hakin9_2005_02_2.pdf

~ t q w ~

~ t q w ~

~ t q w ~

Basics

Editor-in-Chief: Piotr Sobolewski

How Spam is Sent

Tomasz Nidecki

Spammers often use poorly secured systems. The prob-

lems and costs resulting from sending of tens, or even

hundreds, of thousands of emails are carried to third

parties. We present the techniques which are being used

by spammers and teach you how to protect yourself from

them.

enclosed in a colourful cover. Just take a look at our

website, forum, online store, hakin9.live ... All this

just for you, our valued readers.

Our primary goal is to help you expand your knowledge.

And we are constantly trying to i nd new ways to reach this

goal. There is probably no need to mention that in both the

current and future issues of the hakin9 magazine you will

i nd valuable articles showing you secrets of IT security. But

there is more to it.

We are trying to help you make the decision, whether

the magazine is for you, by supplying various samples for

free. For every printed issue, one article is always available

for download in PDF format on our website. We have also

got a couple of articles from issues that never came out in

print in English – so you can see the direction hakin9 has

been taking in the past. Recently, we have started to publish

demos – i rst two pages of every printed article, also in PDF

format. They will be much more useful to you than simple

one-sentence summaries.

You can also buy hakin9 in PDF format, as single issues

or as a subscription. This is to make it more convenient for

readers from far away (we have got readers even in Malaysia

– greetings!). We are working on making all of the archives,

in all languages, also available in electronic format.

Whilst talking about expanding your knowledge, do

make sure to visit our online forum. It is meant as a means

for asking questions and getting answers from both us, the

editorial team, and other readers. We would also appreciate

if you used it as a means of sending us suggestions concern-

ing the future direction of hakin9 . Because, you must remem-

ber – hakin9 is for you. And you can help us make it better.

Usenet Abuse

Sławek Fydryk, Tomasz Nidecki

The standards and protocols used in Usenet are the

underlying technologies of the Internet. It is therefore

not surprising that, at the time when they emerged, no

one thought about security issues. But, as soon as the

Internet came into most households, it turned out that

the Usenet assumptions are, to say the least, leaky as

a sieve. Unfortunately, today, one cannot assume that

good manners will stop Internet users from deleting some-

one else's messages, removing groups or sending vulgar

swearwords to moderated discussion groups. We show

how easy it is to commit malicious acts on discussion

groups.

Attacks on Java 2 Micro Edition

Applications

Tomasz Rybicki

Java 2 Micro Edition , used mainly in portable devices,

is perceived as a generally safe programming environ-

ment. There exists, however, methods of attacking mobile

applications. They are based mainly on the mistakes

and carelessness of the programmers and distributors

of such applications. We will take a look at possible

scenarios of attack on mobile devices using this version

of Java.

Piotr Sobolewski

piotr@hakin9.org

www.hakin9.org

~ t q w ~

Around hakin9

O ur magazine is more than just eighty printed pages

hakin9 2/2005

Attack

Defence

Making a GNU/Linux Rootkit

Mariusz Burdach

Successfully compromising a system is only the beginning of

an intruders work. What can they gain from having access to

a superuser account if the administrator will notice right away

that the system's integrity has been compromised? The next

step of an intruder is to remove traces of their presence by

means of a rootkit, hopefully in such a way which will allow

them to use the victim's machine later on. Let us try to create

a simple rootkit for the Linux operating system which will be

responsible for hiding iles, folders and processes having a

given preix.

SYSLOG Kernel Tunnel – Protecting

System Logs

Michał Piotrowski

If an intruder takes control of our system logs we will not be

able to recreate their actions. The SYSLOG Kernel Tunnel

project supplies a mechanism which will send the logs in a

secure manner to a remote system and, at the same time, be

dificult to discover and kill.

Reverse Engineering – Dynamic

Analysis of Executable ELF Code

Marek Janiczek

Dynamic analysis of code in the Executable and Linkable

Format (ELF) presents more possibilities than statical analy-

sis. We will perform the analysis on a suspicious program

which was found on a compromised system. Apart from the

techniques and tools useful for the analysis, we present clas-

sic problems which can be encountered during tests.

MD5 – Threats to a Popular Hash

Function

Philipp Schwaha, Rene Heinzl

MD5 is probably the most popular hash function – its applica-

tion ranges from simple ile checksums up to DRM ( Digital

Rights Management ). Although, it appeared impossible to ind

a hole in MD5, one has been found by Chinese scientists. Let

us take a look at what threats this hole could expose us to.

Simple Methods for Exposing

Debuggers and the VMware

Environment

Mariusz Burdach

Analysis of ELF executable code can be complicated – pro-

grammers try to create applications in a way which would

render tracing of their programs impossible. The authors of

software also try to block the operation of their programs in

virtual environments. Let us take a look at how this is done.

WARNING!

The techniques described in our articles may only be used in

private, local networks.

The editors hold no responsibility for misuse of the presented

techniques or consequent data loss.

is published by Software Wydawnictwo Sp. z o.o.

Editor-in-Chief: Piotr Sobolewski piotr@hakin9.org

Editor: Roman Polesek romanp@hakin9.org

Managing Editor: Tomasz Nidecki tonid@hakin9.org

Assistant Editor: Ewa Lipko ewal@software.com.pl

Production: Marta Kurpiewska marta@software.com.pl

DTP: Anna Osiecka annao@software.com.pl

Cover: Agnieszka Marchocka

Advertising department: adv@software.com.pl

Subscription: Marzena Dmowska pren@software.com.pl

Proofreaders: Nigel Bailey, Tomasz Nidecki

Translators: Michał Wojciechowski, Michał Swoboda, Radosław

Miszkiel, Jakub Konecki, Ewa Dacko

Postal address: Software–Wydawnictwo Sp. z o.o.,

ul. Lewartowskiego 6, 00-190 Warsaw, Poland

Tel: +48 22 860 18 81, Fax: +48 22 860 17 71

www.hakin9.org

Print: 101 Studio, Firma Tęgi

For cooperation please email us at:

cooperation@software.com.pl

Whilst every effort has been made to ensure the high quality of the magazine, the

editors make no warranty, express or implied, concerning the results of content

usage.

All trade marks presented in the magazine were used only for informative

purposes. All rights to trade marks presented in the magazine are reserved by the

companies which own them.

To create graphs and diagrams we used programme by

company.

The editors use automatic DTP system

ATTENTION!

Selling current or past issues of this magazine for prices that are different

than printed on the cover is – without permission of the publisher harmful

activity and will result in judicial liability.

hakin9 is available in: English, German, French, Spanish, Italian, Czech and

Polish.

hakin9 2/2005

www.hakin9.org

~ t q w ~

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: