No it's not! And there's a Blackhat talk coming up on the subject. But wait.. it got pulled out of Blackhat due to legal pressure from HID! This is not saying anything new - we've heard it before and seen demonstrations of RFID being cloned. So what's wrong with the talk anyway?
Support us by visiting our sponsors and win a €20 Amazon Voucher every month
Follow maltainfosec on Twitter or RSS 2.0 feed
No it's not! And there's a Blackhat talk coming up on the subject. But wait.. it got pulled out of Blackhat due to legal pressure from HID! This is not saying anything new - we've heard it before and seen demonstrations of RFID being cloned. So what's wrong with the talk anyway?
Free open-source disk encryption software for Windows XP/2000/2003 and Linux
Main Features:
# Creates a virtual encrypted disk within a file and mounts it as a real disk.
# Encrypts an entire hard disk partition or a storage device such as USB flash drive.
# Encryption is automatic, real-time (on-the-fly) and transparent.
# Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography – more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
# Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish.
Mode of operation: LRW (CBC supported as legacy).
http://www.truecrypt.org/downloads.php
aka Why Passwords Suck
I'm planning on writing a few articles about passwords - the most basic of all security tools. Starting with this essay, I'll describe what makes passwords such an issue and briefly outline a few solutions to the problem. In the subsequent posts, I'll be going more into detail on how (I believe) to best avoid passwords or at least go around the challenges that they present.
Continue reading "Why Passwords do not live up to Today's Needs"
"Maltameter is a technology and IT news site that has been created to keep the Maltese consumer informed about the services and products available in the local market and also in the International market if it still applies to Malta. Being a consumer-oriented site, Maltameter does not publish news about business-to-business services or business-targeted products. This site is also not affiliated with any local company, and strive to remain as unbiased as possible."
Enjoy
Although RSS (Real Simple Syndication) has been around for a while now, it is isn't until IE7 and Firefox2 actually made it easier to read RSS feeds that hackers have been thinking of exploting this technology to deliver malware. This said, feed-hacking is not a particularly new threat.
Whilst it is fairly easy for users to simply subscribe to syndicated news and content feeds, the security problem here is that readers simply pull in the content from the source without first checking to see whether it might contain malicious code.
In other words, feed readers assume that the content being pulled in is a story or a blog and make little attempt to sanitize the content, he said. That makes it easier for attackers to inject into a Web feed malicious JavaScript and other code for stealing passwords and data or for remotely controlling computers, said Jeremiah Grossman, founder and chief techology officer at WhiteHat Security Inc. in Santa Clara, Calif.
When it comes to priorities, a lot of companies and organizations still place security towards the end of the list. Many times the right people cannot take the right decisions, while the wrong people go ahead with decisions which affect the security of the organization. If the person in charge does not see any immediate benefits out of taking security precautions, then most of the times, what happens is that the precautions are not taken.

The InfoWatch analytical center has published its results for 2006 presenting the first global survey of internal information security (IS) breaches. The goal was to analyze all leaks of confidential or personal data, cases of employee sabotage or negligence, and any other breach of internal IS which had received at least one mention in the mass media during 2006. The survey is truly global since the analysis includes all internal violations regardless of the geographical location of particular company or government structures affected by insider sabotage. Thus, all patterns and tendencies revealed in the survey can be equally applied to companies of all industries and countries.
We can be reached via email here info(at)maltainfosec.org
Kind regards,
Donald + Sandro



