Hakin9 :: Anatomy of pharming - how your money is stolen

Software-Conferences DistroRankings About

Shop

Contact

Homepage

About

Advertise

News

Links

Become an author

Become our betatester

hakin9.live

Our authors

Media Kit

Review

Survey

Download

Issues

Contact

Articles in HTML

Whitepapers

5/2005 - Anatomy of pharming - how your money is stolen

[ 2005-09-01 ]

» Make order

Pharming – DNS cache poisoning attacks
Mariusz Tomaszewski
We explain how DNS cache poisoning attacks work, then demonstrate how such attacks are used in the new financial fraud technique called pharming. Finally, we test the most popular DNS cache server resistance to DNS cache poisoning attacks.
Robot Wars - How Botnets Work
Ennio Giannini, Massimiliano Romano, Simone Rosignoli
We discuss the concept of bots and botnets, then explain how they operate and how victim computers are infected. A practical example of creating a botnet using one of the available tools is presented. We also teach how to protect a computer from being exploited by a botnet.
Voice over IP security - SIP and RTP protocols
Tobias Glemser, Reto Lorenz
We provide a detailed overview of protocols used in Voice over IP (VoIP) transmissions, particularly of the SIP protocol. Then we take a look at seven most common, most effective and best-described methods of attacking VoIP, and how these methods can be applied in practice.
Exploiting Java VM security vulnerabilities
Tomasz Rybicki
We present the security model of the Java virtual machine, then describe several methods of attacking it. Described techniques include taking advantage of sandbox holes, direct access to memory and a differential analysis of power consumption. Finally, we describe how an audit of Java VM is conducted.
Advanced SQL Injection Techniques
Mike Shema
We demonstrate how to execute advanced attacks against syntax and logic of the SQL language. Several interesting tricks involving SQL injection are presented. Finally, we discuss basic methods of protecting applications against SQL injection attacks.
Linux shellcode optimisation
Michał Piotrowski
Let's write four simple shellcodes from scratch, starting with programs in C, then converting them into assembly. Afterwards let's prepare them for shellcode use and finally optimise them.
Bad Tools Make Bad Software - an interview with Dan J. Bernstein
Dan, well-known for his controversial opinions, and for creating such systems as qmail or djbdns, talks with us about non-ethical approach of *NIX distributors, alleged bugs in qmail, methods used to write secure applications, DNS and hash function security, and more
A new RFC proposal
This document specifies the User Awareness Factor (UAF) - a new standard for security measurements. The User Awareness Factor is based on one, simple principle, which is believed to hold for an infinite time: most users are lame.
Security Tools - Firestarter 1.0.3
A graphical interface for creating simple rules for a netfilter/iptables-based firewall.

CD / DVD

Send us your questions
Want to buy the magazine?
Contact me!

Contents

CD / DVD