All News (124 Posts)

<< Next - First ... 8 9 10 11 12 ... Last - Previous >>

Next Generation Firewall

There is a good article on TECHNET on Next Generation Firewall (NGF) and the fact that most, if not all, companies accept port 80 in/out meaning traditional F/W are less and less effective against malware using this port as a mean to call home or come in.

The Article nicely summerize the need to look for more than IP/PORT/PROTOCOL but also for the type of Payload going through.

Although not a new technology, the evolution of Malware is a growing issue which makes that technology more and more relevant.

...
>>[READ MORE]

iOS 5 Vulnerabilities for iPad2 and iPhone 4S

Two vulnerabilities in iOS5 have recently been discovered, one is affecting the iPad2 and the other the new iPhone 4S. In both cases it allows anyone to bypass any lock/passcode to gain unauthorised access to the device.

1) iPad 2 + iOS5 + SmartCover = Anyone can unlock your iPAD
This only affects iPad2 with iOS5 and the smart cover set to automatically lock the device.
With a locked iPad2, keep pressing the power button until you see the screen telling you to swipe to turn off, close the smart cover, reopen it and push the CANCEL button.
This will give you access to the latest application that was used. It means that if you were on the application listing screen you will be able to see all the applications installed on the iPad, but you will not be able to open any otherapplications. This is because you are in the “finder”/”Explorer” application.
But it also means that if before you closed your smart cover to lock ...
>>[READ MORE]


I used to have one password…

I used to have one password.It was the password to my Unix student account and it was in the mid nineties!

Since then, I must have dozens of passwords for work/home computers, websites, files, etc. Having a truly different password each time is almost impossible unless you use some kind of password safe application. Or you could use some kind of clever formula, I do emphasise on the “clever” because if your formula is to generate the same password with a simple variant at the end of it, a hacker who has access to more than one of your password could find out what that formula is quite easily.

Another issue is the username. Most security warnings are related to users having the same password, although it is indeed true, there is also an issue with using the same username everywhere. I would argue it is more important to start with a known username than a known password.

The recent >>[READ MORE]


An action on Data Privacy

The Inquirer recently ran a story about a group targeting Facebook and their use of your personal information. This group called “Europe Vs Facebook” claims that Facebook not only stores information about you even after you have deleted it, in other words it never really get deleted, but that they also create ghost profile of users who opted not to be on Facebook in the first place.

I find this very interesting because technically it is quite possible… Even if someone is not on Facebook their photo can be uploaded and their name tagged to it. It would require much more intelligence though to be able to correlate some information about that person discussed in Facebook mails/messages but it is in theory possible.

Although many people have wa...
>>[READ MORE]


Farewell Mr Jobs.

...
>>[READ MORE]

MOVA, ONLIVE, DIDO and a bit of magic (and maybe Aliens! ;)

This is a bit of an unusual post for this site because it is not directly related to IT Security, but I have recently watched a video of a lecture by Rearden CEO Steve Perlman that I found truly inspiring!

Steve Perlman is the Steve Job of Engineering.

He has participated/invented/funded many different cutting edge technologies and gave an overview of 3 of them in his lecture. What strikes me is how all those technologies are linked together even if isn’t necessarily obvious. It would be tempting to say it is all driven by his apparent interest in gaming but that would be too simplistic, it is driven by a desire to invent new technologies and not being afraid of rewriting the rules!

1. The first technology he spoke about is MOVA, which apparently rewrote the rules on how computer generated 3D characters were done (and more if you look...
>>[READ MORE]


New Dropbox Issues and a work around

More issues have been found with Dropbox, they were major issues and the researchers worked with the vendor to fix them before going public.
Although they are now fixed they highlight the time bomb Dropbox is for enterprise users as usage convenience and security risk ignorance means sensitive information is likely to be transferred centrally on Dropbox from many different companies and user profiles.

The 3 security issues discussed in the this article were:
– Hash value spoofing to access other customer’s data
– Stealing Dropbox hostID to access other customer’s data
– Potential replay attack when providing other customer’s data hash combined with any valid host ID (i.e.: the attacker’s host ID) to get access to the corresponding data.

One key point made in the article is ...
>>[READ MORE]


Attack on Quantum Cryptography

There is a recent BBC article on a new attack against a key component of Quantum Cryptography: Key Transportation.

There are 3 main components to a cryptographic system:
– The strength of the algorithms used (close/open, random generator, collision, etc)
– The integrity of the system (implementation, key storage, devices security, etc)
– The transportation of keys (no full or partial interception of the keys, etc)

Quantum Cryptography has for some been seen as the future for ensuring the integrity and detection of any interception attempts during key transportation.

I am not a Quantum Physic expert, but what I understand is that key transportation is done through light, where photons of light are sent to the receiver who will inspect the states of those photons to reconstruct the key. It is similar of sending a stream of bits which make the key, apart from the fact that in Quantum Physics a photon has not just a binary state ...
>>[READ MORE]


Dropbox in the Enterprise

In the never ending story that is more issues/concerns with Dropbox, there is an interesting article discussing the recent changes of Terms and Conditions with using Dropbox:

TechRepublic Post

In a nutshell, Dropbox is trying to protect themselves with what they do and can do with your data hosted in their data centre. So it means granting Dropbox and those they work with“worldwide, non-exclusive, royalty-free, sub-licensable rights to use, copy, distribute, prepare derivative works “ from your data.

The TechRepublic article stresses that it is already the case with sites such as Facebook. There is however a big difference. Facebook is mainly used for social content, personal “stuff” (to use Dropbox’s term). Dropbox is not only used for personal “stuff” but also for professional “stuff”....
>>[READ MORE]


GPU Password Cracking

Brute force password cracking has been around for a while but in the last few years a new way to use your brand new graphic card has emerged which brings high performance attacks against passwords much cheaper and easier.

This is because the “brain” of those graphical card, The Graphical Processing Unit or GPU, is designed to handle mathematical and repetitive tasks very efficiently.

There is a very good article about this topic on the ERRATA SECURITY blog with some interesting facts:

– Although GPU are now found in most electronic devices (i.e.: phones), dedicated PC cards are obviously better

– Radeon is better than GeForce

– Although you can use more than one GPU, the benefits are not exponential and most people only need 1 or 2 GPU.

– This is because past 8 Characters, a password become near impossible to brute force....
>>[READ MORE]