Comparto un artículo del blog de Security By Default, donde muestran la forma tan sencilla y practica de romper la seguridad de Windows 7 y Server 2008. Lo único que se requiere es acceso físico sobre la maquina y poder ejecutar un linux booteable desde una USB o un CD para realizar la modificación. La idea es usar los ejecutables que llaman la lupa o el teclado en pantalla y renombrar una copia de cmd.exe por estos ejecutables. Así cuando llamemos dicho programa ejecutaremos la línea de comandos.
Lo interesante del asunto es que el “cmd” se ejecuta con privilegios de sistema permitiendo crear usuarios a nuestro gusto y poder acceder a la maquina.
Juzguen ustedes mismos...
http://www.securitybydefault.com/2010/12/bienaventurados-los-que-no-ven-porque.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+SecurityByDefault+%28Security+By+Default%29
viernes, 17 de diciembre de 2010
miércoles, 1 de diciembre de 2010
Potential WikiLeaks Phishing Scams
US-CERT Current Activity
Potential WikiLeaks Phishing Scams
Original release date: December 1, 2010 at 5:42 pm
Last revised: December 1, 2010 at 5:42 pm
In the past, US-CERT has received reports of phishing scams and
malware campaigns related to topics that are of high-interest to the
U.S. Government or news media, such as the WikiLeaks website. Users'
systems have been compromised by receiving and accessing phishing
emails with subject lines that seem relevant to a high-interest
subject and appear to originate from a valid sender. US-CERT reminds
users to remain vigilant for potential malicious cyber activity
seeking to capitalize on interest in WikiLeaks. Users are advised to
exercise caution in handling any email with subject line, attachments,
or hyperlinks related to WikiLeaks, even if it appears to originate
from a trusted source.
US-CERT encourages users and administrators to use caution when
encountering these types of email messages and take the following
preventative measures to protect themselves from phishing scams and
malware campaigns:
* Do not follow unsolicited web links in email messages.
* Use caution when opening email attachments. Refer to the Using
Caution with Email Attachments Cyber Security Tip for more
information on safely handling email attachments.
* Maintain up-to-date antivirus software.
* Refer to the Recognizing and Avioding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
Cyber Security Tip for more information on social engineering
attacks.
Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.html
http://www.us-cert.gov/reading_room/emailscams_0905.pdf
http://www.us-cert.gov/cas/tips/ST04-010.html
Potential WikiLeaks Phishing Scams
Original release date: December 1, 2010 at 5:42 pm
Last revised: December 1, 2010 at 5:42 pm
In the past, US-CERT has received reports of phishing scams and
malware campaigns related to topics that are of high-interest to the
U.S. Government or news media, such as the WikiLeaks website. Users'
systems have been compromised by receiving and accessing phishing
emails with subject lines that seem relevant to a high-interest
subject and appear to originate from a valid sender. US-CERT reminds
users to remain vigilant for potential malicious cyber activity
seeking to capitalize on interest in WikiLeaks. Users are advised to
exercise caution in handling any email with subject line, attachments,
or hyperlinks related to WikiLeaks, even if it appears to originate
from a trusted source.
US-CERT encourages users and administrators to use caution when
encountering these types of email messages and take the following
preventative measures to protect themselves from phishing scams and
malware campaigns:
* Do not follow unsolicited web links in email messages.
* Use caution when opening email attachments. Refer to the Using
Caution with Email Attachments Cyber Security Tip for more
information on safely handling email attachments.
* Maintain up-to-date antivirus software.
* Refer to the Recognizing and Avioding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
Cyber Security Tip for more information on social engineering
attacks.
Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.html
http://www.us-cert.gov/reading_room/emailscams_0905.pdf
http://www.us-cert.gov/cas/tips/ST04-010.html
Suscribirse a:
Comentarios (Atom)