RSS Feeds
...
>>[READ MORE]
{elysiumsecurity} 
Cyber Protection & Response
-
News Links
All News (140 Posts)
MOVA, ONLIVE, DIDO and a bit of magic (and maybe Aliens! ;)
This is a bit of an unusual post for this site because it is not directly related to IT Security, but I have recently watched a video of a lecture by Rearden CEO Steve Perlman that I found truly inspiring!
Steve Perlman is the Steve Job of Engineering.
He has participated/invented/funded many different cutting edge technologies and gave an overview of 3 of them in his lecture. What strikes me is how all those technologies are linked together even if isn’t necessarily obvious. It would be tempting to say it is all driven by his apparent interest in gaming but that would be too simplistic, it is driven by a desire to invent new technologies and not being afraid of rewriting the rules!
1. The first technology he spoke about is MOVA, which apparently rewrote the rules on how computer generated 3D characters were done (and more if you look...
>>[READ MORE]
New Dropbox Issues and a work around
More issues have been found with Dropbox, they were major issues and the researchers worked with the vendor to fix them before going public.
Although they are now fixed they highlight the time bomb Dropbox is for enterprise users as usage convenience and security risk ignorance means sensitive information is likely to be transferred centrally on Dropbox from many different companies and user profiles.
The 3 security issues discussed in the this article were:
– Hash value spoofing to access other customer’s data
– Stealing Dropbox hostID to access other customer’s data
– Potential replay attack when providing other customer’s data hash combined with any valid host ID (i.e.: the attacker’s host ID) to get access to the corresponding data.
One key point made in the article is ...
>>[READ MORE]
Attack on Quantum Cryptography
There is a recent BBC article on a new attack against a key component of Quantum Cryptography: Key Transportation.
There are 3 main components to a cryptographic system:
– The strength of the algorithms used (close/open, random generator, collision, etc)
– The integrity of the system (implementation, key storage, devices security, etc)
– The transportation of keys (no full or partial interception of the keys, etc)
Quantum Cryptography has for some been seen as the future for ensuring the integrity and detection of any interception attempts during key transportation.
I am not a Quantum Physic expert, but what I understand is that key transportation is done through light, where photons of light are sent to the receiver who will inspect the states of those photons to reconstruct the key. It is similar of sending a stream of bits which make the key, apart from the fact that in Quantum Physics a photon has not just a binary state ...
>>[READ MORE]
Dropbox in the Enterprise
In the never ending story that is more issues/concerns with Dropbox, there is an interesting article discussing the recent changes of Terms and Conditions with using Dropbox:
In a nutshell, Dropbox is trying to protect themselves with what they do and can do with your data hosted in their data centre. So it means granting Dropbox and those they work with“worldwide, non-exclusive, royalty-free, sub-licensable rights to use, copy, distribute, prepare derivative works “ from your data.
The TechRepublic article stresses that it is already the case with sites such as Facebook. There is however a big difference. Facebook is mainly used for social content, personal “stuff” (to use Dropbox’s term). Dropbox is not only used for personal “stuff” but also for professional “stuff”....
>>[READ MORE]
GPU Password Cracking
Brute force password cracking has been around for a while but in the last few years a new way to use your brand new graphic card has emerged which brings high performance attacks against passwords much cheaper and easier.
This is because the “brain” of those graphical card, The Graphical Processing Unit or GPU, is designed to handle mathematical and repetitive tasks very efficiently.
There is a very good article about this topic on the ERRATA SECURITY blog with some interesting facts:
– Although GPU are now found in most electronic devices (i.e.: phones), dedicated PC cards are obviously better
– Radeon is better than GeForce
– Although you can use more than one GPU, the benefits are not exponential and most people only need 1 or 2 GPU.
– This is because past 8 Characters, a password become near impossible to brute force....
>>[READ MORE]
Worrying trends with Dropbox
Dropbox is a very convenient way to synchronise data across locations and devices, it is one of the leader for in the cloud storage solutions. However, it has lately gathered some attention for the wrong reasons.
There has been a recent upset about the false claims (or incorrect depending where you stand on this) that no-one could decrypt your data on their data centre, including their staff. Well, it turned out it was no-one *excluding* their staff.
As explained in this article on TECHREPUBLIC
That’s fair enough, so as long as they have the right processes and due diligence in place your data should be safe into their hands, you can trust their staff.
Or can you?
Today, it appeared that while updating their backend code, anyone could connect to >>[READ MORE]
Turning point for Apple Products Security
There has recently been an increase in blackhat attention to Apple products.
It would seem that what has been predicted for some time is about to be tested:
that one of the main reason for Mac/OSX to be more secure than windows is because it did not get the same attention from hackers.
This had to happen, and I believe that the time is right.
Indeed, Apple products are gaining more and more market shares and their hippy/cool image is being eroded by both their very strict view of the world and exponantial user base growth.
(On a non security related note, one could wonder how long can Apple be seen as different/cool if everyone has their product!)
This gives every reasons for hackers to take their attention to Mac OSX and iOS.
Recently a fake anti virus software for MAC was discussed on the excellent Intego blog and many other >>[READ MORE]
Free Forensic Resources
Below are two interesting Forensic resources I got from Jess Garcia
– Some great free Forensic windows tools, i.e.: to convert time format
http://www.mikesforensictools.co.uk/index.html
– Zero Wine Malware; A promessing virtual environment to analyse malware behaviour and impact
Zero Wine 2.0
>>[READ MORE]
Extreme Pen Testing
Here is an amuzing story where prisoners in a maximum security prison managed to hack their lockdown computers.
Their computer seems to be more like a dumb terminal than a full featured one, and what they can do and where they can go is very limited (i.e.: watch television and receive call).
However, the prisoners found out that by opening 200+ windows explorer they could cause a buffer overflow which then allowed them more access!
http://gcn.com/articles/2011/05/30/colorado-prison-sidebar.aspx
and to go with this story here is a photo I came accross on the internet and that summerize the security state of many companies!
...>>[READ MORE]