cw
cw
cw
cw
cwcwcw
cwcwcwcwcw
cw
cw
IT Management:Security
cw
cw
cw
cw
cw
Hackers conference shown how to bypass Active Directory controls

cw
Security threats to Bluetooth wireless technology, credit card hacking and tricks to bypass Windows Active Directory were revealed at the Defcon conference in Las Vegas earlier this month.

Experts from the CIA and FBI rubbed shoulders with hardcore computer hackers at the conference. Once the sole preserve of hackers, Defcon has now become a recognised fixture in the IT industry's calendar.

One presentation showed delegates how hackers can bypass the controls restricting user access in the Windows Active Directory due to poor configuration of the software.

Phil Cracknell, security consultant at NetSecurity, said this kind of threat has been largely overlooked by companies, partly because computer viruses and worms are more visible and easier to detect.

Users expect there to be greater security in a Windows Active Directory environment as it allows administrators to overlay network-based group policies onto the security permissions of users' PCs, said Cracknell.

But Cracknell said he had come across set-ups where desktop security had been weakened because of badly implemented Active Directory environments.

He said he had seen examples of organisations using Active Directory where a reboot and removal of the network cable left a PC operating with just the desktop security policies. Restrictions on user access that were written into Active Directory no longer applied, said Cracknell.

"Plug in the cable and you effectively have a rogue PC on a corporate network," he said.

Stuart Okin, chief security officer at Microsoft, said, "Users cannot rely on security policies alone. There needs to be [system] lockdown, end-user education and constant review."

In a warning to banks and companies that do business over the internet, security analyst Robert Imhoff-Dousharm demonstrated credit card hacking. Delegates were given laptops and shown how a hacker could tap into a private network and download credit card details, which could then be decrypted.

Richard Brain, technical director at security consultancy Procheckup, said hacking credit cards details was relatively straightforward.

"Certain payment systems use particular ports. You can scan this port, capture all packets and grab credit card details," he said.

Credit card data is secured, but only by 56-bit encryption, which Brain said could be broken relatively easily to reveal the credit card number, expiry date and the cardholder's name. Secure banking transactions are usually protected by 128-bit or 256-bit encryption.

Another presentation explained how law enforcement agencies were using facilities on Microsoft's development tools to track down hackers.

Businesses have long made use of the ability of Microsoft software to track changes made to documents, but Microsoft's development tools can also track the author and computer used to create the program.

"If you use a Microsoft tool to create a [security exploit], the FBI can find out who you are," said Brain. This happens because most users generally type in the correct information when registering new software.
cw
cwcw
cw
Print this page>>
Send to a friend >>
Subscribe to E-mail>>
cwcw
cwcw
cwcw
Print this page>>
Send to a friend >>
Subscribe to E-mail>>


cwcwcw
cwRelated Articlescw
cwcwcw
cwcwcw
cwbaCritical Netscape hole could hit financial sites, warn ISScw
cwbaVirus targets AMD64cw
cwbaUS security agency's CIO fails to deliver integrated ITcw
cwbaLinux suppliers patch Qt flawcw
cwbaBig German banks hit by phishing attackscw
cwbaEx-Microsoft COO: Overhaul means crushing intelligence 'fiefdoms'cw
cwbaOracle moves to monthly patchingcw
cwbaAOL users face data access concernscw
cwbaNew worm uses IM to lure victimscw
cwbaHP tests latest security toolcw
cwbaThought for the day:
Countdown to zero-day
cw
cwbaMicrosoft details XP SP2 conflictscw
cwbaMicrosoft set to backtrack on SP2 advicecw
cwbaMicrosoft delays automatic SP2 deliverycw
cwbaSecuring your website for businesscw
cwbaThe risk is real, so be preparedcw
cwbaSP2 users face compatibility testscw
cwbaSender ID wave floats IronPort's boatcw
cwbaBlaster-B culprit confesses allcw
cwbaHunt for XP SP2 flaws in full swingcw
cwcwcw
cwcw
Our publisher also produces websites covering the following topics:
Banking InformationTravel & TourismUK Agricultural ServicesAerospace
Science & TechnologyCommercial PropertyHR InformationElectronics
Farming & AgricultureGlobal B2B SearchChemical Services & SuppliesB2B Search Engine
Property InformationHospital & MedicalCatering & HospitalityAir Transport
Optometry & OpticianConstruction EventConstruction & ContractorsEntertainment Search
cw