All News (146 Posts)

<< Next - First ... 11 12 13 14 15

Weekly Digest #3 – Interesting Articles

#6 - Posted on 14 August 2010 - Author: SM - Category: Security

A rather large selection of news as I missed last week weekly digest!

Are Anti Virus Obsolete?
I recently had a discussion with a work colleague who was claiming Anti Virus are not as good at preventing infections as they used to be, technology is moving fast and Anti Virus vendors seem to be playing catchup with more and more delay. He also stated that most AV only detects 20% of new viruses… A claim I haven’t been able to verify by doing a quick search on the Internet, so let’s just say I agree we are seeing more and more new viruses that we, as security professionals, have to inform the AV vendors about.

On that topic, the future of AV looks to be a difficult road ahead as discussed in a recent Kaspersky’s interview below, what I found the most interesting is the last paragraph were they mention a hacker who wrote a tool which gathered many security company IP addresses. The hacker then used this information to change the...
>>[READ MORE]

Weekly Digest #2 – Interesting Articles

#5 - Posted on 2 August 2010 - Author: SM - Category: Security

WPA Cracking
An interestingreference on Schneier’s blog to an article describing a “in the cloud” service to crack WPA keys.It is the realisationofthe concept of distributed security cracking mentioned in 2008 by Chad Perrin, not sure if he was the first to introduce that idea.
http://blogs.techrepublic.com.com/security/?p=4097

WPA2 Vulnerability – Hole 196
A new man-in-the-middle attack for WPA2 seems to have been found and recently demonstrated at the Defcon 18
http://www.airtightnetworks.com/WPA2-Hole196

World’s Top Malware
FireEye has produced a nice colourful report on the 20 top malware they found on the net with their technology. Although this could be guess, it is interesting that the top4 types of ...
>>[READ MORE]

Weekly Digest #1 – Interesting Articles

#4 - Posted on 23 July 2010 - Author: SM - Category: Security

Working in IT Security I receive and get to read lot of security related articles. I will list here a summary of the ones I found the most interesting, the idea is to try publishing this list on a weekly basis… not sure I will always have the time to do so, hence why the subject of those posts will be numbered, and we start with week #1:

Safari Vulnerability
An Auto-fill vulnerability in the Safari browser which allows attackers to get info from your personal contact details.
Reading the comments on that article, it is not clear if this could also affect other WebKit based browsers such as Chrome.
It may be best practise anyway to disable the auto fill option in any browsers you are using.
http://jeremiahgrossman.blogspot.com/2010/07/i-know-who-your-name-where-you-work-and.html

New GSM-cracking softwar...
>>[READ MORE]

New Version of Truecrypt

#3 - Posted on 21 July 2010 - Author: SM - Category: Cryptography

Truecrypt is a tool I have been using for a while, it is a great product and… free!

It allows for full disk encryption, being your desktop hardisk or a USB stick.

A new version has just been released, version 7, and it now provides:
– Hardware acceleration
– Auto-mount (windows)
– Security improvements related to windows hibernation files

Its main features are:
– Creates a virtual encrypted disk within a file and mounts it as a real disk.
– Encrypts an entire partition or storage device such as USB flash drive or hard drive.
– Encrypts a partition or drive where Windows is installed (pre-boot authentication).
– Encryption is automatic, real-time (on-the-fly) and transparent.
– Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
– Encryption can be hardware-accelerated on modern processors.
– Pro...
>>[READ MORE]

Email working again

#2 - Posted on 4 June 2010 - Author: SM - Category: Misc

This morning I checked my spam folder related to this website/domain name and noticed there had been no new spam for about a week… not that I am missing it but this did not sound quite right!

Indeed, it looks like my service provider recently had some issues with one of their site being compromised and used to host some malicious software and as a result their back-end domain was blacklisted by Google. Something they did not like too much…

They took the drastic decision to change their back-end domain, it seems to have worked. But in the process they have messed up some accounts. They have now fixed the issue with my domain but if you have sent me an email recently then, I am afraid, that email is lost and you probably did not receive any error message either!

I never thought spamming could be useful to the receiver of it, but in this case the lack of noise highlighted another issue :)

...
>>[READ MORE]

It was only yesterday…

#1 - Posted on 21 March 2010 - Author: SM - Category: Misc

For over 3 years this website has not been updated and it was time to give it a face lift!

It is actually quite astonishing to think this website has existed since 1998, 12 years! I guess I am getting older, my hair are getting greyer and there is less of it! One thing that hasn’t change though is my interest in Cryptography.

Because of a busy professional life in the IT Security world I haven’t been able to work on the BUGS algorithm for many years. However, I have recently completed a Master in Information Security at the London Royal Holloway University. I logically chose to work on a cryptography subject for my Master Thesis. This allowed me to spend some time back on the BUGS algorithm and, for the first time, learn some cryptanalysis techniques!

The main subject of my thesis was to give an “Overview of Modern Symmetric-Key Cipher Cryptanalysis Techniques”, as such after a general introduction on cryptography and cryptanalysis I focuse...
>>[READ MORE]