The Desktop Security Software site was hacked on 4th October 2010 at 07:53.
Not completely sure how yet – suspect some sort of WordPress hack attack.
php entries were added to re-direct to a rogue site heavy with malware that created pop-up’s alleging virus’s on the machine in use. And no doubt a massive payload of nasty stuff to follow.
This site helped if you find yourself in the same situation – http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-the-latest-wordpress-hack.html
BackTrack 4 is filled with awesome security utilities.
So what have we done so far … well not too much – we’ve downloaded the 1.6Gb ISO image and successfully created a DVD from the ISO.
This DVD has been used to successfully boot up into ubuntu linux and we’ve started the gui using startx. So far, so great, but now we’ve run into some trouble. The /etc/init.d/networking start command in the console just reveals a massive list of network cards not found. Just get a list of errors – so can’t load the preloaded Firefox browser or any of the networking security tools. Urgh.
Not sure what to do next … google is our friend .. let’s see More adventures with BT4 soon.
Doh! Just realised we were trying to start wired network services on a wireless serviced laptop!
Anyway, once the wireless services (wicd) started, we were in business.
So far using BT4, with relative ease, we have removed Windows adminstrator passwords and cracked a wireless network secured by WEP. It took about an hour to do this, to read the examples and, well basically follow the provided instructions.
So lessons learned – Windows user account passwords are better than nothing – you should use them, BUT to anyone reasonably up for BT4, they prove to be easily bypassed.
What else? Well it’s absolutely certain that WEP is dead as an encryption mechanism for wireless routers. Again though – it is better than nothing – but don’t rely on it if you have a better option.
More to follow in another edit – barely scratched the surface with what BT4 can do by the look!
The Office of Inadequate Security catelogues the massive and significant amount of data loss that is continuing to occur with the latest being 79,000 employee details missing from AMR (parent company of American Airlines)
The US NSA get in early … and why not, codes, ciphers and puzzles are great and challenge the mind :)
See the Code Kids site.
The well respected Association of Shareware Professionals has changed its name – moved with the times – to the Association of Software Professionals.
We’re currently investigating Information Security Standards, some links for us to come back to …
A seemingly, so far, good ISO site with good community content, with a lot of free 27k tools
Try The Windows Club.
We haven’t looked at any or all of these yet.
Hello, and thanks for dropping by to our blog – we hope to keep your system safe and secure by providing advice on, and reviews of, desktop security software. Also we will be providing links and opinion on other security aspects we come across