Showing posts with label hack. Show all posts
Showing posts with label hack. Show all posts

Google Hacking for Penetration Testers, Volume 1 Review

Posted by David Kendall on 1/19/2013 / Labels: , , , , , , , , , / Comments: (0)
Google Hacking for Penetration Testers, Volume 1
Average Reviews:

(More customer reviews)Are you looking to buy Google Hacking for Penetration Testers, Volume 1? Here is the right place to find the great deals. we can offer discounts of up to 90% on Google Hacking for Penetration Testers, Volume 1. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Google Hacking for Penetration Testers, Volume 1 ReviewWhile Google is a researcher's friend, it is a hacker's dream. The subtitle of Google Hacking for Penetration Testers is "Explore the Dark Side of Googling". The dark side of Google is that far too many networks are insecure with inadequate security and enable unauthorized information to leak into Google. This leakage creates the situation where significant amounts of password files, confidential information, and configuration data and much more are easily available.
After reading Google Hacks: Tips & Tools for Smarter Searching, the real power and potential danger of Google is easily understood. Author Johnny Long details how penetration testers can harvest information that has been crawled by Google. The need for Google to be an integral part of any penetration test is now easily understood.
In a similar manner, when Dan Farmer wrote SATAN in 1995, it was met with significant consternation in that many felt he was wrong to release such a powerful program into the wild. Silicon Graphics, his employer at the time, considered his conduct unprofessional and summarily fired him. Ironically, in 2005, a security administrator can be fired if they don't run a vulnerability scanner akin to SATAN. Running scanning tools is now part of security due diligence and any administrator not running such a tool is careless.
With that, some may think author Johnny Long gives far too much ammunition to those seeking to peruse corporate data, but those were the same mistaken objections to SATAN. The book is not meant to be a crutch for script kiddies, its aim is rather to show how Google can be used to uncover data that most companies would rather remain secured. It is simply a matter of time until such Google searches will be considered due diligence for any basic security endeavor.
The book's 12 chapters show how one can plunder and pillage corporate data via Google. Chapters 1 and 2 provide a basic introduction to Google searching, including building Google queries, URL and operator syntax, search reduction, and more.
Chapters 3 through 10 detail the internals of Google hacking. The avenues of attack are nearly endless and various methods are detailed from traversal techniques, site crawling, tracking down Web server logins, and much more. With the sheer amount of data produced on corporate Web sites, it is hard not to have information leakage. The problem is that Google is the perfect glue to bond those disparate pieces of data together to form a dangerous set of connected data. Google is now gluing isolated data, which is dangerous data when in the wrong hands.
Chapter 11 details what can be done to protect an organization from Google hackers. While author Johnny Long may be a hacker, he is quite mainstream when he writes that the best hardware and software configuration money can buy can't protect computing resources if an effective security policy is not in place. Long observes that a good security policy, when properly enforced, outlines the assets the organization is trying to protect, how the protection mechanisms are installed, the acceptable level of operational risk, and what do to in the event of a compromise or disaster.
Chapter 11 details the use of the robots.txt file, which can be used to block Web crawlers such as Google. The chapter also recommends the use of various tools to secure an internal Web site. Tools from Foundstone are detailed, in addition to Gooscan, a tool created by Long that enables bulk Google searches to determine how much information has leaked.
A decade ago, Google was the type of powerful search tool that was rumored to be used within the NSA. Today, petabytes of data are only a few clicks away on Google, and with the Google API, all of that information can be seamlessly integrated into a few scripts. The challenge companies face is to take security seriously and stop making it easy for their password files, payroll data, and other confidential information to be entered into Google's server farm.
Google Hacking for Penetration Testers, Volume 1 Overview

Want to learn more information about Google Hacking for Penetration Testers, Volume 1?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions Review

Posted by David Kendall on 5/22/2012 / Labels: , , , , , , , , , / Comments: (0)
Hacking Exposed VoIP: Voice Over IP Security Secrets and Solutions
Average Reviews:

(More customer reviews)Are you looking to buy Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions? Here is the right place to find the great deals. we can offer discounts of up to 90% on Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions ReviewHacking Exposed: VoIP (HE:V) is the sort of HE book I like. It's fashionable to think HE books are only suitable for script kiddies who run tools they don't understand against vulnerable services they don't recognize. I like HE books because the good ones explain a technology from a security standpoint, how to exploit it, and how to defend it. I thought HE:V did well in all three areas, even featuring original research and experiments to document and validate the authors' claims.
HE:V is a real eye-opener for those of us who don't perform VoIP pen testing or assessments. It's important to remember that the original HE books were written by Foundstone consultants who put their work experience in book form. HE books that continue this tradition tend to be successful, and HE:V is no exception. Good HE books also introduce a wide variety of tools and techniques to exploit weaknesses in targets, and HE:V also delivers in this respect. HE:V also extends attacks beyond what most people recognize. For example, everyone probably knows about low-level exploitation of VoIP traffic for call interception and manipulation. However, chapter 6 discusses application-level interception.
HE:V goes the extra mile by introducing tools written by the authors specifically to implement attacks. In at least one case the authors also provide a packet capture (for the Skinny protocol) which I particularly appreciate. HE:V also looks ahead to attacks that are appearing but not yet prevalent, like telephony spam and voice phishing. Taken together, all of these features result in a great book. You should already be familiar with the common enumeration and exploitation methods found in HE 5th Ed, because the HE:V authors wisely avoid repeating material in other books (thank you).
If you want to understand VoIP, how to attack it, and how to defend it, I highly recommend reading HE:V. The book is clear, thorough, and written by experts.Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions Overview

Want to learn more information about Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions?

>> Click Here to See All Customer Reviews & Ratings Now
Read More...