Archive for the ‘ General Security ’ Category

Common Gmail Login Problems

Gmail has evolved to be one of the most popular webmail services on the planet, mostly because of its great features like IMAP, POP3, SMTP and Gmail labs, but non the less, because it is associated with Google. With 200 million users that login to their accounts, sometimes multiple times a day, Gmail login problems may be a subject for many users. The following is a list of common login issues that you might experience, and ways to solve them:

Lost password – either if you lost your password, or made too many login attempts to the point that your account is blocked, look for Gmail password recovery page and follow the instructions. You will be asked to enter your secondary email address that you assigned for this purpose.
Cookies are disabled – most of the popular browsers give an option to disable cookies for the user convenience, and cookies that are disabled might lead to login problems because Gmail is using session cookies to allow persisting a connection sparing the need to login every time you open your browser. There for it is essential to keep cookies enabled.
JavaScript is disabled – same as cookies, but this time with JavaScript. Gmail uses JavaScript to create cookies, so it is obvious that if JavaScript is disabled Gmail might fail to login to your account.
Temporary Error (502) – If you’re seeing a ‘Temporary Error (502)’ message when you try to sign in to Gmail, it means that your mail is temporarily unavailable. These errors generally resolve themselves within a few minutes, so please wait a bit before trying to log in again. Please note that while Gmail is inaccessible, your messages and personal information are safe.

Using Bleedingsnort Rules for the Impatient

This is a sample Oinkmaster Oinkmaster-bleedingsnort.conf for use with the Bleeding Snort Ruleset.

———–
url = http://www.bleedingsnort.com/downloads/bleeding.rules.tar.gz
path = /bin:/usr/bin:/usr/local/bin
tmpdir = /tmp
update_files = \.rules$|\.config$|\.conf$|\.txt$|\.map$
skipfile local.rules

———–

Then run oinkmaster like so:
oinkmaster.pl -q -C Oinkmaster-bleedingsnort.conf -o ./rules

Adjust ./rules to be your rules dir of course.

Add these lines to your snort.conf:

include $RULE_PATH/bleeding-virus.rules
include $RULE_PATH/bleeding-attack-response.rules
include $RULE_PATH/bleeding-policy.rules
include $RULE_PATH/bleeding-custom.rules
include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-exploit.rules

include $RULE_PATH/bleeding-inappropriate.rules
include $RULE_PATH/bleeding-malware.rules
include $RULE_PATH/bleeding-p2p.rules
include $RULE_PATH/bleeding-scan.rules
include $RULE_PATH/bleeding-web.rules

or just:
include $RULE_PATH/bleeding-all.rules

And finally, only if you are using Barnyard or some other tool that relies on a sid-msg.map you need to add the bleedingsnort map to the stock file like so:
cp sid-msg.map sid-msg.map.orig
cat bleeding-sid-msg.map sid-msg.map.orig | sort -u > sid-msg.map
And you’re ready to go!!!

How to Submit a Signature or Idea

The Bleeding Snort community is always soliciting new signatures and ideas. Regardless of the maturity or sanity of an idea or signature, please submit them.

You can submit signatures directly to the Bleeding Snort Team at bleeding@bleedingsnort.com. (Please avoid sending directly to an individual admin. If they happen to be offline or out your sig may be delayed.)

The forums on this site are a medium to bring up and discuss new ideas.

We also monitor the Snort-Sigs list maintained at www.snort.org, as well as a number of other mediums.

a) Adware, Spyware, Anti-virus and Their Differences
Adware, spyware and computer virus share similarities, one of which is that all three are major disturbance for computer users.
Spyware is a software that does not knowingly harm your computer, but what they do is  they create pathways where anybody aside from the computer owner can communicate with the computer. Normally spywares record the various types of web sites you visit which are later used by web advertisers to allow them to send you unwanted emails and pop-ups.

This is why spyware are usually frowned upon and greatly avoided. They are more intrusive than adware. Spyware has a separate executable programs which allow them to record your keystrokes, scan files on your hard disks and look at other applications that you use  but not limited to chat programs, cookies and Web browser settings.
The spyware then will send the information that it had gathered to the spyware author. The agent will then use this information for advertising and marketing purposes. They even sell the information to advertisers and other parties.
Adware is a  more legitimate form of freeware. Similar to spyware, adwares are advertising materials which are packaged into a software or program and are installed automatically once that particular program or software is added into the computer system. Some forms of adware, on the other hand, downloading advertising contents as a particular application is being utilized. It is quite unfortunate that most of the adware programs take the form of spywares that is, they track and report user information to program authors.
Some signs of spyware infections include pop-up ads that seem to be not related to the site you are viewing. More often than not, spyware pop-ups are advertisements about adult contents. Also if you notice your computer slowing down, there’s a big chance that spywares and its other components have found their way in your operating system. When the Windows desktop also takes a longer time to boot, its best to scan your computer for possible spyware infections.
Meanwhile, virus is a  destructive form of software. They were purely designed and created for one purpose alone: to create havoc to your computer. They destroy whatever they come in contact with and will initiate self replication and infect as many components of the computer’s operating system or network as possible.
Nowadays, a lot of anti-virus software also provides spyware and adware scanning and removal utilities. Some programs, however, are focused on located and deleting or destroying spyware and adware programs. Whether is an anti-virus software or a anti-spyware dedicated scanner, they both search your computer and identify any spyware and virus installed on your system.
They then remove it as well as the components located in the system registry among other places in your computer. It is therefore, good to regularly update your virus or spyware scanner to ensure that your computer is protected from the thousands of spyware and viruses in the internet. Never be fooled from ads that claim that their products only contain adware.
These adware maybe spyware in disguised and are just waiting to be deployed for them to gather your information. Learn to setup firewall systems and always block pop-up blockers to minimize computer infection and ensure the security of all your computer files.
b) Adware and Spyware Blockers

There is this one science school student whose thesis is about the moon so oftentimes he would google the word to come up with a ready list of online references. This proved to be useful to him and the entire process of writing his paper. After several months of doing so, he was confronted with problems like being directed to a weird page totally not related to the moon every time he types the same word.
At first he thought it was just a glitch in the internet system and then he rationalized that no it maybe a glitch in the search engine he is using but the persistent occurrence of such a thing made him think that someone bugged him. We all hate bugging people  but people we can fend of. What this science student is confronted with is a computer bug that he cannot fend off. In the first place he is not a technology savvy person and in the second place he never uses his laptop for any other things than academic research and actual writing of his papers.
The situation above is not an isolated case. There are many people who find themselves caught up in technology problems that are mind boggling but actually can be answered with two words and those two words are spyware and adware. The infamous term of spyware was first coined in the year 1995 but it was popularized in the year 2000. Spyware is a computer software innocently infiltrated in a personal computer to be able to access personal information of the user.
This is done by studying logging keystrokes, web browsing history and even scanning a user?s hard drive. Sounds like something we see only in James Bond movies but apparently we are wrong for anyone can be a victim of spyware. It is safe to use the word victim because no one wants to be monitored of all their online activities. Spyware can understandably be used to spy on criminals because such use is beneficial to society but how about the use of spyware to intercept credit card details and the like. There is simply no excuse for the lax of the use of spyware.
What ordinary people can do to protect themselves is to block spyware and all other software programs similar to it like adware and malware. This can easily be done by availing adware and spyware blocker programs online. The role of these blocking programs include to remove or disable existing spyware programs or to avoid the installation of these malicious software programs.
Spyware, adware, malware are not like virus or worms that self replicate but they can be just as hassle as their counterparts for whoever wants to be disrupted of their normal personal computer activities. One of the more popular hassles cause by these infectious software programs is the slowness of the computer which can really be annoying because when you are at work you tend to want to finish things quick not just because you are required but also because you want more done or you want to be able to go home early.
In some infections, spyware is not even evident as the bad guy so it can get away with its crime. It is best then to have a ready blocker to at least do something for preventing any infection to occur in the first place.

James Murray is a successful writer and online gambling expert providing valuable tips and advice for those interested in gambling and online gambling strategies. His numerous articles found on the Internet ,provide useful and factual gambling information and insight.

Westchester, IL (PRWEB) March 16, 2009 —Social engineering is evolving so rapidly that technology solutions, security policies, and operational procedures alone cannot protect critical resources. Even with these safeguards, hackers commonly are able to get employees into compromising corporate security. Victims, most often than not, unknowingly provide the sensitive information needed to bypass network security and at times even unlock workplace doors for strangers. While attacks on human judgment is a possibility for even the best network defence systems, companies can mitigate the risk of social engineering with an active security culture that evolves as the threat landscape changes. Gartner reported in 2004 that the greatest security risk over the next 10 years will be the increased use of Social Engineering (SE) to bypass IT security defences. Most have seen the proliferation of SE attacks especially when it comes to phishing and its many variants. And with many high profile cases like Paris Hilton’s cell phone, Sarah Palin’s email account, Madoff’s ponzi scheme and the campaigns of both Obama and McCain being compromised, the predictions are proving to be correct.

A security-aware culture must include ongoing training that consistently informs employees about the latest security threats, along with policies and procedures that reflect the overall vision and mission of corporate information security. This emphasis on security helps employees understand the potential risk of social-engineering threats, how they can prevent successful attacks, and why their role within the security culture is so important to corporate health. Employees who are aware of security issues are better equipped to recognize and avoid the rapidly changing and increasingly sophisticated social-engineering attacks, and hence are more willing to take ownership of security responsibilities.

So ChicagoCon is introducing this bi-annual security event which has this completely original, highly technical and simplified, relevant 5-Day course, the Social Engineering Master Class (http://www.chicagocon.com/2009s/semasterclass.html), developed and taught by world-renowned social engineers, Chris Nickerson of TruTV’s Tiger Team and noted expert and international speaker, Mike Murray.

ChicagoCon (http://www.chicagocon.com) is a security event with 2 distinct components, training and a conference, both of which have a focus on Ethical Hacking. Ethical Hacking is defined as Ethical hacking is also known as penetration testing, intrusion testing, and red teaming. It is conducted by ethical hackers to find possible problems in the system.. The Spring Edition is set for May 2009. And without an exhibit hall full of vultures, the attendees are free to learn from the pros and network with peers to advance their practical knowledge and ultimately their careers.

Here’s the schedule in a nutshell:

Friday May 8

2:00 PM – Keynote: Raffael Marty, Chief Security Strategist for Splunk
3:00 PM – Ryan Jones, Lares Consulting
4:00 PM – Tim Rosenberg, White Wolf Security
5:00 PM – Pizza Party
6:00 PM – CtF Sponsored by Core Security

Saturday May 9

9:00 AM – Keynote: Dr. Marc Rogers, Cyber Forensics Program at Purdue
10:00 AM – Chris Gates (CG) & Vince Marvelli (g0ne), Full Scope Security
11:00 AM – Craig Heffner & Derek Yap, SourceSec Research Group
12:00 Noon – Ryan Linn & Brian Wilson, The Ethical Hacker Network
1:00 PM – Lunch
2:00 PM – 5:00 PM – Exotic Liability Live!
6:00 PM – Closing

And the Extra-Curriculars…

  • Workshop: Hacking the Web 2.0 with HP’s Rafal Los (Starts at 2:30 on Sat)
  • “The Doctor Is In” Career Counseling with Mike Murray (All Day Sat)
  • “Lock Picking 101″ with Defcon Veteran Karen Maeda (All Day Sat)
  • Evening Entertainment

Conference Only Tickets are available for just $100. Click here for Conference Details and Registration (http://www.chicagocon.com/2009s/conference.html).
To reach this highly targeted market, please review the sponsorship opportunities (http://www.chicagocon.com/2009s/sponsorshipops.html).
About The Digital Construction Company:
TDCC is a Chicagoland business with a mission to educate and push the careers of IT professionals through its properties including The Ethical Hacker Network and ChicagoCon. ChicagoCon is a Service Mark of TDCC.
Contact:
Donald C. Donzal, CISSP, MCSE, CEH, Security SME
708-837-3002 begin_of_the_skype_highlighting              708-837-3002      end_of_the_skype_highlighting
The Digital Construction Company
###

This press release has been reprinted from PRWEB per the terms and conditions of the copyright notice.

All Projects

This page indexes the projects hosted at Bleeding Snort other than the Snort Signatures. We highly encourage you to use and support these projects, they are all maintained by Bleeding Snort Community members and/or admins.


Snort Bait and Switch

The Snort Bait and Switch Project was written by Will Metcalf. In essence you can use this to redirect hostile traffic in realtime to a honeypot or decoy net.

This project is mainteined by Will Metcalf.


Spyware Listening Post

The goal of the Spyware Listening Post is to build a self-sustaining spyware prevention and detection framework.

We hope to accomplish this by using existing tools such as the Black Hole DNS project, the User-Agents project, and our existing Bleeding Snort Spyware Signatures to funnel known traffic to analysis points to identify the unknown.

We believe that in general we’re all losing the fight to spyware and malware. This project we hope will move us into the driver’s seat rather than continue our current reactionary tactics.

This project is maintained by Matt Jonkman.


Snort.conf Samples Project

The goal of this project is to make a set of sample snort.conf files. These will represent different size and goal installs of snort. We do not intend to provide snort.conf files that you can use without modification or understanding, but guides to help you benefit from the experience of the ocmmunity as a whole.

The discussion to create these configuration files will occur on the bleeding-sigs list.

The files for this project will be stored here:

This project is maintained by Matt Jonkman


SEC Rules

This is just a collection of rules that folks using SEC (Simple Event Correlator) are using. We welcome your contributions of those you can share.

SEC is a very powerful tool. You can learn more about it here:

This project is maintained by Matt Jonkman


Snort ClamAV

The Snort ClamAV project brings you a patched snort that using the ClamAV virus database can alert and/or block viruses at the network level.

This project is maintained by Victor Julien.


CoreMark Snort Test Suite

This project has a primary goal of building and maintaining a test suite. This suite will be used to test snort rules and rulesets for performance impact and acuracy (false positive and negative). Snort performance on different platforms and hardware will be measurable as well.

This project was started by the generous donation of a privately developed test suite by the folks as SensorLabs. They continue to be core developers of the project.

Project lead is to be announced.


Remote BHO Scanner

This project allows you to scan a large number of Windows systems quickly for BHO’s installed. It’s very informative, very fast, and very acurate.

This is very useful for finding rogue spyware installs in a large net. It uses the BHO listings from Castlecops. Thanks to them for maintaining
that list.

David Glosser maintains this project.



BlackHole DNS for Spyware

The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.

This project is maintained by David Glosser.


Spyware User-Agents List

The Spyware User-Agents project is a list of User-Agent strings used by common spyware, malware, and viruses, etc. The intention is to alow you to block these in projxy servers, write snort signatures from them, or identify unknown code.

This project is maintained by Chris Taylor.


SPADE

SPADE (Statistical Packet Anomaly Detection Engine) is a project built years go by Silicon Defense. It was left abandoned for a long time. Simon Bliles has revived the project and is beginning the long
journey of modernizing and securing the code.

There is a working version in CVS. This is maintained by Simon Bliles.

Bleeding Snort Official Sponsors

There is plenty of room for new sponsors and donations. Bleeding Snort will not solicit Cash Donations. What keeps this project alive are the contributions of time and ideas. The primary requirements are manpower to test and write signatures, coders for the upcoming rule manager interface, admins to be ‘on call’ to seek and bring new signatures into the rulesets. Please contact bleeding@bleedingsnort.com if you would like to contribute resources or become an administrator.

The following Companies have made significant physical resources or manpower available to build and maintain the Bleeding Snort project.






Admins of Bleeding Snort:

Matt Jonkman — Infotex
Frank Knobbe — Praemunio
Blake Hartstein — Demarc
David Glosser
Chris Norton

Mark Scott
James Ashton — Vortech Hosting
Eric Hines — Applied Watch
Mark Warren — Praemunio
Joel Ebrahimi — Demarc

Significant Signature Contributions made by:

Abe Use
Brandon Barnes

Chich Thierry
Chris Norton
Christopher Harrington
Cody Hatch
Federico Petronio
James Ashton
Jason Haar
Joel Esler
Joe Stewart

Johnathan Norman
Jonathan Miner
Joseph Gama
Owen Crowe
Lin Zhong
Marcamone
Mark Scott
Matt Jonkman
Matt Sheridan

Michael Sconzo
Nick Hatch
Ole-Martin
Patrick Harper
Philippe Caturegli
Sam Evans
Thomas Alex
Vernon Stark

Many thanks to all who have and will contribute that are not named. We will try to periodically update this page, our way of saying thanks for stepping up and contributing to the community.

What is Bleeding Snort?

Bleeding Snort is a Free Zone for Snort signature development, and a number of other related security projects. Bleeding Snort brings together the most experienced, and the least experienced security professionals.

This site takes all the Snort Signatures we can find, and that are submitted to us, organizes them into coherent rulesets, makes basic quality tweaks, and distributes them free of charge to all who are interested. We welcome your contributions, ideas, or just tweaks. What makes this project so effective are both the ideas and peer review of all content. Our overriding goal is to make this process happen quickly to help all of us as security professionals respond quickly to known and unknown threats.

Free Zone means this is a space where any idea, regardless of how stupid or useless it may sound, can be brought up without fear of disparagement. The majority of the most innovative and unique ideas that make these rules so effective have come from our newest and least experienced users.

Our History

Bleeding Snort came about in early 2003 to satisfy a need in the community. Prior to our formation, security professionals had to monitor a large number of security mailing lists and websites to glean all of the new Snort signatures that were being discussed and distributed. There was no real way to make sure you had the latest version, or contribute effectively a tweak to improve a signature.

Bleeding Snort was founded by Matt Jonkman and James Ashton to fill that need. It is a completely volunteer run project using donated servers and resources. Bleeding Snort has a number of commercial sponsors, these sponsors generally donate the time of their security experts to help write signatures, and mature what is submitted.

If you have an idea for a signature, or another security project, please email it to the Bleeding-Sigs mailing list or bleeding@bleedingsnort.com.

The Goods
A number of other security projects have found a home at Bleeding Snort, and we’re always looking for others that need a home and a community. The signatures can be found here:

All Rulesets

Browse Rules

All of our Projects

Our Sponsors and Admins

If you have a project that needs a home, want to volunteer to be a Bleeding Snort Admin, or have a signature or idea to contribute, please contact bleeding@bleedingsnort.com. Bleeding Snort has been so useful and successful because of the user community. This is just a reflection of our collective work. Please continue to contribute!