Free Security Tools

Need a proxy for surfing anonymously? Need email privacy?
How about a free firewall?

Here are a bunch of free security tools you can use.

The Internet is full of legitamate free tools created by people who don’t care about making money or make money with donations and endorsements. Majorgeeks is my favorite place to get anti malware, anti spam, anti spyware tools. You don’t want to go to just ANY site and start downloading software. Not all sites can be trusted. One of the main ways that malicious hackers get in your system is by putting out free stuff loaded with malware. Malware can be put in pictures, music, movies, and of course software.

Make sure you only download from trusted locations.

What are Social Bookmarks?

What are Social Bookmarks?

A social bookmark is a link created by a web user that is categorized and viewed by the public. If you have ever had bookmarks at work and moved to a new job and wanted access to your old links then you will immediately understand the signifigance of the social bookmarks. They offer a way in which users can access their bookmarks from anywhere in the world with an Internet connection and a way for users to have control over the classification of those bookmarks.

Social bookmark buttons on a blog are especially powerful. These are buttons on a blog and/or website that allow readers to submit articles they like to Digg, Del.icio.us, Reddit and other socially moderated bookmarking/news/feed sites at the click of a button. Readers will also be able to add articles to feed readers such as Google Reader, My Yahoo! and Bloglines. This is a great way to advertise as each link from another site (known as a back link) will give more ranking on search engines. It also allows for something known as social marketing optization.

3spots at Blogspot has one of the most comprehensive posts on social bookmarking and code for blogger, wordpress and Typepad/MoveableType!

Reference:

http://www.educause.edu/ir/library/pdf/ELI7001.pdf

http://en.wikipedia.org/wiki/Social_bookmarking

Nature Publishing Groups. Social Bookmarking Tools (I).

Wardriving Tools

Great site that lists the best software for finding and decrypting wireless AP's.

Morality of Wardriving tools.
I do not personally wardrive but I think it is a great way to do an
assessment of the security of your area.  I know some people
wardrive just to find a free spot to surf.  This is the equivalent
to walking up to every door in your neigborhood and twisting the knob
to see if the door is unlocked.  Then walking in and watching
cable on their couch and eating popcorn.  It is not right. 
And I can not pretend that it is.

Privacy of Publically dispensed Wireless Data
But at the sametime, having a wireless service and NO security is like
having a house with no walls.  How can there be a crime or theft
of data and service when the data and service is spilling out freely
into the air like a public water fountain. 

Paying for Service and then serving it to the Public
I pay for the water service at my house so if anyone else walks into my
yard to use my water hose they are wrong.  But if I put that same
hose into a nearby public park and turn it on, how guilty is anyone
going to feel about taking a sip or splashing their face with it?

So if you feel strongly about people NOT wardriving and not stealing
service than do something about it.  I think that wardriving will
dry up when the masses finally get wind of wireless security, until
then “Surfs up.”

read more | digg story

Beer Can Padlock Shim aka "Masterlock Master Key"

How to build a better padlock shim using a very special hacker tool… A beer can.

This was picked from Deviant Ollam at Defcon 13.  This is yet
another reason I love Defcon.   I've heard the arguement that
we [security professionals] should NOT “promote” hacking or do anything to suggest that it is cool.

But I think that is a pretty stupid thing to say… because hacking IS
cool.  Its not always bad and definitely not always good.  As
far as going to events like Defcon… The IT and Security Industry are
so slow and firewalled with corporate BS that they will actually hide
things the consumners need to know.  Just look at CiscoGate
Or, do like a typical government, know that there is a problems but be
so filled with overhead and beauracracy that they can not do any thing
about it even if they cared enough to.

You don't have that kind of big brother crap at the Defcon.  If
its broke you fix it and if it is fixed you break it to see if its
possible. 

If
the locks on the doors into your house are no good don't you want to
know about it ASAP?

Ollams Site:
http://deviating.net/

read more | digg story

VMware for Security Training

VMware or Virtual Machine Software is an excellent tool to use for penetration training. 

I went to an ethical hacking course with New Horizons and that is what
they used to train us.  Each student was able to operate three or
more environments (windows 2000, Knoppix STD, and Window XP) and attack
either our own virtual network or the Instructors firewall to
demonstrate the use of Netcat for example.

It was a very cool way to learn.  Years ago I was in a training
course created by Global Knowlegde for basic networking, hardware,
cisco routers and a Microsoft cert.  I recall them bringing a ton
of equipment with them and having trouble getting on and off planes
with it.   With a software solution like VMware they could
have carried much less equipment.

VMware allows you to operate multiple Operating Systems on one
computer.  OS's such as Linux, OSX, and Windows 2003, for example
can be placed on the same system.  VMware gives you the ability to
switch from one system to another with ease.  My only complaint is
that it seems to be incompatible with some software you might try to
install on it.  But it works with the main stuff such as protocol
suites just fine.

Vmware is great check out their free trial.

Use Google To Find Passwords

Google hackers have been doing this for a while now. Here is a tutorial on finding passwords using google. This could be used to secure your own web server.

Security Professionals charged with protecting IT infrastrutures would do well to become the most aggressive hacker of their own networks. This would help them to proactively seek out new exploits on their network, webserver, or IS they protect.

read more | digg story

Google Hacking Explained

What is Google hacking? How is Google used by hackers as a tool? Read this article for more information.

Johny Long, author of the official Google Hacking book will be at the Las Vegas, NV Defcon 13 Convention signing books. 

read more | digg story

1 2