Honeypot

Why am I not surprised that they use Windows? Looks like their honeypot just backfired. Take a read from the article written by Asher Moses on the website taken from: http://www.smh.com.au/technology/security/hackers-break-into-police-computer-as-sting-backfires-20090818-eohc.html

—————————————–

Hackers break into police computer as sting backfires

Asher Moses August 18, 2009

An Australian Federal Police boast, on the ABC’s Four Corners program, about officers breaking up an underground hacker forum, has backfired after hackers broke into a federal police computer system. Security consultants say police appear to have been using the computer as a honeypot to collect information on members of the forum but the scheme came undone after the officers forgot to set a password. Last Wednesday, federal police officers in co-operation with Victoria Police executed a search warrant on premises in Brighton, Melbourne, connected to the administrator of an underground hacking forum, r00t-y0u.org, which had about 5000 members. Many details of the investigation were revealed for the first time on Four Corners last night. After the raid, the federal police covertly assumed control of the forum and began using it to gather evidence about members. “We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration,” Neil Gaughan, national manager of the federal police’s High Tech Crimes Operation, told Four Corners. However, what the federal police did not know was that hackers had already cottoned on to their plan. Police were monitoring the forum by logging into the account of the administrator they had raided, but this aroused suspicion among members who knew the raid had taken place. A hacker broke into the federal police’s computer system and, according to a source close to the investigation, accessed both police evidence and intelligence about federal police systems such as its IP addresses. A spokeswoman for the federal police confirmed that the hacker broke into a computer system used in its investigation but denied that any evidence was compromised, saying the computer was not connected to other federal police systems. “The AFP has identified a person whom [sic] has attempted to access the stand-alone computer system and we are currently working with our law enforcement partners regarding this matter,” the spokeswoman said. The hacker appears to have been provoked by a message published on the r00t-y0u.org site by the federal police, warning members they were under surveillance and that “all member IP addresses have been logged”, with some arrests having already been made. In two provocative messages published on anonymous document-sharing site pastebin.com, the hacker slammed the federal police for “making it sound like they can bust ‘hackers’, when all they have done is busted a COUPLE script kiddies”. “Script kiddies” is hacker parlance for novice hackers. The second of these messages contained several links to screenshots allegedly proving that the writer had access to the federal police’s server. These included shots of files containing fake IDs and stolen credit card numbers, as well as the federal police’s server information. The hacker then defaced the r00t-y0u.org website with the same message it had posted on the anonymous document-sharing site. The federal police spokeswoman said: “The information posted on the http://pastebin.com website is information contained on a stand-alone [federal police] system designed specifically to be used in investigations such as this. “The information consists of directory file names of previously compromised credentials. No information or files exist that have, or could have, been compromised.” The hacker wrote “I couldn’t stop laughing” on seeing that the federal police’s server was running Windows, which is known among hacker communities for being insecure. Police had also “left the MYSQL password blank”. “These dipshits are using an automatic digital forensics and incident response tool,” the hacker wrote. “All of this [hacking] had been done within 30-40 minutes. Could of been faster if I didn’t stop to laugh so much.” Shaon Diwakar, a security consultant at Hack Labs in Sydney, explained how the hack occurred. “The attacker has discovered that the server didn’t have a password for its database application and he has logged on … and, using a technique called SQL injection, he created a PHP file on the disk and browsed through that PHP file to get complete control of that particular server,” he said. Diwakar said the hacker would have had access to anything that was stored on the computer. “When they took this action they should have known that they would have been a big target, so they should have taken more precautions,” he said. The federal police said it had yet to charge anyone over the r00t-y0u.org forum bust, but “numerous items” were seized and the investigation was ongoing. It declined to comment further on the case.

Declaration

As a undergraduate student programmer to a blue collared worker trying to write an asp.net using c# for an automated online booking system for the logistics department, I need to declare something and throw it out there - The coding is never completely all me. Object orientation design allows reusing of code so by right I am reusing someone’s code that worked on some other system which works with my system! But that doesn’t totally mean that I need to copy the entire code. It’s like art… you cut and paste some of the pieces of the code and rename the variables to make it applicable to your own application. Is that not what programming is? I was googling (searching using http://www.google.com) about the topic of trying to redirect an asp.net page without using javascript and I came across an interesting blog owned and written by Anders Noras. Please excuse my stupidity in not knowing how to put the accents on the letters of the a to spell his name correctly. Quite an interesting read if you are in software design and like to read some of his work. The web link can be found on the right hand side … should be a whole section for computing soon if I haven’t gotten around doing it just yet :D. Those that don’t want to look through the mass … well then here is the website: http://andersnoras.com/blogs/anoras/

Macro Commands

In excel I guess it would be like a set of instructions that will be executed and is usually used to program repeated activities. So I thought hey I got to learn this Macro thing for Excel so I don’t keep typing the same old things over and over again thus now I will probably share with you what I learnt from Ted French at: http://spreadsheets.about.com/od/advancedexcel/ss/excel_macro.htm

The following is based from what I learnt on that particular website. Take note there are print screens from the website. You know what they say, a picture paints a thousand words so go check it out to have a better comprehension of where to find the buttons.

Macro for Excel 2003 uses the VBA editor and the macro recorder. As for the macro recorder, it can be found when you do following:
(Tools>Macros>Record New Macro)

You get this pop up box where you can fill in details so you have the “Macro name:” and then you have a drop down list for “Store macro in” and then a “Description:” box. Take note there are 3 choices one can choose for “Store macro in”.

1) New Workbook -> only accessible in the new excel file.
2) This Workbook -> only accessible in this file.
3) Personal Macro Workbook -> creates hidden file that stores the macros and accessible to ALL excel files.

So apparently as you click “Ok” it starts recording all the clicks and selections that you do and to stop you click on the blue filled square that pops up in a small window or you do the following:
(Tools>Macros>Stop Recording)

To run the saved macro that you just did you do the following:
(Tools>Macros>Macro)
Then select the one you want and click “Run”.

When Documentation Becomes a 200 Page Screen Shot

I hate writing a manual especially to an application program that I designed yet the programming prototype looks like nothing I had imagined it to be. The worse thing is because I was so desperate to get it to work I totally compromised my ideas into getting at least something workable but nothing close to my ideas. Mind you ASP.NET for these past 3 weeks has still got me lost at the introduction. Okay maybe I learned a few flashy things in Visual Studio 2005 but anybody could learn it by following Microsoft’s step by step guide… or you could have been like me and read a few paragraphs and tried to skip a few other paragraphs to the end to get the same output product. Even through I have made compromises of how my application flows, I still ended up with a 200 page report that I printed, binded and handed in having 75% of the report being screen shots of installation and documentation of how the program works. One can’t assume that the user will understand even though the writer may have thought it was logical sense. My brain is fried… how does one unfry it?

Chapter 1 Summary

• Computers – vital components of every network.
• TCP/IP is the protocol of the Internet.
• ping command tests connectivity.
• Software is an interface for the user to access the hardware.
• People who work with networks need to know how to troubleshoot PCs.
• NIC – network interface card is a circuit board that provides network communication capabilities to and from a PC.
• Bits – binary digits. 8 bits = 1 byte
• binary – 0s and 1s
• hexadecimal – 16 symbols 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F
• boolean logic – NOT, AND, OR
• IP addresses are 32 bit binary addresses used on the Internet.

Basic Masking Operations

• Masking operations provide a way to filter addresses.
• The addresses identify the devices on the network.
• Masking allows the addresses to be grouped or controlled by other network operations.

Subnetwork mask is used to see how IP address should be intrepreted. Identifies how many of bits are the computer’s network and hosts.

Network mask are the 1s from the left hand side of the mask (ie 11111111 . 11111111 . 00000000 . 00000000)
Items that are 0s identify the computer host on that network.

Going back to basics of looking at subnet masks of looking at it in binary to decimal format:

Ex1
11111111 . 00000000 . 00000000 . 00000000
255          .       0            .        0             .           0

First 8 bits – network address
Last 24 bits (8 x 3) – host address

Ex2
11111111 . 11111111 . 00000000 . 00000000
255          .       255    .          0         .         0

First 16 bits – network address
Last 16 bits - host address

So if you are converting IP address from decimal to binary format:

10 . 34 . 23 . 134
00001010 . 00100010 . 00010111 . 10000110

Database Normalization Problem

Hm… any ideas from random readers out there with this?

Data elements are the following:

EmployeeID, EmployeeName, Position (ie Manager / Sales Rep), Username, Password, Permissions, OrderID, OrderDate, OrderQty, OrderStatus, ProductID, Description, Category, StockLevel, UnitPrice, CustomerID, CustomerName, Address, Company

UNF

EMPLOYEE (EmployeeID, EmployeeName, Position, Username, Password, Permissions {OrderID, OrderDate, OrderQty, OrderStatus, ProductID, Description, Category, StockLevel, UnitPrice, CustomerID, CustomerName, Address, Company})

1NF

EMPLOYEE (EmployeeID, EmployeeName, Position, Username, Password, Permissions)

ORDER (EmployeeID, OrderID, ProductID, OrderDate, OrderQty, OrderStatus, Description, Category, StockLevel, UnitPrice, CustomerID, CustomerName, Address, Company)

Then I don’t know if I am on the right track. Times like this I wonder why I feel like the answer is so close yet so far. 

Chapter 1 Administration

Tasks of network administrator:

1. Install and maintain operating system
2. Administer Active Directory
3. Administer file and print resources
4. Administer Internet resources
5. Administer the network infrastructure
6. Monitor and troubleshoot Windows Server 2003
7. Administer Routing and Remote Access Services

1) Tasks Needed to be Done For Installing and Maintaining of the Operating System:

• Install client workstation operating systems
• Install and configure the server environment
• Trouble shoort and resolve installation problems
• Maintenance – install and manage service packs and hot fixes

2) Administer Active Directory

• Create user objects (and modify)
• Create computer objects (and modify)
• Create group objects (and modify)
• Manage Active Directory container
• Manage object permissions
• Create and troubleshoot Group Policy objects

 Group policy is a windows server 2003 feature. Enables the user to create policies that affect domain users and computers.

3) Administer File and Print Resources

• Troubleshooting user access to files and printers
• Planning and maintaining the most efficient and secure way for users to work with file and print resources

4) Administer Internet Resources

• Do this because of Business to Business, Business to Consumer online commerce opportunities
• Configuration “master list options” must be within the Windows Server 2003 IIS (this includes giving secure access to internet-accessible resources and troubleshooting client connectivity problems).

5) Administer the Network Infrastructure

• Maintenance and troubleshooting of network services, protocols and hardware.

Domain Name System (DNS) service provides the name resolution and the network service location capabilities.

Windows Server 2003 uses TCP/IP protocol for network communications throughout the infrastructure and the Internet.

Hardware such as routers.

Servers – Dynamic Host Configuration Protocol (DHCP), WINS

6) Monitoring and Troubleshooting Windows Server 2003

• Monitor through maintenance (monitor server and system performance)
• Maintenance tools  – system monitor, event viewer
• Troubleshooting tools – recovery console, safe mode

 7) Administer

Managing Windows Server 2003 (Ch2 QnA)

Lecture 2

Name 3 directory server products
Directory server is a special purpose database for reading data.
It stores important data of the network; users, devices, settings, passwords, access logs, etc.

3 possible directory server products are:
1) DNS – domain name system
2) Active Directory and
3) Novell eDirectory
Others could be Sun ONE Directory or Domino Directory.

What is a DNS zone?
A domain is a logical structured organisation of objects (ie users, computers, groups and printers which is part of a network and they share a common directory database).
Domain is defined by an administrator and administered as a unit.

DNS – Domain Name System is used to look up IP addresses given the domain name. In another words it is a hierarchical name resolution system. It resolves 9host names and fully qualified domain names (FQDNs) into OP addresses and vice versa.
It is a client server system.
Information stored has 5 fields:
1) Domain name
2) Time to live (TTL) – seconds
3) Class
4) Type
5) Value
In a way it’s a method of maintaining domain naming structure and locating network resources.

DNS zone is having the DNS namespaces divided into zones where responsibility has been delegated and they do not overlap. Each of these zones has a primary name server and possibly a secondary name server.

What is an Active Directory tree?
Active Directory is a directory service that is included with Windows Server 2003. It provides one single point of administration, authentication and storage for user, group and computer objects.

An AD is made up of at least one domain (identified by DNS domain name and has a collection of computers which is on a network sharing a common directory database) which has at least has one domain controller (server that stores and manages AD data).

An AD tree is having a set of one or more domains with contiguous names (have a common root domain).

What is an Active Directory forest?
An active directory forest is a collection of related domains that are not in a contiguous namespace. They share a global catalog (index of all domains that are in the entire forest). They also share a single Active Directory schema.
The group: Enterprise Admins are the user group which manages objects in the entire forest.

What is the relationship between DNS domains and Active Directory domains?
They both have the same hierarchical structure. The relationship between them is that they are dependent of each other.
DNS zones can be stored in Active Directory. Active Directory uses DNS as its location service whereby domain controllers can be located.

Relational Model: Normalization

This is definately a walk in the past again for the topic of databases. Normalization is one of the most important topics for databases and is something that I always come back to (especially if you work in logistics stock inventory counting). A good website I am currently reading is: http://phlonx.com/resources/nf3/. Fred Coulson does a very good job in giving an example with point form explanation of how he went about in getting the first normal form all the way to the third normal form. Other sites are written by Mike Chapple http://databases.about.com/od/specificproducts/a/normalization.htm, or provided by the University of Texas http://www.utexas.edu/its-archive/windows/database/datamodeling/rm/rm7.html and of course wikipedia to the rescue at http://en.wikipedia.org/wiki/Database_normalization.