Sections of this new website includes

• News Section – This section will be about latest news from hacking/security world. This will be sub-divided in “Tools News”, “Attack News”, “General News”. We’ll add more in future
• Article Sections – This section will hold articles from contributors. Again these will be sub-divided into appropriate categories.
• Magazine Section – Primarily this will be link to our magazine site http://chmag.in
• Bookstore – A place form where you can buy security books online.
• Gallery Section - A collection of all photographs from previous events. This will hold all future events also
• Events Section – A place to hold information about past and future events
• Additionally we’ll be linking to all other projects and websites we have under the umbrella of ClubHack

On the right side of the website, you can find a lot of links to our social networks. Follow us on twitter, catch us on facebook and show your love wherever you’d like to

How to be a part of the initiative

If you want to be an author on the new website & would like to contribute in any possible way (even if its not on the site as of now), please get in touch with us. We’ll guide and facilitate you for the same. Write to us at info@clubhack.com

Thanks & Happy Hacking

Rohit Srivsatwa

These are known as Viral SSID, don’t expect it to be a free access to internet

Is it a virus, why doesn’t my antivirus detects it?
Its not a computer virus kind of thing which will be detected by Anti-virus, but still it is “Viral SSID” cause its spreads like virus

What is Viral SSID?
Like virus spread from infected computer to healthy one, a viral SSID spreads from an infected wireless-enabled computer to another. That’s why Viral SSID is the network name for ad-hoc (laptop to laptop) . See the icon next to it in the window carefully

How does this Viral SSID Spread?
The culprit here is “Wireless auto configuration utility” of Windows.

Whenever a user connects to wireless network, its SSID is added in a list of known network names, this list is called the Preferred Network List (PNL). This list includes the viral SSIDs to which a user may have connected (by greed ) or in fact, a user need not manually connect to a viral SSID for it to be added to the list. In certain auto-configuration utilities, there are options where a user can choose to connect to any network in vicinity whether it is ad-hoc or belongs to the infrastructure type.

When the user moves to a different location and starts the computer, the wireless auto configuration utility tries to look for the SSIDs stored in the PNL. When it doesn’t find any infrastructure networks mentioned in this list, it starts looking for ad-hoc networks stored in the PNL. If it finds one, it connects to the host displaying the corresponding SSID. However, if it does not, it becomes the first node of that ad-hoc network and starts showing the viral SSID.

If an unsuspecting healthy laptop is searching for wireless networks in vicinity, it will see the advertised viral SSID in its list. If the laptop is configured to “Connect to any wireless network” as it comes in range, it will attach itself to the respective network. The connection can also be made when an unsuspecting user manually connects to an advertised viral SSID. As soon as this connection is made, the viral SSID appears in the PNL of the healthy laptop and thus gets infected.

Why tempting names such as “free internet access”?
This phenomena of viral SSID started with generic names such as “default” or “<vendor name>” where the same SSID was in infrastructure mode (access point) as well as ad-hoc mode (peer to peer).

These lucarative named viral SSIDs could have been deliberately created by malicious intent where the attackers knew that the clients would be tempted to connect to this SSID if they didn’t find any infrastructure netowrk. Its a kind of social engineering, attracting the victims.

Should someone worry?
Answer is Yes, if your machine is searching for a viral SSID, an attacker may have setup his/her machine to advertise that viral SSID and connect to your machine. The same is true if your machine is advertising it. Once the connection is made, the attacker can use various means to attack your computer and get the information he/she requires.

The mildest form of attack could be stealing information from your hard disk. The attacker can also become a man-in-the-middle routing all your Internet traffic through itself and observing/modifying all your data. Your passwords can also be stolen in this way.

So how to protect yourself?

(a) First and foremost, avoid the temptation to connect to such networks, no one is giving you free internet there
(b) Disable auto-connection or advertisement for ad-hoc networks in your wireless auto configuration utility
(c) In windows XP, ensure that you have selected the “Access point (infrastructure) network only” in the “Advanced” configuration of Wireless Network Connection Properties.
(d) If you ever do connect to such a network (even by mistake), clear it from your PNL.
(e) If you need to connect to a peer device, make sure of the identity of that peer device before connecting.

Adam uses firewire port (IEEE 1394) to gain a read/write access of the RAM of a locked and password protected computer.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

Checkout Adam’s website for more details. http://storm.net.nz/projects/16

http://bcheck.scanit.be/bcheck/index.php

You can use the test to scan for vulnerabilities of your browser. As of now they have 13 tests only, but its worth doing a test.

For those who don’t know about it, MetaSploit is one of the best and most effective exploit tool which can be used in the comfort of best point-n-click graphics interface as well as real fast and favorite command line shell interface.

“The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits…”
The best part with MetaSpolit 3.1 is the new cool Windows GUI.

For old school shell/CLI lovers, the flavor remains the same & power is increased.

Three cheers to metasploit3 & H D Moore

Hosted by Asian School of Cyber Laws, CyberAttack 2008 is aimed at knowledge sharing amongst cyber crime investigators and computer emergency response professionals.

The conference will focus on:

1. latest trends in cyber crimes
2. best practices for cyber crime investigation
3. best practices for cyber forensics.

Original papers are invited from professionals. Authors of short listed Papers will have the option to present the paper in person or in absentia. All short listed Papers will be published in the conference proceedings.

Further information can be obtained from:

www.cyberattack.in

Asian School of Cyber Laws is the pioneer in education and research in cyber law and cyber crime investigation in India. We have assisted the Government of India in framing rules and regulations under the Information Technology Act. We work closely with Governments and law enforcement agencies around the world in the fields of cyber crime investigation and cyber forensics.

Botnet is a group of “zombie” computers controlled remotely, to craft attacks. The most common ways to make a computer zombie is by virus, and exploits on unpatched vulnerabilities. Botnets are not a new concept; they have been around for sometime. But attacks from botnets are expected to grow this year. Some attacks we see from zombie networks include Denial-of-Service attack, Spyware, E-mail spam, and Click frauds.

2: Web2.0 and SaaS attack

More and more software-as-a-service websites are coming up these days (like salesforce.com, Google docs, Spreadsheet, and so on). They will get more attention from attackers. Many of these hold your important personal/company information and that’s juicy information for attackers.

3: Parasitic attackware

These might look like legitimate and branded applications, but are infected by attackers and redistributed (similar to Firefox extensions). Fake shareware distribution sites might distribute legitimate but infected programs online. The Victim would, for example, think that they are downloading legitimate Adobe Acrobat Reader from a ‘xyz’ site (not parent site of the product). However, this site might have parasitic attack software patched onto it.

4: iPhone and smart phones

iPhone is expected in India this year. We can anticipate many attacks on the iPhone and other smart phones we see these days. These might get infected over GSM or some other malicious website. With the popularity of smart phones like HTC, Blackberry and so on, people are increasingly using internet on handheld devices. We haven’t seen antivirus products emphasizing much on theme.

5: Attack from your pocket

We can expect attacks being launched from new age phones and handheld devices. Most of the handheld devices these days have wireless connectivity, and Linux or windows as the operating system. We will see a trend of hacking tools on these devices which can be used for attack. Attackers know how easy it is to create an attack toolkit on a Linux based phone. We are also witnessing a trend in tools that can assist malicious acts from handhelds. Normal phones these days are more powerful in processing as compared to the first generation of computers we stared using.

6: Attack on Govt. websites

In the recent past, we have observed cybercrooks trying to hack Govt. and bank websites. Latest in series was the ‘Govt. of Maharashtra’ website. We can expect increase in the trend of hacking into Govt. websites. The need of the hour is to secure such websites and manage them properly

7: Phishing: Majorly targeting SSO based services

We are moving towards one username, one password, and many services kind of architecture, just like Google. It’s commonly known as single-sign-on (SSO) in the IT industry. We can expect malicious websites offering some services which pretend to, for example, use Google Auth API where you could avail the service under the Google services umbrella. It will look legitimate but the attacker might get away with your crucial information. This can directly relate to financial loses as well. We have seen a lot of people using Google checkout to shop. Attackers might try to take benefit of this fact.

8: Social networking websites

What with the way social networking websites are booming these days, we can expect more and more crime on that front. As of now identity theft is growing through these sites. Pornography might grow a great deal on these channels.

Attackers might also use these sites for mining data about people, fetching information that people share and use it to “authenticate” their attacks.

9: Lucrative websites

Fancy looking websites of greetings, gaming and cyber pornography has been a good source of attacks in the past and the same will continue in 2008 also. It targets the mentality and emotions of people to serve its purpose, and the same will remain a prime method for adversaries in future too. These might be used to spread malwares and steal financial or personal information.

10: Wireless attacks

The wireless medium is getting popular in India these days with cheap and affordable devices. But people are ignorant about the security aspects of the wireless. Wireless attacks are on a high prowl in the west where companies have incurred losses in millions. We will see a rise in wireless attacks in India too, if people are not educated in time.

What should a common man do to be safe?

There are a few things a common man can do to be secure online. Many of these have been told again and again in past, but people do not take it that seriously

a) Use genuine software

b) Update all the software with latest patch issued by the vendor

c) Use a good antivirus and antispyware tool

d) Keep antivirus antispyware updated

e) Use a good desktop level personal firewall

f) Abstinence: Avoid temptation of downloading anything and everything.

g) Open email attachment from trusted source only

h) Do not give too much personal information on public websites

i) Double check before using any executable, verify the integrity and the source.

j) Download software from trusted websites only

k) As far as possible use HTTPS and other encrypted protocols.

l) Never ignore any warnings, read them carefully & try to understand the reason behind it

m) Use best security practices to secure your networks, wired or wireless

n) Use smartphones responsibly.

http://economictimes.indiatimes.com/Internet_/Showcasing_the_knack_of_hack/articleshow/2602177.cms

http://www.darkreading.com/document.asp?doc_id=141404

http://www.dnaindia.com/report.asp?newsid=1138336

http://www.expressindia.com/latest-news/Stop-sending-obscene-SMSes-or-you-may-land-in-jail-for-5-years/248439/

http://www.sakalherald.com/mh/evil_toaster/index.html

http://www.expressindia.com/latest-news/Ethical-hackers-are-here-to-help-you-check-hacking/248490/

http://www.expressindia.com/latest-news/Hackers-rope-in-police-others-to-call-them-good/248197/

http://digg.com/security/Hacker_Uses_Networked_Crazy_Toaster_To_Hack_PC_2

http://www.theregister.co.uk/2007/12/18/networked_toaster_hack/

http://www.expressindia.com/latest-news/Man-makes-toaster-hack-computer/249695/

http://flickr.com/photos/tags/clubhack/

Enjoy

Hacking is not just a negative thing though it’s more notoriously known for the act of hacking into somebody’s bank account, hacking into some secured network or as being made famous by Matrix’s Neo or Die Hard 4.0 Apple Mac guy trying to hack into all the systems of the US government. Hacking as I understand is just trying to do things your way and finding ways to do that. So if I am not happy with toast level I will hack it and make my toast crispier. If I am not happy with my Apple iPhone not working with my network I will hack it to make it work with my network. While working with softwares we write hacks all the time, if something is not working the way you want you write a hack to make it work. Hacking is also a good way to find out the vulnerabilities in anything, be it a product or a network. Rohit said that people have a very wrong notion about the term Hacking and when he told people that he is going to organize ClubHack, an international convention for hackers, the first question he was asked that whether this is legal. People even tell him to be careful and not run into trouble with the legal authorities.

While writing this post I got another annoying call from the Reliance about setting my ringtone to some Marathi song. The freaky part is that I had just stored a note in my phone about some Marathi song that my friend asked me to search on internet. I would have let it go witohut thinking twice about it bust since I am writing about hacking and Clubhack I and getting suspicious. Is it possible that Reliance can access data on my phone. Reliance is one company that gives out it’s own mobile phone instrument with the mobile services as well. I have a doubt that they could have made some setting in the phone that will enable them to have access to all the data stored on my Reliance phone. I think, Rohit and other Hacker friends of his should be able to answer this question.

I have a very interesting challenge for the hackers coming to attend the clubhack. Let me explain the challenge: I was told by Rohit that it’s very easy to hack into any phone/Computer/system if the bluetooth is on, hmmm. The challenge is about Bluetooth hacking only. Yesterday I was at a mall and saw a man walking around wtih a bluetooth enabled ear plug for his phone. Since he is having a bluetooth device that is giving you access to his ear and once you are inside the system, you should be able to hack any part. Am I right? I think, I am. So Rohit and all the hackers out there can you hack this man??

After reading this post all of you must be thinking what a naive like me doing organizing Clubhack. Let me clarify this Rohit is the main guy behind the ClubHack idea I am just helping him in organising the event. Both of us are part of the Pune Barcamp organizer gang, me being the latest entry after the Blogcamp Pune.

[Cross posted on iThink... ]

Tarun Chandel