All News (127 Posts)

<< Next - First ... 8 9 10 11 12 ... Last - Previous >>

My take on SANS 660, The HexFactor and Netwars

I have just attended the SANS 660 course in London, it is one of the most advanced course SANS has to offer and it did notdisappoint!

Its bootcamp format means you will start your day at 9am and finish it at 7pm! The last two hours being called a “bootcamp”, basically 2 hours of exercises linked to the content of the day that really helps understanding the different techniques that were discussed.

Speaking about content, although they state that previous programmingexperienceis “recommended”, it is not, is it mandatory!

And for the last 2 days you really need some understanding of x86 assembly to get a chance to follow the fast pace. I have to admit that the last day I was lost after lunch!

But what do you get if you buckle up and go on the ride? You get an incredible amount of information as it goes into a great level o...
>>[READ MORE]


Carrier IQ, an interesting story of deception or what we could call the Facebook syndrome

...
>>[READ MORE]

A job at GCHQ?

If you ever wanted to work for a UK secret intelligence organisation, GCHQ, they are running a contest until the 11th of December, where you need to decipher some code to get a password. Once submitted, that password will redirect you to their recruitment website.

The password is probably “ifyoudon’twanttoworkforuswewillfindyou”…

If you fancy your chances, here is the site:http://www.canyoucrackit.co.uk/

...
>>[READ MORE]

Next Generation Firewall

There is a good article on TECHNET on Next Generation Firewall (NGF) and the fact that most, if not all, companies accept port 80 in/out meaning traditional F/W are less and less effective against malware using this port as a mean to call home or come in.

The Article nicely summerize the need to look for more than IP/PORT/PROTOCOL but also for the type of Payload going through.

Although not a new technology, the evolution of Malware is a growing issue which makes that technology more and more relevant.

...
>>[READ MORE]

iOS 5 Vulnerabilities for iPad2 and iPhone 4S

Two vulnerabilities in iOS5 have recently been discovered, one is affecting the iPad2 and the other the new iPhone 4S. In both cases it allows anyone to bypass any lock/passcode to gain unauthorised access to the device.

1) iPad 2 + iOS5 + SmartCover = Anyone can unlock your iPAD
This only affects iPad2 with iOS5 and the smart cover set to automatically lock the device.
With a locked iPad2, keep pressing the power button until you see the screen telling you to swipe to turn off, close the smart cover, reopen it and push the CANCEL button.
This will give you access to the latest application that was used. It means that if you were on the application listing screen you will be able to see all the applications installed on the iPad, but you will not be able to open any otherapplications. This is because you are in the “finder”/”Explorer” application.
But it also means that if before you closed your smart cover to lock ...
>>[READ MORE]


I used to have one password…

I used to have one password.It was the password to my Unix student account and it was in the mid nineties!

Since then, I must have dozens of passwords for work/home computers, websites, files, etc. Having a truly different password each time is almost impossible unless you use some kind of password safe application. Or you could use some kind of clever formula, I do emphasise on the “clever” because if your formula is to generate the same password with a simple variant at the end of it, a hacker who has access to more than one of your password could find out what that formula is quite easily.

Another issue is the username. Most security warnings are related to users having the same password, although it is indeed true, there is also an issue with using the same username everywhere. I would argue it is more important to start with a known username than a known password.

The recent >>[READ MORE]


An action on Data Privacy

The Inquirer recently ran a story about a group targeting Facebook and their use of your personal information. This group called “Europe Vs Facebook” claims that Facebook not only stores information about you even after you have deleted it, in other words it never really get deleted, but that they also create ghost profile of users who opted not to be on Facebook in the first place.

I find this very interesting because technically it is quite possible… Even if someone is not on Facebook their photo can be uploaded and their name tagged to it. It would require much more intelligence though to be able to correlate some information about that person discussed in Facebook mails/messages but it is in theory possible.

Although many people have wa...
>>[READ MORE]


Farewell Mr Jobs.

...
>>[READ MORE]

MOVA, ONLIVE, DIDO and a bit of magic (and maybe Aliens! ;)

This is a bit of an unusual post for this site because it is not directly related to IT Security, but I have recently watched a video of a lecture by Rearden CEO Steve Perlman that I found truly inspiring!

Steve Perlman is the Steve Job of Engineering.

He has participated/invented/funded many different cutting edge technologies and gave an overview of 3 of them in his lecture. What strikes me is how all those technologies are linked together even if isn’t necessarily obvious. It would be tempting to say it is all driven by his apparent interest in gaming but that would be too simplistic, it is driven by a desire to invent new technologies and not being afraid of rewriting the rules!

1. The first technology he spoke about is MOVA, which apparently rewrote the rules on how computer generated 3D characters were done (and more if you look...
>>[READ MORE]


New Dropbox Issues and a work around

More issues have been found with Dropbox, they were major issues and the researchers worked with the vendor to fix them before going public.
Although they are now fixed they highlight the time bomb Dropbox is for enterprise users as usage convenience and security risk ignorance means sensitive information is likely to be transferred centrally on Dropbox from many different companies and user profiles.

The 3 security issues discussed in the this article were:
– Hash value spoofing to access other customer’s data
– Stealing Dropbox hostID to access other customer’s data
– Potential replay attack when providing other customer’s data hash combined with any valid host ID (i.e.: the attacker’s host ID) to get access to the corresponding data.

One key point made in the article is ...
>>[READ MORE]