Category Archives: book

Books Ngram Viewer

Posted on by
Reply

Yet another cool google tool fir information analysis.

This Books Ngram Viewer will now give more detailed information about what has been a topic of interest to various populations over time.

Books Ngram Viewer:

http://ngrams.googlelabs.com

This is not really a surprise to see that cybernetics is not really the most fashionable topic at the moment. But it is nevertheless interesting to see that it is loosing in popularity.

But what could be the topics of interest:
The first which come into mind or drugs, sex and rock’n roll. But maybe over time, this could be more love, religion, war.

Interesting to see that war clearly has 2 peaks during the second world wars. Religion has been decreasing steadily. Man and love have been increasing. Clearly more information here, which could be used for studies in human behavious and interaction.

Hackers the Next Generation – Book review

Posted on by
Reply

This hacking book will give you the basics to a number of hacking technics. The book is split in 10 chapters and although each one have a few interresting points. I found the second and third which focus on web and network security to be the most interresting for me, as a web engeneer.

Chapter 1 is about collecting data by using search engines most of the time.

There is so much information available that you can just search google most of the time to get security holes, login and password lists.
Exemple: search: “Unable to jump to row” “on MySQL result index” to get a list of MySQL servers which are vulnerable to sql injections.

You can then find user names by searching the documents which are online:
typedoc:exemple.com in google to get a huge list of docments which have been published without wanting to.

You can also get all the email addresses in a company with a simple python script called theHarvester.py to get all the email addresses found for a domain name on a specific search engine.

XSS (Cross Site Scripting) and CSRF (Cross Site Request Forgery) Attacks:
These are clearly the most commun and spread attack which still work today. Since by inserting a specific url, you can grab users cookies which will often include session cookies, and therefore duplicate the session on your own computer.

There is a powerful exemple from Ranger which uses iframes to gain control of the victims browser in a similar way to a VNC with a XSSwave technic.

http://xss-proxy.sourceforge.net/shmoocon-XSS-Proxy.ppt

The cracking passwords using brute force:
1) Cain & Abdel
2) John the Ripper
3) Hydra for brute force attacks on a number of protocols
Burp intruder

Security tools:

You should be able to get an extensive and up to date list on http://sectools.org
But I will only mention the first on the list for the past 10 years:
Nessus

Other interresting sources to harvest data:

Yahoo pipes:
To group source of information together
Sentiment analysis with:
Wefeelfine.org

Tweetstats.com
Namechk.com

Gonzor’s switchblade to extract all information from a usb key.
Switchblade gonzor228.com

Although this book will give you good foundations on hacking technics, it will not be extensive and you should extend the information given with test and trail of the tools given.

There is also very little information on virus and troyen methods which are also most likely a very extensive topic.