Wednesday, November 19, 2008

Metasploit Framework 3.2 Released

The Metasploit Project announced today the free, world-wide availability of version 3.2 of their exploit development and attack framework. The latest version is provided under a true open source software license (BSD) and isbacked by a community-based development team.

Metasploit runs on all modern operating systems, including Linux,Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the iPhone. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.


The latest version of the Metasploit Framework, as well as screen shots, video emonstrations, documentation and installation instructions for many platforms, can be found online at :-

http://metasploit.com/framework/

Friday, November 14, 2008

Social Engineering: 8 Common Tactics

Most articles I’ve read on the topic of social engineering begin with some sort of definition like “the art and science of getting people to comply to your wishes”, “an outside hacker’s use of psychological tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to the system”, or “getting needed information (for example, a password) from a person rather than breaking into a system”. In reality, social engineering can be any and all of these things, depending upon where you sit. The one thing that everyone seems to agree upon is that social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system.

Security is all about trust. Trust in protection and authenticity. Generally agreed upon as the weakest link in the security chain, the natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. Many experienced security experts emphasize this fact. No matter how many articles are published about network holes, patches, and firewalls, we can only reduce the threat so much... and then it’s up to Maggie in accounting or her friend, Will, dialing in from a remote site, to keep the corporate network secured.

I was searching for some information related to social engineering in the net. I found some good interesting social engineering tactics at networkworld.com (A very good site, normally I refer to update myself).Thought of sharing with you guys...

Click on the below link to get an idea of the most prevalent social engineering tricks used by phone, e-mail and Web.

http://www.networkworld.com/news/2008/110608-social-engineering-eight-common.html

Tuesday, November 11, 2008

Three Plead Guilty in $2 Million Citibank ATM Caper

Three New Yorkers accused of using hacked Citibank ATM card numbers and PINs to steal $2 million from customer accounts in four months have pleaded guilty to federal conspiracy and access device fraud charges.
The defendants -- Ivan Biltse, Angelina Kitaeva and Yuriy Rakushchynets, aka Yuriy Ryabinin -- are among 10 suspects charged earlier this year in connection with a breach of a server that processes ATM transactions from 7-Eleven convenience stores. Those ATMs are branded Citibank, but they're owned by Houston-based Cardtronics.

For more information visit:-

Wednesday, November 5, 2008

Social Engineering - Palin Tricked Into Chat With Canadian Comic Posing as Sarkozy!

Republican vice presidential candidate Sarah Palin was tricked by two Canadian comedians into thinking she was having a telephone conversation with French President Nicolas Sarkozy.
The conversation, posted on the Internet, ranges from American politics to the perils of hunting with Vice President Dick Cheney, who accidentally shot and injured a hunting companion in 2006.
Comedian Marc-Antoine Audette, masquerading as Sarkozy, suggested he and Palin go hunting together, perhaps by helicopter. Palin said she would be ``a careful shot.''
The McCain campaign confirmed the telephone call. ``C'est la vie,'' said Palin spokeswoman Tracey Schmitt.
Palin was ``mildly amused to learn that she had joined the ranks of heads of state, including President Sarkozy, and other celebrities in being targeted by these pranksters,'' said Schmitt.
Audette asked Palin if Joe the Plumber was her husband, and she replied that, no, her husband was a ``normal American who works hard and doesn't want the government to take his money,'' according to the audio.

Courtesy: Bloomberg

http://www.bloomberg.com/apps/news?pid=20601087&sid=aWvdSt1G3ztU