Feb
28
No it's not! And there's a
Blackhat talk coming up on the subject. But wait.. it got
pulled out of Blackhat due to legal pressure from HID! This is
not saying anything new - we've heard it before and seen demonstrations of RFID being
cloned. So what's wrong with the talk anyway?
Posted by Sandro Gauci
Feb
27
Below are some of our favorite freeware / open-source software utilities:-
TrueCrypt - Free Open-Source Disk Encryption Software
Free open-source disk encryption software for Windows XP/2000/2003 and Linux
Main Features:
# Creates a virtual encrypted disk within a file and mounts it as a real disk.
# Encrypts an entire hard disk partition or a storage device such as USB flash drive.
# Encryption is automatic, real-time (on-the-fly) and transparent.
# Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography – more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
# Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish.
Mode of operation: LRW (CBC supported as legacy).
http://www.truecrypt.org/downloads.php
Continue reading "FREEWARE Encryption software"
Posted by Donald Tabone
Feb
26
aka Why Passwords Suck
I'm planning on writing a few articles about passwords - the most basic of all security tools. Starting with this essay, I'll describe what makes passwords such an issue and briefly outline a few solutions to the problem. In the subsequent posts, I'll be going more into detail on how (I believe) to best avoid passwords or at least go around the challenges that they present.
Continue reading "Why Passwords do not live up to Today's Needs"
Posted by Sandro Gauci
Feb
25
Most of us interested in security have a tendency to be also interested in news related to technology and networking.
Maltameter is a local website for those hungry for high tech and bandwidth. Quoting their
about page:
"Maltameter is a technology and IT news site that has been created to keep the Maltese consumer informed about the services and products available in the local market and also in the International market if it still applies to Malta. Being a consumer-oriented site, Maltameter does not publish news about business-to-business services or business-targeted products. This site is also not affiliated with any local company, and strive to remain as unbiased as possible."
Enjoy
Posted by Sandro Gauci
Feb
22
Delivering malware via RSS feeds
Although RSS (Real Simple Syndication) has been around for a while now, it is isn't until IE7 and Firefox2 actually made it easier to read RSS feeds that hackers have been thinking of exploting this technology to deliver malware. This said, feed-hacking is not a particularly new threat.
Whilst it is fairly easy for users to simply subscribe to syndicated news and content feeds, the security problem here is that readers simply pull in the content from the source without first checking to see whether it might contain malicious code.
In other words, feed readers assume that the content being pulled in is a story or a blog and make little attempt to sanitize the content, he said. That makes it easier for attackers to inject into a Web feed malicious JavaScript and other code for stealing passwords and data or for remotely controlling computers, said Jeremiah Grossman, founder and chief techology officer at WhiteHat Security Inc. in Santa Clara, Calif.
Continue reading "The security of RSS feeds"
Posted by Donald Tabone
Feb
21
When it comes to priorities, a lot of companies and organizations still place security towards the end of the list. Many times the right people cannot take the right decisions, while the wrong people go ahead with decisions which affect the security of the organization. If the person in charge does not see any immediate benefits out of taking security precautions, then most of the times, what happens is that the precautions are not taken.
Continue reading "Security and Priorities"
Posted by Sandro Gauci
Feb
16
The InfoWatch analytical center has published its results for 2006 presenting the first global survey of internal information security (IS) breaches. The goal was to analyze all leaks of confidential or personal data, cases of employee sabotage or negligence, and any other breach of internal IS which had received at least one mention in the mass media during 2006. The survey is truly global since the analysis includes all internal violations regardless of the geographical location of particular company or government structures affected by insider sabotage. Thus, all patterns and tendencies revealed in the survey can be equally applied to companies of all industries and countries.
Continue reading "Global Data Leakage Survey 2006"
Posted by Donald Tabone
Feb
15
We would love to hear your suggestions for improvements to the website. If we do not reply immediately, please understand that it might take a couple of days before you receive a reply. Nevertheless we will always reply.
We can be reached via email here info(at)maltainfosec.org
Kind regards,
Donald + Sandro
Posted by Donald Tabone
Twitter or RSS 2.0 feed
