Skip to main content

1337 in the Library: Obtaining your information security education on the cheap

        The two quotes above were my inspiration for writing this article, along with the fact people keep asking me "How do I get started in security". Well, if you're asking for career advice I'm not your man, but on the learning side of things I think I have a few tips I can give you.
While many of us use articles and videos on the Internet almost exclusively for "getting our learn on," let's not forget those lovely dead-tree graveyards know as libraries. For that matter, if you're interested in infosec and don't have the money for a computer and an Internet connection, the local library (public or academic, more on this later) is a great place to start. Now, I know some of you will be thinking of the disadvantages of libraries, such as:
1. They have older material that's not as relevant to current information security as what's on the web.
2. It's easier to find things with Google than the library catalog.
3. You have to leave your mother's basement.
        While all of those are true to some extent, there are some mitigating factors. #1 is hard for me to argue against, but keep in mind that there are more than just physical books in a modern library. There are also electronic books and journals that are be far more up-to-date than you might expect. #2 depends on the library you choose; some offer more than others. At any the library though, ask at the front desk to speak to a reference librarian. Not everyone that works at a library is a librarian. Reference librarians are trained to help patrons find the information they want, and the reference librarian will have a better idea of what resources are available at their particular library and its affiliates. #3 is something I can't help you with, just remember to bath now and then.
Now, on the pro side, libraries have a few things going for them:
1. Libraries have access to electronic resources that you can't get to on the public Internet. For example: subscription based electronic books and journals.
2. I like the feel of a real hard copy book over reading a computer screen for hours. I know others may feel differently, but until e-paper based readers become cheaper and have color I'll prefer wood pulp.
3. Professional writers have a tendency to be better writers. While this is not always true, it's often the case. There's something to be said for a book or article where the prose flows well, and the subject is taught in a concise and understandable manner. Professionally editors can really help with this. Also, while with many security topics "the proof is in the pudding" (aka: you can test out the findings for yourself), peer reviewed journals have their merit when discussing esoteric subjects.
4. Books are nice from the standpoint of having a "one stop shop" for some types of information, rather than having to piece together bits a pieces of a topic from multiple sources.
        When asking a librarian for help you might be better off asking "Can you help me find books on pen-testing and information security?" than asking "Can you help me hackzor the Gibson?", and don't forget to be polite. Unfortunately, the media in general is a pretty lazy bunch when it comes to researching terms, and the term "hacker" causes people outside of the geek crowd to weird out sometimes because they don't understand its varied meanings. If you really feel the need, explain the term hacker, or point them to the Wikipedia entry on the term. Just keep in mind that some librarians view Wikipedia the same way union members look at scabs.
        Now, it may well be that your local public library has very few books on computer security. It's been my personal experience that university libraries are better in this regard than public libraries. Even if you are not a student at the university, they may let "community patrons" borrow from their collections. This is especially true of public universities. If the public or university library near you does not have the materials you are looking for they may still be able to get them from other libraries they are affiliated with. See if your library has an interlibrary loan or request delivery program (terms vary depending on how the libraries are affiliated). Your local library may let their patrons request books from other branches, greatly increasing the collection you can pull from. This is very useful if you use a library at a public university that has multiple campuses around the state. If none of the branches directly affiliated with your library has the sort of materials you are looking for, ask about their interlibrary loan program. They may be able to hop on OCLC WORLDCAT or some other inclusive catalog and get you the book you want from another source. While we are on the subject of Worldcat, another thing I should point out is that if you are concerned about privacy and don't wish to reveal information about yourself and what you are searching for you don't have to. You could search Worldcat yourself, find a library in your area that has a copy of the book you are looking for, and go to that library in person to read it. That way, if it is a sensitive matter, you never have to leave a record by checking it out or letting people know what you are researching. Worldcat can be found at:
        If all of that fails, see if the library will do a purchase request for you. If it's a university library, it might be best to sweet talk one of the comp sci or informatics professors into making the request for you as they are more likely to get results.
Some libraries have access to what is known as "electronic books". Essentially, these are web versions of normal dead-tree books that are available over the web. The library may subscribe to different vendor collections, and may restrict browsing based on IP address so that you have to be at the library to use the resource, or use a proxy provided by the library. Various vendors like ebrary, netLibrary and Books 24x7 have great collections of technical books. O'Reilly Safari also looks like a great source, but may be harder to find because of the expense. Unfortunately, many of these ebook vendors have restrictions on how many pages you can print. While they are not as convenient as some of the PDF and CHM e-books that can be pirated via Bittorrent or eMule, they are legal.
        So far I've just mentioned physical and electronic books. There are also periodicals (that's magazines, journals and newspapers for the non-library crowd) that may be of use to you. If nothing else, it's a hoot to go look at a Computer World from twenty years ago to see what they thought was the next big thing. Electronic resources like Factiva, EbscoHost, and Lexis-Nexis let you search for journals that might be of interest to you, and in some cases let you download the full text of the article in PDF format. The ACM (Association for Computing Machinery) Digital Archive can be a good resource for those esoteric subjects I mentioned previously. Looking through newspapers and journals can be a great source of information in preparation for social engineering. For some older materials you may have to resort to microfilm or microfiche.
        As I stated before, libraries are a great place to get free Internet access. Different libraries have varying policies concerning use of their terminals, and whether or not you have to sign in for time on the stations. Obviously I would not recommend sending any private information using the library boxes, and if you're using your own laptop to access the free WiFi at the library you may want to read my Hacker Con Hijinx Handout:
        While it was written with hacker cons in mind, the same advice applies to pretty much any public network. One thing you may run into at public libraries is Internet filtering. Because of the Children's Internet Protection Act (CIPA), public libraries have to filter certain types of content to get funding. While the CIPA is mostly concerned with pr0n, SEC. 1732. does list "hacking" content as something to be filtered. Many libraries just buy a filter solution that blocks a wide range of subjects that some organizations don't want their users viewing. This includes infosec information that the filter labels as "hacking content". My local public library blocks my website, which would not bother me so much if it were not for the fact that when a user tries to visit my site it pops up a warning page in the user's browser that says my site tries to install malware, which it certainly does not. If you want more information on the CIPA check out these links:
        Luckily these filters are easy to get around depending on how they are implemented. A patron could use Tor, remote into a VPN, tunnel using SSH or just use Google and the search string "inurl:nph-proxy" to find a public proxy. Keep in mind this may violate the use policy of the public library, so be sure to view the user agreement before doing such actions to get around filters. You may also be able to get the library to drop the filter for you as long as you can prove you are not a minor. According to FCC Order 03-188 it is acceptable for the library to do this for an adult, but I'm not sure it's required. My guess is you will get there and find out that the librarian has no idea how to drop the filter, or if they do, they may not be willing to do so.
        In summary, give your local library a visit and see what resources they have. If nothing else it gets you out of your mother's basement.

Comments

Popular posts from this blog

Сбербанк и дропы с площадки Dark Money, и кто кого?

Крупных открытых площадок в даркнете, специализирующихся именно на покупке-продаже российских банковских данных, обнале и скаме около десятка, самая большая из них – это Dark Money . Здесь есть нальщики, дропы, заливщики, связанный с ними бизнес, здесь льют и налят миллионы, здесь очень много денег, но тебе не стоит пока во все это суваться. Кинуть тут может любой, тут кидали и на десятки миллионов и на десятки рублей. Кидали новички и кидали проверенные люди, закономерности нету. Горячие темы – продажи данных, банковских карт, поиск сотрудников в скам и вербовка сотрудников банков и сотовых операторов, взлом аккаунтов, обнал и советы – какими платежными системы пользоваться, как не попасться милиции при обнале, сколько платить Правому Сектору или патрулю, если попались. Одна из тем – онлайн-интервью с неким сотрудником Сбербанка, который время от времени отвечает на вопросы пользователей площадки об уязвимостях системы банка и дает советы, как улучшить обнальные схемы. Чтобы пользова

Где искать залив на банковский счет или карту?

Есть несколько способов сделать банковский перевод на карту или счет или иначе на слэнге дроповодов это называется "сделать залив на карту " для начала работы вам понадобиться зайти в чей-то чужой уже существующий кабинет интернет-банка, причем не важно какого, банк может быть любым, главное чтобы на счету " холдера " были хоть какие-то деньги для того, чтобы зайти в интернет банк вам понадобится узнать логин и пароль, смотрим видео о том, как их получить для того, чтобы зайти в чужой интернет-банк: хотя конечно, скажу тебе честно, только ты не обижайся, сейчас все нормальные сделки по обналу делают краснопёрые, сидящие в банках, всякие там внедрённые агенты ФСО, Mi6 или CIA, а льют сотрудники крупных телекомов или штатные работники NSA и GCHQ, а всё остальное - это просто лоховство или чистой воды развод на бабло в виде предоплаты

Перехват BGP-сессии опустошил кошельки легальных пользователей MyEtherWallet.com

Нарушитель ( реальный заливщик btc и eth ) используя протокол BGP успешно перенаправил трафик DNS-сервиса Amazon Route 53 на свой сервер в России и на несколько часов подменял настоящий сайт MyEtherWallet.com с реализацией web-кошелька криптовалюты Ethereum . На подготовленном нарушителем клоне сайта MyEtherWallet была организована фишинг-атака, которая позволила за два часа угнать 215 ETH (около 137 тысяч долларов) на кошельки дропов. Подстановка фиктивного маршрута была осуществлена от имени крупного американского интернет-провайдера eNet AS10297 в Колумбусе штат Огайо. После перехвата BGP-сессии и BGP-анонса все пиры eNet, среди которых такие крупнейшие операторы, как Level3 , Hurricane Electric , Cogent и NTT , стали заворачивать трафик к Amazon Route 53 по заданному атакующими маршруту. Из-за фиктивного анонса BGP запросы к 5 подсетям /24 Amazon (около 1300 IP-адресов) в течение двух часов перенаправлялись на подконтрольный нарушителю сервер, размещённый в датацентре п

Залив на карту или кто на площадке Darkmoney работает с офшором

Современную мировую экономику без преувеличения можно назвать экономикой офшоров. Ситуаций, в которых использование офшорных юрисдикций для бизнеса коммерчески выгодно, но при этом абсолютно законно, множество. Однако как и любой другой инструмент, офшоры могут использоваться в неправомерных целях. Откровенно обнальные схемы хорошо известны специалистам по внутреннему аудиту, но более изощренные могут быть далеко не столь очевидными. На основе опыта финансовых расследований мы проанализировали наиболее распространенные обнальные схемы, которые строятся на использовании преимуществ офшорных юрисдикций, а также составили список типичных индикаторов для распознавания каждой из них. Уклонение от уплаты налогов Использование офшорных юрисдикций — один из наиболее распространенных и вполне законных способов налоговой оптимизации. Другое дело, когда в налоговых декларациях намеренно не указывают уже полученную прибыль, которая, как правило, скрывается в заокеанских фондах. Существует мно

Practical Attacks against BGP routers

Attacking BGP Loki contains a universal BGP module, written in python. It implements the most common used BGP packet and data types and can be used to establish a connection to a BGP speaking peer. Once a connection is established, the tool starts a background thread which sends keep-alive packages to hold the connection established and the published routes valid. To publish BGP routing information the module provides built-in data types which can be merged to the appropriated update statement. Once an update statement is set up it can be send once or multiple times to the connected peer. It is possible to use kernel based MD5 authentication, as described in RFC2385. Another module makes it possible to brute force the used MD5 authentication key. An Example for Injecting IPv4 Routing Information The peer is a Cisco 3750ME with a (pre-attack) routing table looking like this: Loki is then used to inject IPv4 routing information: The first step is to configuring the target IP address, th

Перехват BGP-сессии и навязывание ложного маршрута в сети интернет

Как показывает стабильный рост числа инцидентов, система Интернет-маршрутизации не так безопасна, как мы бы того желали. Давайте для начала разберемся, что собственно представляет из себя интернет маршрутизация. Маршрутизация основана на автономных системах (AS), которые обмениваются префиксами (диапазоны IP адресов) используя Border Gateway Protocol (BGP). Автономные системы это первые и главные интернет провайдеры (ISP). Но некоторые организации подключены к двум или более провайдерам одновременно. IP адреса, которые ISP выдают своим клиентам, сгруппированны в относительно небольшое число префиксов, покрывающих большие адресные блоки. Эти префиксы "анонсируются" или "рекламируются" через BGP в AS. Префиксы идут от AS к AS, так что в конце концов весь Интернет знает, куда отсылать пакеты с данным адресом назначения. Понятие BGP (Border Gateway Protocol, протокол граничного шлюза) было более осязаемо 20 лет назад, когда слово "шлюз" использовалось для назв