As most of this blog reader already know, in past years there was a lot of activities related to public research for GSM auditing and cracking. However when there was huge media coverage to GSM cracking research results, the tools to make the cracking was really early stage and still very inefficient. Now Frank Stevenson , norwegian [...]
Author Archive for naif
GSM cracking in penetration test methodologies (OSSTMM) ?
Published by July 23rd, 2010 in Privacy, intelligence, interception, security and technology. 2 Comments
Snake-oil security claims on crypto security product
Published by July 19th, 2010 in Privacy, business, management, security and technology. 3 CommentsSecurity market grow, more companies goes to the market, but how many of them are taking seriously what they do? You know, doing security technology mean that you are personally responsible for the protection of the user’s information. You must make them aware of what they need, exactly what your are doing and which kind of [...]
Web2.0 privacy leak in Mobile apps
Published by July 17th, 2010 in Privacy, intelligence, security and technology. 0 CommentsYou know that web2.0 world it’s plenty of leak of any kind (profiling, profiling, profiling) related to Privacy and users starts being concerned about it. Users continuously download applications without knowing the details of what they do, for example iFart just because are cool, are fun and sometime are useful. On mobile phones users install [...]
AES algorithm selected for use in space
Published by July 8th, 2010 in Privacy, security and technology. 0 CommentsI encountered a nice paper regarding analysis and consideration on which encryption algorithm it’s best suited for use in the space by space ship and equipments. The paper has been done by the Consultative Committee for Space Data Systems that’s a consortium of all space agency around that cumulatively handled more than 400 mission to space. [...]
Blackberry Security and Encryption: Devil or Angel?
Published by July 7th, 2010 in Privacy, business, intelligence, interception, security and technology. 1 CommentBlackberry have good and bad reputation regarding his security capability, depending from which angle you look at it. This post it’s a summarized set of information to let the reader the get picture, without taking much a position as RIM and Blackberry can be considered, depending on the point of view, an extremely secure platform or [...]
A cult book, ever green since 25 years. It’s been 25 years since “Hackers” was published. Author Steven Levy reflects on the book and the movement. http://radar.oreilly.com/2010/06/hackers-at-25.htmlSteven Levy wrote a book in the mid-1980s that introduced the term “hacker” — the positive connotation — to a wide audience. In the ensuing 25 years, that word [...]
Botnet for RSA cracking?
Published by June 30th, 2010 in Privacy, security and technology. 0 CommentsI read an interesting article about putting 1.000.000 computers, given the chance for a serious botnet owner to get it, to crack RSA. The result is that in such context attacking an RSA 1024bit key would take only 28 years, compared to theoretical 19 billion of years. Reading of this article, is extremely interesting because it gives [...]
Patent rights and opensource: can they co-exist?
Published by June 27th, 2010 in technology. 0 CommentsHow many of you had to deal with patented technologies? How many of the patented technologies you dealed with was also “secrets” in their implementation? Well, there’s a set of technologies whose implementation is open source (copyright) but that are patented (intellectual property right). A very nice paper about the topic opensource & patents that i suggest to [...]
China Encryption Regulations
Published by June 16th, 2010 in Privacy, business, cyberwarfare, intelligence, security and technology. 0 CommentsHi all, i found this very interesting paper on China Encryption Import/Export/Domestic Regulations done by Baker&Mckenzie in the US. It’s strongly business and regulatory oriented giving a very well done view on how china regulations works and how it may behave in future. Read here Decrypting China Encryption’s Regulations (form Bakernet website) .
A porting of famous netcat to Cisco IOS router operating system: IOSCat The only main limit is that it does not support UDP, but that’s a very cool tool! A very good txt to read is Netcat hacker Manual.
The (old) Crypto AG case and some thinking about it
Published by June 7th, 2010 in cyberwarfare, intelligence, interception and security. 0 CommentsIn the ‘90, closed source and proprietary cryptography was ruling the world. That’s before open source and scientifically approved encrypted technologies went out as a best practice to do crypto stuff. I would like to remind when, in 1992, USA along with Israel was, together with switzerland, providing backdoored (proprietary and secret) technologies to Iranian government to [...]
Missiles against cyber attacks?
Published by June 7th, 2010 in cyberwarfare, intelligence and security. 0 CommentsThe cyber conflicts are really reaching a point where war and cyberwar merge together. NATO countries have the right to use the force against attacks on computer networks.
Mobile Security talk at WHYMCA conference
Published by June 2nd, 2010 in Privacy, business, interception, security and technology. 0 CommentsI want to share some slides i used to talk about mobile security at whymca mobile conference in Milan.Read here my slides on mobile security . The slides provide a wide an in-depth overview of mobile security related matters, i should be doing some slidecast about it putting also audio. Maybe will do, maybe not, it [...]
iPhone PIN: useless encryption
Published by June 1st, 2010 in Privacy, security and technology. 0 CommentsI recently switched one of my multiple mobile phones with which i go around to iPhone. I am particularly concerned about data protection in case of theft and so started having a look around about the iPhone provided protection system. There is an interesting set of iPhone Business Security Features that make me think that iPhone is [...]
Who extract Oil in Iran? Business and UN sanction together
Published by June 1st, 2010 in Uncategorized and security. 0 CommentsI like geopolitic and i am following carefully iran issues. I went to National Iranian Oil Company website and have seen “Exploration & Production” section where are listed all the companies and their country of origin that are allowed to make Exploration of oil in Iran. On that list we find the list of countries along with [...]
Exploit code against SecurStar DriveCrypt published
Published by May 25th, 2010 in Kudos, Privacy, security and technology. 0 CommentsIt seems that the hacking community somehow like to target securstar products, maybe because hacking community doesn’t like the often revealed unethical approach already previously described in this blog by articles and user’s comments. In 2004 a lot of accusation against Hafner of SecurStar went out because of alleged intellectual property theft regarding opensource codes such [...]
Quantum cryptography broken
Published by May 20th, 2010 in Privacy, interception, security and technology. 0 CommentsQuantum cryptography it’s something very challenging, encryption methods that leverage the law of phisycs to secure communications over fiber lines. To oversimplify the system is based on the fact that if someone cut the fiber, put a tap in the middle, and joint together the other side of the fiber, the amount of “errors” that will [...]
FUN! Infosecurity consideration on some well known films
Published by May 18th, 2010 in security. 0 CommentsPlease read it carefully Film that needed better infosec. One the the review, imho the most fun one on film Star Wars: The scene Death star getting blown up Infosec Analysis Darth Vader must be heralded as the prime example of a chief executive who really didn’t care about information security. The entire board was unapproachable and clearly no system [...]
Because security of a cryptographic system it’s not a matter of “how many bits do i use” but using the right approach to do the right thing to mitigate the defined security risk in the most balanced way.
Encryption is not scrambling: be aware of scrambler!
Published by April 20th, 2010 in Privacy, security and technology. 0 CommentsMost of us know about voice scrambler that can be used across almost any kind of voice based communication technology. Extremely flexible approach: works everything Extreme performance: very low latency but unfortunately… Extremely weak: Scrambling cannot be considered secure. Only encryption can be considered secure under the Kerckoff’s principle . So please don’t even consider any kind of analog scrambler if [...]
SecurStar GmbH Phonecrypt answers on the Infosecurityguard/Notrax case: absolutely unreasonable! :-)
Published by February 1st, 2010 in Privacy, business, interception and technology. 0 CommentsUPDATE 20.04.2010: http://infosecurityguard.com has been disabled. Notrax identity became known to several guys in the voice security environments (cannot tell, but you can imagine, i was right!) and so our friends decided to trow away the website because of legal responsibility under UK and USA laws. UPDATE: Nice summary of the whole story (i know, it’s [...]
Evidence that infosecurityguard.com/notrax is SecurStar GmbH Phonecrypt – A fake independent research on voice crypto
Published by February 1st, 2010 in Privacy, business, interception and security. 7 CommentsBelow evidence that the security review made by an anonymous hacker on http://infosecurityguard.com is in facts a dishonest marketing plan by the SecurStar GmbH to promote their voice crypto product. I already wrote about that voice crypto analysis that appeared to me very suspicious. Now it’s confirmed, it’s a fake independent hacker security research by SecurStar GmbH, [...]
Dishonest security: The SecurStart GmbH Phonecrypt case
Published by February 1st, 2010 in Privacy, business, interception and security. 0 CommentsI would like to provide considerations on the concept of ethics that a security company should have respect to the users, the media and the security environment. SecurStar GmbH made very bad things making that infosecuriguard.com fake independent research. It’s unfair approach respect to hacking community. It’s unfair marketing to end user. They should not be tricking by [...]
About the SecurStar GmbH Phonecrypt voice encryption analysis (criteria, errors and different results)
Published by January 30th, 2010 in Privacy, business, interception, security and technology. 4 CommentsThis article want to clarify and better explain the finding at infosecurityguard.com regaring voice encryption product evaluation. This article want to tell you a different point of view other than infosecurityguard.com and explaining which are the rational with extensive explaination from security point of view. Today i read news saying: “PhoneCrypt: Basic Vulnerability Found in 12 out [...]
Licensed by Israel Ministry of Defense? How things really works!
Published by January 29th, 2010 in Privacy, cyberwarfare, intelligence, interception and security. 0 CommentsYou should know that Israel is a country where if a company need to develop encryption product they must be authorized by the government. The government don’t want that companies doing cryptography can do anything bad to them and what they can do of good for the government, so they have to first be authorized. Companies providing [...]
O3B Networks: a new satellite broadband approach
Published by January 26th, 2010 in technology. 0 CommentsThat’s something amazing, “other 3 billion” broadband coverage not trough fiber but trough satellite. A project where also google is one of the shareholder, covering 3 billion persons trough low orbit, low latency broadband (10GBit) satellite network. Check here technical infrastructure details on ITU website.
When looking at facts and figures about globalized world, the index of economic freedom is a nice tool to make proper considerations.
Location Based Services: the big brother thanks you ;-)
Published by December 1st, 2009 in Privacy, intelligence, interception and technology. 0 CommentsDo you use your iphone, google phone, blackberry or nokia smartphone with cool built-in GPS? Well law enforcement can now know even better where you are, at any time, even with historical data and much better than BTS based location systems. Sprint has given 8 million times customer’s GPS information to law enforcement (sound something like a [...]
Gold-Lock Security Encryption Contest: be careful!
Published by November 25th, 2009 in Privacy, cyberwarfare, intelligence and interception. 0 CommentsThis post is to talk about the “unfair” marketing approach of Gold-Lock, an israeli company doing mobile voice encryption authorized by Israeli Ministry of Defence . Following an announcement seen on Linkedin “Information Security Community” group: GoldLock is offering US$ 100.000 and a job for an unencryption GoldLock, an israeli encryption and security company [...]
Not a professional tool but an easy, quick and free one. If you just accidently deleted some files on windows or your employee leave the company deleting all his data, well that you get out from trouble quickly. It also came out in a ‘portable’ version to be loaded from an USB stick drive. Check Recuva recovery tool
Military contractors going commercial
Published by November 10th, 2009 in business, management and security. 0 CommentsMost military contractors are suffering from the restriction of government’s budgets for military expenses and are moving into commercial markets, still they have to adjust a lot of things. Read here a nice analysis from rochtel on how military contractors should adapt their strategy.
Disk encryption sometimes ‘works’
Published by November 9th, 2009 in Privacy and cybercrime. 0 CommentsI am one of the person convinced that a computer disk encryption system will not protect you from public authorities if they are convinced enough and the case is very important. There are a lot of way to convince a person to release a password. However there’s a case in Australia where not revealing the disk password [...]
Brazilian Electrical Blackout: preview of cyberwar
Published by November 7th, 2009 in cyberwarfare, intelligence and security. 0 CommentsIn 2005 and 2007 in Brazil million of people was targetted by a blackout. Initially it appeared like an accident. Now it’s known that was caused by a cyber attack against electricity control systems. That was just a preview of what a cyber attack in a cyberwar means. In near future we’ll probably see something like ‘virtual custom offices’ [...]
Political conflict in Turkey between Prosecutors and Wiretappers
Published by November 7th, 2009 in Privacy, intelligence and interception. 0 CommentsIt seems that in Turkey the Telecommunication Directorate (TIB), in charge of managing the wiretapping, intercepted the president of the Judge and Prosecutors Associations. Prosecutors and Judge usually does not like being tapped, and so the 1st High Criminal Court ordered an audit of all the recording done by the TIB since 2006. Read more here.
I come back to blogging. Why i stopped my blogging trial period? 1st because being busy @work 2nd because my blogging software expired and i hate wordpress editor (i really need a blogging client for my own way of making information). I use this software called Ecto that cost about 17 EUR and it’s pretty useful to keep [...]
Russia: the best worldwide place for cybercrime business
Published by July 30th, 2009 in cybercrime, cyberwarfare and intelligence. 0 CommentsRussia is a very beautiful place for any committed cybercrime business owner. FBI and Mcafee are trying to do something, do they will ever succeed? I don’t think so, it’s a political issue as russia is not going to extradite any cybercriminal and is not going to provide strong international cooperations. Always remember that in Russia Business Network [...]
Iphone jailbreaking crashing towers? FUD!
Published by July 30th, 2009 in business, security and technology. 0 CommentsIt’s interesting to read a news about an anti-jailbreaking statement by apple that say that with jailbreaked phones it may be possible to crash mobile operator’s towers: By tinkering with this code, “a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the [...]
chinese espionage: the worst and more silent threat for western countries
Published by July 27th, 2009 in business, cybercrime, cyberwarfare and management. 0 CommentsHi all, in the past few years i saw an incredible increase in the amount of “public” news about espionage against different western countries and usually coming from far-east, typically china. China want to be the largest economic power within 2020 and it’s following a grow rate of 8% per year. Their “controlled” capitalism without the inefficiency [...]
Criminal business model: Somali pirate case study
Published by July 27th, 2009 in business and cybercrime. 0 CommentsHi all, this blog post is to have a nice economical point of view on somali pirates business model, something nice as also crime is a business and need it’s business evaluation: An economic Analysis of Somali Pirates Business Model It sounds much like a great deal, check it out the details: The attack model and costs The negotiation phase [...]
The concept of freedom of an hacker, killing himself not to loose the most important value of his life. Read there