All News (161 Posts)

<< Next - First ... 8 9 10 11 12 ... Last - Previous >>

Apple Security in the Enterprise

#91 - Posted on 3 February 2014 - Author: SM - Category: Guides

There is a good document from the UK government describing the different security features available in Apple Mac OS X 10.8 and the ones you should consider if using a Mac as an enterprise end point:

OS X 10.8 UK Gov security guidance document.

In light of all the noise created by the NSA and GCHQ surveillance programs you might be tempted to dismiss governments’ position and view when it comes to IT Security. However,I found that document quite good and high level enough to be understood by mid-level management at least :)

They do refer to an MDM solution for some of the controls without specifying which one, so I assume they are referring to a OS X Server Profile Management solution as described by Apple HER...
>>[READ MORE]

A new look

#90 - Posted on 23 January 2014 - Author: SM - Category: Misc

It seems I refresh the look of this website every 3 years and 3 years was up so here the new look :)

I decided to go with a slick, low maintenance theme.

It has also been a few months since I updated this website, hopefully this should change soon!

...
>>[READ MORE]

Using a phone as a keylogger, next it will be a smartwatch!

#89 - Posted on 30 October 2013 - Author: SM - Category: Hacking, Security

There is an interesting paper from Georgia Tech College describing a clever proof of concept where a phone is used to eavesdrop on keystrokes.
This is done by leveraging the phone motion sensor capability and placing it next to a keyboard. They managed to create a dictionary of words/vibrations that is able to recognise words typed on a keyboard just by analysing the vibrations made from typing.
Of course, you are likely to notice someone’s else phone sitting next to your keyboard but what if your phone got hacked and that software loaded onto it?

They conducted their proof of concept on an iPhone 4 but this is likely to be also possible on other platforms/devices.

In fact, with upcoming smart watches this concept will be even more relevant! Now I can see a use for that Apple M7 chip! ;)

As I am typing this note, my phone is next to my keyboard. Maybe I should move it awayR...
>>[READ MORE]

New iPhone 5S Fingerprint reader, a step in the right direction!

#88 - Posted on 13 September 2013 - Author: SM - Category: Security

Apple has just announced two new models of iPhones, one of them is the iPhone 5S which comes with a fingerprint reader. Like others I believe this is no silver bullet, but it is a step in the right direction in terms of helping the masses to secure their iPhones.

There are two main areas of potential security failures:
– Fingerprints can be copied and once compromised you can’t “change” for new ones;
– The Fingerprint reader security implementation will be very important, any defects or flawed could be exploited to gain unauthorised access.

Apple may not be the first company to provide an embedded fingerprint reader into their phones, but like it did for tablets and smartphones, it will be the company that will popularise it...
>>[READ MORE]

Mobile Device Management Limitations

#87 - Posted on 27 August 2013 - Author: SM - Category: Security

Current MDM frameworks, unless using some kind of container approach, will always play catch-up to hackers wanting to bypass the controls enforced to their phones, as highlighted in the following article describing how to get around Airwatch’s MDM restrictions.

The conclusion of that article is spot on:
“MDM solutions are great for employers to manage mobile devices. However, they are not without their problems. Not only was I able to bypass compliance for having a rooted device, but I was also able to bypass the need to encrypt my device from the profileGroupSetting table. Bypassing compliance restrictions for AirWatch is relatively trivial after a few hours and I’m sure it is probably similar with many others MDM solutions.”

An MDM container approach will only ensure your corporate data does not leave that secured container and stays safe wit...
>>[READ MORE]

The right (way) to disclose vulnerabilities

#86 - Posted on 24 August 2013 - Author: SM - Category: Security

An article was discussed last month in The Guardian and The BBCexplaining how a research paper from the University of Birmingham had been barred by a judge from being published because it discussed weaknesses in the security related to cars starting mechanisms from many manufacturers (BMW, Porsche, Fiat, Peugeot, etc).

This was already discussed publicly at the 21st Usenix Security Sympposium, where an online video is available. A quick search on Google also produces a PDF paper explaining how a car can be gone in 360 seconds through hijacking car key transponders. If that was the paper stopped from publication, then I don’t think it provided enough details that warranted those legal actions.

Thi...
>>[READ MORE]

iOS7 and Mavericks Security

#85 - Posted on 17 June 2013 - Author: SM - Category: Security

There is an interesting article HERE that describes the new security features of iOS7 and Mavericks. It also asks some interesting questions that still need answering.

...
>>[READ MORE]

A story about Password: The Wrong Formula

#84 - Posted on 29 March 2013 - Author: SM - Category: Guides, Security

In this article I will first talk about some misconceptions regarding what is considered a secure password and then about how you can leverage different technologies to help protect your different credentials.

In the past few years there has been a sharp increase in websites being hacked and their users’ passwords/hashes stolen, in parallel we are using online services for almost everything: to pay for your local pizzeria delivery or your electricity bill, access your bank account, connect to your work email, etc.

The common advice is to use different passwords for each site you register to, but most people don’t. It means that hackers can often reuse credentials they obtained on one website to access another.

One way to counter that risk would be to use some kind of formula so you remember a different password for each site you have registered to. This *could* be the best solution, as remembering a password formula means you do not have to write it do...
>>[READ MORE]

Evernote hacked, an early warning for the Cloud Storage storm coming?

#83 - Posted on 2 March 2013 - Author: SM - Category: Security

In recent years I have written various articles warning of the risk related to uncontrolled cloud storage solutions usage in the corporate world.

Evernote is a popular online note storage solution which is often used by mobile users. You could see it as a cut down version of Dropbox as it is more restrictive to what one can store online.

It got hacked a few days ago, as reported by the Verge, what was stolen includes usernames, email addresses and encrypted passwords. We don’t know what password algorithm they used and how hard/easy/feasible it is for the hackers to crack them, but the company behind Evernote now asks *all* its (millions) users to reset their passwords.

This should really serve as a wake up call, to check what policies and controls are in place to prevent your user...
>>[READ MORE]

A new iOS 6.1 hack

#82 - Posted on 14 February 2013 - Author: SM - Category: Hacking

As seen on the Hacker news, there is currently a way to bypass the iPhone lock screen (iPad with SIM too?) running iOS 6.1.x

I had to change the steps listed in “The Hacker news” slightly for it to work:
-Go to emergency call, push down the power button and tap cancel.
-Dial 112 and tap green and inmediately red.
-Go to lock screen, by pressing the power button
-Go to passcode screen, by pressing the home button
-Keep pushing down the power button …1…2…3…seconds and before showing the slider “turn off”…tap the emergency call button and …voila!
-Then without releasing the power button press the home button and let go…

From there you gain full access to the phone application and can change/add/delete conta...
>>[READ MORE]