2012, a panelist of the Czech Arbitration Court delivered a decision transferring the domain names to the manager of the company.

Unauthorized DNS configuration changes that disrupt or damage services operated under a domain name

Unauthorized DNS configuration changes can be a result of DNS spoofing attacks (also known as DNS cache poisoning). In this kind of attack, data is introduced into a Domain Name System (DNS) name server’s cache database that results in the domain name server returning an incorrect IP address, diverting traffic to another computer (often the computer of the domain name thief). A typical example of DNS spoofing occurred in 1997 when Eugene Kashpureff redirected users attempting to connect to the InterNIC website to his own website.

Possibilities for recovery of stolen domain names

At present, victims of domain name theft can re-take control of the stolen domain names through dispute resolution procedures (Subsection 3.1). In addition, ICANN also considers the use of an emergency action channel (Subsection 3.2) between registrars that will be used in cases where an urgent response is required.

Dispute Resolution Procedures

The Uniform Domain Name Dispute Resolution Policy (UDRP) and the Transfer Dispute Resolution Policy (TDRP) established by ICANN are designed to impartially assess the factual circumstances of the case with the aim of determining the appropriate outcome of a dispute.

The Uniform Domain Name Dispute Resolution Policy (UDRP)

The Uniform Domain Name Dispute Resolution Policy (UDRP) is an effective means for recovery of stolen domain names. The total cost of UDRP (including attorney’s expenses) may vary between $1,000 and $2,000. The procedure will take at least two months to reach a decision. In order to succeed in a UDRP proceeding, a complainant must establish three elements: (1) the domain name is identical or confusingly similar to a trademark or service mark in which the complainant has rights; (2) the registrant does not have any rights or legitimate interests in the domain name; and (3) the registrant registered the domain name and is using it in “bad faith.”
A party who lost the proceedings may file a lawsuit in a national court against the domain name registrant.

In order to establish whether a domain name has been registered in “bad faith,” the UDRP panel will examine several factors, such as (1) whether the registrant registered the domain name with the aim of selling the domain name registration to the complainant, (2) whether the registrant registered the domain name to prevent the owner of the trademark or service mark from using the mark corresponding to his name, (3) whether the registrant registered the domain name primarily to disrupt the business of a competitor, and (4) whether the registrant tried to attract visitors by creating a likelihood of confusion with the complainant’s mark.

The Transfer Dispute Resolution Policy (TDRP)

The Transfer Dispute Resolution Policy (TDRP) is used for resolving disputes between two registrars engaging in Inter-Registrar domain name transfers. A TDRP dispute can be brought to the registry for a decision, or to a third-party dispute resolution service provider. In case that a registry operator is chosen, the decision of this registry operator may be appealed by the registrars to an independent dispute resolution provider. A decision made by an independent dispute resolution provider may be appealed only before a court.

3.2 Emergency action channel

The emergency action channel will provide 24/ 7 access to registrar technical support staff who are authorized to assess the situation and establish the magnitude and immediacy of harm. They are also entitled to take measures to restore registration records and DNS configuration to “the last working configuration.”

The emergency action channel will be supported by a contact directory of parties who can be reached during non-business hours and weekends and a companion policy. The companion policy will identify evaluation criteria (including circumstances and evidence) that a registrant must provide in order to obtain an immediate recovery of the domain.

The following circumstances will be taken into account when distinguishing when an urgent recovery policy may be a more appropriate action than the TDRP: (1) immediacy of the harm, (2) the magnitude of the harm, and (3) escalating impact.


This article has shown that domain name theft is a serious issue that can lead to the loss of the domain name and the interruption of services operating under it. It has also shown that domain name theft is a broad term that encompasses several acts of wrongful takeover of a domain name. While domain name thefts that interrupt services will probably be immediately noticed by the legitimate domain name holders, those that do not lead to changes in the DNS configuration may remain unnoticed for a long period of time.

At present, the people/organizations whose domains were stolen may rely mainly on the dispute resolution procedures established by ICANN and on the use of litigation. The UDRP and TDRP procedures are relatively quick and cheap (compared to litigation). However, it should be noted that many victims of a domain name theft may not be able to pay the dispute resolution fees. This is especially true for people in developing countries for which a dispute resolution fee of $2,000 could be equal to their annual salary.

In order to prevent thefts of domain names, companies and individuals may take the following four preventive measures. First, they should not use Hotmail, Gmail, or other free email services as the contact email on the domains. Because free email services have many security vulnerabilities, thieves often hack them and authorize a transfer. Second, companies and individuals need to create as secure a password as possible at their registrar. The use of a completely random password containing upper and lower-case letters and numbers is desirable. Third, in order to ensure the best protection of their domain name, companies and individuals are advised to use a trusted registrar. The well-known registrars provide adequate security precautions. Lastly, when selling domain names, it is advisable to use escrow services. Using an escrow service is a good way to prevent fraud schemes.

Daniel Dimov is a security researcher for InfoSec Institute. InfoSec Institute is a security certification company that has trained over 15,000 people including popular CEH and CCNA certification courses.

Dec 23 2012

Eight Handy Security Tools For a Novice

Here is a compilation of a few tools that we need to be aware of. The power, the performance and the capabilities of these tools are limited only to the creativity of the attacker. Let’s dig into the list.

1. Maltego:

Following the well-defined hacker cycle, let’s start off with reconnaissance tools. Maltego is a very well-known tool for information gathering. The tool comes with personal reconnaissance and infrastructure reconnaissance. With personal reconnaissance, a person is able to obtain another person’s profile from the email address, name, or phone number using the search engines. The Maltego framework comes in two versions – a commercial version and a community edition. Registration is mandatory for using this tool. Only the commercial version allows saving the output from the reconnaissance. With infrastructure reconnaissance a person can get information related to subdomains and servers of a network. This information is gathered using what we call transformations in Maltego. Various transformations give results depending on the way the results are manipulated, grepped, and translated into new search queries.

2. Metasploit:

Following this, we move on to the exploitation tools. The most used exploit development framework is the Metasploit framework by Rapid 7. Initially developed as a game, it has evolved into one of the most powerful exploit development frameworks. It allows using custom exploits by using something called “porting of exploits”.

Porting exploits involves taking a proof of concept exploit which just delivers some particular shellcode, commonly a calc.exe launcher or notepad launcher, and weaponizing it to be used in the framework with features. These features include things like custom payloads, encoders, and other benefits.

The Metasploit framework is not just an exploit delivery vehicle. It also contains some tools for exploit development.

It can also be used for generating offsets, writing exploits, and exploitation of different operating systems and architectures. It has various modules and exploits.

A third party extension that provides a GUI is Armitage. The commercial has its own GUI, which is not included in the community edition.

Backdooring executables can be carried out by a module named as msfpayload.


GHDB stands for Google Hacking DataBase. Google is the most powerful tool for a user to perform attacks. Specially crafted words given as input to Google are named as Dorks or Google dorks. These dorks can be used to reveal vulnerable servers on the Internet. They can be used to use to gather sensitive data, files that are uploaded, sub domains, and more. GHDB can make it easier to find the right Google dorks for your needs.

Offensive Security maintains a collection of Google dorks under a section called GHDB.

4. Social Engineering Toolkit:

This tool is built into Backtrack. It presents the social engineering attacks in an automated fashion. Is it encoding of scripts, binding Trojans to legitimate files, creating fake pages, harvesting credentials? This tool is a one stop shop for all these requirements. It has the ability to use Metasploit based payloads in the attack, making the framework all the more lethal with all professional exploits from the Metasploit framework.

5. HULK – A web server DoS Tool

Brainchild of Barry Steinman, this tool distinguishes itself from many of the other tools out in the wild. According to its creator, the tool was the result of his conclusion that most tools out there produce repeated patterns which can easily be mitigated. The principle behind HULK is to introduce randomness to the requests to defeat cache-ing and host identification technologies. This is to increase the load on the servers as well as evade the IDS/IPS systems.

6. Fear The FOCA

The FOCA is a metadata harvesting tool. It can analyze meta data from various files like doc, pdf, ppt etc. From this data it can enumerate users, folders, emails, software used, operating system, and more. There are customization options available in the tool too. The crawl option allows you to search the related domain website for additional information. The meta data can be extracted from a single file or from multiple files. Thus FOCA is a great tool in the reconnaissance phase to extract information from the meta data.

7. W3af – Web application attack and audit framework

This project is a web application attack framework sponsored by the same company that makes Metasploit. W3af is used to exploit web applications. It presents information regarding the vulnerabilities and supports in the penetration testing process. It is mainly divided into two parts: core and plugins. Currently it’s partnered with Rapid7, the team that maintains the Metasploit framework. There is a plugin for saving reports to disk for later reference. The plugins can be custom written. Communication between plugins can be automated.

8. EXIF Data viewers

Smartphones and digital cameras use a standard to specify additional meta data for images and sounds that are recorded using them. This standard is called Exchangeable Image File Format. Various EXIF data viewers are available. The data recorded can include details about type of camera. More importantly, they can contain the geo-location information within them. In fact, by default all smartphones have the GPS setting switched ON. This can potentially leak your location when the image was taken. The accuracy is such that the latitude and longitude will be provided when extracting the EXIF data, thus leaking possibly private information.


These are a few handy tools that a beginner in info-sec needs to be aware of. Other tools and their capabilities will be followed in the continuing articles.

Shathabheesha is a security researcher for InfoSec Institute. InfoSec Institute is a security certification company that has trained over 15,000 people.

Oct 24 2012

3 Best Practices for Optimum Network Security

Following best practices should really be a no-brainer but sometimes administrators managing security have a habit of forgetting one very important practice – that of letting technology help them. Too often, admins are bogged down by numerous manual tasks that could easily be automated – and in so doing, improve overall security and efficiencies. A network security scanner is one tool that should be in every network security best practice manual because it helps them follow best practices with minimal effort. Let’s see why.

1.     Antivirus solutions are up-to-date:

It is good to have a desktop-based antivirus solution; this however will be of little use if for some reason your antivirus definition files are outdated. Making sure each machine has an updated antivirus package can be really time-consuming. Luckily, many good network security scanners can do that for you and automatically inform you when any antivirus definition fields are out-of-date.

2.     Good patch management:

Performing proper patch management is tricky business. Deploying patches as they are made available might seem like the proper thing to do, especially since this will reduce the vulnerability window but patches change software at a core level. This can cause compatibility issues which, in turn, can cause downtime – just what you’re trying to avoid. For this reason patches need to be tested in an environment that mirrors your live environment as much as possible. A network security scanner can generally provide the information needed to be able to build such an environment.

Once patches are tested and deployed on the live environment, it is important to ensure they have been deployed successfully. Failing to do this verification can result in a false sense of security as the environment you’d believe is secured with the latest patches might actually be missing a patch that failed to be deployed.

A good network security scanner reduces the time required to do all the above, allowing the administrator to focus on more urgent tasks.

3.     Change Management:

Some users will try, and manage, to get around company policies. They might do this with the best intentions by installing software to help them do their job more efficiently – even though software installs are not permitted. Or they might break the rules with intent. A good network security scanner can scan your machines and look for any change no matter what it might be. This can be very difficult, if at all possible, to do manually.

A good network security scanner can make the life of an administrator much easier because it allows them to follow many network security best practices with little effort. In security, doing the absolute minimum and not thinking things through properly can be as risky as ignoring security altogether. If time is an issue, implementing a network security scanner could give you a lot more breathing space.

This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Discover what other benefits a network security scanner can offer your organization.

All product and company names herein may be trademarks of their respective owners.

Jul 28 2012

Changing VNC password from Mac OSX terminal

As many of you might have already know MAC OSX has a somewhat integrated version of the ever popular VNC server under the name of screen Sharing; this will allow you to connect to the desktop of another MAC. This is all great, however what if you are not able to access that Mac to change the password and you only have SSH access into the device how can you change the password to allow you desktop access?

Don’t get me wrong being an enthusiast  of Linux I dont have a problem working from the terminal but certain things are better done with the GUI if you are pressed for time.

Some background; once you have enabled remote management and screen sharing on a MAC the following files are created within the /Library/Preferences folder:


If these files are not present then this service was not enabled and you can manually create these files from the terminal using your favorite text editor. The file of interest to us today is , this file contains a hashed value of the VNC password a simple 32 character alphanumeric string.

By default this file has a permission of 400 or read only and is only accessible to Root. So after I noticed that this file was present, I immediately changed the permission so I could read it and started thinking of ways to reverse the file. Since time was of the essence  I did the following instead:

  1. Change the file permission:

chmod 777

2. Next I created a VNC password on a MAC that I have access too then SSH into that MAC and copied the   hash value from that machine’s version of

3. I then SSH back into the original MAC that I was locked out of and echoed that new value into the same file on the first MAC.

$ echo “A8G8B8AOD8FHA8DFAHD8F” >

 4.  Lastly just restart the service and logo with your newly created password

 $ sudo /System/Library/CoreServices/RemoteManagement/ -restart -agent

Have fun and let me know if it worked! Sometimes the easiest solutions are the best ones :)

Jul 16 2012

eForensics Magazine | Free Digital Forensics Magazine

eForensics Magazine is a downloadable magazine focused on digital forensics. It features articles by digital forensics specialists and enthusiasts, experts in Mobile, Computer, Network and Database Forensics. We cover all aspects of electronic forensics, from theory to practice, from methodologies and standards to tools and real-life solutions. Each magazine features a cover focus, and articles from our regular contributors, covering news and up-to-date topics.

It is devoted to the best digital forensics services providers, who will show you the digital forensics world from their perspective. It’s an excellent opportunity to observe trends on the market for the readers, and for companies – to share their invaluable knowledge.

The magazine is available in two subscription options:


Free subscription features 1 issue in a month, each containing about 50 pages of content.


Annual subscription features 48 issues in a year – 4 issues in a month, each containing about 200 pages of content. Different title is published every week:

  • eForensics Computer – 1st of every month
  • eForensics Database – 7th of every month
  • eForensics Mobile – 15th of every month
  • eForensics Network – 22nd of every month


In addition the first issue (eForensics Mobile) to be published July 18th. Inside:

– Mobile Phone Forensics – Huge Challenge of the Future
– Issues in Mobile Device Forensics
– Carving disk partitions using DD

Subscribe for free here:

Alibi3col theme by Themocracy