[08/10] Linux Security Summit 2010 slides published

I've updated the papers section of the site to include my slides from the Linux Security Summit 2010. The title of the presentation was "Linux Security in 10 Years". In the presentation, I demonstrated the threat of kernel exploitation, how kernel exploitation subverts access control/container-based security, the need to have a broader view of system protection, in particular the need for kernel self-protection.

# grsecurity

Read more »

Posted in: Linux,Security,Tutorial

Havij v1.13 Advanced SQL Injection

Description:

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.


What's New?

* Oracle error based database added with ability to execute query.
* Getting tables and column when database name is unknown added (mysql)
* Another method added for finding columns count and string column in PostgreSQL
* Automatic keyword finder optimized and some bugs fixed.
* A bug in finding valid string column in mysql fixed.
* 'Key is not unique' bug fixed
* Getting data starts from row 2 when All in One fails - bug fixed
* Run time error when finding keyword fixed.
* False table finding in access fixed.
* keyword correction method made better
* A bug in getting current data base in mssql fixed.
* A secondary method added when input value doesn't return a normal page (usually 404 not found)
* Data extraction bug in html-encoded pages fixed.
* String or integer type detection made better.
* A bug in https injection fixed.

How to use

This tool is for exploiting SQL Injection bugs in web application.

For using this tool you should know a little about SQL Injections.

Enter target url and select http method then click Analyze.

Note: Try to url be valid input that returns a normal page not a 404 or error page.



Licence

The free version of Havij is free software. We hope it be useful for you.
This software is provided "as is" without warranties.
Feel free to share and distribute it anywhere but please keep the files original!

There is a commerical version of Havij that is not free.
To purchase Pro version of Havij please visit Here


Disclaimer

We are NOT responsible for any damage or illegal actions caused by the use of this program. Use on your own risk!

Follow the link below to download Havij 1.13 free version:

Havij v1.13 Free (MD5 checksum: 276a84bda58a9def55eef35bf2838a77)


#indonesiancoder.com

Read more »

Posted in: Hacking,Havij,Tools,Tutorial

Vigilantes Take Offensive in WikiLeaks Censorship Battle

Internet vigilantes stepped up attacks in support of WikiLeaks on Wednesday, downing Visa’s web site in a widening protest against a handful of companies that banned the secret-spilling site after it began publishing hundreds of secret U.S. diplomatic cables.


The outages, organized by the group Anonymous under the banner “Operation Payback,” have taken the battle between WikiLeaks supporters and opponents over web censorship to the streets, so to speak, sparking a series of tit-for-tat retaliations that appeared to be growing at the time this article was posted.

At stake is not just the future of WikiLeaks, the protesters seem to believe, but freedom on the net in general — a principle worth defending by any means possible, however dubious.

“There are people that want to send a message that the Internet is a sovereign territory,” according to Barrett Lyon, CEO of 3Crowd and one of the early pioneers in fighting DDoS (distributed denial of service) attacks from 2000 to 2006.

Online speech and corporate attempts to control it have sparked firefights before, but the naked control of commercial service providers over WikiLeaks’ cash flow and internet presence has sparked an unprecedented reaction that may not be easily brought to heel.

An Anonymous member or sympathizer wrote to Wired.com to announce the attacks, passing along this statement from the chat channel being used to organize the attack:

We are the clear logic used to unveil wrongdoing. The general public, clouded by misleading information mostly by the media with a political agenda, fails to see and understand this wrongdoing. Because of this, those who do the wrongdoing escape unpunished. Anonymous is here to ensure punishment does not go unserved to those who deserve it.

In an interview, Lyon called the attacks historic in how well-organized the attackers are, estimating as many as 5,000 people may be involved and noting that the organizing site includes an FAQ, a propaganda operation and a radio station.

Anonymous, which has its roots in the uncensored crook of the 4chan message boards, has a history of such attacks, including a recent campaign against the record industry for attacking file sharing sites, mass-infiltrating an online game for kids to protest its stupidity, and an earlier long-running campaign against the Church of Scientology.

The Scientology attacks were investigated by the FBI, and at least one Anonymous member was jailed for his part in clogging Scientology’s websites.

Few who are part of Anonymous are actual “hackers,” and instead join in the attacks by running specialized software provided by more technically adept members. Instruction for which sites to target and when are passed around dedicated online chat channels and websites, creating a sort of online insurgency.

Anonymous’ DDoS tool has an unusual twist, according to Lyon, incorporating features that allow members to connect to the botnet voluntarily, rather than mobilizing hijacked zombie machines. It is called LOIC, which stands for “Low Orbit Ion Cannon,” and evolved from an open source website load-testing utility. A new feature called Hivemind was added, which connects LOIC to anonops for instructions, and allows members to add their machines to an attack at will.

However the software does not mask a user’s IP address, and has generated complaints from its users that it sucks up all their available bandwidth when it’s in attack mode.

Despite the high level of organization, Lyon said the attacks themselves are not particularly sophisticated. “It is mediocre, at best,” he said. “There is a lot they are doing wrong, and yet they are still succeeding.”

Visa.com stopped responding early Wednesday afternoon Pacific time, while Mastercard.com fell at least eight hours earlier and remains unresponsive. Neither company’s backend credit-processing systems are affected, though purchases that require a secondary web confirmation (e.g. Verified by Visa and Mastercard SecureCode) are reportedly not working, since they require online verification.

Mastercard, Visa and PayPal all cut off WikiLeaks in the past week, citing violations of their “terms of service” agreements, but no such action has been taken against The New York Times and other publications that are reprinting and reporting on the cables.

The U.S. State Department has called the ongoing publication of the 250,000 diplomatic cables “illegal,” but no charges have been filed against the site. Publishing government documents, even classified ones, is not explicitly illegal in the United States, though it is in England.

WikiLeak’s credit card processor Datacell is planning to sue over the shutdown, according to WikiLeaks’ Twitter feed.

Anonymous earlier attacked and took down for several hours a Swiss bank that froze an account belonging to WikiLeaks founder Julian Assange. Anonymous is also aiming at PayPal.com, an attack which could, if successful, block financial transactions, but so far that site remains up.

Twitter and Facebook, meanwhile, which have so far refused to ban WikiLeaks, dropped Anonymous late Wednesday, prompting the group to re-register on Twitter within minutes under a new name.

Adding to the insult, Anonymous on Wednesday afternoon publicly posted what looks to be more than 10,000 credit card numbers along with expiration dates, though early analysis indicates the numbers are fake.

On Wednesday, even as its site was inaccessible, Visa sought to assure the public that everything was fine.

“Visa’s processing network, which handles cardholder transactions, is functioning normally, and cardholders can continue to use their cards as they routinely would. Account data is not at risk,” the company said in a e-mailed statement.

Visa, however, dodged the question of why it blocked WikiLeaks and seemed to be trying to shrug off the takedown as if no attack were underway.

“Separately, Visa’s corporate website — Visa.com — is currently experiencing heavier-than-normal traffic. The company is taking steps to restore the site to full operations within the next few hours.”

WikiLeaks itself has suffered from denial of service attacks since last Sunday, including one from a “patriotic” hacker. That’s when the site began publishing cables provided to the site by Pfc. Bradley Manning, according to chat logs first reported by Wired.com, who had access to them as part of his work as an intelligence analyst in Iraq. Manning is in jail in Quantico, Virginia, awaiting trial.

Assange is also now in custody in London related to sex-crimes charges in Sweden, which has the organization scrambling to operate. Assange is expected to fight extradition.

Read more »

Posted in: Barrett Lyon,Cables,DDoS,Julian Assange,WikiLeaks

Maria Ozawa getting married?

Read more »

Posted in: Maria Ozawa,Married

GnackTrack RC2 Has Just Been Released

After a mad rush over the last few days we have managed to get GnackTrackR2 ready as a direct replacement for GnackTrackFinal. We have updated many of the tools within the feed and have also installed the 2.6.35 kernel with patched wireless drivers.

This version, and version here after, will unfortunately not include Nessus but you can still download your copy from the NessusTenable website. Lets hope in the future Tenable will give us permission to re-integrate it.




Click here to download the live CD GnackTrackR2.iso

e3d144f39b3f912a508c6654656d8b88 GnackTrackR2.iso

Or here to download the VMWare image GnackTrackR2.7z

93566c5bcd8260f7dc8c2cc1e4bee6b6 GnackTrackR2.7z

Read more »

Posted in: Downloads,GnackTrack,Nessus,RC2

PayPal banned WikiLeaks after US gov intervention

A PayPal executive said his company's decision to suspend payments to Wikileaks came after the US State Department said the whistle-blower site was engaged in illegal activity. The comment came shortly before PayPal agreed to release the remaining funds in the WikiLeaks fund-raising account.

Press accounts from The Guardian and TechCrunch differ, but both claim that PayPal's move was influenced by statements from the State Department.

“State Dept told us these were illegal activities,” PayPal VP of platform Osama Bedier told the LeWeb conference in Paris, according to this report from The Guardian. “It was straightforward. We ... comply with regulations around the world, making sure that we protect our brand.”


TechCrunch reported much the same thing but later updated its post to say: “After talking to Bedier backstage, he clarified that the State Department did not directly talk to PayPal.” He went on to say that the online payment service was influenced by a November 27 letter State Department officials sent Wikileaks founder Julian Assange and his attorney.

“As you know, if any of the materials you intend to publish were provided by any government officials, or any intermediary without proper authorization, they were provided in violation of US law and without regard for the the grave consequences of this action,” the letter, signed by State Department legal adviser Hongju Koh, stated. “As long as WikiLeaks holds such material, the violation of the law is ongoing.”

The letter didn't cite any specific US statutes WikiLeaks was violating.

WikiLeaks went on to release a trove of State Department memos that aired confidential diplomatic communications.

PayPal representatives didn't respond to emails seeking clarification about the influence of the State Department.

But late on Wednesday, PayPal General Counsel John Muller said: “While the account will remain restricted, PayPal will release all remaining funds in the account to the foundation that was raising funds for WikiLeaks. According to The Washington Post, there was about $80,000 in the account.

Muller went on to defend the permanent closure of the account by saying the online payment site is “required to comply with laws around the world.”

“Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source,” he continued.

Muller's argument made no mention of organizations such as the International Tibet Network, which continues to solicit donations through PayPal even though some of their activities almost surely violate Chinese laws.

Over the past few days, other financial services, including Visa, MasterCard, and the Swiss bank Post Finance, have also suspended services to Wikileaks and Assange. The move has prompted criticism on Twitter and elsewhere by users who point out that Visa and MasterCard still permit payments to Ku Klux Klan groups but not to a group that so far has been charged with no crime.

Distributed denial of service attacks by people sympathetic to Wikileaks soon took out MasterCard and were also reported against EveryDNS.net, which suspended one of WikiLeaks domain names. US Senator Joe Lieberman and Sarah Palin – both outspoken WikiLeaks critics – and Swedish prosecutors, who are investigating Assange for alleged sexual offenses, have also been targeted, according to reports. A PayPal blog was also disrupted by attacks.

Read more »

Posted in: EveryDNS,John Muller,PayPal,The Washington Post,WikiLeaks

Art is Not a Crime

Made by mattdbk

#indonesiancoder.com

Read more »

Posted in: Art,Crime

Troubled Wikileaks Moves To Pirate Party Domain

After being cut off by its nameserver provider EveryDNS, Wikileaks has moved to a domain registered by Pirate Party Switzerland. EveryDNS was forced to stop its services to Wikileaks after continued DDoS attacks, creating yet another setback for the whistleblower site that has dominated the news this week.


The release of thousands of US embassy cables and the many more that are expected to come has propelled the whistleblower site Wikileaks to the front page of every respectable news outlet this week. But for the site itself it hasn’t been a smooth ride thus far.

After it suffered a continued DDoS attack on its servers earlier this week the site relocated to Amazon’s cloud hosting service, but just a day or two later it was pulled following complaints from the US government. Today, the hosting troubles continued and Wikileaks was forced to abandon its .org domain.

Due to prolonged DDoS attacks on the Wikileaks domain, nameserver provider EveryDNS decided to pull the plug on the site this morning. “These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites,” EveryDNS said.

According to a statement from the company, Wikileaks was properly notified about this issue a day in advance.

“Last night, at approximately 10PM EST, December 1, 2010 a 24 hour termination notification email was sent to the email address associated with the wikileaks.org account. In addition to this email, notices were sent to Wikileaks via Twitter and the chat function available through the wikileaks.org website. Any downtime of the wikileaks.org website has resulted from its failure to use another hosted DNS service provider,” a statement on the EveryDNS website explains.

After being cut off, Wikileaks decided to move from the .org to a .ch domain, which was registered by the Pirate Party Switzerland in June this year. An interesting move, but certainly not the most ideal solution.

Wikileaks’ tweet


The Swiss Pirate Party confirmed that they are now indeed the registrants of the new ‘official’ Wikileaks domain, which had been forwarding to the Wikileaks servers for a few months already. What is problematic, however, is that after being cut off by EveryDNS, Wikileaks has moved its operation to a .ch domain that uses the nameservers of the very same company.

This is not the first time a Pirate Party has helped out Wikileaks. Earlier this year the Swedish Pirates announced a hosting deal with the whistleblower site, to protect the freedom of the press.

“We welcome the help provided by the Pirate Party,” Wikileaks spokesman Julian Assange said at the time. “Our organisations share many values and I am looking forward to future ways we can help each other improve the world.”

For now Wikileaks.ch is up and running but it’s unclear how long it will stay up. The domain Wikileaks.org has not been seized so it is expected that the site will return there once it finds a new nameserver provider.

Update: The German Pirate Party is actively supporting Wikileaks as well.

Pirate Party registered Wikileaks

Read more »

Posted in: Cables,EveryDNS,Pirate Party,WikiLeaks

WikiLeaks fights to stay online after US company withdraws domain name

Everydns.net says attack against leaks site endangered other customers' service – effectively pushing site off the web


WikiLeaks was removed from its wikileaks.org address. Photograph: Joe Raedle/Getty Images


The US was today accused of opening up a dramatic new front against WikiLeaks, effectively "killing" its web address just days after Amazon pulled the site from its servers following political pressure.

The whistleblowers' website went offline for the third time in a week this morning, in the biggest threat to its online presence yet.

Joe Lieberman, chairman of the Senate's committee on homeland security, earlier this week called for any organisation helping sustain WikiLeaks to "immediately terminate" its relationship with them.

On Friday morning, WikiLeaks and the cache of secret diplomatic documents that have proved to be a scourge for governments around the world were only accessible through a string of digits known as a DNS address. The site later re-emerged with a Swiss domain, WikiLeaks.ch.

Julian Assange this morning said the development is an example of the "privatisation of state censorship" in the US and is a "serious problem."

"These attacks will not stop our mission, but should be setting off alarm bells about the rule of law in the United States," he warned.

The California-based internet hosting provider that dropped WikiLeaks at 3am GMT on Friday (10PM EST Thursday), Everydns, says it did so to prevent its other 500,000 customers of being affected by the intense cyber attacks targeted at WikiLeaks.

The site this morning said it had "move[d] to Switzerland", announcing a new domain name – wikileaks.ch, with the Swiss suffix. However, the new address still only points to an IP address, suggesting WikiLeaks has been unable to quickly find a new hosting provider.

The Wikileaks.ch domain name, which only surfaced on Friday morning, is being served by the Swiss Pirate Party. And the routing to it is still being done by everydns.

Late yesterday evening Tableau Software, a company which published data visualisations, pulled one of its images picturing the WikiLeaks diplomatic cables at the request of Senator Lieberman. Writing on the company's blog, Elissa Fink said: "Our decision to remove the data from our servers came in response to a public request by Senator Joe Lieberman, who chairs the Senate Homeland Security Committee, when he called for organisations hosting WikiLeaks to terminate their relationship with the website."

Mark Stephens, the London-based lawyer acting on behalf of Assange, wrote on Twitter after the shutdown:

Pressure appears to have been applied to close the WikiLeaks domain name.

Andre Rickardsson, an expert on computer security at Sweden's Bitsec Consulting, told Reuters: "I don't believe for a second that this has been done by everydns themselves. I think they've been under pressure," he said, apparently referring to US authorities.

A new Germany-based WikiLeaks domain – wikileaks.dd19.de – also appeared on Friday morning, with its data apparently hosted in California. People have also taken to setting up alternative domain names that point to the WikiLeaks address. Robin Fenwick, a UK-based web services director, this morning launched Wikileeks.org.uk – a "joke domain" that points to the WikiLeaks DNS address.

In a statement on its website, the free everydns.net service said that the "distributed denial of service" (DDOS) attacks by unknown hackers – who are trying to knock WikiLeaks off the net – meant that the leaks site was interfering with the service being provided to other users. That in turn meant that WikiLeaks had broken everydns.net's terms of service, and it cut the site off at 3am GMT on Friday (10PM EST Thursday).

DNS services translate a website name, such as guardian.co.uk, into machine-readable "IP quads" – in that case 77.91.249.30, so that http://77.91.249.30 will show the Guardian site. If the DNS fails, the site is only reachable via IP address – but WikiLeaks has not yet provided one via Twitter or other means.

Everydns.net said that the attacks – which have been going on all week, and led the site to temporarily host its services on Amazon's more resilient EC2 "cloud computing" service – "threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites".

WikiLeaks was given 24 hours' notice of the termination, and everydns said: "Any downtime of the wikileaks.org website has resulted from its failure to use another hosted DNS service provider."

The move comes after several days of WikiLeaks coming under a determined DDOS attack, apparently from hackers friendly to the point of view of the US government, which has disparaged the site's leaking of thousands of US diplomatic cables.

US companies have also come under intense political pressure to remove any connection to, or support for, WikiLeaks. Amazon ended its hosting of the cables on its EC2 cloud computer service earlier this week, but last night insisted in a blogpost that its decision was not due to pressure from Senator Joe Lieberman, who has called for the removal of the data – and who has influenced at least one other US company to withdraw support for WikiLeaks data.

In a blogpost late on Thursday, Amazon said reports that government inquiries prompted it to remove the data were "inaccurate".

Amazon said:

[Amazon Web Services] does not pre-screen its customers, but it does have terms of service that must be followed. WikiLeaks was not following them. There were several parts they were violating. For example, our terms of service state that "you represent and warrant that you own or otherwise control all of the rights to the content… that use of the content you supply does not violate this policy and will not cause injury to any person or entity". It's clear that WikiLeaks doesn't own or otherwise control all the rights to this classified content. Further, it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren't putting innocent people in jeopardy.

It noted that:

When companies or people go about securing and storing large quantities of data that isn't rightfully theirs, and publishing this data without ensuring it won't injure others, it's a violation of our terms of service, and folks need to go operate elsewhere.

But as commentators have pointed out, that stance is contradicted by the fact that Amazon has previously hosted the "war logs" from WikiLeaks which contained data about the US wars in Afghanistan and Iraq.

Connecting to WikiLeaks is presently not possible until it gets a new DNS service. WikiLeaks itself said on Twitter that the ending of DNS services was allegedly due to "claimed mass attacks" and called for further donations to "keep us strong".

Read more »

Posted in: Joe Lieberman,Julian Assange,Twitter,WikiLeaks

WikiLeaks cables: Live Q&A with Julian Assange

The founder of WikiLeaks, Julian Assange, will be live online from 1pm today to answer readers' questions about the release of more than 250,000 US diplomatic cables

Read Julian Assange's answers to your questions


Julian Assange, wikileaks founder. Photograph: Guardian


Update: Thank you for all your questions. We have now closed comments on this article. Read Julian Assange's answers here.

WikiLeaks founder Julian Assange is at the centre of intense media speculation and a hate campaign against him in America, following the leak of 250,000 US diplomatic cables.

He will be live online to answer Guardian readers' questions at 1pm today, subject to his access to an internet connection - which is very much a live issue. His online interview comes at the end of a week of shocking revelations from the cables and on a day when WikiLeaks has been fighting US attempts to take its website down.

Assange will answer your questions in the comments section below. From 1pm you will need to navigate to the latest comments for his replies.

Read more »

Posted in: Cables,Julian Assange,WikiLeaks