Cyber Protection & Response
Twitter helping with Android’s Security
Twitter has just announced they will be opening the technology from Whisper Systems they just acquired. This is good news for Android users, and Google. Their technology allows text messages to be encrypted as well as providing full disk encryption, the later will only be made available, well, later!
This has the potential to bring security enhancement to the Android’s mass.
The source code is now available here: GitHub
...
My take on SANS 660, The HexFactor and Netwars
I have just attended the SANS 660 course in London, it is one of the most advanced course SANS has to offer and it did notdisappoint!
Its bootcamp format means you will start your day at 9am and finish it at 7pm! The last two hours being called a “bootcamp”, basically 2 hours of exercises linked to the content of the day that really helps understanding the different techniques that were discussed.
Speaking about content, although they state that previous programmingexperienceis “recommended”, it is not, is it mandatory!
And for the last 2 days you really need some understanding of x86 assembly to get a chance to follow the fast pace. I have to admit that the last day I was lost after lunch!
But what do you get if you buckle up and go on the ride? You get an incredible amount of information as it goes into a great level o...
>>[READ MORE]
Carrier IQ, an interesting story of deception or what we could call the Facebook syndrome
A job at GCHQ?
If you ever wanted to work for a UK secret intelligence organisation, GCHQ, they are running a contest until the 11th of December, where you need to decipher some code to get a password. Once submitted, that password will redirect you to their recruitment website.
The password is probably “ifyoudon’twanttoworkforuswewillfindyou”…
If you fancy your chances, here is the site:http://www.canyoucrackit.co.uk/
...
Next Generation Firewall
There is a good article on TECHNET on Next Generation Firewall (NGF) and the fact that most, if not all, companies accept port 80 in/out meaning traditional F/W are less and less effective against malware using this port as a mean to call home or come in.
The Article nicely summerize the need to look for more than IP/PORT/PROTOCOL but also for the type of Payload going through.
Although not a new technology, the evolution of Malware is a growing issue which makes that technology more and more relevant.
...
iOS 5 Vulnerabilities for iPad2 and iPhone 4S
Two vulnerabilities in iOS5 have recently been discovered, one is affecting the iPad2 and the other the new iPhone 4S. In both cases it allows anyone to bypass any lock/passcode to gain unauthorised access to the device.
1) iPad 2 + iOS5 + SmartCover = Anyone can unlock your iPAD
This only affects iPad2 with iOS5 and the smart cover set to automatically lock the device.
With a locked iPad2, keep pressing the power button until you see the screen telling you to swipe to turn off, close the smart cover, reopen it and push the CANCEL button.
This will give you access to the latest application that was used. It means that if you were on the application listing screen you will be able to see all the applications installed on the iPad, but you will not be able to open any otherapplications. This is because you are in the “finder”/”Explorer” application.
But it also means that if before you closed your smart cover to lock ...
>>[READ MORE]
I used to have one password…
I used to have one password.It was the password to my Unix student account and it was in the mid nineties!
Since then, I must have dozens of passwords for work/home computers, websites, files, etc. Having a truly different password each time is almost impossible unless you use some kind of password safe application. Or you could use some kind of clever formula, I do emphasise on the “clever” because if your formula is to generate the same password with a simple variant at the end of it, a hacker who has access to more than one of your password could find out what that formula is quite easily.
Another issue is the username. Most security warnings are related to users having the same password, although it is indeed true, there is also an issue with using the same username everywhere. I would argue it is more important to start with a known username than a known password.
The recent ...
>>[READ MORE]
An action on Data Privacy
The Inquirer recently ran a story about a group targeting Facebook and their use of your personal information. This group called “Europe Vs Facebook” claims that Facebook not only stores information about you even after you have deleted it, in other words it never really get deleted, but that they also create ghost profile of users who opted not to be on Facebook in the first place.
I find this very interesting because technically it is quite possible… Even if someone is not on Facebook their photo can be uploaded and their name tagged to it. It would require much more intelligence though to be able to correlate some information about that person discussed in Facebook mails/messages but it is in theory possible.
Although many people have wa...
>>[READ MORE]
Farewell Mr Jobs.
MOVA, ONLIVE, DIDO and a bit of magic (and maybe Aliens! ;)
This is a bit of an unusual post for this site because it is not directly related to IT Security, but I have recently watched a video of a lecture by Rearden CEO Steve Perlman that I found truly inspiring!
Steve Perlman is the Steve Job of Engineering.
He has participated/invented/funded many different cutting edge technologies and gave an overview of 3 of them in his lecture. What strikes me is how all those technologies are linked together even if isn’t necessarily obvious. It would be tempting to say it is all driven by his apparent interest in gaming but that would be too simplistic, it is driven by a desire to invent new technologies and not being afraid of rewriting the rules!
1. The first technology he spoke about is MOVA, which apparently rewrote the rules on how computer generated 3D characters were done (and more if you look...
>>[READ MORE]
RSS Feeds