Archive for June, 2009

Using fping to perform basic network scans

Posted June 17, 2009 at 10:34 pm in Pen Testing | No Comments

Network scanning dates back to 1983 when Mike Muuss wrote the original ping tool. Ping is an effective network tool that tests whether a host is reachable across an IP network by requesting an Internet Control Message Protocol (ICMP) echo response. This is accomplished by sending an ICMP echo request across the network to the intended target and if the host is reachable and capable of processing ICMP packets it will respond with an ICMP echo response packet. A network scan allows us to paint a picture of the current state of the network by sending certain types of traffic and analyzing the results. Unfortunately, ICMP is a topic for another article but I encourage you to read RFC 792 for more information if you’re interested.

Why don’t we just use ping to scan a network then? The problem with ping is that it sends out an echo request and waits for an echo response. If you are scanning a network segment where you have 255 possible hosts to ping and some of these hosts don’t instantly reply, you could be waiting quite a while. This speed and efficiency issue is resolved with another tool called fping.

Continue reading..

GWEBS MailCloak secures your webmail for free

Posted June 13, 2009 at 11:25 am in Encryption | No Comments

GWEBSWe looked at securing your email yesterday using PGP but what if you use a web-based email provider such as Google, Yahoo!, or Windows Live? The PGP method is great for securing your email client but won’t help you much when you’re using webmail. So how can we encrypt and digitally sign our webmail for free? By using GWEBS MailCloak, that’s how.

Why would you want to do this? You never know who may be eavesdropping and reading your email. Many webmail providers also store and index every email message their systems create, send, receive, pass along, etc. This is a problem because this index can be searched by users as well as Internet Service Providers. I’m not going to list all of the reasons why this is a bad idea but let’s put it this way: why give the webmail providers this kind of power, often without any accountability to its users, when you can secure your email easily and for free?

MailCloak is a great solution for people who use laptops to check their Gmail or Yahoo! mail on the go. It gets even better if you use Firefox. With Firefox you can install the GWEBS MailCloak plugin in about 5 seconds and set up your keypair in another 5 seconds. Before you try this, make sure your webmail provider is supported first by checking out the list of supported mail systems.

Continue reading..

Secure your email using PGP

Posted June 12, 2009 at 2:43 pm in Encryption | 1 Comment

Odds are you check your email at least once every day. But who else might be checking your email as well? If your email isn’t secured then the answer is, anyone and everyone. Email allows us to communicate personal, corporate, and possibly sensitive classified messages. You can bet that classified messages undergo quite a bit of protection. Why shouldn’t you be able to secure your messages, too?

With PGP securing your email is easy and transparent. PGP, created by Philip Zimmermann in 1991, stands Pretty Good Privacy. PGP is used for signing, encrypting and decrypting emails to increase the security of email communications. That seems straightforward enough but how does PGP work?

PGP Proxy

PGP acts as a messaging proxy that resides between your email client and your email server.

Continue reading..

Page 2 of 3123