*SOLVED* Avira Antivirus June 23, 2010 Update is Alarming Warcraft III Players?

Just this day, I was on the internet cafe business owned by my family. Since i am the one who configured everything, my job is to maintain it also. From the operating system setup, online and offline games, up to the security, tweaks and auto-maintain features of the workstation.

I use the Avira Anti-virus 10 on the net cafe. Not to say it's free, but it also provides concrete protection (as for my experiences and for the independent antivirus testing organizations). Most of our customers are gamers. Warcraft III: Frozen Throne and the DOTA (Defense of the Ancient) are some of the most-played games since 2004.

Since i have set the Avira Anti-virus to automatic update it's viral definition, for the past months on business, i can't compare it's stability with regards to viral protection.

Just this day, one customer complained to my cafe attendant that Warcraft III: Frozen Throne is showing an error. To be exact, it's an file-missing error that the FrozenThrone.exe could not find the war3.exe. I decided to turn off my stable cyber cafe manager I then boot up another unit beside the customer to see if another computer was also having that error. If not, i could transfer him and fix it. But after launching the Frozen Throne shortcut on my desktop, i got the same error too. Until i decided to let the other computers boot up and try if it's getting the same. Well as i've suspected, they are on the same page of the book.




I turned on my Acer Aspire 4520 laptop and check for an existing topic on the internet and for me to isolate from the network i have directly connected the modem on my laptop, but got no luck. Since i am using Microsoft Windows 7 operating system, it alerted me that my antivirus was out of date. The last virus definition was dated 2 days ago so i begun updating. After a couple of seconds, notifying that my virus definition was updated, Avira Guard notified me that he found a Malware on my system. I also installed Warcraft III on my laptop for my pastime so indeed i am infected with this Malware.



It's an TR/Patched.IV.43 and the access to that file was denied. I am pretty sure that my network is clean. I did isolation per computer units then fire up a complete system and hardisk scan, and yet i only got this malware alert. Furthermore, I also tried reinstalling the client while isolating the computer out of the network. For the past years i am also playing Frozen Throne and DOTA, my trust is with them.



To releave the business out of this false alarm, and since avira is not keeping off the trail of Frozen Throne, and my customers are craving to play DOTA, the only thing i did is put the war3.exe process on the exceptions. You could found the exception option on the expert mode of Avira Antivirus. Lying beneath the Scanner > Scan tree



PS: As far as i can remember, one of my google searches give me a result that this TR/Patched.IV.43 has a variant of war*.* filename (Where * asterisk is a wild card character). If this post mislead the fact, feel free to complain below and enlighten the readers. Thank you!

Continue reading this article...

Feel free to share it!

Benefits of Using Web Proxy Server

There are, in fact, many benefits of using a web proxy server.

Some of the more common ones involve maintaining your privacy and getting around blocks placed upon your IP address, such as the ones placed on school computers.I wouldn't recommend using a proxy service to get around blocks - they are there for a reason - but for many other legitimate uses they can be a real boon.

In simple terms, a proxy works thus:

You want to connect your computer (1) to another computer or website (2) but you either cannot, or you want to do so privately.
In this case you would then use a proxy (3) to connect to computer or website (2), thereby gaining access without the computer or website the other end knowing it was you that had made the connection.

Here are a few reasons why you might want to do something like this -




Improved Security

If you visit a website that you think may pose a risk to your computer for some reason then using a proxy can give you an added layer of protection, much like using a firewall does.

You will not connect directly to the website in question and so you will have a further degree of protection from any malware that the site may try to infect you with.

Hacking Protection
Using a web proxy server between your computer and the web will prevent hackers from obtaining your IP address, thereby drastically redusing the risks of them being able to gain access to your cache or hard drives.

Website Filtering

The ability of a proxy to filter certain sites is quite variable so you will need to put in a little research time to take advantage of this feature.

Big players who use proxies to block certain sites include the United Arab Emirates and, more famously, China who block large parts of the world wide web from their citizens.

On a more personal note, you could employ a proxy service to prevent your kids watching porn or your employees from accessing social networking sites such as Facebook, Friendster, Plurk and Twitter.



Continue reading this article...

Feel free to share it!

How to Fix Cyber Cafe Pro Runtime Error

Cyber Cafe Pro (CyberCafePro) is one of the most popular cybercafe management software packages available. Here is a short review of the software.

CyberCafePro is aimed at Internet Cafe, Cyber Cafe, and Internet Gaming Cafe owners for easy management of cybercafe security, pricing, timing, POS, chat and more. The software is flexible on many configurations, running over standard peer-to-peer networks including Wireless LANs (On any Windows OS). From managing your customers point-of-view, it is not intrusive to your system files but locks control of the computer except for programs you allow customers to run.




Your cybercafe is unique, so your software should be customizable. With CyberCafe Pro, you can customize most aspects of the client interface, as well as languages for both the server and the client software. Because of the software's flexibility, it is a very popular option among cybercafe owners, and often referred to as the world's no.2 Internet cafe management software package (after Internet Caffe software).

Other features in the Cyber Cafe Pro include:

• Multi-Location Account/Timecode Usage
• Unique Employee Logins
• Employee Restrictions
• Reporting by Employee
• Other Product Sales
• Sales Reports
• Receipts
• Cash Drawer Setup
• Print Monitoring
• Discount Plans
• Tax Setup
• Inventory System
• Reservation System
• Block Internet Explorer Functions
• Disable File Downloading
• Disable Hotkeys
• MSN Messenger Security
• Unlimited Accounts or Timecodes
• Grouped Accounts/Timecodes
• Overtime Mode Option
• Bulk Pricing
• Pricing Options, such as Basic Pricing, Bulk Pricing & Scheduled Pricing
• Manual timing of Laptops, Xbox, PS2 etc...
• Sales Reports
• Auto-Email Reports
• Shutdown All Computers feature
  

Runtime Error 339

NOTE: This commonly occurs on versions 5.x. If you're using later or latest version (v6) you won't might encounter this problem but worth sharing your experiences.

With all of these tremendous gifts of Cyber Cafe Pro, there is a known bug on it commonly encountered with Windows XP Service Pack 3.



And this error is so annoying. Well, the best way you opt to do is to remove the current copy and have a fresh install according to many forums. But it won't actually solve the problem.

The solution is so simple. Since these dependencies SHOULD be on the system's root directory (\WINDOWS), the installer wrongly copied the dependencies to another CCP folder on System32 causing the application to miss these important files. Therefor, you need to copy all the contents of that folder (\WINDOWS\System32\ccp4) to the system's root directory (\WINDOWS). That's it! Enjoy using Cyber Cafe Pro!


Continue reading this article...

Feel free to share it!

Squid Proxy: How To Make a Transparent Squid Proxy Server on Ubuntu

Squid is a fully-featured HTTP/1.0 proxy which is almost HTTP/1.1 compliant. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications.

This is a short guide on how to set up a transparent squid proxy server on an Ubuntu Distro. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.

So Let's Install Squid!

The first step is to install squid 3

apt-get install squid3

Edit the squid 3 configuration file in your favorite editor

sudo vi /etc/squid3/squid.conf

And set the transparency and the allowed hosts

http_port 3128 transparent
acl our_networks src 192.168.0.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow our_networks
http_access allow localnet

where 192.168.0.0/24 is the IP range of local network. Probably you need adjust the swap size

cache_dir ufs /var/spool/squid3 7000 16 256

where the first number denotes the size of cache in megabytes. Save you changes and restart the squid proxy by

sudo /etc/init.d/squid3 restart

For more detailed configuration read the manual of Squid or check the configuration examples on Squid wiki page.
Remember, the memory and processor usage of squid is a function of swap size.
Last but not the least we need to redirect the HTTP traffic to your new shiny proxy

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

where eth1, eth0 are the LAN, WAN devices and 192.168.0.1 is the IP address of your LAN device.

After all, probably you feel the need to monitor the performance of your proxy. Unfortunately, most of the squid log parsers in the Ubuntu repository are configured for Squid 2.x. Nevertheless, squid 3 uses the same log format, so you can change the log file path in your parser config file (sarg, calamaris, etd.) or simply link the log directory of squid 3 to the correct path

ln -s /var/log/squid3 /var/log/squid

Continue reading this article...

Feel free to share it!

Protect Yourself From Cyber Crime

One of the most powerful mediums of communication is the Internet and today we see almost everyone using it. Many transactions take place on the net which has resulted in the eruption of cyber crime. Though internet is the main platform used to commit cyber crimes, other communication devices such as computer networks and cell phones are also mediums of this type of crime.

Cyber crime may include activities such as computer hacking, child pornography, stalking, spam marketing, credit card fraud and identity theft. Releasing malware, spyware and viruses to steal information is also a part of cyber crime.

Here are a few tips which when followed can protect your sensitive financial or personal information.

If you are a member of online forums and communities, ensure you are very careful sharing your personal information. Predators on social networking sites such as Twitter, Facebook and MySpace can steal and use this information to stalk or harass you.

Ensure all your online transaction passwords are really difficult to guess and strong. It is a good idea changing your password on a frequent basis to avoid any problems.

Equip your computer with reliable antivirus software for maximum protection. If you are posting photographs on profiles, choose your picture with care. Ensure you do not post pictures that could harm your reputation.

Never leave your personal information details such as address, telephone numbers, passwords, account numbers and social security number lying around. Also ensure they are not placed on cell phones, mp3 players and multimedia devices.

The moment you receive your credit card bills and bank statements, check for any discrepancies. If you are keen on shopping online, choose a reliable and secure website. Ensure you get a free credit report yearly from the credit bureaus. This makes it easy for you to find out if someone is using your social security number unauthorized. If you do come across any cyber crimes, be sure to report to the authorities immediately


Continue reading this article...

Feel free to share it!

Assessing Internet Security Risk, Part One: What is Risk Assessment?

The Internet, like the Wild West of old, is an uncharted new world, full of fresh and exciting opportunities. However, like the Wild West, the Internet is also fraught with new threats and obstacles; dangers the average businessman and home user hasn't even begun to understand. But I don’t have to tell you this. You’ve heard that exact speech at just about every single security conference or seminar you’ve ever attended, usually accompanied by a veritable array of slides and graphs demonstrating exactly how serious the threat is and how many millions of dollars your company stands to loose. The “death toll” statistic are then almost always followed by a sales pitch for some or other product that’s supposed to make it all go away. Yeah right.

Am I saying the threat isn’t real? Am I saying the statistics aren’t true? No. What I’m saying is that many users fail to see what relevance any of this has to themselves and their company. Should the fact that e-Bay supposedly spent $120,000 dollars recovering from Mafia Boy's DDoS attack really have an impact on the reader's corporate IT policy? Perhaps not.

And yet, users can't afford to ignore these facts completely. That would be just plain dumb. What they need to do is to recognize that there are new threats and challenges and, like the other threats and challenges that businesses have always known, these need to be met and managed. No need to panic. No need to spend any money. Yet.

What users really need to do is to understand what the specific risks are that their company or home network faces from being connected to the Internet. In the same way that you don't borrow your business strategy from e-Bay, you probably shouldn't borrow your IT security strategy from them either. You need to develop an IT security strategy to meet your unique needs. You understand your company's own unique risk profile.

As with so many other things in life, the key to effective information security is to work smarter, not harder. And in this case, working smarter means investing your valuable time, money and human resources on addressing the specific problems that are the most likely to cause the most damage. The math is really quite simple. But before you can do the sums, you have to identify the variables. Here are some of the questions you'll have to ask yourself:

• What are the resources - Information & Information Systems - I'm actually interested in protecting?
• What is the value of those resources, monetary or otherwise?
• What are the all the possible threats that that those resources face?
• What is the likelihood of those threats being realized?
• What would be the impact of those threats on my business or personal life, if they were realized?>

Having answered the five questions above, you can then investigate mechanisms (both technical and procedural) that might address those risks, and then weigh up the cost of each possible solution against the potential impact of the threat. Once again, the math is simple: if the cost of the solution is higher then the potential financial impact of the risk (or risks) being addressed, then one may need to investigate other solutions, consider accepting and living with a part of the risk, or accepting and living with the risk completely.

This article is the first of a series that is designed to help readers to answer questions three and four in the context of Internet-connected systems: What are the threats that my Internet-connected systems face and what are the chances of those threats being realized. Over the next few weeks we will explore the thinking around Internet Security Assessments, not only why they are done, but also how they are done. By the end of this series you should understand how performing an Internet security assessment can contribute to an effective information security strategy, what you should expect from such an assessment and even how you could go about performing such an assessment yourself.

The Reasoning Behind Security Assessments

Background

An Internet Security Assessment is about understanding the risks that your company faces from being connected to the Internet. As already discussed, we go through this exercise in order to effectively decide how to spend time, money and human resources on information security. In this way our security expenditure can be requirement driven, not technology driven. In other words, we implement controls because we know that they’re needed, not just because the technology is available. Some firms refer to security assessments as ethical hacking or penetration testing. Although I also use these terms, I see them as referring to something completely different than risk assessment and thus do not see their use as appropriate in this context.

Security Assessments vs Risk Analysis

Later in this article, I'll show you a diagram of what is know as the "security life cycle", a depiction of the concept that security is a continual cycle with a number of distinct phases being repeated on an ongoing basis. You'll notice that this cycle distinguishes between a risk analysis and a security assessment. You may even have come across both terms before and wondered at the distinction. It's not my intention to argue semantics here. Indeed, I'm not even convinced that there is universal consensus on the precise definition of each term. Here's how I see it, briefly: A risk analysis is typically performed early in the security cycle. It's a business-oriented process that views risk and threats from a financial perspective and helps you to determine the best security strategy. Security assessments are performed periodically throughout the cycle. They view risk from a technical perspective and help to measure the efficacy of your security strategy. The primary focus of this paper is on this kind of assessment.

Internal vs External Assessments

I have further limited this paper to a discussion of Internet Security Assessments. Let me point out right from the start that this is only a part of the picture. An Internet security assessment can consist of one or both of two things: an internal assessment and an external assessment. The company for which I work distinguishes between the two in the following way:

"An external assessment is also known as perimeter testing and can be loosely defined as testing that is launched from outside the perimeter of the private network. This kind of testing emulates the threat from hackers and other external parties and is often concerned with breaching firewalls and other forms of perimeter security.

On the other hand, in internal testing the analyst is located somewhere within the perimeter of the private network and emulates the threat experienced from internal staff, consultants, disgruntled employees, or, in the event of unauthorized physical access or a compromise of the perimeter security. These internal threats comprise more then 60% of the total threat portfolio."

Although an Internet assessment is attractive because it is finite and answers a direct question, the following should be noted at the outset:

1. An Internet assessment will not identify all the risks to your information resources. Areas that are clearly not addressed include the following:
2. Threats from within the trusted environment;
3. Threats from RAS and other external connections; and,
4. Threats from your extranet and connections to 3rd parties.
5. There are other ways of assessing risk, without doing a technical assessment.

Although it's beyond the scope of this discussion, the scope of an Internet Assessment can easily be expanded to include areas like RAS and the Extranet (which is why we actually refer to the service as an external assessment). However, even with the limited scope, there are a number of strong reasons for performing an Internet Security Assessment.

But first, let's remind ourselves why we want to do an assessment in the first place.

Reasons for performing a Technical Security Assessment

I've often thought, at the end of a security assessment project, that I probably could have advised the customer without having to perform the entire analysis. Internet installations are generally fairly similar and one sees the same mistakes being made at different installations all over the world. And yet I haven't quite given up on the idea. There are a number or reasons for my continued faith in technical assessments.

Firstly, a technical assessment allows me to fully familiarize myself with the customer's architecture. By the time the assessment is finished, I usually understand the client's Internet architecture at least as well they do, often even better. This puts me in a unique position to offer then real and useful advice and ongoing technical support.

The technical familiarity I've acquired also very often buys me the respect of the customer's technical personnel. That, in turn, puts me in an even better position to advise them. Because our clients themselves are often non-technical people, such as risk managers and financial managers, it is essential that we also win the trust and respect of the technical team. Penetration testing, a later phase in the assessment methodology during which we actually attempt to breach security and compromise the customer's systems, is particularly effective in this regard. It's hard for someone to argue that their security is sufficient when you've already clearly demonstrated that it can be compromised. The fact that our findings are based on a formal assessment methodology lends weight to the recommendations we make.

Sometimes an organization needs an objective assessment from an independent third party is necessary to convince others that they are taking security seriously. This is becoming more of an issue in certain sectors, where government, shareholders and other regulatory authorities are expecting companies to provide proof of proper information security.

Moreover, the fact is that a properly executed assessment may very well identify problems that otherwise may have gone unnoticed. A single small finger-fault in your firewall configuration may be all that's needed by an attacker and a thorough technical assessment may be the only way of determining this.

But most importantly, an assessment introduces objectivity. With the overwhelming number of security products and vendors in the market, it's important that security-conscious organizations and individuals spend money for the right reasons. A good assessment should help you to understand and prioritize your security requirements, allowing you to invest resources effectively. Very often, the most serious requirements will not be addressed by the simple acquisition of more technology, and it's important for the customer to understand that.

Actually, this last point is nothing new and security assessments have been seen as an important phase in the security lifecycle for as long as there has been information security theory. One version of the lifecycle looks like this:



The Security Lifecycle

Notice how the assessment phases (threat/risk analysis and security assessment) are the first and last step in the process. The analysis is used to identify what needs to be done, and the assessment is used to measure how effective the other phases in the cycle have been. A number of companies are even starting to use the outcome of these repeated assessments to measure the performance of their technical personnel. Some companies even use security assessments as a key performance area for regular personnel. Now there's an interesting idea.

Reasons for performing an Internet Security Assessment

Hopefully I've convinced you now of the value of a technical security assessment. But I've also said that this paper is limited to a discussion of Internet security assessments only. Does it make sense to focus on one area of your system like that? Actually, no. But Rome wasn't built in a day, and a complete assessment of a large environment will typically need to be broken up into a number of distinct and manageable phases. The Internet is only one of a number of different areas we could examine. However, Internet-connected systems are the single area we assess more than any other. And, given limited time and resources, it is sometimes the only area we consider for clients. Here is a summary of the reasons that companies still perform Internet security assessments:

1. Internet systems are an obvious part of the problem: Given the almost overwhelming size of the complete information security problem, it's often hard to know where to start. Internet systems are very often a clearly defined subset of the complete infrastructure and can be easily isolated, analyzed and secured. Although we realize that this only a small part piece in a much larger puzzle, it very certainly is a piece. If we can confirm that the Internet systems are secure many managers feel "Whew, at least that's out of my hair."
2. 
   The Internet is a unique network: The tools and methodologies that we apply in analyzing Internet security are different from those we use when looking at "internal" spaces like WANs, LANs and Extranets. For this reason we tend to see an Internet assessment as a separate body of work from the rest of the assessment and tackle it separately.
3. 
   Internet systems are an obvious target: Attack via the Internet is by no means the only threat your company faces, but it is a clear and obvious threat and one would be foolish to ignore it. And, just as you want to be sure you've locked your front door, you want to be sure you've secured your connections to the Internet. The threat of attack via the Internet is easily identified, tested and eliminated. We test our Internet security because then we can know that it has been done and move on.
4. 
   Internet systems are a high-profile target: It smarts to be hacked from the Internet. Even though the financial impact of such an attack is often smaller then other forms of attack, a defaced Web site and other forms of Internet attack can often do huge damage to your company's reputation. For this reason we want to know that our Internet security has been taken care of.
5. 
   Internet systems are often beyond our control: The Internet began its life a utopian exercise in community collaboration. Although this early utopianism has long since evaporated and the Internet has now developed in a battlefield for new-world commerce, there are still a rather scary number of uncontrolled inter-dependencies that make it possible for your company to operate on the Internet. The magical routing of IP packets from one network to the next is one example of this. The mapping of machine names to IP addresses via the Domain Name System is another. Yet we have no real control over these systems. They are critical to the safe operation of our Internet infrastructure and yet their security is beyond our control. Similarly, we have no control over when new vulnerabilities will be discovered in our Internet technologies. Quite simply, the only defense we have is to regularly assess this infrastructure for safe and secure operation. This is probably more true for the Internet then for other areas of your infrastructure.

Conclusion

In this section I've tried to convince you of the value of doing a technical risk assessment and to explain why we often consider the Internet systems separately from the rest of the infrastructure. In the next installment in this series, I'll give you an overview of the steps that we follow in performing this kind of assessment. The methodology is designed to ensure that our work is complete and consistent.


By: Charl van der Walt on Security Focus


Continue reading this article...

Feel free to share it!

Koobface, Other Worms Target Facebook Friends (NewsFactor)

- As Facebook works to make itself more relevant and timely for its growing member base with a profile page makeover, attackers seem to be working overtime to steal the identities of the friends, fans and brands that connect though the social-networking site.

Indeed, Facebook has seen five different security threats in the past week. According to Trend Micro, four new hoax applications are attempting to trick members into divulging their usernames and passwords. And a new variant of the Koobface worm is running wild on the site, installing malware on the computers of victims who click on a link to a fake YouTube video.

The Koobface worm is dangerous. It can be dropped by other malware and downloaded unknowingly by a user when visiting malicious Web sites, Trend Micro reports. When attackers execute the malware, it searches for cookies created by online social networks. The latest variant is targeting Facebook, but earlier variants have also plagued MySpace.

Koobface's Wicked Agenda

Once Koobface finds the social-networking cookies, it makes a DNS query to check IP addresses that correspond to remote domains. Trend Micro explains that those servers can send and receive information about the affected machine. Once connected, the malicious user can remotely perform commands on the victim's machine.

"Once cookies related to the monitored social-networking Web sites are located, it connects to these Web sites using the user log-in session stored in the cookies. It then navigates through pages to search for the user's friends. If a friend has been located, it sends an HTTP POST request to the server," Trend Micro reports.

Ultimately, the worm's agenda is to transform the victim's computer into a zombie and form botnets for malicious purposes. Koobface attempts to do this by composing a message and sending it to the user's friends. The message contains a link to a Web site where a copy of the worm can be downloaded by unsuspecting friends. And the cycle repeats itself.

An Attractive Face(book)

Malware authors are investing more energy in Facebook and other social-networking sites because that effort pays off, according to Michael Argast, a security analyst at Sophos. Facebook alone has more than 175 million users, which makes it an attractive target.

"Many computer users have been conditioned not to open an attachment from an e-mail or click a link found within, but won't think twice about checking out a hot new video linked to by a trusted friend on Facebook," Argast said.

Argast called the Koobface worm a mix of something old and something new. The new is using social networks as a method to spread malware. The old is using fake codec Trojans linked to a saucy video to induce the user to install the malware.


Read the rest of the article here:
Yahoo News


Continue reading this article...

Feel free to share it!

Asian Pride, Historical RP Cyberterrorism

In November 16, 2001, Saturday, a group of so-called "white hat" Filipino hackers called Asian Pride launched a series of attacks on several local websites. The hackers, who apparently are based outside the Philippines, claim they are out to teach Filipino local Internet service providers (ISPs) a lesson in Internet security.

Calling it "the 4 o Clock project," Asian Pride, which claims to be composed of Filipino freelance security enthusiasts, was allegedly able to intrude into the servers of local ISP Mosaic Communications Inc (MosCom), uploading executable programs that would eventually modify a website’s main page.

White hat hackers claim that they are not out to cause any damage, but only hack into systems to test vulnerabilities.

Jerry Liao, operations manager of local portal Brainshare Online at www.brainshare.com.ph, claimed that they were among the first to report the incident to MosCom administrators on Saturday morning. A mirror of the defaced website is at http://www.expressions.com.ph/img/10101/asianpride/www.brainshare.com.ph.htm.

Apart from Brainshare Online, dcoder claimed that the group also defaced the website of broadcast giant ABS-CBN.

For his part, Liao said that they detected problems around 7:30 a.m. on Saturday.

According to Liao, Brainshare Online was restored around 7:45 a.m. that day, but at around 9 a.m. he received error messages, as the server could not be accessed.

In a separate interview, Robertson Chiang, vice president for technology of MosCom, said that the ISP decided to direct surfers to another server after getting reports of the hacking incident on Saturday.

"It was only an attack on one machine. It was an old one where we host a few dozen clients," Chiang said.



Asked how the hackers were able to get into the server, he said that considering it was an "old Unix machine," they were not able to patch security holes.
"It was partly our fault," he added.

Liao said that MosCom was able to restore "normal" operations between 6 to 7 p.m. on Saturday.

"The server was completely reformatted using a new system that already includes the security patches," Chiang said.

MosCom is now conducting an inventory of all its servers, to check if similar security problems exist in the "new" systems.

"It’s been a long time, I hope you can wake those arrogant administrators, specially those with PH-CERT (Philippine Computer Emergency Response Team). We tried to warn and help them on securing (local) websites, but they just laughed at us and ignored us," the hacker codenamed dcoder told INQ7.net via e-mail.

"So my fellow haxor keech of FDN [Filipino developers network] organized a Project called 4'Oclock, where we will be defacing all ph sites, to give this administrators a wake up call.
"Well I can't explain much right now, but if you read all the messages on the selected defacements, it might give you an idea on what we are fighting for," dcoder added.
In the mirror of the defaced Brainshare Online website, Asian Pride explained:
"The 4 o Clock project is a system composed of Filipino freelance security enthusiasts that aims to disseminate the importance of Information security here in the Philippines. This team has conducted a survey, scanning random (website) hosts and informing the people (Internet service provider administrators) about (problems). (We then) encourage them to fix their servers. We have no intention, however, of destroying, and/or hijacking information, ... We are not paid to do this."

Liao somehow agreed. He observed that while the hackers were able to "penetrate" MosCom’s servers, they did not delete or destroy any files.

The hackers uploaded programs (executable files) that will only run when a website administrator begins uploading the new main page (index) into the server. The program blocks anyone from uploading into the server, but prompts the user to download a new file, which includes a message explaining the purpose of the defacement.

Liao, however, said that the hackers also offered the option not to accept the new file. "It sort of gives you permission to delete the files," he added.

Asian Pride claimed that "more than 90 percent of (MosCom’s) servers can be exploited through common vulnerabilities, therefore jeopardizing the security of their clients as well as their office."

The group said that they have warned administrators of MosCom of vulnerabilities, "but were just subjected to insult, despite their professional approach."

"They scorned us with their witty remarks, bragging about their degrees, and that we knew less. So what did they accomplish? Absolutely nothing productive," the group added.
Local websites hit by hackers were hosted at the virtual server with the address at kenshin.mozcom.com.

The list of websites that the group claimed to have attacked on Saturday may be seen at http://www.expressions.com.ph/img/10101/asianpride/kenshin.mozcom.com.txt and http://www.expressions.com.ph/img/10101/asianpride/.

"This ain’t no kiddy games, and were ain’t your average script kiddies. We broke into these sites not randomly, but we targeted specific sites, specially those sites that are 100% secure..." Asian Pride said.

The hackers are out to target other Philippine ISPs, and dcoder claimed that the next victim might be PhilOnline.

MosCom’s Chiang, however, insisted that these hackers are only script kiddies.
Other alleged members of the group include "sch1z0phr3n1c," "jollogs," "jayv[ee," "marcster," "batusai_slasher," and "keech."

http://progsystem.free.fr/hackingnews.htm#Hackers%20launch


Continue reading this article...

Feel free to share it!

The Idea of Online Business

Some Filipinos think online money making is tough in Philippines? No. There are a lot of ideas to make online money from not only Philippines but from anywhere in the world . You can find advertisements on online money making opportunities and businesses that you can do right from Philippines. But remember, the Internet not only connects your business to big traffic, but also your servers to Internet hackers and malware. Thats why Internet security is so vital. So, along with some ideas on making money online, you also need some knowledge on how to improve the Internet security of your business.

Online Money making ideas
Online money making can be quite tough for people in Philippines, especially when they don't want to spend money or if they don't have a website. But ideas do exist if you want to go the “free” way. You cannot expect to get rich in a flash nevertheless there are some online money making opportunities to help you make money without any investment. One way is to start a blog on free platforms like Wordpress or Blogger, and add Google Adsense or other pay per click ads. You can add niche content on something you are passionate about and also something people are looking for, so that more traffic is driven to your blog.


You will be paid for every click on these ads. You can also market affiliate links to earn money. There are some free affiliate link programs available. All you have to do is market the link through advertisement techniques like forums, blogging, articles etc. You will be paid when people buy through your link Another online money making technique is taking part in free online paid surveys. Businesses conduct surveys to know about trends in a particular locality like our own Philippines for example. You can make use of these surveys, but don't expect big money.

Advertisement Ideas for better Traffic
If you own an online money making website, you should not only concentrate on design but also on traffic. You need traffic to get repeat visitors. Remember, repeat visitors are the ones who are going to buy something from your website. You can achieve this by using good advertisement methods like journals, web, news media and magazines. The goal of the advertisement should be to persuade the visitor on the legitimacy of your business. Another way of improving your online money making efforts is including well written and related articles on your website. You can also take part in forums to meet fellow Internet entrepreneurs from Philippines and share business ideas. Remember, traffic is directly proportional to the profit you are going to get.

Ideas for improving Internet security
If you have employees working for your e-business, you need to educate them about viruses, Trojans and others that can attack via the web. You can use web filters to prevent your employees from visiting harmful websites. Also install a centrally controllable anti-virus software and Firewall to prevent worms from web traffic accessing your computer.


Continue reading this article...

Feel free to share it!

Remote Control PC with Hamachi

Hamachi is a centrally-managed zero-configuration virtual private network (VPN) freeware application capable of establishing direct links between computers that are behind NAT firewalls without requiring reconfiguration (in most cases); in other words, it establishes a connection over the Internet that very closely emulates the connection that would exist if the computers were connected over a local area network. Currently available as a production version for Microsoft Windows and, as beta, for Mac OS X and Linux.

How It Works
Hamachi is a centrally-managed VPN system, consisting of the server cluster managed by the vendor of the system and the client software, which is installed on end-user computers.

Client software adds a virtual network interface to a computer, and it is used for intercepting outbound as well as injecting inbound VPN traffic. Outbound traffic sent by the operating system to this interface is delivered to the client software, which encrypts and authenticates it and then sends it to the destination VPN peer over a specially initiated UDP connection. Hamachi currently handles tunneling of IP traffic including broadcasts and multicast. The Windows version also recognizes and tunnels IPX traffic.
Each client establishes and maintains a control connection to the server cluster. When the connection is established, the client goes through a login sequence, followed by the discovery process and state synchronization. The login step authenticates the client to the server and vice versa. The discovery is used to determine the topology of client's Internet connection, specifically to detect the presence of NAT and firewall devices on its route to the Internet. The synchronization step brings a client's view of its private networks in sync with other members of these networks.




When a member of a network goes online or offline, the server instructs other network peers to either establish or tear down tunnels to the former. When establishing tunnels between the peers, Hamachi uses a server-assisted NAT traversal technique, similar to UDP hole punching. Detailed information on how it works has not been made public. The vendor claims "...to successfully mediate P2P connections in roughly 95% of all cases ..." This process does not work on certain combinations of NAT devices, requiring the user to explicitly set up a port forward. Additionally 1.0 series of client software are capable of relaying traffic through vendor-maintained 'relay servers'.

In the event of unexpectedly losing a connection to the server, the client retains all its tunnels and starts actively checking their status. When the server unexpectedly loses client's connection, it informs client's peers about the fact and expects them to also start liveliness checks. This enables Hamachi tunnels to withstand transient network problems on the route between the client and the server as well as short periods of complete server unavailability.

Each Hamachi client is assigned an IP address from the 5.0.0.0/8 address block. This address is assigned when the client logs into the system for the first time, and is henceforth associated with the client's public crypto key. As long as the client retains its key, it can log into the system and use this 5.x.x.x IP address.

The 5.0.0.0/8 network is used to avoid collisions with private IP networks that might already be in use on the client side. Specifically - 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16. The 5.0.0.0/8 address block is reserved by IANA and is not currently in use in the Internet routing domain, but this is not guaranteed to continue. The IANA free pool is expected to be exhausted by February 2011.^[1] If this range is allocated, Hamachi users will not be able to connect to any Internet IP addresses within the range as long as the Hamachi client is running.

Additionally, using a /8 network prefix creates a single broadcast domain between all clients. This makes it possible to use LAN protocols that rely on IP broadcasts for discovery and announcement services over Hamachi networks. Hamachi is frequently used for gaming and remote administration. The vendor provides free basic service and extra features for a fee.

Continue reading this article...

Feel free to share it!