Antony Raphel 1/24/2012 05:13:00 am Trick
EICAR is a short 68-byte COM file that is detected by anti-virus programs as a virus, but is actually NOT "VIRAL" at all. When executed it just displays a message and returns control to the host program.
Why is this harmless file detected as a virus? The file was created in order to demonstrate to users the messages and procedures that anti-virus programs display when a real virus is detected.
Some time ago researchers from several anti-virus companies were asked by users to develop a way to demonstrate what would happen in case of a real virus attack; a sort of simulation of which messages anti-virus programs will display and what actions will be recommended to perform, e.t.c.
After some time and thought toward how to best satisfy the request, the anti-virus researchers decided to release some virus-simulators that would be some harmless file that does nothing but display a message(s) and then exits to DOS (host OS). It was decided that this file could contain only ASCII characters so that users could type it or copy it from a User Guide. As a result the COM file looks as follows:
Despite having only ASCII characters, this COM file is nonetheless a legitime computer program that does work under DOS or in a DOS window under Windows, OS/2 or any other OS that is able to run DOS programs. When run or executed this COM-file simply displays a text message and exits to DOS. The displayed message looks as follows:
It is as simple as that, though a lot of anti-virus programs detect it as a virus named EICAR-Test-File or something close to this
Antony Raphel 1/24/2012 05:03:00 am Information
- 123456, 123, 123123, 01234, 2468, 987654, etc
- 123abc, abc123, 246abc
- First Name
- Favorite Band
- Favorite Song
- first letter of given name then surname
- qwerty, asdf, and other keyboard rolls
- Favorite cartoon or movie character
- Favorite sport, or sports star
- Country of origin
- City of origin
- All numbers
- Some word in the dictionary
- Combining 2 dictionary words
- any of the above spelled backwards
- aaa, eee, llll, 999999, and other repeat combinations
Some sites force you to have passwords with both numbers and letters. For example bob's password is football, and the site asks him to add some numbers to it to make it valid. Here's what people usually add.
- Their year of birth / marriage / graduation (or expected grad) from HS or college
- 0 - 9
- 000, 111, 4444 or other long combinations
- 123456, 123, 123123, 01234 and other retarded combinations
Years are usually added in different ways: football85, football1985, football04 instead of football4. There's also the possibility of sub-connections like football_04 and football-84. Many sites require both numbers and letters so these are a more likely occurance since people tend to want to have the same pass for everything.
My opinion on an Ideal password
Mixed numbers and letters over 8 characters long. Memorize it once, use it forever.
How long it takes to hack a password
If they have hacked and downloaded the entire database it's 10000 times faster than if they send requests guessing your passwords on certain websites. Most decent comps can check easily thousands possibilities per second. Most decent sites have captchas now which prevent brute force guesses.
Words in the Dictionary
If they steal a sites database you can get hacked fast, even if you use foreign words. The open office english spellcheck has around 70,000 words. Apps like passwordspro on my 2 Ghz cpu can check around 4,000,000 md5 possibilities a second, allowing to to breeze through several dictionaries, including possible variations like all uppercase/lowercase and backwards words. The latest nvidia cards with a coda gpu brute forcer can easily exceed 200 million md5s a second.
If you have an all numbers password it's much faster to crack than if it were mixed. Instead of having a massive array of words in memory and selecting an index from it, or even worse reading from disk every few seconds in a buffer, having a number just requires the computer to do what computers do fastest, count. At 2 Ghz my comp can check every number up to 14 million in 2 minute for salted md5s, making it possible to have a weak 8 character password. Adding 0s to the front of the number can help, but not really. A second pass with any number of 0s can be done afterwards. Maybe if you made it your zipcode+your best friends number or something VERY long it would be strong enough.
All Random letters
Every possible combination of 3 letter words is only around 17000 while every possible 4 letter word combination is 456976. It grows exponentially every time you increase just one letter. Most sites recommend 8 characters or more for a strong password. Adding just 1 character to your password helps expontentially. No dictionary words!
Why hackers usually don't care about your Computer
Contrary to popular belief most malicious hackers do not give a damn about giving you trojans or making your stupid windows computer crash. Then why are there so many trojans in p2p networks? Because of retarted script kiddy teenagers and nigerians that fancy themselves hackers using prebuilt trojan software. Hackers target servers. Why?
- Massive bandwidth.
- Mail servers with proper mmx records that validate spam checks
- The possibility for phising.
- Most servers are unattended meaning it can be months before the person finds out there's a malicious script bombing emails or phising people.
- Exploitation of social networks.
They can get a lot of credit card numbers or bank account information email bombing thousands of emails on a hijacked server rather than waiting to find a credit card number amongst all the instant messages and random typing you / your kids type throughout the month.
Sure there's been a lot of home PCs infected, but usually this is the result of very efficient viruses that replicate and spread in-mass. Most people have decent antivirus software for hackers to want to waste their time flooding trojans. Some hackers use hijacked home PCs as DDoS zombies, but other than that you're more likely just to get spyware that floods you with ads.
How hackers usually obtain your password
Most malicious hackers just wait for security update news. Whenever some forum or cms software like drupal, vbulletin, phpbb or invision board releases a security update, they try and find what the discovered exploit was. They google search for forums that may have the affected system and use the exploit. Forums can give tons of emails / passwords.
The ones who are skilled enough and actively attempt to discover the exploits are more rare.
Even worse is when the skilled programmers make simple automated exploit programs for script kiddies to use without even understanding the code. This is where the majority of the attacks come from, losers that use programs made by hacker and call themselves hackers.
It's super rare that you would be targeted or your password has been hacked from large sites like google, hotmail or myspace. Most of the big sites have capchas and DDoS protection, which cripples speed, It's more likely they hacked some other site that you long forgot about and found you conveniently use the same password for all your accounts including your email. From there they find even more passwords.. Most people get hacked from phising attempts or other forms ofsocial engineering rather than real hackers, although they can use XSS vulnerabilities to help trick people. People also get trojans from opening email extensions and downloading pirate stuff off p2p without a decent antivirus. Hackers with skills enough to find open ports / exploit them and get shell access are much more rare than people claim.
Common Types of Webhacks
- SQL Injection
- By far the most common serious error web programmers have is not validating user input well. Usually SQL injections are used to get username / passwords or other information in the database by adding a UNION statement to a select query. Despite it's name its more rare to get an exploit where you can actually inject or insert data into the database since most programmers aren't stupid enough to use GET requests for insert, most hackers are more lazy when it comes to spoofing post requests, and it's a lot more tricky or impossible to add insert, create or drop queries to injected strings.
- Local File Inclusion
- Many web apps load modules or plugins through get or post variables. Lets say I use ?loadplz=file.php if I wanted to load /home/jimmy/htdocs/file.php a malicious person could say ?loadplz=../../../../../../../../../etc/passwd to try his luck for some unshadowed password goodness. Many times the NULL byte exploit is used to trick input validation. It is often used to include any CMS or Forum configuration files to get MySQL access.
- Remote File Inclusion
- Yikes, a lot of web apps have forms where you can upload pictures, texts or files Some have admin control panels that only the admin of the site can access but then there's no input validation on the upload forms. Some just don't validate the type of file you upload, meaning you can upload malicious code that does anything within the limits of the JIT compiler privileges.
- Logged in User Exploits
- Many sites often don't validate the data you want to modify or delete is yours. They only check if you're logged in. Sites that use Ajax are especially prone to overlook possible input validation problems.
How are passwords stored in a website
Most are stored as md5 hashes. If your password is stored without encryption you are screwed if the site gets hacked. It doesn't matter how long your password is. Sites like thepiratebay and stage6 have gotten their passwords stolen, don't think it can't happen to big sites. You can tell if a site encrypts your password by using their password recovery form. If it gives you your password your password is not encrypted. If it asks you to enter a new one or it generates a password for you, it has your password encrypted. You should never purchase anything from sites that don't encrypt your password, they may keep your credit card information or other sensitive data without encryption following their php for dummies guide
Dangers of md5
Sites like milw0rm and plain-text have millions, maybe billions of precomputed hash values in what are called rainbow tables. People can enter hashes in limited quantities to put on queue for cracking. md5 is a one-way hash, meaning it can't be decrypted. Instead, they try every possible combination in a limited range. Encrypting many possibilities and comparing them to the original hash is extremely slow. Rainbow tables make it so that the possibilities are encrypted only once and the resulting hashes are saved into massive files called a Rainbow table. From there the real hashes are compared to all the possibility hashes in the rainbow table. This avoids recalculating the hashes for every possibility for every user but in exchange costs a lot of overhead loading the file into memory and comparing from memory. The time-memory trade off is worth it. Other sites are just searchable databases of hashes. You still should be ok if your pass is over 8 characters long. Some sites do double md5s or concatenate md5 encrypted passwords with an encrypted "salted" value, then encrypt the whole thing again. Because the salted value is different for each user, precalculating millions of hashes in rainbow tables would have to be done one user at a time, making it a worse option that brute forcing it. Brute force attacks use word lists separated by line breaks which are widely available around the net and can be easily created, they can also check all possible combinations for certain ranges and character sets.
Making your password case sensitive helps exponentially, specifically ^+26 lol, but it makes typing a pass a bit more inconvenient and not all sites support it. I'm sure my prog isn't the most efficient possible and there are way faster comps out there so be careful.
Web Exploiters vs Program Crackers
People who exploit website vulnerabilities are not always the same as those who crack and keygen commercial software and games. The two require a few different skill sets. Web hacking requires mastery knowledge of the http protocol, cookies, php, asp, SQL, and the methods user input is usually validated. The skill is gained from a lot of practice writing safe web-apps and observing the exploits found often in others. Program crackers on the other hand usually have very intimate knowledge of assembly and non-JIT compilers. They use a debuggers to find exactly where in the program a certain procedure is executed in order to modify it. They are also apt in modifying and exploiting unvalidated user input in the memory with buffer overflows. Browser plugins are often the target to buffer overflow exploits. I'm not saying some people don't have both skill sets.
What is hacking
Contrary to popular belief and the Hollywood culture, hackers are just people that can manipulate things on a bits and bytes level. They're excellent programmers and the majority do not engage in illegal activity. Making something do what it wasn't intended to is exploiting, not hacking.
by Jimmy Ruska
Antony Raphel 1/21/2012 07:47:00 pm Information
How Do You Know Your Facebook Account Was Hacked?
1a. Change Your Password
1b. Reset Your Password
2. Report Compromised Account
3. Do Damage Control
4. Remove Suspicious Applications
Bonus: Improve Your Facebook Privacy and Security Settings
Antony Raphel 1/03/2012 08:09:00 am Information
A selection of Facebook Pages providing resources and dialogue focused on education and instructional technologies.
Like most Facebook users, many educators use Facebook to connect with friends new and old, but the Internet’s most popular site can also be a great learning (and teaching) tool. There are many Facebook pages that have been created as a resource to collect, share, and disseminate information about education and education technologies. Here’s 10 of our favorites.
Facebook In Educationhttp://www.facebook.com/education
Facebook in education examines ways in which Facebook is being used in an educational context. Based on our search for pages focused on education, this is by far the most widely recognized page in the category, with over 350,000 “likes”(unfortunately, that level of popularity also means that many discussions are somewhat polluted with inane input). There are some interesting topics discussed here, and some worthwhile input from educators.
National Education Associationhttp://www.facebook.com/NEA.ORG
A popular and active page. “The National Education Association Represents 3.2 million members committed to ensuring a great public education for all students. Use this page to learn more about NEA and to engage in discussion on how we can work together to improve public education.”
The ISTE is the International Society for Technology in Education and their goal is to provide “leadership and service to improve teaching and learning by advancing the effective use of technology in education.”
NAEYC – National Association for the Education of Young Childrenhttp://www.facebook.com/NAEYC
Founded in 1926, “NAEYC’s mission is to serve and act on behalf of the needs, rights and well-being of all young children with primary focus on the provision of educational and developmental services and resources.” This popular Page lets users post on their wall, and there are wide variety of topics there for consideration and discussion.
“ASCD is a membership organization that develops programs, products, and services essential to the way educators learn, teach, and lead.” This is an active page, and we were impressed with the content and types of dialogues under way there.
This is a different type of group – #Edchat is Twitter based. On their own words, “#Edchat is a hashtag discussion among educators from all over the world on education related topics. It happens every Tuesday at Noon EDT and 7PM EDT. To join us simply follow the #Edchat hashtag on Twitter!” The Facebook Page keeps users up on discussion topics, and provides additional resources.
Another popular page, supporting a non-profit organization. “Edutopia is where The George Lucas Educational Foundation’s vision to highlight what works in education comes to life. Edutopia provides stories integrating creative uses of technology with effective teaching and learning. Edutopia’s audience includes educators, parents, school board members, university faculty, community-based organizations, and the business community — all groups working to create better schools for the twenty-first century.”
“Education Week is American education’s newspaper of record. Our reporters, researchers, and bloggers cover local, state, and national education news and issues from preschool through the high school transition to college and career.”
Free Technology For Teachershttp://www.facebook.com/pages/Free-Technology-for-Teachers/191553219314?ref=ts&sk=wall
The Facebook Page for Richard Byrne’s popular web site and blog, providing a constant stream of new free instructional technology resources for the classroom.
Connect A Million Mindshttp://www.facebook.com/ConnectaMillionMinds
“Connect a Million Minds is Time Warner Cable’s $100 million community commitment to connect youth to ideas, people and opportunities that will inspire them to become the problem solvers of tomorrow.” These folks are doing great stuff.
[Bonus Page!] EmergingEdTechhttp://www.facebook.com/EmergingEdTech
(Well you didn’t think we’d overlook our own Page did you? ) The EmergingEdTech Facebo0k Page is certainly a worthwhile resource, where we share blog posts, video blog entries, free upcoming web events, contests, and more. Be sure to stop by and check it out today!