All News (139 Posts)

<< Next - First ... 7 8 9 10 11 ... Last - Previous >>

Is there a bug with McAfee

#79 - Posted on 19 November 2012 - Author: SM - Category: Misc

There is something quite surreal with what is happening with John McAfee; the author of the popular McAfee Antivirus and who is rich, lives in Belize and has recently been accused by the authority to have murdered his neighbour. Instead of being with the police he has fled, arguing this was a conspiration and that the police (or someone) was after him. This on itself is already a bit odd, but his subsequent actions are even more bizarre…
You would think that someone who believes the whole system is corrupted would try to flee the country, but no. John McAfee is staying in the same city, posting a blog about his escape, offering $25K to anyone who can help him catch the “real” killer and even describing the numerous disguise he has used to approach his house and the police around it, doing his own investigation…

Well, at least it makes for an interesting reading!
http://www.whoismcafee.com/

...
>>[READ MORE]

Boxcryptor, a great tool to secure your cloud storage solution.

#78 - Posted on 2 November 2012 - Author: SM - Category: Security

I made my feelings very clear about the use of Dropbox in the enterprise, through a previous post. I still believe Dropbox and similar other cloud sotrage solutions such as Google drive or Sky Drive are a timebomb waiting to happen for many companies who are busy securing their infrastructure but forget to look at the data leaving their premises through the back door. Or just not appreciating how tablets and smartphones are driving their users’ behaviours and requirements.

There will be a lot of red faces if/when Dropbox and Co announce they have been hacked.

However, I have recently come accross a great tool that can help reducing the impact of such a bad scenario. It is called Boxcryptor.

Boxcryptor creates an encrypted folder under your Cloud Storage directory (i.e.:...
>>[READ MORE]

Security Onion and seeing through HTTPS

#77 - Posted on 26 October 2012 - Author: SM - Category: IDS, Security

Security Onion is an Open Source Linux distribution that makes deploying an IDS/NSM a very easy task indeed and I highly recommend you try it at home. Especially since you can do everything in a VM…

The video below gives a great summary of what this is all about (it is an hour long, but like any good movie you won’t see the time fly ;)


If you have ever been through a Snorby installation yourself, you will appreciate this distribution even more as everything is done for you. The installation process only asks a couple of questions and you should be ready to monitor your network, analyse data through full packet capture within 15 minutes!

The latest beta is even better, and lets you use your own Ubuntu flavoured distribution if you prefer not to use the d...
>>[READ MORE]

Is that the holy grail for critical systems?

#76 - Posted on 18 October 2012 - Author: SM - Category: Security

Kaspersky Lab just announced they are working on their own Operating System for critical systems.

This is something that is increasingly needed, but is Kaspesrky the best entity suited to produce such OS? To contribute/review it, certainly. But to drive its development? I am not so certain. I would have thought that developing an OS requires more specific skills than just security ones. One could argue that making security the core skill used in developing that OS should make it more secure but I would argue back it could also introduce performance issues… And performance is a health/security risk on its own, especially when speaking about critical systems such as process control environments.

Kaspersky Labs is engaging with different vendors and ICS operators, so they should get some kind of expertise on what their systems req...
>>[READ MORE]

Old tricks will always work…

#75 - Posted on 17 October 2012 - Author: SM - Category: Hacking, Security

There is something about deception, it can bypass a lot of security controls through a very basic principle, to make you believe about something that isn’t there. It is a bit like magic.

Like this WEBSITE, where you can see an example of what the new HTML5 fullscreen function could make you believe. That you are on a bank website, where in fact you are on a phishing site. The previous link is harmless and only serves as an example, one I would advise you to try yourself (you can’t enter any details anyway in case you haven’t understood it isn’t really a Bank of America website).

Basically, they use the HTML5 Fullscreen function to recreate your browser TABS and URL. If you are not used to browse the internet in full screen mode then you would see the trickstraightaway. However, if you are following the trend to browse in full screen mode, especially on mobile phones or on MACs where app...
>>[READ MORE]

Distributed Credential Protection

#74 - Posted on 15 October 2012 - Author: SM - Category: Security

RSA recently announced their Distributed Credential Protection (DCP) technology which should help address the impact of passwords leakage/theft when the system where they are stored gets compromised. They accomplish that by splitting up stored credentialsacrossdifferent systems.

In its current implementation it uses 2 servers. 1 server (BLUE) stores the password XOR to a random number and another server (RED) stores that random number.
When a user wants to authenticate it uses his password to XOR it with his own Random number. It then sends the transformed password to the BLUE server and the new random number to the RED server.
The BLUE and RED servers then compare the stored password with the one the user just provided. At this stage, I guess it must communicate to the RED server to get the corresponding random numbers.

This process is given an overview >>[READ MORE]

Wipe out/Factory Reset some Android’s phones

#73 - Posted on 25 September 2012 - Author: SM - Category: Hacking

According to this FRENCH WEBSITE, a major security vulnerability has been disclosed at the Ekoparty 2012Security Conferencewhich affects some android handsets. It it is possible to reset those affected handsets to factory default settings and in the process wipe out all data.This vulnerability exploits a “secret” code that can be used to trigger the factory reset automatically, without asking any confirmation from the user. That code is:*2767*3855#

There are different methods known to date to push that code onto those handsets:

– SMS in Wap Push mode (where the user would have to click on a link)

– QR Code

– NFC Protocol

Or… if users go to some websites where either

<frame src="tel:*2767*3855%23" />... 
   >>[READ MORE]

A Physical Solution to a Software Problem

#72 - Posted on 17 June 2012 - Author: SM - Category: Hacking

Thinkst is a small security organisation and one of its member recently published a post on their blog regarding the security of an encrypted USB drive. One of his friend lost the password to his USB Freecom Self Encrypted Drive (SED) drive and one of the protection in place was the need to power cycle the hard drive after every 5 bad attempts. This meant a brute force attack was impossible due to the time to plug/unplug the device.

Here comesingenuity, although the author call this a “lame hack”, I actually really like it as he thought outside the box (pun intended). He basically build a new controller to automatically power cycle the drive, and managed to find the lost password after 500 attempts.

I don’t do electronics and am always impressed when hack...
>>[READ MORE]

MD5 Security Flaws

#71 - Posted on 13 June 2012 - Author: SM - Category: Security

In case you were in any doubts about the security flaws of MD5, in recent days, 2 implementations of MD5 have been shown to have severe security issues.

1) The md5crypt password scrambler used in many Unix based distributions has been deemed as “unsafe” by its author (in fact this has been known for some time now).

2) MD5 collisions were used in the recent Flame malware to bypass Microsoft Update signature certificates.

The sole use of MD5 as a security vector must be avoided.

...
>>[READ MORE]

An interesting timeline representation of the CloudFlare’s hack

#70 - Posted on 12 June 2012 - Author: SM - Category: Hacking, Security

CloudFlare is an interesting young company, a few years old, as introduced in this Bloomberg article. Although it is tempting to just describe it as being similar to Akamaibecauseit provides web acceleration and DOS protection through the use of a Content Distributed Network (CDN), it is also different. As explained by its founder, Matthew Price, it can understand, analyse and protect all requests to a website, not just a subset. It also has a different price model starting with a free offering and generally being much less expensive than the competition even with its pro/business/enterprise options.

In a nutshell, CloudFlare appears to be a service that can help optim...
>>[READ MORE]