Open Source & Digital Media for Newbies
 Open Source & Digital Media for Newbies
  Home | Open Source |  Android | Apple | Windows |  Cloud | Products |  Security |  Feed IT & Digital Media Blog 
Nov 242014
 



There are several web sites that spit out your IP address when you visit one of them.

The sites include DNSStuff, IP Tracker, WhatIsMyIP, WhatIsMyIPAddress etc

IP Address – Command Line

But what if you’re on the terminal and do not want to fire up the browser just to check the IP address.

Not a problem, sweetie.

There are several commands you can run to find your IP address while on the terminal.

Here are a few of the “find my IP” commands that you can run on the terminal:

curl ip.appspot.com
curl icanhazip.com
curl ipecho.net/plain
curl ip-addr.es
dig +short myip.opendns.com @resolver1.opendns.com
curl ifconfig.me

Important: Make sure you have curl installed on your computer. Without curl, most of the above commands (except for the dig + …) will not work.

Knowing your IP addresses is important for a variety of reasons including access to geographically restricted content, access control to sensitive sites (corporate, personal etc) and sometimes for tech support.

 Posted by at 7:12 am
Nov 202014
 

For all those lamenting the current wave of online attacks, I have bad news for you – The worst is still to come.

From the White House to Target to the U.S. State Department to Home Depot to the USPS and countless other organizations, it seems there’s not a single large outfit that’s not suffered a devastating online attack and theft of credit card information and personal data of  millions.

Ask not which large organization has been hacked, instead ask who’s not.

It’s not just businesses that are vulnerable to online attacks. Countless people fall victim daily to diverse forms of malware attacks on their desktop and laptop computers.

A couple of years back, a Google Search Results Hijack malware destroyed one of my Windows PCs.

Ransomware demands to unlock computers have escalated in recent months.

The world is full of nutcases determined to make life miserable for others.

And there’s nothing we can do about it considering there are far too many cyber-attack vectors (active attacks, passive attacks like search engine results and drive-by attacks when you visit an innocent-looking web site etc).

The fundamental weaknesses of the Internet architecture and the availability of countless IP addresses make it impossible to control the wave of attacks. You can sit in a Kiev or New Delhi basement and mount an anonymous attack on a NYC bank with impunity, a feat unimaginable in the physical world.

Even if you block 20, 200 or 2,000 IP addresses via hardware firewalls or IP Tables, hackers still have access to tens of thousands of other IPs from which to crash your web site, attack the server or plant malware in the network.

Each time you block an IP, CIDR or even an entire nation from accessing your network, the cyber-terrorist has no worries. None at all. Because he still has recourse to thousands of other IPs from which to reload and relaunch his attack on your point-of-sale system, server, web site or network.

But the current wave of attacks is just the harbinger of worse things to come over the next decade, more so with the inroads thatr information technology has made into all walks of life (hospitals, electric grids, transportation hubs, schools, air-traffic control, electronic voting etc).

Mark my words!

You’ll look back nostalgically to the present times as the halcyon days of the Internet.

Knowledge Economy —> Cyber Attacks

Until fairly recently, the knowledge economy was the exclusive preserve of U.S., Canada, UK, Germany, France, Japan, South Korea, Russia, Australia, New Zealand and a handful of other countries.

A knowledge economy is not merely one that has a high degree of literacy but one where a wide swathe of people leverage computers and information technology as powerful tools to forge ahead in education, entertainment, business, espionage and war.

By putting knowledge on steroids, information technology has created the knowledge economy.

Thanks to U.S. government funding of research labs (1945-75) and the entrepreneurial itch of Silicon Valley pioneers (1968-2014), the knowledge economy first flowered in the U.S., then moved east to Europe and now reached the shores of a few Third World nations.

For a variety of reasons (falling prices of computers, low-cost school/university education, economic growth etc), the knowledge economy is now starting to establish roots in ambitious nations like China, India, Brazil and Turkey, all with large populations.

Expansion of the knowledge economy to new nations has been accompanied by a massive surge in adoption of open source software like Linux in these nations. I suspect Kali Linux and Ubuntu have more users in China, Russia, India, Ukraine and Turkey than in the rest of the world combined.

As the knowledge economy reaches new geographical frontiers, expect the law of unintended consequences to come into play.

I predict there will be a tremendous surge in cyber attacks on all organizations (small, medium and large) for seven reasons:

* Expansion of the knowledge economy to new nations (like China, India, Iran, Brazil, Turkey etc) providing citizens access to basic infrastructure

* Growth of the open source software movement and easy availability of scores of free tools for port scanning, vulnerability scanning and exploiting servers and networks

* Increasing gap between people entering the knowledge economy and the economic opportunities for them Continue reading »

 Posted by at 2:17 pm
Nov 192014
 

Scanning is a crucial tool in the arsenal of penetration testers as well as hackers out to inflict catastrophic damage on your computer server or web site.

Without scanning, there’s no possibility for exploitation of your system.

Scanning in short provides the raw material for attackers or penetration testers to work on.

When a penetration tester starts scanning a host (computer/server, IP address, web site etc), he is basically identifying ‘live’ systems and any and all services on the host.

Note: Again, as I’ve said in the past do not attempt any kind of scanning on computer systems unless you have legal authorization to do so or you’re doing it on systems owned by you for learning purposes.

Ping

In scanning, the first step is to check if a computer or server is ‘live’ by doing a Ping test.

ping xxx.xxx.xxx.xxx

ping example.com

Besides telling you that a host is ‘live,’ a ping also provide information on the time taken by an ICMP Echo Request packet to reach the host and return.

If you have Kali Linux installed on your PC, you can run fping for a wider suite of ping tests.

With fping, you can check individual IPs, do a sweep of multiple IP addresses, send pings indefinitely, have only ‘alive’ hosts show up in the ping results etc.

Note: But don’t expect to always get a response from a ping request. Some servers are configured not to respond to a ping.

So even if you don’t get a response from ping tests, you must proceed to the next two types of scanning:

* Port Scanning
* Vulnerability Scanning

Let’s examine each of these scanning types in some detail. Continue reading »

Nov 182014
 

November 18, 2014 – Tenable Network Security today rolled out version 6.1 of its popular Nessus vulnerability scanning tool featuring a dozen ready-made scanning templates and 100 system hardening guidelines to help organizations identify more vulnerabilities and malware and better implement best security practices.

In an age of frequent and destructive online attacks, Tenable Network’s promise to reduce the attack surface must come as welcome news to beleaguered organizations of all sizes.

Nessus 6.1 Enhancements

* Support for customizable compliance and system hardening policies out of the box (v6 comes with 100 built-in policies for network products, firewalls, storage devices, virtualization and cloud platforms and major operating systems) Continue reading »

 Posted by at 9:34 pm