It's high time for a new release of Uninformed. Submissions are being accepted. Contact me at warlord / nologin.org or rjohnson at rjohnson / uninformed.org.
Defending Passwords Against Keyloggers And Malicious Keyboards
Even the most well-encrypted harddrive with the best chosen password may fall for a very simple, very low-tech attack employing a hardware keylogger. This paper shows a potential way to defend against these devices.
Find the paper in the respective section or download it here.
Description: Creates pcaps showing input files being downloaded from the web.
This handy utility takes any sort of input file and creates a pcap showing this file being downloaded from a remote web server. The pcap is a full tcp stream from syn to fin and all the sequence numbers and checksums and all that are correct.
Envoy is a personal firewall for Linux, similar to Windows tools like Zonealarm. A kernel module intercepts outgoing and incoming tcp connections, consults a userland daemon for the rules and if required tips off the Envoy gui to ask the user for decisions whether some program may establish a new connection.
- Added fingerprinting to the public version. Poison does single packet OS fingerprinting. This means it doesn't send any additional packets. It sends syns to detect open ports, as usual, and determines the OS based on the syn/ack it receives.
Example:
X.Y.172.222 port 80 open Microsoft Small Business Server 2003
- Massively improved banner grabbing
Posion can now do several reads, times out, parses and replies to telnet options, and assembles telnet banners into easier readable chunks. Banner length can be adjusted in banner.h
Example:
X.Y.45.208 port 23 Banner: .HP JetDirect Password is not set Please type menu"for the MENU system,or for help,or for current settings.