hakin9_2011_01_37.pdf

01/2011 (36)

PRACTICAL PROTECTION IT SECURITY MAGAZINE

Dear Readers,

Here we are, another year with Hakin9 magazine is coming

to an end. Hopefully, the 2010 was good for all of you but

still we are always hoping the next year to be better. Hakin9

team would like to wish you all the best in the New Year and

a great New Year’s Eve!

Since the end of year is always a time for summaries we

have prepared such brief for you. Gary Miliefsky, one of the

most devoted contributors of Hakin9, presents Cybercrime

and Cyberwar Predictions for 2011. He discusses new attack

vectors, more innovative exploits and much more.

Another review is presented by Julian Evans, Hakin9’s ID

fraud expert, who discusses the power of social web and the

threats is brings.

I would also recommend you to take a look at thearticle

Sharing Malware by Matt Jonkman. Just to encourage you see

the abstract: There is a lot of malware out there, and a lot of

people interested in analyzing what they can find. Commercial

services, friendly alliances, and others set up to collect and

share those samples. Is this a good idea?

team

Editor in Chief: Karolina Lesińska

karolina.lesinska@hakin9.org

Editorial Advisory Board: Matt Jonkman, Rebecca Wynn,

Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt

DTP: Ireneusz Pogroszewski

Art Director: Ireneusz Pogroszewski

ireneusz.pogroszewski@software.com.pl

Proofreaders: Dylan Sachs

Top Betatesters: Rebecca Wynn, Bob Folden, Carlos Ayala, Steve

Hodge, Nick Baronian, Matthew Sabin, Laszlo Acs, Jac van den

Goor, Matthew Dumas, Andy Alvarado

Special Thanks to the Beta testers and Proofreaders who helped

us with this issue. Without their assistance there would not be a

Hakin9 magazine.

Senior Consultant/Publisher: Paweł Marciniak

Judge yourself!

CEO: Ewa Łozowicka

ewa.lozowicka@software.com.pl

Once again – Happy New Year to all of you!

Production Director: Andrzej Kuca

andrzej.kuca@hakin9.org

Enjoy your reading

Karolina Lesińska

Editor-in-Chief

Marketing Director: Karolina Lesińska

karolina.lesinska@hakin9.org

Subscription: Iwona Brzezik

Email: iwona.brzezik@software.com.pl

Publisher: Software Press Sp. z o.o. SK

02-682 Warszawa, ul. Bokserska 1

Phone: 1 917 338 3631

www.hakin9.org/en

REGULARS

6 in Brief

Latest News From the IT Security World

Armando Romeo, eLearnSecurity

ID Theft Protect

Whilst every effort has been made to ensure the high quality of

the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only for

informative purposes.

8 Tools

Active Wall

by Michael Munt

All rights to trade marks presented in the magazine are

reserved by the companies which own them.

To create graphs and diagrams we used

program

9 Book review

A Beginners Guide to Ethical Hacking

by Shyaam Sundhar

The editors use automatic DTP system

Mathematical formulas created by Design Science MathType™

DISCLAIMER!

The techniques described in our articles may only

be used in private, local networks. The editors

hold no responsibility for misuse of the presented

techniques or consequent data loss.

46 ID fraud expert says...

The Social Web Threat

by Julian Evans

44 Emerging Threats

Sharing Malware

by Matthew Jonkman

01/2011

CONTENTS

BASICS

10 Pros and Cons of Partial Passwords in Web

Applications

by Darek Łysyszyn

Almost every web application requires some form of user authentication.

Typically, this would be a username/password combination, where

the user is required to type their full password. But why is this?

Convenience? Tradition? Derek Lysyszyn takes a closer look at an

alternative solution called partial passwords.

ATTACK

12 Target Attacks via Email

by Pedro Bueno

How easy is it for the bad guys to create an exploit based on publicly

available information? How do they execute targeted attacks, who are

they targeting, and what types of malware are they using? Pedro Bueno

investigates.

22 Spyware Threat Invades BlackBerry App World

by Mayank Aggarwal

Lately, Google’s Android Market has attracted the attention of the

security community for not vetting or ensuring the authenticity of the

applications posted on its app market. Earlier this year, the Junos

Pulse Global Threat Center team performed a thorough analysis of the

Android Market and unveiled numerous malware applications disguised

as utilities or game applications. Since then, several research studies of

the malicious nature of applications on Android Market have surfaced

and all the studies concluded that the Android Market has been hosting

a large number of malicious applications, which forced Google to

enforce a Remote Kill switch for the malicious applications.

DEFENSE

26 Open WiFi and Firesheep

by Joseph Webster

Recently there’s been a lot of commotion in the press about a new threat

to privacy at open WiFi hotspots known by the humorous moniker

Firesheep. What’s new about Firesheep isn’t the exploit – HTTP session

hijacking has been well known for years – it’s that Firesheep is a simple

Firefox plug-in that is available to anyone and requires no technical

expertise to utilize. In other words it allows anyone with Firefox and

Firesheep to be a hacker. No experience required.

30 Cybercrime and Cyberwar Predictions for 2011

by Gary Miliefsky

In my last article, I showed you where to find some of the best and

mostly untapped resources available to improve your personal

computer and network security posture. In this article, I will share

with you some great resources on researching trends of Cybercrime

and Cyberwar and from my own research my conclusions on what is

coming our way in 2011.

www.hakin9.org/en

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: