Trends in Denial of Service Attack Technology

Internet Security Whitepapers Denial of Service

The traditional intent and impact of DoS attacks is to prevent or impair the legitimate use of computer or network resources. Regardless of the diligence, effort, and resources spent securing against intrusion, Internet connected systems face a consistent and real threat from DoS attacks because of two fundamental characteristics of the Internet.

Mac OS X Hacking Tools

Internet Security Whitepapers MAC OS Hacking

The Jargon File is a popular lexicographic resource amongst hackers (and nonhackers too). Although it might have some subjective definitions I may not agree with, I have conveniently quoted verbatim the definitions of the terms "hacker" and "tool" as a preface to the contents of this page. This page is a compendium of some programs you might come across while tinkering with Mac OS X. Documentation for most of these tools exists, therefore my aim is not to reproduce documentation, but simply to maintain a cache of relevant information. I believe this would be useful to those who are new to Mac OS X, but are interested in exploring the system at a low(er) level. Note that many of the tools listed here are ones that are either new to Mac OS X (as compared to Unix style systems), or are different from their Unix counterparts. In other words, I have avoided listing "standard" Unix/BSD tools.

Alternate Data Streams - What's Hiding in Your Windows NTFS?

Internet Security Whitepapers Cryptography System Hacking

Hackers and malware authors have a strong motivation to keep you from finding their malicious software on your system. If you find it, you can delete it. If you delete it, the malware author doesn't make money-yes, this is a for-profit business. Panda software, a respected anti-virus and anti-malware vendor, reports that from January - March of 2006, 70% of the malware released on the Internet was trying to make money for the authors in one way or another.

A Guide to Security Hardening for Apple Mac OS

Internet Security Whitepapers MAC OS Hacking

This document covers numerous methods to harden Mac OS X, from both a local user and network perspective. It is primarily aimed at the single-user Macintosh client machine owned and used by a security conscious user. Its methods can be equally applied to a multi-user machine; however there are numerous additional security risks presented the moment a Mac OS X machine is made multi-user.

Footprinting and Hacking: An Analysis of Current Methodology

Internet Security Whitepapers Ethical Hacking Footprinting

Hacking has become a significant threat to networks exposed to the Internet. In order to prevent systems from being hacked, the methods used by hackers must be well understood. Hackers begin by selecting and footprinting a target network. Once the target network is mapped, hackers proceed to map vulnerabilities and gain access by cracking passwords, using stack-smashing attacks, or spoofing the IP address of trusted machines. Hackers can then sniff internal network traffic or find other hosts that contain vital company secrets. Finally, a hacker can clean up system logs in order to conceal the fact that an attack occurred. In this paper we explain how each of these attack techniques is carried out.

8 Steps to Protect Your Cisco Router

Internet Security Whitepapers Hacking Routers, Cable Modems and Firewalls

Network security is a completely changing area; new devices like IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), and Honeypots are modifying the way people think about security. Companies are spending thousand of dollars on new security devices, but forgetting the basic, the first line of defense: the border router. In this article it will give you 8 steps, easy to follow, to minimize your Cisco router exposure by turning off some unused services, applying some access control and applying some security options available on that.

A Large Scale Study of Web Password Habits

Internet Security Whitepapers Web Based Password Cracking

Passwords play a large part of the typical web user's experience. The are the near universal means for gaining access to accounts of all kinds. Email, banks, portals, dating and social networking sites all require passwords. So important are they that HTML has a special form field to allow for the special treatment they require, and an important role of SSL is protecting the secrecy of passwords from observers of the connection. Alternative to passwords certainly exist. Hardware authentication, e.g. [1], is sometimes used for access to corporate networks. However, this requires an issuing authority and seems to be limited to environments that justify the cost, such as in the employer-employee relationship. Challenge response authentication has the advantage that observing a single successful sign in does not allow an attacker to gain the secret.

Buffer Overflows Attacks and Defenses for the Vulnerability of the Decade

Internet Security Whitepapers Buffer Overflows Exploit Writing Techniques

Buffer overflows have been the most common form of security vulnerability for the last ten years. More over, buffer overflow vulnerabilities dominate the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. If buffer overflow vulnerabilities could be effectively eliminated, a very large portion of the most serious security threats would also be eliminated. In this paper, we survey the various types of buffer overflow vulnerabilities and attacks, and survey the various defensive measures that mitigate buffer overflow vulnerabilities, including our own StackGuard method. We then consider which combinations of techniques can eliminate the problem of buffer overflow vulnerabilities, while preserving the functionality and performance of existing systems.

10 Reasons not to Buy an iPhone

Internet Security Whitepapers Hacking Mobile Phones, PDA & Handheld Devices

The iPhone looks cool, but if you're a serious business user, there are other, less expensive cell phones that provide better functionality. And even if you're not a business user, unless you have plenty of money lying around and absolutely must have the latest neat gadget as soon as it comes out, I'd recommend waiting for version 2 of the iPhone, which, we hope, will cost less and fix at least a few of these issues.

Advanced SQL Injection in SQL Server Applications

Internet Security Whitepapers SQL Injection

This document discusses in detail the common 'SQL injection' technique, as it applies to the popular Microsoft Internet Information Server/Active Server Pages/SQL Server platform. It discusses the various ways in which SQL can be 'injected' into the application and addresses some of the data validation and database lockdown issues that are related to this class of attack. The paper is intended to be read by both developers of web applications which communicate with databases and by security professionals whose role includes auditing these web applications.

Explore What's Inside Security Science

Global Internet Security News Global Internet Security News
Elevates people's awareness level by providing the most informative security related news and events, which includes, but is not limited to, financial and business security, information and technology security, as well as corporate and individual security worldwide.
Information Security Information Security
Security Policy Resource page, a compiled research project of the SECURITY-SCIENCE team. The ultimate goal of this project is to offer everything you need for swift development and implementation of information security policies. You'll find a great set of policies posted here, including, but is not limited to, procedures and guidelines, that you can easily align to your company’s security requirements.
Internet Security Tools Internet Security Tools
State of the art security technology solutions (software, hardware, appliances and gadgets--including HOWTOs and guidelines) for computer and network defense, perimeter protection and environment security and safety.
Learn Internet Security Science Learn Internet Security Science
Provides superior security education on how to counter attack security risks, threats and vulnerabilities by using the most advanced techniques practiced and put into application by professional hackers, forensics, investigators and penetration testers.
Grokker - Technology Encyclopedia Hackopedia
A free security encyclopedia for computer, Internet and security terms and definitions created, researched, reviewed and maintained by Security-Science.
Internet Security Experts - Knowledge Exchange Internet Security Experts
An avenue for exchanging knowledge and KNOW-HOWs which allows users to interact with each other for mutual assistance and support by collaborating, asking, answering and sharing information about security related issues and concerns that benefit everyone.