What is a root kit? A root kit describes mostly malicious software with one main characteristic: the process tries to hide itself from the user by manipulating file, registry, and other important access queries which makes rootkits especially hard to detect.
Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem.
There are at least five types of rootkit, ranging from those at the lowest level in firmware (with the highest privileges), through to the least privileged user-based variants
Kaspersky is one of the top and most commonly used antiviruses but did you know that Kaspersky is far beyond being an antivirus.
Kaspersky Lab, the world’s largest independent security software company extends its product from the endpoint to your servers and gateways, and the unique integrated design approach means you can secure and control all your physical, virtual and mobile devices from a single central management console, whatever the size of your infrastructure.
Kaspersky boasts a comprehensive list of technologies, from encryption and mobile device management to patch management and license inventories. All work seamlessly together, supported by the cloud-based Kaspersky Security Network, to give customers the world-class protection they need to combat ever more sophisticated and diverse cyber threats.
As with any system written by humans there are bound to remain some vulnerabilities and one of the most common vulnerabilities for web systems are the SQL injections. To a normal user this may not seem like much but to a hacker this is the gateway to have control over entire site at worst even an entire server. So protecting your site from these attacks is quite essential and it should be a systemic design with security kept in mind from the ground up.
Locating sites vulnerable to SQL Injections is trivial and can be done using your favourite search engines, automated assessment tools like Acunetix and can also be observed by checking any input parameter of the target web application. Some common ways these vulnerabilities are added to seemingly secure content management systems like Joomla and WordPress is through use of vulnerable plugins.
Once you’ve located the vulnerability the next step is to exploit it. Exploitation can be done manually by the attacker using any browser of choice or it can be automated by tools such as havij.
I wrote in another publication about authentication but am going to delve into authentication from the view as someone from the hacker underground. Web authentication has evolved immensely from the early days of the web where it was mostly basic authentication and for the more ‘secure’ websites digest authentication was used.
So you if you are scratching your head wondering what the heck I am going on about well….basic authentication requires that a special file .htpasswd, containing the credentials of the individuals who are authorised to access a resource, be placed in the directory which is to be secured and data is sent over the network in unencrypted manner (sniffing attack anyone?...anyone?) anyway so digest authentication then came in and was intended to supersede unencrypted use of the Basic access authentication, allowing user identity to be established securely without having to send a password in plaintext over the network. As technologies improved we made the leap to form based authentication which is much more familiar now due to ability to save credentials to database and easily handle sessions.