|
Wednesday, February 28. 2007
No it's not! And there's a Blackhat talk coming up on the subject. But wait.. it got pulled out of Blackhat due to legal pressure from HID! This is not saying anything new - we've heard it before and seen demonstrations of RFID being cloned. So what's wrong with the talk anyway?
Tuesday, February 27. 2007
Below are some of our favorite freeware / open-source software utilities:-
 TrueCrypt - Free Open-Source Disk Encryption Software
Free open-source disk encryption software for Windows XP/2000/2003 and Linux
Main Features:
# Creates a virtual encrypted disk within a file and mounts it as a real disk.
# Encrypts an entire hard disk partition or a storage device such as USB flash drive.
# Encryption is automatic, real-time (on-the-fly) and transparent.
# Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:
1) Hidden volume (steganography – more information may be found here).
2) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
# Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish.
Mode of operation: LRW (CBC supported as legacy).
http://www.truecrypt.org/downloads.php
Continue reading "FREEWARE Encryption software"
Monday, February 26. 2007
aka Why Passwords Suck I'm planning on writing a few articles about passwords - the most basic of all security tools. Starting with this essay, I'll describe what makes passwords such an issue and briefly outline a few solutions to the problem. In the subsequent posts, I'll be going more into detail on how (I believe) to best avoid passwords or at least go around the challenges that they present.
Continue reading "Why Passwords do not live up to Today's Needs"
Sunday, February 25. 2007
Most of us interested in security have a tendency to be also interested in news related to technology and networking. Maltameter is a local website for those hungry for high tech and bandwidth. Quoting their about page: "Maltameter is a technology and IT news site that has been created to keep the Maltese consumer informed about the services and products available in the local market and also in the International market if it still applies to Malta. Being a consumer-oriented site, Maltameter does not publish news about business-to-business services or business-targeted products. This site is also not affiliated with any local company, and strive to remain as unbiased as possible."
Enjoy
Thursday, February 22. 2007
Delivering malware via RSS feeds
Although RSS (Real Simple Syndication) has been around for a while now, it is isn't until IE7 and Firefox2 actually made it easier to read RSS feeds that hackers have been thinking of exploting this technology to deliver malware. This said, feed-hacking is not a particularly new threat.
Whilst it is fairly easy for users to simply subscribe to syndicated news and content feeds, the security problem here is that readers simply pull in the content from the source without first checking to see whether it might contain malicious code.
In other words, feed readers assume that the content being pulled in is a story or a blog and make little attempt to sanitize the content, he said. That makes it easier for attackers to inject into a Web feed malicious JavaScript and other code for stealing passwords and data or for remotely controlling computers, said Jeremiah Grossman, founder and chief techology officer at WhiteHat Security Inc. in Santa Clara, Calif.
Continue reading "The security of RSS feeds"
Wednesday, February 21. 2007
When it comes to priorities, a lot of companies and organizations still place security towards the end of the list. Many times the right people cannot take the right decisions, while the wrong people go ahead with decisions which affect the security of the organization. If the person in charge does not see any immediate benefits out of taking security precautions, then most of the times, what happens is that the precautions are not taken.
Continue reading "Security and Priorities"
Friday, February 16. 2007
The InfoWatch analytical center has published its results for 2006 presenting the first global survey of internal information security (IS) breaches. The goal was to analyze all leaks of confidential or personal data, cases of employee sabotage or negligence, and any other breach of internal IS which had received at least one mention in the mass media during 2006. The survey is truly global since the analysis includes all internal violations regardless of the geographical location of particular company or government structures affected by insider sabotage. Thus, all patterns and tendencies revealed in the survey can be equally applied to companies of all industries and countries.
Continue reading "Global Data Leakage Survey 2006"
Friday, February 16. 2007
Here is the link to our google group:-
Malta information security google group
|
