hakin9_2010_04_29.pdf

CONTENTS

team

Editor in Chief: Karolina Lesińska

karolina.lesinska@hakin9.org

Advisory Editor: Ewa Dudzic

ewa.dudzic@hakin9.org

Editorial Advisory Board: Matt Jonkman, Rebecca

Wynn, Rishi Narang, Shyaam Sundhar, Terron Williams,

Steve Lape, Aditya K Sood, Donald Iverson, Flemming

Laugaard, Nick Baronian, Michael Munt

DTP: Ireneusz Pogroszewski

Art Director: Agnieszka Marchocka

agnieszka.marchocka@software.com.pl

Welcome to the digital world of Hakin9 magazine!

Cover’s graphic: Łukasz Pabian

Proofreaders: James Broad, Ed Werzyn, Neil Smith,

Steve Lape, Michael Munt, Monroe Dowling, Kevin

Mcdonald

Dear readers, first of all I want to thank you for downloading

the opening issue of the online Hakin9 magazine. Due to the great

interests in the mag coming from all over the world we decided to go

digital. From now on Hakin9 is a free, online, monthly magazine!

Contributing editor: James Broad

Top Betatesters: Joshua Morin, Michele Orru, Shon

Robinson, Brandon Dixon, Stephen Argent, Jason

Carpenter, Rishi Narang, Graham Hili, Daniel Bright,

Francisco Jesús Gómez Rodríguez, Julián Estévez, Michael

Sconzo, Laszlo Acs, Bob Folden, Cloud Strife, Marc-Andre

Meloche, Robert White, Bob Monroe,

Special Thanks to the Beta testers and Proofreaders who

helped us with this issue. Without their assistance there

would not be a Hakin9 magazine.

Even though the magazine is a bit shorter than before you will get

even more articles, tool reviews, interviews and fresh news from IT

security world each month.

Of course we are keeping our great regulars like ID Fraud expert

says... by Julian Evans, interviews, in brief and tool reviews.

Senior Consultant/Publisher: Paweł Marciniak

CEO: Ewa Łozowicka

ewa.lozowicka@software.com.pl

You will be receiving a newsletter with new issue at the end of

each month, so keep an eye on your emails!

Production Director: Andrzej Kuca

andrzej.kuca@hakin9.org

If you would like to help in creating hakin9 magazine, become

an author, proofreader or betatester – don’t hesitate! Keep the mails

coming in!

Marketing Director: Karolina Lesińska

karolina.lesinska@hakin9.org

Subscription: Iwona Brzezik

Email: iwona.brzezik@software.com.pl

Enjoy your reading! And remember - go green, choose download!

Publisher: Software Press Sp. z o.o. SK

02-682 Warszawa, ul. Bokserska 1

Phone: 1 917 338 3631

www.hakin9.org/en

best regards

Karolina Lesinska

Editor-in-Chief

Whilst every effort has been made to ensure the high

quality of the magazine, the editors make no warranty,

express or implied, concerning the results of content

usage.

All trade marks presented in the magazine were used

only for informative purposes.

All rights to trade marks presented in the magazine are

reserved by the companies which own them.

To create graphs and diagrams we used

program by

The editors use automatic DTP system

Mathematical formulas created by Design Science

MathType™

DISCLAIMER!

The techniques described in our articles may

only be used in private, local networks. The

editors hold no responsibility for misuse of the

presented techniques or consequent data loss.

4 HAKIN9 4/2010

CONTENTS

REGULARS

BASICS

06 In Brief

Section of short articles from the IT

security world

Armando Romero & ID Theft Protect

10 Firewalls for Beginners

ANTONIO FANELLI

Firewalls are often overlooked, but are actually one of the best deterrents

against unauthorized accesses. Learn how to build a low-cost firewall with

iptables. Whenever people ask me how they can be sure no one can have

unauthorized remote access to their PC, my first answer is: disconnect your

PC!

08 Tools

TFS Mechanic

Active@ Undelete Professional

KonBoot v1.1

Michael Munt

ATTACK

50 ID fraud expert says...

Identity Theft Protection Services

– a new industry is born

Julian Evans

20 Pwning Embedded ADSL Routers

ADITYA K SOOD

This paper sheds light on the hierarchical approach of pen testing and

finding security related issues in the small embedded devices that are

used for local area networks. The paper is restricted to not only testing but

also discusses the kinds of software and firmware used and incessant

vulnerabilities that should be scrutinized while setting up a local network.

54 Interview

Interviews with:

Victor Julien, lead coder for

the Open Information Security

Foundation

28 Writing WIN32 shellcode with a C-compiler

DIDIER STEVENS

Shellcode is hard to write. That is why I worked out the method presented

here to generate WIN32 shellcode with a C-compiler. To fully benefit from

the content of this article, you should have some experience writing WIN32

programs in C/C++ and WIN32 shellcode, and understand the differences

between both approaches.

by Hakin9 team

Ferruh Mavituna, web application

penetration tester and security

tool developer; creator of a web

application scanner - Netsparker.

36 Flash Memory Mobile Forensic

SALVATORE FIORILLO

This paper is an introduction to flash memory forensic with a special focus

on completeness of evidences acquired from mobile phones. Moving

through academic papers and industrial documents will be introduced the

particular nature of non-volatile memories present in nowadays mobile

phones; how they really work and which challenges they pose to forensic

investigators.

by Jason Haddix

DEFENSE

44 Threat Modeling Basics

TIMOTHY KULP

In the world of software, security is thrown into a system somewhere at

the end of the project. For many developers adding security to a system is

using a login with SSL/TLS; but sadly, these two are not the security silver

bullet developers are led to believe.

4/2010

HAKIN9

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: