As most of this blog reader already know, in past years there was a lot of activities related to public research for GSM auditing and cracking. However when there was huge media coverage to GSM cracking research results, the tools to make the cracking was really early stage and still very inefficient. Now Frank Stevenson , norwegian [...]
Archive for the 'security' Category
GSM cracking in penetration test methodologies (OSSTMM) ?
Published by July 23rd, 2010 in Privacy, intelligence, interception, security and technology. 2 Comments
Snake-oil security claims on crypto security product
Published by July 19th, 2010 in Privacy, business, management, security and technology. 3 CommentsSecurity market grow, more companies goes to the market, but how many of them are taking seriously what they do? You know, doing security technology mean that you are personally responsible for the protection of the user’s information. You must make them aware of what they need, exactly what your are doing and which kind of [...]
Web2.0 privacy leak in Mobile apps
Published by July 17th, 2010 in Privacy, intelligence, security and technology. 0 CommentsYou know that web2.0 world it’s plenty of leak of any kind (profiling, profiling, profiling) related to Privacy and users starts being concerned about it. Users continuously download applications without knowing the details of what they do, for example iFart just because are cool, are fun and sometime are useful. On mobile phones users install [...]
AES algorithm selected for use in space
Published by July 8th, 2010 in Privacy, security and technology. 0 CommentsI encountered a nice paper regarding analysis and consideration on which encryption algorithm it’s best suited for use in the space by space ship and equipments. The paper has been done by the Consultative Committee for Space Data Systems that’s a consortium of all space agency around that cumulatively handled more than 400 mission to space. [...]
Blackberry Security and Encryption: Devil or Angel?
Published by July 7th, 2010 in Privacy, business, intelligence, interception, security and technology. 1 CommentBlackberry have good and bad reputation regarding his security capability, depending from which angle you look at it. This post it’s a summarized set of information to let the reader the get picture, without taking much a position as RIM and Blackberry can be considered, depending on the point of view, an extremely secure platform or [...]
A cult book, ever green since 25 years. It’s been 25 years since “Hackers” was published. Author Steven Levy reflects on the book and the movement. http://radar.oreilly.com/2010/06/hackers-at-25.htmlSteven Levy wrote a book in the mid-1980s that introduced the term “hacker” — the positive connotation — to a wide audience. In the ensuing 25 years, that word [...]
Botnet for RSA cracking?
Published by June 30th, 2010 in Privacy, security and technology. 0 CommentsI read an interesting article about putting 1.000.000 computers, given the chance for a serious botnet owner to get it, to crack RSA. The result is that in such context attacking an RSA 1024bit key would take only 28 years, compared to theoretical 19 billion of years. Reading of this article, is extremely interesting because it gives [...]
China Encryption Regulations
Published by June 16th, 2010 in Privacy, business, cyberwarfare, intelligence, security and technology. 0 CommentsHi all, i found this very interesting paper on China Encryption Import/Export/Domestic Regulations done by Baker&Mckenzie in the US. It’s strongly business and regulatory oriented giving a very well done view on how china regulations works and how it may behave in future. Read here Decrypting China Encryption’s Regulations (form Bakernet website) .
A porting of famous netcat to Cisco IOS router operating system: IOSCat The only main limit is that it does not support UDP, but that’s a very cool tool! A very good txt to read is Netcat hacker Manual.
The (old) Crypto AG case and some thinking about it
Published by June 7th, 2010 in cyberwarfare, intelligence, interception and security. 0 CommentsIn the ‘90, closed source and proprietary cryptography was ruling the world. That’s before open source and scientifically approved encrypted technologies went out as a best practice to do crypto stuff. I would like to remind when, in 1992, USA along with Israel was, together with switzerland, providing backdoored (proprietary and secret) technologies to Iranian government to [...]
Missiles against cyber attacks?
Published by June 7th, 2010 in cyberwarfare, intelligence and security. 0 CommentsThe cyber conflicts are really reaching a point where war and cyberwar merge together. NATO countries have the right to use the force against attacks on computer networks.
Mobile Security talk at WHYMCA conference
Published by June 2nd, 2010 in Privacy, business, interception, security and technology. 0 CommentsI want to share some slides i used to talk about mobile security at whymca mobile conference in Milan.Read here my slides on mobile security . The slides provide a wide an in-depth overview of mobile security related matters, i should be doing some slidecast about it putting also audio. Maybe will do, maybe not, it [...]
iPhone PIN: useless encryption
Published by June 1st, 2010 in Privacy, security and technology. 0 CommentsI recently switched one of my multiple mobile phones with which i go around to iPhone. I am particularly concerned about data protection in case of theft and so started having a look around about the iPhone provided protection system. There is an interesting set of iPhone Business Security Features that make me think that iPhone is [...]
Who extract Oil in Iran? Business and UN sanction together
Published by June 1st, 2010 in Uncategorized and security. 0 CommentsI like geopolitic and i am following carefully iran issues. I went to National Iranian Oil Company website and have seen “Exploration & Production” section where are listed all the companies and their country of origin that are allowed to make Exploration of oil in Iran. On that list we find the list of countries along with [...]
Exploit code against SecurStar DriveCrypt published
Published by May 25th, 2010 in Kudos, Privacy, security and technology. 0 CommentsIt seems that the hacking community somehow like to target securstar products, maybe because hacking community doesn’t like the often revealed unethical approach already previously described in this blog by articles and user’s comments. In 2004 a lot of accusation against Hafner of SecurStar went out because of alleged intellectual property theft regarding opensource codes such [...]
Quantum cryptography broken
Published by May 20th, 2010 in Privacy, interception, security and technology. 0 CommentsQuantum cryptography it’s something very challenging, encryption methods that leverage the law of phisycs to secure communications over fiber lines. To oversimplify the system is based on the fact that if someone cut the fiber, put a tap in the middle, and joint together the other side of the fiber, the amount of “errors” that will [...]
FUN! Infosecurity consideration on some well known films
Published by May 18th, 2010 in security. 0 CommentsPlease read it carefully Film that needed better infosec. One the the review, imho the most fun one on film Star Wars: The scene Death star getting blown up Infosec Analysis Darth Vader must be heralded as the prime example of a chief executive who really didn’t care about information security. The entire board was unapproachable and clearly no system [...]
Because security of a cryptographic system it’s not a matter of “how many bits do i use” but using the right approach to do the right thing to mitigate the defined security risk in the most balanced way.
Encryption is not scrambling: be aware of scrambler!
Published by April 20th, 2010 in Privacy, security and technology. 0 CommentsMost of us know about voice scrambler that can be used across almost any kind of voice based communication technology. Extremely flexible approach: works everything Extreme performance: very low latency but unfortunately… Extremely weak: Scrambling cannot be considered secure. Only encryption can be considered secure under the Kerckoff’s principle . So please don’t even consider any kind of analog scrambler if [...]
Evidence that infosecurityguard.com/notrax is SecurStar GmbH Phonecrypt – A fake independent research on voice crypto
Published by February 1st, 2010 in Privacy, business, interception and security. 7 CommentsBelow evidence that the security review made by an anonymous hacker on http://infosecurityguard.com is in facts a dishonest marketing plan by the SecurStar GmbH to promote their voice crypto product. I already wrote about that voice crypto analysis that appeared to me very suspicious. Now it’s confirmed, it’s a fake independent hacker security research by SecurStar GmbH, [...]
Dishonest security: The SecurStart GmbH Phonecrypt case
Published by February 1st, 2010 in Privacy, business, interception and security. 0 CommentsI would like to provide considerations on the concept of ethics that a security company should have respect to the users, the media and the security environment. SecurStar GmbH made very bad things making that infosecuriguard.com fake independent research. It’s unfair approach respect to hacking community. It’s unfair marketing to end user. They should not be tricking by [...]
About the SecurStar GmbH Phonecrypt voice encryption analysis (criteria, errors and different results)
Published by January 30th, 2010 in Privacy, business, interception, security and technology. 4 CommentsThis article want to clarify and better explain the finding at infosecurityguard.com regaring voice encryption product evaluation. This article want to tell you a different point of view other than infosecurityguard.com and explaining which are the rational with extensive explaination from security point of view. Today i read news saying: “PhoneCrypt: Basic Vulnerability Found in 12 out [...]
Licensed by Israel Ministry of Defense? How things really works!
Published by January 29th, 2010 in Privacy, cyberwarfare, intelligence, interception and security. 0 CommentsYou should know that Israel is a country where if a company need to develop encryption product they must be authorized by the government. The government don’t want that companies doing cryptography can do anything bad to them and what they can do of good for the government, so they have to first be authorized. Companies providing [...]
Not a professional tool but an easy, quick and free one. If you just accidently deleted some files on windows or your employee leave the company deleting all his data, well that you get out from trouble quickly. It also came out in a ‘portable’ version to be loaded from an USB stick drive. Check Recuva recovery tool
Military contractors going commercial
Published by November 10th, 2009 in business, management and security. 0 CommentsMost military contractors are suffering from the restriction of government’s budgets for military expenses and are moving into commercial markets, still they have to adjust a lot of things. Read here a nice analysis from rochtel on how military contractors should adapt their strategy.
Brazilian Electrical Blackout: preview of cyberwar
Published by November 7th, 2009 in cyberwarfare, intelligence and security. 0 CommentsIn 2005 and 2007 in Brazil million of people was targetted by a blackout. Initially it appeared like an accident. Now it’s known that was caused by a cyber attack against electricity control systems. That was just a preview of what a cyber attack in a cyberwar means. In near future we’ll probably see something like ‘virtual custom offices’ [...]
Conventionality is not morality.
Published by August 6th, 2009 in business, cybercrime and security. 0 CommentsDuring my daily RSS OCD reading I had to deal with this article: it has been written by a “senior anti-virus researcher at Kaspersky Lab’s“. Talk about personal interest. I wont comment on the practical implications of useless signature based AV’s and how cyber criminals will never need amateur-ish projects to carry on their malicious tactics. But what [...]
Hackers hacking hackers are always pretty fun. And I am not talking about ZF05 (which was cool reading, even if not as cool as ~El8 was), I am talking about this.
This is big business, this is the American way
Published by July 31st, 2009 in cybercrime, security and technology. 0 Comments43 years old “UFO eccentric” hacker Gary McKinnon just loses appeal against his extradition to the States for computer crimes he committed 7 years ago. If you’ve lived under a rock during the last few years what this dude did was basically break into .gov computers looking for UFO related material. Probably the last case of recreational [...]
Iphone jailbreaking crashing towers? FUD!
Published by July 30th, 2009 in business, security and technology. 0 CommentsIt’s interesting to read a news about an anti-jailbreaking statement by apple that say that with jailbreaked phones it may be possible to crash mobile operator’s towers: By tinkering with this code, “a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the [...]
1st august 2009: Switzerland start realtime internet interception
Published by July 21st, 2009 in cyberwarfare, intelligence, interception and security. 0 CommentsThe intelligence strength is increasing everywhere… also in Switzerland that had a well known privacy protection approach! Read the WikiLeaks Article
UAE government placing backdoors into Blackberry devices
Published by July 21st, 2009 in Privacy, cyberwarfare, intelligence, interception and security. 0 CommentsNice attempt to place backdoors inside Blackberry devices. It seems that UAE government wanted to do something nasty placing backdoors trough software upgrades in Etilsat (local mobile operator) blackberry devices, obviously with the cooperation of the mobile operator itself. Fortunately, the power of the security community discovered and unveiled the facts. Check it out. Etisat patch designed for [...]
Mobile platform hacking: worms and botnet from phones?
Published by July 7th, 2009 in security and technology. 0 CommentsThe hacking community is finally starting seriously auditing and hacking Symbian OS, even if it’s difficult, hard to work on, unpleasant to debug it . There are so many mobile operating systems (Symbian OS, Nokia S40, Windows Mobile, RIM OS, Mac OS X, Android/Linux, Brew) that a worm/virus being able to leverage a cross-platform vulnerability it’s [...]
Voice encryption in government sectors
Published by July 6th, 2009 in Privacy, business, cyberwarfare, intelligence, interception and security. 0 CommentsI will make some in depth articles about how voice encryption really works in government environments. The open standards and open source still have to reach the military and government environments for what’s related to secure speech. To give you an idea of the complexity and kind of particular issues that exists, look at the USA 3G [...]
