Switch flood broadcast FF:FF:FF:FF:FF:FF frames out all ports.
Normal switch port modes operation
* 10 Mbps half-duplex
* 100 Mbps half-duplex
* 10 Mbps full-duplex
* 100 Mbps full-duplex
Network Layer: the network layer, handles logical addressing, translates logical network addresses (IP address) into
physical address (MAC addresses), and performs best path selection and routing in an internetwork.
The PDU at the Network layer is a packet, as show below, The software components working at this layer
include IP, ARP, and ICMP from the TCP?IP protocols suite.
NETWORK- LAYER HEADER TRANSPORT-LAYER HEADER DATA
-----------------------------------------------------------------
Transport-layer PDU - SEGMENT
----------------------------------------------------------------------------------------------------
NETWORK-LAYER PDU- PACKET
{SCAMMER MESSAGE}: Hi! I am going to share how to earn money from home. I earn $4,000 a week and I will share my secret.
Sounds good isn't!. But stop. If the profile has a deceptive or none photo, be sure of one thing that is a SCAM.
Secondly no body is going to tell you how to earn per week $4,000 for free.
So do not be greedy and DO NOT make any contact just delete and presto the issue is done. They are waiting to make contact.
Three men and two women had been charge with fraud and money laundry follow major investigation into cryptocurrency scam operated on the Gold Coast.
Investigation has several victims their investment $2.7 million dollars has a huge revenue in profits, but in fact the revenue or investment never existed.
Drop capital cannot process by victims.
| Vulnerability | Description |
|---|---|
| Operating systems | "softphones that operate on standard PCs are vulnerable to operating system attacks. |
| VoIP protocols | Many of the common VoIP protocols d not provide adequate call-party authentication, en-to-end integrity protection, and confidentiality measures |
| Lack of encryption | Voice protocols do not encrypt call-signaling and voice streams, so identities, credentials, and phone numbers of callers can be captured using protocol analyzers. |
| Network acknowledgment | Attackers can flood VoIP targets with DoS-type attacks that can degrade service, force calls to be dorpped prematurely , and render certain VoIP equipment incapable of processing calls. |
| Spam | Spam over Internet telephony can carry unsolivited sales calls and other nuisance messages, and programs can download hidden mal ware to softpones. |
| Benefit | Description |
|---|---|
| Cost Saving | The cost of convergence technologies is low in comparison to startup costs for new traditional telephone equipment |
| Simplified management | Instead of managing separate voice and data networks, convergence provides the functionality of managing and supporting a single network for all application |
| Application development | New application can be developed more quickly with fewer resources and at lower cost on a verged network. |
| Reduce infrastructure requirements | The requirements of the wired infrastructure are reduce, as multiple valbe drops to the desktop are not longer required because one connection support both data and telephony. |
| Reduce regulatory requirements | Local telephone exchanges are heavily regulated the internet, as an information service, is essentially unregulated or is regulated differently, which can provide competitive advantage. |
| Increase user productivity | Users are no longer force to learn different interfaces to access information an to communicate because artificial boundaries no longer exist between applications. |
**************** REPORT ***************************************
1. Victim's name
2. Scammer phone number [ you can find this number in several websites ]
3. The Dept of Education? [ why the dept of education is looking for you? ]
4. Threat "Complete online to avoid a follow up phone call." [ threatening the victim ]
5. spoofing link survey.employment.gov.au [DO NOT TAP OR CLICK ]
6. survey with login and password [ hundreds of surveys and never come alone with password or login
unless is pay surveys ]
7. Weak and meaningless password and login. [ for a government website ]
Phone Call
Same foreign accent typical from this scammer call reading a script.
Scammer: It is this Jonathan?
Victim: Yes!
Scammer: We are calling you on behalf of Department of Education
Victim: okay!
Scammer: May I ask you some questions?
Victim: Yes!
Scammer: Okay!
Scammer: Are you follow any studies?
Victim: Yes, No, May be
Scammer: It is full time or part time?
Victim: Yes, No, May be
Scammer: Do you work full time or part time?
Victim: Yes, No, May be
If you don't tell them information they will ask you
Scammer: why not? [ strong tone ]
Scammer: Thank you very much [cut off incoming call]
**************** END *******************************************
Conclusion:
Why they call you late at night and ask for personal information about your
education?
Why they want to know if you work full or part time job?
They don't have access to other agencies to check for themselves or
it is a scammer phone call?
Best try to don't answer the phone call or say anything about anything
personal.
Government agencies has access to your information they do not need it your
help to find out you are working, where, when, and what.
Keep safe
Our AI is working hard to get as much phone calls. Here is the result of August
****************** Report **************************************************
0280328318
0260471641
0417292859
0291323990
0731938886
Scammer target a single phone: XXXXXXXXXXXXXX
6 incoming calls
5 different numbers
2 different Geo-location Sydney, Brisbane,
Area codes 02 07 04
Scammer with call you at these time
Time intent contact 10:30 AM 12:00 PM 15:30 PM
For working people you know this time you are on break, lunch or leaving your job
Scammers will call you on these days:
Date: Tuesday, Thursday and Friday
Tuesday: The best day your mood is better and you can listen new things on this day.
Friday : The best day of the week of course you can call and everybody
and they will answer the phone.
******************* END Report ****************************************************
Today's attack << Report result >> [ Device: ] mobile phone [ Medium: ] SMS attacker phone number +61 451 750 740 [ Risk: ] Middle [ Target: ]Fishing (collecting customer data) How we know it was an attack? Because we don't have an Apple ID that linked to that specific phone number, that is why become so highly suspicious. << Message decomposition as a string by risk >> iTunes -Your Apple ID account [ Moderate Risk ] restricted [ Moderate Risk ] To restore service [ Moderate Risk ] URL link [ High Risk ] to confirm your details [ Moderate Risk ] << Safety procedures >> * Do not answer or tap the email unless you have a defense plan in place. * Do not provide your details by SMS if your provider as you go directly to your provided account never by SMS, Mobiel Phone or Email. * Do not worry deleted, block or ignore that kind of messages go first to your service provider website or account. --- END REPORT --- jcrdeveloper 22 June 2020 08:30 contact us for more info: bob@jcrdeveloper.net.au
EEPROM Electrically Erasable Programmable Read Only Memory. A type of ROM chip that can actually be written to by preforming a specialized operation. Such chops often support at most 100,000 or so writes. efficiently computable A problem is efficiently computable if it is solvable by a probabilistic poly-term Turing machine. A decision problem is efficiently computable if it is contained in BPP. entropy extractor An entropy extractor is an algorithm that takes data from an entropy source as input and that extracts entropy from this data. The extractor outputs values that are uniformly distributed provided that the input data adheres to the underlying assumptions associated with the extractor
DARPA Defense Advance Research Projects Agency. DCR Decision Composite Residousity assumption. This is a decision problem that is believed to be intractable when defined over a suitable set of parameters DDH Decision Deffie-Hellman assumption. This is a decision problem that is believed to be intractable when defined over a suitable set of parameters. Denial-of-service (DoS) An Attack that denies a victim or group of victims access to some service. Example include deleting data, clogging up computer networks with data packets, hogging up CPU time and so on. DES Data Encryption Standard. The Data Encryption Standard defines a symmetric encryption algorithm with a 56-bit key space and a 64-bit block size. The standard also covers the corresponding decryption algorithm. Diffie-Hellman secret This term is often used to refer to the key that results from conducting a Diffie-Hellman key exchange. direct graph A graph in which each edge is an arrow from one vertex to another. Sometimes referred to as a digraph. DLL Dynamic Linked Library DOS> Disk Operating System
call-back function A function that has its address passed as an argument to another function. The receiving function will invoke the call-back function under prespefified conditions. Typically, the address of a call-back function is passed to an operating system routine. cascaded encryption An encryption is cascaded of the plaintext was encrypted using two or more different keys, thereby consisting of multiple ciphertext layers. CERT Computer Emergency Response Team. Found by DARPA in 1988 Cleartext Data has not been enciphered in any way. composite quadratic residuosity problem A computational decision problem that is believed to be intractable. The problem is to distinguish quadratic residues from pseudosquares module n where n is a large composite number. (They both have a Jacobi symbol of unity.) COMSEC Communications Security. COMSEC products are capable of encrypting data, digitally signing data and so on. CRL Certificate Revocation List. Used by a certification authority to publicly disclose key pairs that have been revoked. It list revoked key pairs and is digitally signed by the certification authority. A CRL is typically updated on a regular basis (for example, every day or two). Cyberpunk A term used to describe a futuristic sci-fi genre involving greedy multinational corporations and rebellious computer hacker
BIOS Basic Input Output System. Bus error A bus error occurs in a computer when an invalid address is issued from the processor to the memory bus.
ACL Access Control List Anonymous remailer An e-mail system that allows a sender to send a message anonymously to a receiver over and insecure network. ANSI American National Standards Institute. ANSI C Version of the C programming language that was standardized by ANSI. API Application Programming Interface. ARDA Advanced Research and Development Activity. ARDA is an intelligence Community (IC) center for conducting advanced research and development related to information technology. ASCII American Standard Code for Information Interchange.
Physical Security The security threats we have considered so far relate to intangibles such as software, but you should not neglect the physical security of your system.You need air conditioning and protection against fire, people (both the clumsy and the criminal), power failure, and network failure.
nc-l-p53-e/bin/dh &
If you could recognize this command line you probably are high tech cyber
security professional. If not do not worry we cannot know everything.
This command is typical backdoor in cyber security that allows some sort of
communication between you and a server.
So if you wonder what that command does:
It runs the NETCAT program to allow PORT 53 to be open for communication
The only way to do this is if someone at the server you are attacking run
this program for you. So is not easy to convince an administrator.
But still some inexperience staff they will do for you no question
ask.
So training your staff is vital to avoid the unexpected.
Cyber Security is not a joke when your business is target SA Police Cybercrime Investigations Section officer in charge Detective Senior Sergeant Adam Serafini said the alleged crimes were "sophisticated and complex". Read more in the ABC NEWS ABC News
From an engineer's point of view, an abstract explanation like âID Token is a token issued as a result of user authenticationâ. This is how looks like a ID Token: [ response_type=id_token ] eyJraWQiOiIxZTlnZGs3IiwiYWxnIjoiUlMyNTYifQ.ewogImlz cyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4 Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAi bi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEz MTEyODA5NzAsCiAibmFtZSI6ICJKYW5lIERvZSIsCiAiZ2l2ZW5fbmFtZSI6 ICJKYW5lIiwKICJmYW1pbHlfbmFtZSI6ICJEb2UiLAogImdlbmRlciI6ICJm ZW1hbGUiLAogImJpcnRoZGF0ZSI6ICIwMDAwLTEwLTMxIiwKICJlbWFpbCI6 ICJqYW5lZG9lQGV4YW1wbGUuY29tIiwKICJwaWN0dXJlIjogImh0dHA6Ly9l eGFtcGxlLmNvbS9qYW5lZG9lL21lLmpwZyIKfQ.rHQjEmBqn9Jre0OLykYNn spA10Qql2rvx4FsD00jwlB0Sym4NzpgvPKsDjn_wMkHxcp6CilPcoKrWHcip R2iAjzLvDNAReF97zoJqq880ZD1bwY82JDauCXELVR9O6_B0w3K-E7yM2mac AAgNCUwtik6SjoSUZRcf-O5lygIyLENx882p6MtmwaL1hd6qn5RZOQ0TLrOY u0532g9Exxcm-ChymrB4xLykpDj3lUivJt63eEGGN6DH5K6o33TcxkIjNrCD 4XB1CKKumZvCedgHHF3IAK4dVEDSUoGlH9z4pP_eWYNXvqQOjGs-rDaQzUHl 6cQQWNiDpWOl_lxXjQEvQ
Header eyJraWQiOiIxZTlnZGs3IiwiYWxnIjoiUlMyNTYifQ Payload ewogImlz cyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4 Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAi bi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEz MTEyODA5NzAsCiAibmFtZSI6ICJKYW5lIERvZSIsCiAiZ2l2ZW5fbmFtZSI6 ICJKYW5lIiwKICJmYW1pbHlfbmFtZSI6ICJEb2UiLAogImdlbmRlciI6ICJm ZW1hbGUiLAogImJpcnRoZGF0ZSI6ICIwMDAwLTEwLTMxIiwKICJlbWFpbCI6 ICJqYW5lZG9lQGV4YW1wbGUuY29tIiwKICJwaWN0dXJlIjogImh0dHA6Ly9l eGFtcGxlLmNvbS9qYW5lZG9lL21lLmpwZyIKfQ rHQjEmBqn9Jre0OLykYNn spA10Qql2rvx4FsD00jwlB0Sym4NzpgvPKsDjn_wMkHxcp6CilPcoKrWHcip R2iAjzLvDNAReF97zoJqq880ZD1bwY82JDauCXELVR9O6_B0w3K-E7yM2mac AAgNCUwtik6SjoSUZRcf-O5lygIyLENx882p6MtmwaL1hd6qn5RZOQ0TLrOY u0532g9Exxcm-ChymrB4xLykpDj3lUivJt63eEGGN6DH5K6o33TcxkIjNrCD 4XB1CKKumZvCedgHHF3IAK4dVEDSUoGlH9z4pP_eWYNXvqQOjGs-rDaQzUHl 6cQQWNiDpWOl_lxXjQEvQ
But can I decode this, yes you could using [ JSON Web Signature (JWS) ] The format of Header.Payload.Signature shown in the previous section is the format defined in â7.1. JWS Compact Serialization" in RFC 7515, JSON Web Signature (JWS). The concrete definition described in the specification is as follows: BASE64URL(UTF8(JWS Protected Header)) || '.' || BASE64URL(JWS Payload) || '.' || BASE64URL(JWS Signature) Ref: https://medium.com/@darutk/understanding-id-token-5f83f50fa02e, viewed 27 January, 2020, Jonathan C. R. : https://openid.net/specs/openid-connect-core-1_0.html#toc, viewed 27 January, 2020, Jonathan C. R.
The notion of black-box hardware an software and the hazards associated with them are familiar to everyone. For example, when a user installs a new commercial program there is no easy way to find out if the program is sending personal information across the internet back to the manufacturer. Such information could include personal e-mail addresses, the name o the user's internet service provider, what type of machine the user is using, and so on. The fear is that there might be an invasion of privacy that could among other things lead to aggressive marketing.
An Attack that denies a victim or group of victims access to some service. Example indlude deleting data, clodding up computer networks with data packets, hogging up CPU time, and so on.
The simple reason is some of these cheap cables are malware build-in. What is preinstall in this USB cables a keystroke instruction to access remotely your computer, phone or any other device connected to the internet. How I can Google and look for, these are called a keystroke instruction or remote keystroke logger.
This is educational purpose only
MP3 or MP3G-1 Layer 3. MP3 is an audio file format for compressing sound into a small file with hardly any noticeable lost of quality
a) ITAR U.S. federal regulations that govern the traffic of articles that are considered to be munitions. b) DARPA Defence advance research projects agency c) NSA The branch of the U.S. government responsible for establishing information superiority through cryptologic prowess, among other disciplines. d) COMSEC Products are capable of encrypting data, digitally signing data and so on. e) ARDA Is an Intelligence Community (IC) center for conducting advance research and development related to information technology
The first book I got in contact at university 1995 was about computer viruses I was studying a subject of Digital Circuits I with enable me to develop software in low level or machine language ASSEMBLER so small I could not believed it only one floppy disk less that a few kilobytes. I dig into this subject like a submarine miles away from the shore. My first research I have done about low lever programming I found by accident the first Trojan Virus it was in 1987 November in a Ontario Canadian by the time they called the logic bomb attack.
The attack was a Trojan horse clearly intended to achieve financial gain. It carry out by a single employee of a bank who manage to accumulate $70,000 by funnelling a few cents out of every account into his own, this type of attack is called âsalami slicing attackâ Small is better in this cases the portions of money were accumulate in a single account so but the day as many transactions he/she could collect lots of money and nobody would notice the small figures. Today I found the same article after 23 years different book so history for those but the principal still the same until quantum computer are commercialise.
The size depends of writer of a virus small size is more difficult to be detected by the anti-virus software or monitors networks. One of the reason are your network regardless of kind of generation, (3G, 4G or 5G) always works with the same protocol the 7 layers and the package is always limited to 1500 bits. So be successful deploying a computer virus it need to be very small and computer programs such as VB.net, C++ sharp, or Java still to big so they use something like ASSEMBLER the low computer language so low only the machine can understand 1 or 0 that is how you can see if you know how to see an assembler program. But how small is a computer virus? Code size bytes source language(s) attack routines âmainâ 434 ANSIC C TEA encryption routine 88 Asm truerand size 124 Asm misc. attack code 804 ANSIC C global data 560 N/A modified GNUmp lib 4,372 ANSIC C / entire attack routine 4,382 ANSIC C / Asm main virus routine 614 Asm total virus size 6,996 ANSIC C / Asm Ref: Dr.Adam L. Young & Dr. Moti Young / Malicious Cryptography
An hour, 30 minutes, 5 minutes, 1 minute? No one of this is correct the possibility of your device gets infected or attach by computer virus is count in seconds. Yes you read correct typically 1 second is only the virus need to take. It is really fast your electronic device gets infected quick it doesnât matter how old is your device. The reason behind that is this computer algorithms are so small that your mother board or processor transform this bits so quick that only needs seconds to not many only 1 second that is the only need to replicate, mutation and hidden into the host Table 2.1 Running time of the virus
System boot (no attack) < 16.7 msec. Infect a program 1 sec Infect file âSystemâ 4 sec Perform RSA encryption = 66.7 msec Generate 384 random bits = 6.4 sec Sytem boot (w/attack) = 11.92 sec TEA encr. Rate (1 round) = 47k bytes/sec TEA encr. Rate (3 rounds) = 15.7k bytes/sec
DEFCON is the largest convention around the world here is a video of how and where this all happen Cheap SSL Certificates $39
You will notice the use of terms such as 2.4GHZ and 5.8GHZ when describing fpv quadcopter and drone aircraft. Here is what you need to know. 2.4 GHZ â is the radio frequency that most quadcopters use for the connection between the ground transmitter and the aerial vehicle. 2 hack the drone receiver Here is how is done. Society is adopting drones for different tasks. How secure are these devices. Well like your normal computer at home it has some weakness and here is some video that explain how easy and quick can be hacked. Software: Kali OS command: airmon and airodump Number of steps: 4 to 5 Target: Parrot's Bebop Drone Objective: Permanent login disable target by smart phone app control
Authentication attacks. Attack types. Attack description. Brute Force. Allows an attacker to guess a person's username, password, credit card number, or cryptographic key by using an automated process of trial and error. IBM
Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) Brute_force_attack Cache Poisoning: Is an attack that seeks to introduce false or malicious data into a web cache, normally via HTTP Response Splitting. Cache_Poisoning DNS Poisoning: Is an attack that seeks to introduce false DNS address information into the cache of a DNS server, where it will be served to other users enabling a variety of attacks. (e.g., Phishing) Note: many of the items marked vulnerabilities and other places are really attacks. Some of the more obvious are:
Resource exhaustion Reflection injection Reflection attack in an auth protocol
https://www.owasp.org/index.php/Main_Page
>> Attacker
Objective
Typical target
Sample attack
>> Cybercriminals
Fortune over fame
Users, business, governments
Steal credit card information
>> Script kiddies
Thrills, notoriety
Business user
Erase data
>> Broker
Sell vulnerability to highest bidder
Any
Find vulnerability in operating system
>> Insiders
Retaliate against employer, shame government
Government, business
Steal documents to publish sensitive information
>> Cyberterrorist
Cause disruption and panic
Business
Cripple computers that control water treatment e.g.
>> Hacktivists
To right a perceived wrong against them
Government, business
Disrupt financial websites
>> State-sponsored attackers
Spy on citizens, disrupt foreign government
Users, government
Red user's email messages
The war has change of field from the open grassy field to a most confine secure dark rooms. Here is a video from HBO about the Cyber Security business in Israel.
Most of us melt down to know how is inside a computer virus written, how I can write one, how to test my virus and not detected for the any anti-virus. Some of these questions are some where deeply in the internet, waiting to be discover but some questions are kept in secret.
Today I am going to show you the inner structure of a computer virus
ALERT >>> Virus codeX5O!P%@AP[4\PZX54(P^)7CC)7}$JCRDEVELOPER-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save this line of code the virus in a .BAT file and run it. Fortune it is harmless for you or other, the purpose of this is to show you how is wrote a computer virus and test your anti-virus software
Have fun! Cheap SSL Certificates $39
If you have a brief idea of what the word hacker means, you probably have not seen the full power of these skillful computer gurus, what are capable of and what are they limits?. STUXNET was the sophisticated cyber attack on an Iranian nuclear plant that may have changed the nature of warfare forever. We are no talking about another Hollywood movie globebuster this happens on a top secret military operation of two countries that join forces to gain control of a nuclear plant network to shutdown their entire infrastructure.
This guys knows how to deal with call at dinner time
Tools and Commands
Windows OS
VM Windows (Virtual Machine)
Link to your best virus "wannacry"
Syskey COMMAND
Teamviwer (Remote Access Control)
Design you own web bank page to fool the scammer
Spoof your IP address
Have fun!
Kevin Mitnick a hacker with a mission. If you haven't read the book GHOST in the WIRES, that can probably tell you how a boy from Los Angeles could break not only into computer, network, communication companies but the public transport system. The book is now history for some of you but the principal of social engineering still there pretty much. On page 364 and 365 you can find how tailored he got access to a server without any username or password. Here is some of the script he told to other person to type on his computer. echo "++">~.rhosts and then rlogin lankforj@mrdbolt With all the cyber security still out there someone clueless of what harm can do to the server, for sure someone try to path some of this script but with some creativity you can go around the block.
How hackers or attacker have been bypassing both Office 365's URL reputation check and Safe Links URL protection features by using this method Zero-Width Spaces (ZWSPs) Supported by all modern web browsers, zero-width spaces (listed below) are non-printing Unicode characters that typically used to enable line wrapping in long words, and most applications treat them as regular space, even though it is not visible to the eye. zero width spaces â(Zero-Width Space (Zero-Width Non-Joiner) (Zero-Width Joiner) (Zero-Width NO-Break Space) 0(Full-Width Digit Zero)
Security Issues Fixed
Low Priority - Core - Sroted XSS in mod_banners
Low Priority - Core - Sroted XSS in com_contact
Low Priority - Core - Sroted XSS issues in the Global Configuration textfilter settings
Low Priority - Core - Sroted XSS in the Global Configuration help url
Bug fixes and Improvements
Fixes for states in com_finder (#23194), com_banners (#23193), com_messages (#23192), com_users notes (#23191)
Removal of the Caching field in the languages (#23174), syndicate (#23166), random image (#23165), and login modules (#23152)
Editors API extended #23224
Menu Item Alias type: Redirection is optional #23278
com_media: Normalisation of uploaded file names (#23259)
Code cleanup and namespacing
Visit GitHub for the full list of bug fixes.
https://www.joomla.org/announcements/release-news/5755-joomla-3-9-2-release.html?
Foundation offers cash for binary-blod driver alternative In addition to the launch of WebScaleSQL, its collaborative scalable database fork, Facebook had released a programming language dubbed Hack. Design to integrated seamlessly with PHP, Hack works with the company's high performance virtual machine HHVM - also released under and open source license - to offer the fast development cycle of PHP with the discipline provided by static typing.According to Facebook, the result is a language familiar to PHP developer but one that can offer significantly improved performance and new features including lambdas, collections, nullable types and type aliasing. Facebooks's Hack language claims to provide significantly improve performance to PHP