Active@ Password Changer

Internet Security Whitepapers System Hacking

Active@ Password Changer lets you reset local user passwords and change Windows login security restrictions on Windows NT / 2000 / XP / 2003 systems: this is useful when the Administrator’s password is forgotten or lost, or when the Administrator’s user account has been disabled or locked out.

Packet Sniffer Detection with AntiSniff

Internet Security Whitepapers Sniffers

Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and usernames or other sensitive material. While packet sniffers can be fully passive, some aren’t, therefore they can be detected. This paper discusses the different methods that AntiSniff uses to detect these sniffing programs.

Buffer Overflow Study Attacks and Defenses

Internet Security Whitepapers Buffer Overflows Exploit Writing Techniques

Most of the exploits based on buffer overflows aim at forcing the execution of malicious code, mainly in order to provide a root shell to the user. The principle is quite simple: malicious instructions are stored in a buffer, which is overflowed to allow an unexpected use of the process, by altering various memory sections. Thus, we will introduce in this document the way a process is mapped in the machine memory, as well as the buffer notion; then we will focus on two kinds of exploits based on buffer overflow : stack overflows and heap overflows.

A Simple Procedure for Finding Guessing Attacks

Internet Security Whitepapers Web Based Password Cracking

Security protocols that use weak passwords (e.g. human chosen) can be subject to guessing attacks [GLMS93]. Guessing attacks exist in two flavours: online and offline. In online guessing attacks the intruder is allowed to generate fake messages and to supply them to the honest agents, for instance for checking whether a certain guess is correct. In offline guessing attacks, on the other hand, the intruder first gathers some knowledge K from the protocol execution, and then proceeds offline to perform a password search.

Wireless Access Points and ARP Poisoning

Internet Security Whitepapers Hacking Wireless Networks

Wireless networks, specifically 802.11b, have received a tremendous amount of interest and scrutiny from the security community over the past few months. The security community agrees that wireless networks introduce a new point of entry into previously closed wired networks and must thus be treated as an untrusted source, just like the Internet. Standard technologies enable wireless client machines to connect to a local area network made up of other wireless hosts. For wireless networking to be most useful, the wireless networks must pass data on to standard wired networks connected to the Internet. This paper describes the application of a well understood class of attacks on wired networks to the emerging mix of wired and wireless networking equipment.

Cisco Router Guide

Internet Security Whitepapers Hacking Routers, Cable Modems and Firewalls

This guide shows how Cisco Access Routers, Cisco Aggregation Routers, and Cisco Integrated Services Routers enable you to meet your current and future needs with modular designs, allowing incremental migration as your business and network requirements change. In this guide, you can see for yourself how Cisco delivers benefits beyond basic data access, providing services such as voice, security, and wireless as part of an integrated routing system that maximizes productivity and investment protection.

Dos and Don'ts of Client Authentication on the Web

Internet Security Whitepapers Web Based Password Cracking

Client authentication is a common requirement for modern Web sites as more and more personalized and access-controlled services move online. Unfortunately, many sites use authentication schemes that are extremely weak and vulnerable to attack. These problems are most often due to careless use of authenticators stored on the client. We observed this in an informal survey of authentication mechanisms used by various popular Web sites. Of the twenty-seven sites we investigated, we weakened the client authentication of two systems, gained unauthorized access on eight, and extracted the secret key used to mint authenticators from one.

T-Sight Realtime Tutorial

Internet Security Whitepapers Session Hijacking

This section contains a tutorial on how to use T-Sight to monitor your network in realtime for suspicious activity, and then to respond to that activity with T-Sight's Active Countermeasures. After installing T-Sight under Windows NT 4.0 (including the device driver) and rebooting, you should now be able to run T-Sight Realtime Monitor.

Hacking Databases for Owning your Data

Internet Security Whitepapers Hacking Database Servers System Hacking

Data theft is becoming a major threat, criminals have identified where the money is. In the last years many databases from fortune 500 companies were compromised causing lots of money losses. This paper will discuss the data theft problem focusing on database attacks, we will show actual information about how serious the data theft problem is, we will explain why you should care about database security and common attacks will be described, the main part of the paper will be the demonstration of unknown and not well known attacks that can be used or are being used by criminals to easily steal data from your databases, we will focus on most used database servers: MS SQL Server and Oracle Database, it will be showed how to steal a complete database from Internet, how to steal data using a database rootkit and backdoor and some advanced database 0day exploits. We will demonstrate that compromising databases is not big deal if they haven't been properly secured. Also it will be discussed how to protect against attacks so you can improve database security at your site.

Ethical Hacking Techniques to Audit and Secure Web-Enabled Applications

Internet Security Whitepapers Ethical Hacking

As public and private organizations migrate more of their critical functions to the Internet, criminals have more opportunity and incentive to gain access to sensitive information through the Web application. Gartner Group estimates that 75 percent of Web site hacks that occur today happen at the application level and this number is expected to increase. Hackers target the web application because it easily provides access to the most valuable business assets, such as employee and customer data (like health records and credit card information) as well as corporate proprietary information. While most web sites are heavily secured at the network level with firewalls and encryption tools, these sites still allow hackers complete access to the enterprise through web application manipulation.

Explore What's Inside Security Science

Global Internet Security News Global Internet Security News
Elevates people's awareness level by providing the most informative security related news and events, which includes, but is not limited to, financial and business security, information and technology security, as well as corporate and individual security worldwide.
Information Security Information Security
Security Policy Resource page, a compiled research project of the SECURITY-SCIENCE team. The ultimate goal of this project is to offer everything you need for swift development and implementation of information security policies. You'll find a great set of policies posted here, including, but is not limited to, procedures and guidelines, that you can easily align to your company’s security requirements.
Internet Security Tools Internet Security Tools
State of the art security technology solutions (software, hardware, appliances and gadgets--including HOWTOs and guidelines) for computer and network defense, perimeter protection and environment security and safety.
Learn Internet Security Science Learn Internet Security Science
Provides superior security education on how to counter attack security risks, threats and vulnerabilities by using the most advanced techniques practiced and put into application by professional hackers, forensics, investigators and penetration testers.
Grokker - Technology Encyclopedia Hackopedia
A free security encyclopedia for computer, Internet and security terms and definitions created, researched, reviewed and maintained by Security-Science.
Internet Security Experts - Knowledge Exchange Internet Security Experts
An avenue for exchanging knowledge and KNOW-HOWs which allows users to interact with each other for mutual assistance and support by collaborating, asking, answering and sharing information about security related issues and concerns that benefit everyone.