Tuesday, December 25, 2012

How to Implement Reverse Proxy With Mod Security



This post is related to the project that i did with Mod_Security & Reverse Proxy , you can refer to this post that i already describe the details of "How To Install Mod_Security On Apache(Ubuntu 12.10) Step By Step Tutorial For Beginners".
In this post i will give the example configuration for the "reverse proxy" of the same project that i mention above:

First you need to run following command to install and enable the Reverse Proxy.
sudo a2enmod proxy proxy_http

Now you have to go to the following path for changing the configuration of the reverse proxy.
/etc/apache2/sites-available.

Change the content of file with following lines:

<VirtualHost *:80>
        ServerAdmin administrator@myexample.net
        ServerAlias www.myexample.net
        ServerName myexample.net

        ErrorLog /var/log/apache2/example-error.log

        LogLevel info
        CustomLog /var/log/apache2/example-access.log combined
         
        ProxyPreserveHost On
        ProxyRequests off
        # Allow from everywhere
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
       # Send all requests to port 1122
ProxyPass /audit !
        ProxyPass / http://10.10.150.4:80/
        ProxyPassReverse / http://10.10.150.4:80/
</VirtualHost>

This configuration will get any request on port 80 and forward them on http://10.10.150.4:80. And as  we had a php script inside this machine and we need to open that from this machine not the destination machine so we need to make a exception for that directory. "ProxyPass /audit !" will stop reverse proxy to forward requests related to /audit/ directory to the destination machine and will run it from the current machine!

Now by running the following command restart the Apache to changes take effect:
sudo service apache2 restart

And this is the video of this project that i describes the details about how this project works.
http://www.youtube.com/watch?v=o3-KDD7TSrA

Monday, December 10, 2012

An Easy Way To Learn AES Cryptography Algorithm


Today I want to write about AES cryptography algorithm also known as "Rijndael". AES stands for Advanced Encryption Standard and its developed by U.S. National Institute of Standards (NIST) in 2001
The first following video will clearly shows how AES algorithm works, 

video

In my point of view the hardest part is the Mix Column part, here i will give you more detailed information to how to solve this part.

For example if you have this two table (on the left and center) and want to calculate the result (on the right):

63
C0
FE
9C
.



 *

02
03
01
01
01
02
03
01
01
01
02
03
03
01
01
02



 =

FF
7D
FB
B8
S’0,c = ({02}.63) ({03}.C0) FE 9C
S’1,c = 63
({02}.C0) ({03}.FE) 9C 
S’2,c = 63 C0 ({02}.FE) ({03}.9C) 
S’3,c = ({03}.63) C0 FE ({02}.9C)

so basically for calculation of S'0,c we need to do four multiplies :
  1. one multiply by 2
  2. one multiply by 1
  3. one multiply by 1
  4. one multiply by 3
before starting describing the details i suggest you to use windows calculator for your calculation, after running the calculator go to "View" menu and choose "Programmer". It will help you to get hexadecimal or binary or calculating the xor and left shift!


  • For those that are multiply by 1 you just need to leave them alone! (for example in S'0,c calculation you just leave FE  or  9C )
  • For calculating those that are multiplied by 2 you need to do the following (example ({02}.63)):
  1. convert it to binarey (for example   63 = 1100011 ) 
  2. in case the result is less than 8bits like above example add 0 bits on the left side until it become 8bits 01100011.
  3. now do one left shif on 01100011 so the result will be 11000110 ( all the times a zero will come in from right side)
  4. If in previous stage you lost a "zero" from left just skip this stage but if you lose a "one" from left side you have to xor the result from stage3 to 00011011 (this is a fixed number! and not related to this example . So again if you lost a 1 on left shift you have to XOR the result of left shift with 00011011 
        *** as we miss a zero in left shift in our example so we don't need to perform the last stage and the result of above example is  11000110


  •  For calculating those that are multiplied by 3 you need to do the following (example  ({03}.C0) ):
  1. its the same as calculation for multiply by two but has a small stage at the end  and that stage is you have to XOR the result with the original value binary.
    example: ({03}.C0)
    C0=11000000   (original value in bin)
    11000000 <<   =  1000 0000   ( we do a left shift  and we lost a 1 from left side)

    10000000 ⊕ 00011011 = 10011011   (now we will xor with fix number of 00011011 because in previous stage it lost a 1 on the left)
    10011011 ⊕ 1100 0000 =  01011011  ( now we xor the result with the original value that we had at the first)
    so final result is  01011011


now we need to XOR the result of multiplications...

FE= 11111110
9C= 10011100
1100 0110 ⊕ 0101 1011 ⊕ 1111 1110 ⊕ 1001 1100 = 1111 1111 = FF

and below is another example:



And later if you want to double check you results you can check the AES algorithm results in any round by following tool(round 1, round2 , ... round10), This program will ask for a state of key and state of plain text and in result it will calculate the result in all rounds and show in the charts.
Click here to Download the tool

Sunday, November 25, 2012

How To Enable root (SuperUser) In Ubuntu 12


If you are a new linux user , you might wonder why sometimes linux don't let you to something in the GUI mode or in the terminal. This feature is for higher security and you need to login as "Super User" to run those specific command. The easiest way is to put "sudo" before any command you want to run then it will ask for your password and run the command. But what if you like to do something as SuperUser in GUI?? for this purpose you need to login as "root".
root user is not enabled by default in Ubuntu and you cannot go to super user mode by running "su" command.Before enabling "super user mode" if you run "su" you will see this error message "su: Authentication failure".

Warning: by logining as root you might put your computer at risk and enabling root is not recommended.

Enabling SuperUser account password:
First you need to choose a password for your root account. run below command, then it will ask for a password for root user and verify password.

server@ubuntu:~$ sudo passwd root
[sudo] password for server:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
server@ubuntu:~$


Now you can go to SuperUser mode by running "su" command.

suserver@ubuntu:~$ su

Password: 
root@ubuntu:/home/server# 



Disabling SuperUser account password:

If you decided to disable root user just run the following command in the terminal.

suserver@ubuntu:~$ sudo passwd -l root



Enabling root Login in GUI welcome page:

Now if you decided to login to Ubuntu GUI mode by root user , you need to enable "LOGIN" section in the welcome page of Ubuntu. We assume you already enabled the superuser from above tips.
run following command in the terminal:

sudo sh -c 'echo "greeter-show-manual-login=true" >> /etc/lightdm/lightdm.conf'

now restart your computer , after your computer bootup you have to see something similar to following image, in this section click on Login and enter root as username and press enter now enter your superuser password.


Tuesday, November 13, 2012

How To Install Mod_Security On Apache(Ubuntu 12.10) Step By Step Tutorial For Beginners



ModSecurity is an opensource web application firewall. It is an Apache module that helps to provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing hardware infrastructure. The main engine of this application use regular expressions and set of rules to detect and block common web exploits.
High percentage of all web attacks happens in web application level, for example if you install a opensource application (like Phpnuke,phpbb, joomla &...) anytime soon might hackers find new vulnerability in that specific CMS and if you don't update your CMS on time your site might become victim of these hackers.By using Mod_Security it's possible to detect and block most of these common security attacks.

I had many problems as a beginner to install mod_security so after reading a lot of articles and documents and successfully implemented the mod_security decided to make this step by step tutorial for beginners.
All steps in this article are tested on a fresh install of Ubuntu desktop 12.04 and worked successfully.
_____________________________________________________________________

In this tutorial I'm going to teach you how to install mod_security on Apache web server and do a basic configuration to start it up and finally test it.

Requirements:
Ubuntu Desktop/Server ver: 12.04 or higher.

We assumed you don't have Apache installed. if you have Apache installed and configured skip to step 2.

Saturday, November 3, 2012

A Good Tool For Breaking Monoalphabetic Substitution Cipher



In Cryptography Substitution cipher is a method of encryption by which units of plaintext are replaced with ciphertext, according to a regular system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution. A monoalphabetic cipher uses fixed substitution over the entire message.

Now if you got a monoalphabetic cipher , you can break the cipher by doing some cryptanalysis. The most common way is to use frequency analysis to check the most repeated letter and compare it with the frequency analysis table to see its equal to which letter in English language. Frequency analysis table is a table of letters that shows what is the percentage of usage of each letter in English language. by repeating this method you can break the cipher.
Another way is to do brute force attack that it might took long time to broke the cipher if you don't have access to parallel computing facilities or powerful clusters.

Or you can use "Secret Code Breaker-Monoalphabetic Substitution Solver". 
download it from: http://www.secretcodebreaker.com/SCBSolvr.zip This tool use a random key to decrypt the cipher and try again by changing  1 letter of the key then it compare the result with the old result to see which one is the better one!  You might ask yourself how this tool can understand if it find the right word or not, for this problem it use a internal dictionary that it contain 52,483 word entries; each time it find two possibilities or more , it will refer to the list of word to see which one is more accurate. 

Saturday, October 27, 2012

Caesar Cipher Cryptography Technique & My Caesar Cipher Enc/Dec Script In PHP


Caesar cipher
is one of the simplest and most widely known encryption techniques.It is a type of substitution cipher in which each letter in the plain text is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B would become E, and so on. The method is named after Julius Caesar, who used it in his private correspondence.As with all single alphabet substitution ciphers, the Caesar cipher is easily broken and in modern practice offers essentially no communication security.

Example:
The transformation can be represented by aligning two alphabets; the cipher alphabet is the plain alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using a left rotation of three places (the shift parameter, here 3, is used as the key):
Plain:    ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher:   DEFGHIJKLMNOPQRSTUVWXYZABC

When encrypting, a person looks up each letter of the message in the "plain" line and writes down the corresponding letter in the "cipher" line. Deciphering is done in reverse.
Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ
Plaintext:  the quick brown fox jumps over the lazy dog

I wrote 3 scripts in separated pages that will help beginners to do the CaesarCipher Encryption/Decryption/Breaking:

Caesar-Cipher-Encrypt.php
Caesar-Cipher-Decrypt.php
Caesar-Cipher-Breaking.php
you can download the zip file from:
https://docs.google.com/open?id=0B7tlKidWnTtWR01kTmpCc2dFRGc
for downloading the whole zip file, when the page loaded completely press "Ctrl + S" , otherwise it will show you  the files.

Thursday, October 25, 2012

Top 25 Worse Password Of 2012



Based on a research of Splashdata who collected millions of stolen passwords posted online by hackers in 2012 and put them in order of popularity, these are the top 25 worse and predictable passwords of 2012. the info in the parentheses are comparison of the position of the password in compare to the last year ranking .
1. password (unchanged)
2. 123456 (unchanged)
3. 12345678 (unchanged)
4. abc123 (up 1)
5. qwerty (down 1)
6. monkey (unchanged)
7. letmein (up 1)
8. dragon (up 2)
9. 111111 (up 3)
10. baseball (up 1)
11. iloveyou (up 2)
12. trustno1 (down 3)
13. 1234567 (down 6)
14. sunshine (up 1)
15. master (down 1)
16. 123123 (up 4)
17. welcome (new)
18. shadow (up 1)
19. ashley (down 3)
20. football (up 5)
21. jesus (new)
22. michael (up 2)
23. ninja (new)
24. mustang (new)
25. password1 (new)

These kind of passwords are really easy to brute force or even guess by a hacker and using them  will lead to reduce level of your account security almost to zero! Based on this study yet high amount of computer users don't care about their password strength.

Saturday, October 20, 2012

Music Piracy Before Computers


The World According To Apple Maps


What is Botnet and how it works?

Image credit goes to Tom-b from wikipedia.

Before , I putted an article about Botnet here. But I submit a paper which I use part of this article inside that. For making sure about the plagiarism software I took out the article from here! But now I'm going to describe the Botnet in an easy way.

Basically Botnet is the term used for a group of infected computers with a malware named Bot. Bot derived from "robot" as Bots work automatically and act based on the commands of the owner.
When we speak about botnet we don't mean a network of few computer but we mean million of million computers spread around the globe. This type of malware (Bot) , designed in a way that after infecting the victim machine try to communicate with a command and controll server (C&C) which later attacker do the updates and attacks from that command and control center.

Infected computers also known as Zombie , always listening to the Command and control channel and waiting for new instruction. The botnet owner known as Botmaster which can change the setting of the bots or add new feature to them.

Botnets spread around with different methods such as social engineering, Trojans and they are also able to spread them self through the victim. For instance the bot send itself with a message to email list of the victim and due to the trust between victim and third party the chances that the third party open it is very high.

Botnets give different abilities to the botmaster which most of them used in aim of financial gain and criminal activities such as:

  1. Launching DDoS attacks  : The attacker rent the botnet to a third party instead of specific amount of money to do DDoS attack against a target address. Distributed Denial of Service (DDoS) attack is a type of attack which by doing a lot of request to a website or IP consume all of server or network resources which result in unavailability of service to legitimate users of that website. Availability is one of key concept of security which can be voided by DDoS attacks.
  2. Spamming :  Emails are equipped with spam filter which block the sender IP address. However if the spam sent from different addresses it can successfully bypass the spam filter.The botmaster will send spam behalf of a third party for advertising purposes by using all of his bot nodes.
  3. Sniffing : The bot can act as a sniffer program and sniff and record all of the victim network activities and send back to the attacker.
  4. Keylogging : The bot also can record victim keystroke and even filter them for specific fields like username and passwords.
  5. Spreading : The bot can send itself to other computers via emails, messaging applications and removable medias.
  6. Identity Theft : Attacker can make fake Identity cards based on information that he collected sooner or even can sell all these information in mass amount to criminals for the same purpose or spamming.
  7. Sharing illegal files: The botmaster can store and share illegal files such as cracked software and copyright material which in case the host got caught the owner of computer is responsible.
  8. Click jacking : Botmaster might rent the botnet to a second party which have a website with an advertise. Advertisers have kind of service named Pay Per Click (PPC) which do the payment to website owner for each unique click. The botnet can be used to click on these advertise and due to that fact each computer has its own IP so it seems legitimate and produce high revenue for the website owner.
  9. Changing online polls: The botnet might be hired by a third party to change the result of an online voting. Due to that fact in online polling systems each person with a unique IP only can vote once. A malicious entity might hire a botnet to change the result of voting by making fake votes from all bots.







Copyright Notice: This article is brought to you by root25.com . Feel free to use this article but please provide root25.com & Amir Sadeghian(i@root25.com) in your references list.Thank You.

Thursday, October 18, 2012

Android 4.1.2 Jelly Bean update for Galaxy Nexus & Nexus S


Android JellyBean 4.1.2 update is now available for Galaxy Nexus and Nexus S from OTA (Over The Air) .  

For updating your nexus you need a stable wifi connection and your battery charge level should be more than average , because after the phone download the update it will rebot to unpack and install all package and it will take times and need battery or charger connected!
For updating your nexus you just need to goto "System Setting > About Phone > System Updates > Check now"

Tuesday, October 16, 2012

How To Force Android To Download Latest Update By OTA





As Google release many updates for Android devices regularly and it took time that these updates will be available in all regions from Wireless Internet Carriers, some users have to wait long time to updates will be available in their regions. Until now for checking any available system updates you have to go to "System Setting > About Phone > System Updates" to see if there is any new update available for you or not?!

Now with this new method you can force your Android device to update the latest system update.
  1. First Go to "System Setting > App".
  2. Switch to "All" tab.
  3. Find "Google Services Framework".
  4. Open it and click on "Clear Data" button.
  5. Click on "Force Stop" button.
  6. Now go to "System Setting > About Phone > System Updates" , probably it should show a old date now you can update your device to latest system update.

credits goes to Amir Zarei

Monday, October 15, 2012

10 Facts About The Flame Malware


Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is being used for targeted cyber espionage in Middle Eastern countries.
Its discovery was announced on 28 May 2012 by MAHER Center of Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab of the Budapest University of Technology and Economics. The last of these stated in its report that it "is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found."

Based on F-Secure Threat report for (H1 2012) Here are 10 interesting facts about Flame:

  1. Flame has a keylogger and screengrabber.
  2. Flame has built-in SSH,SSL and LUA libraries.
  3. Flame searches for all Office documents, PDF files, Autodesk files and text files on the local drives and on the network drives. Since there would easily be too much information to steal, it uses IFilters to extract text excerpts from the documents. These are stored in a local SQLite database and sent to the malware operators. This way they can instruct the malware to hone in on the really interesting material.
  4. Flame can turn on the microphone of the infected computer to record discussions spoken near the machine. These discussions are saved as audio files and sent back to the malware operators.
  5. Flame searches the infected computer and the network for the image files taken with digital cameras. it extract the GPS location from these images and sends it back to the malware operators.
  6. Flame checks if there are any mobile phones paired with the infected computer via Bluetooth. If so, it connects to the phone and sends it to the malware operators.
  7. The stolen info is sent out by infecting USB sticks that are used in an unfected machine and copying and encrypted SQLite database to the sticks, to be sent when they are used outside of the closed environment.This way data can be exfiltrated  even from a high-security environment with no network connectivity.
  8. Flame creates a local proxy which it uses to intercept traffic to Microsoft update and drop a fake update onto the machine. This is used to spread Flame to other machines in a local area network. The fake update was signed with a certificate linking up to Microsoft root, as the attackers found a way to repurpose Microsoft Terminal Server license certificates. Even this wasn't enough to spoof newer Windows versions, so they did some cutting-edge cryptographic research and came up with a completely new way to create hash collisions, enabling them to spoof the certificate. They still needed a supercomputer though. And they've been doing this silently since 2010.
  9. When Flame was finally busted, the attackers got busy destroying all evidence and actively removing the infections from the affected machines.
  10. Latest research proves that Flame is indeed linked to Stuxnet. And just one week after Flame was discovered, US Government admitted that they had developed Stuxnet together with the Israeili Armed Forces.

Sunday, October 14, 2012

IE: Make me your default web browser "Please"


A Review on Microsoft Project 2010


Microsoft Project (MSP, MSOP or WinProj) is a project management software program, developed and sold by Microsoft, which is designed to assist a project manager in developing a plan, assigning resources to tasks, tracking progress, managing the budget, and analyzing workloads.
When Microsoft first released MS Project on the windows platform in 1987, their projections for market share were probably underestimated compared with the success they had. MS Project Standard and Professional have a significant share of the desktop scheduling market even with some highly capable competitors promising stiff competition.

The Microsoft server based product suite has not achieved the same level of market penetration as their desktop offering and their PPM Solution has been out competed by other product sets such as Primavera, HP-PPM and Clarity in many larger corporate environments. This is due in part to the earlier server based products having no real portfolio capability. Prior to the 2007 release Microsoft acquired UMT’s Portfolio Management Software and integrated it loosely into the 2007 offering. This however had little uptake and still left the Microsoft suite far behind its competitors in portfolio capability.
Microsoft’s 2010 release promises much, and current talk suggests the latest product will go a long way to challenging Primavera, HP-PPM and Clarity in some of the larger corporate environments they have missed out on to date.
Microsoft Word 2010 is a similar product to past Microsoft Project releases; this version includes updates to both the desktop products and the server.
The desktop products continue to be offered as a two tier stack with the option of the Standard version and the Professional version. As per previous releases the Professional version offers enhanced features in comparison to the standard version and enables connectivity with the server product suite and also directly with SharePoint.
The core in this article will be the Microsoft Project Professional.

Changes from Previous Versions
Project 2010 offers some changes to both desktop users and server users. The following is a quick summary of key changes of each product set.
Project Professional edition offers the following key changes / enhancements:
  • Top Navigation Ribbon that is reflective of other MS Office products (Word, Excel, PowerPoint)
  • New Timeline representation of the schedule. Can provide a handy snapshot of the schedule.
  • Team Planner – Resource Management function allowing drag and drop resource allocation and timing. Supports resource leveling but needs to be used very carefully
  • Excel based data entry – more flexibility in entry of plan / schedule information but reduces data validation.
  •  Manual / Auto Scheduling – When set to manual schedule it allows tasks to be scheduled by the operator regardless of logic conflicts, etc. This is possibly the most controversial change for past users of Project.
  • Sync to SharePoint – allows a direct synchronization between Project Professional and SharePoint for schedule information. This results in a fairly basic representation of the schedule within a SharePoint site.

The release of Project Standard and Professional editions will have only a minor impact on businesses and users of the product. It is unlikely current users of the equivalent 2007 products will scramble to update their products since the difference in functionality is moderate. Power Users will require a few hours or days to adjust to the new navigation ribbon and probably won’t enjoy it initially. While the ribbon may improve productivity in the long run, (according to Microsoft), initially it will slow down users familiar with the current navigation.
The timeline view can provide a simple and flexible visual representation of the schedule. This will save time and effort for those users who have been exporting projects data to Visio to produce a timeline view.
Power users will most likely set their installation to Auto Scheduling and avoid the challenges Manual Scheduling may bring to reliability of the schedule dates and float calculations. Intermediate and beginner users of the desktop products will possibly be challenged by manual scheduling. An unreliable schedule may result if manual scheduling is supported beyond initial high level planning stages and the user lacks the experience to identify and resolve planning conflicts. PMO’s may find this feature undermines attempts to improve Scheduling Standards.
The team planner view and function will aid project resource leveling. However, users will need to be careful to ensure reassignment of a resource doesn’t also result in realignment of dates. While drag and drop seems great, it does have its dangers.
With the exception of the value of a timeline view to aid communications, Project Standard and Professional offer schedulers and their organization little tangible benefit over current versions.

Conclusion
Microsoft Project and Project Server 2010 appear to be a solid product family that will have an impact on the EPM/PPM marketplace. As a result of increased capability, we expect to see Microsoft EPM erode some of the market that has traditionally gone to the likes of Primavera, Clarity and HPPPM. This may also result in lower maturity organizations engaging more readily with other SharePoint based solutions.
This release will offer organizations an opportunity to formalize and improve their Portfolio Management model and deliver portfolio planning and control more efficiently and effectively. This should result in significant benefits for organizations that do it well.
The new features of Microsoft Project 2010 desktop will make developing and managing a project more intuitive for Project Managers new to the tool, and will provide many new tools that will enhance the experience for existing Project Managers.

Tuesday, October 9, 2012

Introducing Google Glass Project


Project Glass is a research and development program by Google to develop an augmented reality head-mounted display (HMD). The intended purpose of Project Glass products would be the hands-free displaying of information currently available to most smartphone users,and allowing for interaction with the Internet via natural language voice commands.The functionality and physical appearance (minimalist design of the aluminum strip with 2 nose pads) has been compared to Steve Mann's EyeTap.The operating system software used in the glass will be Google's Android.


Wednesday, October 3, 2012

iPhone 5 Banned Commercial


Iphone 5 Banned Commercial

Search by Image in Google


Sooner i posted an article about doing reverse image searching , but  today i want to introduce a new service from Google that started at October 2011 and it will give you the similar and maybe more powerful features. This service named "Search By Image " .
Its very easy to use, for example you have a picture of something or somebody and you need to find out where was the source of this picture or you need more information about that picture, you just need to go to Google.com and then switch to Image Section and just drag the image from your computer to your browser page and drop it there... it will start upload your image on Google and it will look for similar pictures and more description and information about it for you.
If you don't want to use the drag and drop feature, you can go to image section of Google and click on the camera icon inside the search box then it will let you to upload your image for reverse image search.
This service also have Add-ons for Firefox and Chrome , that will help you to do the search by image only by doing a right click everywhere on the web on any images!

Search by Image Add-on for Mozilla Firefox
Search by Image Add-on for Google Chrome


Social Networks Sharing