hakin9_01_2008(1).pdf

(11896 KB) Pobierz
388682965 UNPDF
~ t q w ~
388682965.030.png
~ t q w ~
388682965.031.png
~ t q w ~
388682965.032.png
hakin9
Happy Leap Year 2008
We wish you all the best for the New Year. We hope it will
be better than the last in every way and that it will bring only
happiness to you and your family. hakin9's team wishes
happy birthday to those born on February 29th.
hakin9 is over a year old now! We have not only managed
to gain the trust of many professional, experienced, and dis-
tinguished readers and authors, but we are growing. Today,
hakin9 can be found in all English-spoken countries.
The New Year will bring many interesting hacking tech-
niques and IT Security issues that are currently unknown to us,
therefore we will have plenty to research and to write about.
Please remember that hakin9 is an 84-page magazine, so we
are always on the lookout for advanced, practical articles. Do
not hesitate, do not be shy, do not doubt your own capabilities
– let me know what you wish to write about and let's go for it!
The hakin9 team is encouraging all of our readers to
improve their knowledge and skills – it is never too late to
learn. The latest research shows that more mature (or to put it
more straight forwardly – older) people learn as effectively as
youngsters. Adults have developed more rational and logical
learning abilities. Therefore, they do not necessarily compre-
hend the new stuff slower than younger people.
Knowing that – do not stop learning. hakin9 was originally
designed to be an advanced-level resource for professionals
and at the same time an entertaining look into the world of
hacking. It is a dificult goal to achieve, but apparently we
are doing exceedingly well in accomplishing this. Apart from
reading hakin9 to improve your IT Security knowledge, we
encourage you to attend some of the security conferences
that will take place in 2008, such as:
In brief
06
Section hosted by Zinho & www.hackerscenter.com team
Selection of news from the IT security world.
CD Contents
08
Magdalena Błaszczyk
What's new on the latest hakin9.live CD – Dr.Web
antispam, Dtweak, SystemSafety Monitor and a great
toutorials by Mr Lou Lombardy and Stephen Argent.
Tools
Axence nVision 3.2 Professional 12
John Vaughan
Axence nVision v3.2 Professional monitors TCP/IP
services, applications, Windows computers, switches
and routers and notiies you of any problems.
Basics
Snifing SSL/TLS Connections
Through Fake Certiicate Injection 14
Michele Orrú
The article presents how to exploit the weakness of
SSL/TLS and how to decrypt secure HTTPS session
dump.
Attack
• Austrasian Internet Security Conference – late January
2008, Wollongong
• IIP Sec 2008 – late January, UK
• Black Hat DC – February 2008, Washington DC
• Black Hat Europe – March 2008, Amsterdam
• The Second Annual Computer Security Conference
– April 2008, Myrtle Beach, SC
• Security Professionals Conference – May 2008, Virginia
• Black Hat USA – August 2008, Las Vegas
Rogue Binaries –
How to Own the Software 20
Dawid Gołuński
The article presents how the software can be modi-
ied in order to perform extra activities.
Wireless Vulnerabilities and
Cracking with the Aircrack Suite 30
In this edition of the hakin9 magazine, you will ind a number
of very practical articles covering attack techniques (Remote
& Local ile inclusion, Snifing SSL/TLS connections Binary
modiication and more), a great paper on a defence-related
topic, a CD with commercial applications and a nice video
tutorial showing step-by-step how to implement and access
the Metasploit database. We also have and interview with
Eugene Kaspersky and the true story of Gary McGraw.
I would like to announce that Software Media, hakin9's pub-
lisher, is going to introduce a new magazine in 2008. It will be
targeted at Large Scale programmers and companies dealing
with large software development projects. If you have any sug-
gestions or you know people willing to contribute – contact us.
Again – Happy New Year!
Stephen Argent
This article shows what WEP and WPA are and how
the Aircrack program works. You will also learn how
to run a WEP crack and WPA dictionary attack.
Remote and Local File Inclusion
Explained
42
Gordon Johnson
The article presents what remote ile inclusion and
local ile inclusion are and how to execute them.
Blind Attack Against the
Path-MTU Discovery Mechanism 48
Magdalena Błaszczyk
magdalena.blaszczyk@hakin9.org
Fernando Gont
This article provides you with the information on how the
Path-MTU Discovery mechanism works and on how to
perform a blind performance-degrading attack .
4
hakin9 1/2008
www.hakin9.org/en
~ t q w ~
388682965.033.png 388682965.001.png 388682965.002.png
 
 
 
388682965.003.png 388682965.004.png 388682965.005.png 388682965.006.png 388682965.007.png
 
 
388682965.008.png 388682965.009.png 388682965.010.png 388682965.011.png 388682965.012.png 388682965.013.png 388682965.014.png
Hard Core IT Security Magazine
Defence
Editor in Chief: Ewa Dudzic ewa.dudzic@software.com.pl
Executive Editor: Magdalena Błaszczyk magdalena.blaszczyk@hakin9.org
Editorial Advisory Board: Matt Jonkman, Clement Dupuis,
Jay Ranade, Terron Williams, Steve Lape
Assistants: Monika Drygulska monika.drygulska@hakin9.org,
DTP Director: Sławomir Zadrożny slawomir.zadrozny@ software.com.pl
Prepress technician: Robert Zadrożny robert.zadrozny@software.com.pl
Ireneusz Pogroszewski ireneusz.pogroszewski@software.com.pl
Art Director: Agnieszka Marchocka
agnieszka.marchocka@software.com.pl
CD: Rafał Kwaśny rafal.kwasny@gmail.com
Proofreaders: Jonathan Edwards, Steve Lape, Neil „Pyro” Smith
Top betatesters: Joshua Morin, Michele Orru, Clint Garrison, Shon
Robinson, Brandon Dixon, Justin Seitz, Donald Iverson, Matthew Sabin,
Will Dowling, Stephen Argent, Aidan Carty, Chris Gates, Rodrigo Rubira
Branco, Pedro E., Jesus Oquendo, Jason Carpenter,
Jim Halfpenny, Michael Ortega.
Secure Dual-Master Database
Replication with MySQL 58
Thomas Hackner
This paper is focused on coniguring SSL encrypted
dual-master replication with MySQL. You will also
learn how to restrict replication on column level with
MySQL.
The Bleeding Edge
Writing IPS Rules
– Part Three
68
Senior Consultant/Publisher: Paweł Marciniak pawel@software.com.pl
Production Director: Marta Kurpiewska
marta.kurpiewska@software.com.pl
Marketing Director: Ewa Dudzic ewa.dudzic@software.com.pl
Subscription: subscription@software.com.pl
Matthew Jonkman
It is a third part of Matthew's new column series on
writing IPS Rules.
Publisher: Software Media LLC
(on Software Publishing House licence www.software.com.pl/en )
1461 A First Avenue, # 360
New York, NY 10021-2209, USA
Tel: 001917 338 3631
www.hakin9.org/en
Consumers Test
We Help You To
Choose the Best Anti-spyware 70
Software LLC is looking for partners from all over the World. If you are
interested in cooperating with us,
please contact us by e-mail: cooperation@software.com.pl
Graham Hill, hakin9 team
Consumers tests on Anti-spywares. Our goal is to
help the readers make a right choice when choosing
and buying a program of this type.
Print: 101 Studio, Firma Tęgi
Printed in Poland
Distributed in the USA by: Source Interlink Fulfillment Division, 27500
Riverview Centre Boulevard, Suite 400, Bonita Springs, FL 34134
Tel: 239-949-4450.
Interview
Distributed in Australia by: Europress Distributors Pty Ltd, 3/123
McEvoy St Alexandria NSW Australia 2015, Ph: +61 2 9698 4922,
Fax: +61 2 96987675
Eugene Kaspersky
– a Living Legend of IT Security 74
Whilst every effort has been made to ensure the high quality of the magazine, the
editors make no warranty, express or implied, concerning the results of content usage.
hakin9 team
Interview with Eugene Kaspersky, a leading authority
in IT Security solutions and business.
All trade marks presented in the magazine were used only for informative purposes.
All rights to trade marks presented in the magazine are reserved by the companies
which own them.
Self Exposure
To create graphs and diagrams we used program by
company.
Self Exposure
by Dr. Gary McGraw
76
CDs included to the magazine were tested with AntiVirenKit by G DATA
Software Sp. z o.o
Monika Drygulska
Gary McGraw is CTO of Cigital and an author of
many IT Security publications. In this article he tells
hakin9 readers about his job, experiences and IT
security.
The editors use automatic DTP system
Mathematical formulas created by Design Science MathType™
ATTENTION!
Selling current or past issues of this magazine for prices that are different than
printed on the cover is – without permission of the publisher – harmful activity
and will result in judicial liability.
Books Review
80
hakin9 is also available in: Spain, Argentina, Portugal, France, Morocco,
Belgium, Luxembourg, Canada, Germany, Austria, Switzerland, Poland,
Czech, Slovakia
Brandon Dixon, Jesus Oquendo
The hakin9 magazine is published in 7 language versions:
EN PL ES CZ
IT FR DE
Upcoming
82
Monika Drygulska
Here we present topics that will be brought up in the
upcoming hakin9.
www.hakin9.org/en
DISCLAIMER!
The techniques described in our articles may only be used in private,
local networks. The editors hold no responsibility for misuse of the
presented techniques or consequent data loss.
hakin9 Nr 2/2006
~ t q w ~
5
 
 
388682965.015.png 388682965.016.png 388682965.017.png 388682965.018.png 388682965.019.png
 
388682965.020.png 388682965.021.png 388682965.022.png 388682965.023.png 388682965.024.png 388682965.025.png 388682965.026.png 388682965.027.png 388682965.028.png 388682965.029.png

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin