SecurityHunk

Google Apps has indeed added a bit of ease to most of the people those who are on move,they can access there favourite google service from anywhere any time if they have access to internet.Suppose the device from where they are accessing the Google Apps account get stolen then the person possessing the device can open their account using the session cookies present in the browser without even knowing the authentication credentials(username & password).

Google really thinks about its user's security so,it has added a feature to reset the session sign-in cookies for a
particular user and that user needs new authentication to sign-in.


Step 1.
Login(As Administrator) in to the control panel of your Google Apps account and reach the dashboard as shown below.The control panel can be accessed from the link below.
( http://www.google.com/a/your-domain_name.com )

Step 2.
To avail this feature you need to have the "Next generation control panel".To do this follow the instructions shown in the image below.
Step 3.
Now click on the "Organisation and users" tab and click on the desired username for whom you want to reset the sign-in cookies as shown in the image below.
Step 4.
Now "User information" open up and you can see the "Reset sign-in cookies" option in the password section.Just click on it then the user has to re-authenticate again when they start a new browser session.

To remote wipe a mobile device visit here.

In one of my last post I wrote about "Firesheep Tutorial" which can be used to get control of user's session.Here in this tutorial I will discuss about a firefox addon called "Blacksheep" that can detect firesheep in the network.So lets start...

What is a Blacksheep?

It is a firefox addon that detects firesheep in an open or public wifi network.The credit goes to Zscaler  for bringing it out.It is made by using the source code of firesheep and taking into consideration the working of the same.


How it works?

As I explained in my post on firesheep that it traps the cookies of the user's session and uses the same to login to the listed websites.Here what the blacksheep does is that it has got the list of the same website in it so when it is the network it generates fake cookies of those sites listed in firesheep in every 5 minutes(you can change it)and if in case someone is using firesheep and traps the same fake cookie(of blacksheep) then blacksheep gives an alert with the IpAddress of the attacker system.It actually exploits the weakness of firesheep of not able to differentiate between fake cookies(of blacksheep) and the original(generated during user session).

 Note:Blacksheep wont protect session hijacking through firesheep rather will give an alert of its(firesheep) use in the network.

How to use it?

Warning: If "firesheep" is installed the same browser then disable it before using blacksheep.Because since firesheep also traps the cookie of the mother browser so the blacksheep may pop an alert with your own IpAddress.

Requirements:

1.Winpcap (Download)

2.Blacksheep Addon (Install)

3.Windows XP or later version (OS for this tutorial)

4.Firefox 3.5 or newer(32-bit)

5.Public or open WiFi (Suspecting Firesheep)


Configuration:

Step 1.Having set with all the requirements open up firefox.

Step 2.Disable firesheep if you have installed it as shown below.

Step 3.Follow the path Tools-->Add-ons in the top menu.

Step 4.Search for blacksheep in the add-ons list and click on options and change to your desired interval as shown below.
Working:

Here is the video from Zscaler on the working of blacksheep hope you will like it.




Credit : http://research.zscaler.com/

Recently Eric butler at Toorcon12 exposed and demonstrated the session hijacking problem (aka sidejacking) with the help of a selfmade addon of firefox called "Firesheep".Using this method the attacker can control the account of the victim even knowing the password .This tool can also be used to hack facebook account
,twitter etc.Today in this post I will discuss how this is carried out and the countermeasures needed to avoid this problem.So lets start....

I recommend readers if they abide by the blog's Disclaimer then they can proceed reading this post otherwise leave this page immediately.

What is Http Session hijacking(aka Sidejacking)?

In session hijacking an attacker hijacks(or controls) the user's session after the user has successfully logined or authenticated with the desired server.Here in this post the addon "firesheep" works like a sniffer and captures the cookies of the user on the same wireless network used to authenticate to few predefined webpages in the addon.This problem still persits in https websites also because it only encrypt the login of the users but after the rest of the session is left unencrypted.


Requirements:

1.Public Wifi access.

2.Winpcap (Download)

3.Firesheep (Download)

Procedure:

1.Download the "firesheep" from the above link and using the "openwith" option open it in Firefox.

2.Having installed it,restart the browser and follow the instruction in the image below.

3.Now you can see the firesheep has opened up in the sidebar then follow the instructions in the image below.

4.Then click on the "Start capturing" button at the top.Before doing this make sure that you are connect to an open wifi network say your college or campus wifi.

5.After doing that wait for few seconds and you will see the result will start appearing in the sidebar as shown below.Click on any result and the pre authenticated session will open in your browser.

So the users using public wifi like in airport or accessing internet in coffee shop need to be careful.Follow the below countermeasures

Countermeasures:

1.Https is not the solution to this problem rather you can use VPN to access public wifi.There are few paid services also look out in google.

2.You can also setup your own server using Cygwin and use the SSH client putty to use it and configure your browser to use socks proxy.Then access the desired website.
 

Nowadays email have become very essential in bussiness transaction,sharing vital info and keeping contacts.So,when an email account get hacked or compromised it become complete nightmare on part of the innocent user to recover it back.Today i have come up with this article to let you all know about common email hacking methods that can be employed.If a person know in what way he/she can be fooled or can be put in a trap before hand then he/she can adapt some preventive measures to overcome it and in that way can omit or avoid that attack.A very important thing i want to let you all know that email account cannot be hacked solely by the attacker but in some way or other the attacker needs the help of the user,the sense of the word "help" means the user has to do some fault or unknowingly do some mistake like click on some link sent by the attacker.
So let start with common email hacking methods:

Learn how to Hack a Facebook Account One of the most successful Social engineering method of email hacking which employs spoof web pages or fake web pages inorder to fool the legitimate user.The attacker create pages which look excatly like the real one so, the user is fooled and login into it and in that process gives away his/her password to the attacker.
(See the complete procedure)

PREVENTION:
-Always type the complete url of the intended webpage fo login.
 -Use Anti-virus which has web browser integration facility to combat phishing like Bitdefender,Kaspersky.
-Never click a link in an email before verifing its authenticity.

2.RATS:
It is called the "Remote Administration Tools".It is a bit difficult process compared to phishing and its rate of success is also less.Nowadays one can find these tools installed hidden in the cybercafe so whenever you logging to your email account in a cybercafe do it at your own risk.These RATS can also be named as "password stealers".
 Learn how to do this with ease.

PREVENTION:
-Avoid using email account in cybercafe and follow the security tips I mentioned.
-Never save your password in the web browser or click the remember password option.
-Use an updated Anti-Virus if possible an internet security package.

3.KEYLOGGING:The attacker deploy a software or hardware keylogger and monitor all the keystrokes of the user.The software keylogger is binded with many torrent files and online downloads.
(See the complete procedure)

PREVENTION:
-Scan the file with "Dr.Web link checker" before downloading.
-Scan the file with online multiple anti-virus engine ie. www.novirusthanks.org
-One can use anti-keyloggers like ZEMANA,KEYSCRAMBLER etc

4.SOCIAL ENGINEERING:
"Forgot password attack" is a form of social engineering,here the attacker tries to guess the security question of the email account and in that way reset the password and put his/her own password and login into the account.Here the attacker tries to compromise the account by penetrating the human intelligence.Social engineering was popularize by hacker turned consultant KEVIN MITNICK.

PREVENTION:
-Always give a very personal and difficult security question.
-Always give a secondary email address in the email account.
-Never leak out your personal and private details to any stranger or a person you do not trust.

5.SIDEJACKING:
An attacker can use this method to access the user's account without even knowing the password.Here the attacker can capture the seesion cookies to login to the account.Recently the addon of firefox called Firesheep was on news for this type of attack and we posted a tutorial on it.

PREVENTION:
-SSH tunneling is a very good option to avoid this type of attack.
-Use a VPN when access internet from a public wifi hot spot.
-It is recommended not to access personal accounts through public wifi.

6.FROM THE MAIL SERVER:
This is a method where the attacker need to be very professional and he/she doesnot need the help of the user to crack into the account,the attacker penetrates the google server and retrieves the password for the corresponding username.