As most of this blog reader already know, in past years there was a lot of activities related to public research for GSM auditing and cracking. However when there was huge media coverage to GSM cracking research results, the tools to make the cracking was really early stage and still very inefficient. Now Frank Stevenson , norwegian [...]
Archive for the 'Privacy' Category
GSM cracking in penetration test methodologies (OSSTMM) ?
Published by July 23rd, 2010 in Privacy, intelligence, interception, security and technology. 2 Comments
Snake-oil security claims on crypto security product
Published by July 19th, 2010 in Privacy, business, management, security and technology. 3 CommentsSecurity market grow, more companies goes to the market, but how many of them are taking seriously what they do? You know, doing security technology mean that you are personally responsible for the protection of the user’s information. You must make them aware of what they need, exactly what your are doing and which kind of [...]
Web2.0 privacy leak in Mobile apps
Published by July 17th, 2010 in Privacy, intelligence, security and technology. 0 CommentsYou know that web2.0 world it’s plenty of leak of any kind (profiling, profiling, profiling) related to Privacy and users starts being concerned about it. Users continuously download applications without knowing the details of what they do, for example iFart just because are cool, are fun and sometime are useful. On mobile phones users install [...]
AES algorithm selected for use in space
Published by July 8th, 2010 in Privacy, security and technology. 0 CommentsI encountered a nice paper regarding analysis and consideration on which encryption algorithm it’s best suited for use in the space by space ship and equipments. The paper has been done by the Consultative Committee for Space Data Systems that’s a consortium of all space agency around that cumulatively handled more than 400 mission to space. [...]
Blackberry Security and Encryption: Devil or Angel?
Published by July 7th, 2010 in Privacy, business, intelligence, interception, security and technology. 1 CommentBlackberry have good and bad reputation regarding his security capability, depending from which angle you look at it. This post it’s a summarized set of information to let the reader the get picture, without taking much a position as RIM and Blackberry can be considered, depending on the point of view, an extremely secure platform or [...]
Botnet for RSA cracking?
Published by June 30th, 2010 in Privacy, security and technology. 0 CommentsI read an interesting article about putting 1.000.000 computers, given the chance for a serious botnet owner to get it, to crack RSA. The result is that in such context attacking an RSA 1024bit key would take only 28 years, compared to theoretical 19 billion of years. Reading of this article, is extremely interesting because it gives [...]
Patent rights and opensource: can they co-exist?
Published by June 27th, 2010 in technology. 0 CommentsHow many of you had to deal with patented technologies? How many of the patented technologies you dealed with was also “secrets” in their implementation? Well, there’s a set of technologies whose implementation is open source (copyright) but that are patented (intellectual property right). A very nice paper about the topic opensource & patents that i suggest to [...]
China Encryption Regulations
Published by June 16th, 2010 in Privacy, business, cyberwarfare, intelligence, security and technology. 0 CommentsHi all, i found this very interesting paper on China Encryption Import/Export/Domestic Regulations done by Baker&Mckenzie in the US. It’s strongly business and regulatory oriented giving a very well done view on how china regulations works and how it may behave in future. Read here Decrypting China Encryption’s Regulations (form Bakernet website) .
The (old) Crypto AG case and some thinking about it
Published by June 7th, 2010 in cyberwarfare, intelligence, interception and security. 0 CommentsIn the ‘90, closed source and proprietary cryptography was ruling the world. That’s before open source and scientifically approved encrypted technologies went out as a best practice to do crypto stuff. I would like to remind when, in 1992, USA along with Israel was, together with switzerland, providing backdoored (proprietary and secret) technologies to Iranian government to [...]
Mobile Security talk at WHYMCA conference
Published by June 2nd, 2010 in Privacy, business, interception, security and technology. 0 CommentsI want to share some slides i used to talk about mobile security at whymca mobile conference in Milan.Read here my slides on mobile security . The slides provide a wide an in-depth overview of mobile security related matters, i should be doing some slidecast about it putting also audio. Maybe will do, maybe not, it [...]
iPhone PIN: useless encryption
Published by June 1st, 2010 in Privacy, security and technology. 0 CommentsI recently switched one of my multiple mobile phones with which i go around to iPhone. I am particularly concerned about data protection in case of theft and so started having a look around about the iPhone provided protection system. There is an interesting set of iPhone Business Security Features that make me think that iPhone is [...]
Exploit code against SecurStar DriveCrypt published
Published by May 25th, 2010 in Kudos, Privacy, security and technology. 0 CommentsIt seems that the hacking community somehow like to target securstar products, maybe because hacking community doesn’t like the often revealed unethical approach already previously described in this blog by articles and user’s comments. In 2004 a lot of accusation against Hafner of SecurStar went out because of alleged intellectual property theft regarding opensource codes such [...]
Quantum cryptography broken
Published by May 20th, 2010 in Privacy, interception, security and technology. 0 CommentsQuantum cryptography it’s something very challenging, encryption methods that leverage the law of phisycs to secure communications over fiber lines. To oversimplify the system is based on the fact that if someone cut the fiber, put a tap in the middle, and joint together the other side of the fiber, the amount of “errors” that will [...]
Because security of a cryptographic system it’s not a matter of “how many bits do i use” but using the right approach to do the right thing to mitigate the defined security risk in the most balanced way.
Encryption is not scrambling: be aware of scrambler!
Published by April 20th, 2010 in Privacy, security and technology. 0 CommentsMost of us know about voice scrambler that can be used across almost any kind of voice based communication technology. Extremely flexible approach: works everything Extreme performance: very low latency but unfortunately… Extremely weak: Scrambling cannot be considered secure. Only encryption can be considered secure under the Kerckoff’s principle . So please don’t even consider any kind of analog scrambler if [...]
SecurStar GmbH Phonecrypt answers on the Infosecurityguard/Notrax case: absolutely unreasonable! :-)
Published by February 1st, 2010 in Privacy, business, interception and technology. 0 CommentsUPDATE 20.04.2010: http://infosecurityguard.com has been disabled. Notrax identity became known to several guys in the voice security environments (cannot tell, but you can imagine, i was right!) and so our friends decided to trow away the website because of legal responsibility under UK and USA laws. UPDATE: Nice summary of the whole story (i know, it’s [...]
Evidence that infosecurityguard.com/notrax is SecurStar GmbH Phonecrypt – A fake independent research on voice crypto
Published by February 1st, 2010 in Privacy, business, interception and security. 7 CommentsBelow evidence that the security review made by an anonymous hacker on http://infosecurityguard.com is in facts a dishonest marketing plan by the SecurStar GmbH to promote their voice crypto product. I already wrote about that voice crypto analysis that appeared to me very suspicious. Now it’s confirmed, it’s a fake independent hacker security research by SecurStar GmbH, [...]
Dishonest security: The SecurStart GmbH Phonecrypt case
Published by February 1st, 2010 in Privacy, business, interception and security. 0 CommentsI would like to provide considerations on the concept of ethics that a security company should have respect to the users, the media and the security environment. SecurStar GmbH made very bad things making that infosecuriguard.com fake independent research. It’s unfair approach respect to hacking community. It’s unfair marketing to end user. They should not be tricking by [...]
About the SecurStar GmbH Phonecrypt voice encryption analysis (criteria, errors and different results)
Published by January 30th, 2010 in Privacy, business, interception, security and technology. 4 CommentsThis article want to clarify and better explain the finding at infosecurityguard.com regaring voice encryption product evaluation. This article want to tell you a different point of view other than infosecurityguard.com and explaining which are the rational with extensive explaination from security point of view. Today i read news saying: “PhoneCrypt: Basic Vulnerability Found in 12 out [...]
Licensed by Israel Ministry of Defense? How things really works!
Published by January 29th, 2010 in Privacy, cyberwarfare, intelligence, interception and security. 0 CommentsYou should know that Israel is a country where if a company need to develop encryption product they must be authorized by the government. The government don’t want that companies doing cryptography can do anything bad to them and what they can do of good for the government, so they have to first be authorized. Companies providing [...]
O3B Networks: a new satellite broadband approach
Published by January 26th, 2010 in technology. 0 CommentsThat’s something amazing, “other 3 billion” broadband coverage not trough fiber but trough satellite. A project where also google is one of the shareholder, covering 3 billion persons trough low orbit, low latency broadband (10GBit) satellite network. Check here technical infrastructure details on ITU website.
Location Based Services: the big brother thanks you ;-)
Published by December 1st, 2009 in Privacy, intelligence, interception and technology. 0 CommentsDo you use your iphone, google phone, blackberry or nokia smartphone with cool built-in GPS? Well law enforcement can now know even better where you are, at any time, even with historical data and much better than BTS based location systems. Sprint has given 8 million times customer’s GPS information to law enforcement (sound something like a [...]
Gold-Lock Security Encryption Contest: be careful!
Published by November 25th, 2009 in Privacy, cyberwarfare, intelligence and interception. 0 CommentsThis post is to talk about the “unfair” marketing approach of Gold-Lock, an israeli company doing mobile voice encryption authorized by Israeli Ministry of Defence . Following an announcement seen on Linkedin “Information Security Community” group: GoldLock is offering US$ 100.000 and a job for an unencryption GoldLock, an israeli encryption and security company [...]
Disk encryption sometimes ‘works’
Published by November 9th, 2009 in Privacy and cybercrime. 0 CommentsI am one of the person convinced that a computer disk encryption system will not protect you from public authorities if they are convinced enough and the case is very important. There are a lot of way to convince a person to release a password. However there’s a case in Australia where not revealing the disk password [...]
Political conflict in Turkey between Prosecutors and Wiretappers
Published by November 7th, 2009 in Privacy, intelligence and interception. 0 CommentsIt seems that in Turkey the Telecommunication Directorate (TIB), in charge of managing the wiretapping, intercepted the president of the Judge and Prosecutors Associations. Prosecutors and Judge usually does not like being tapped, and so the 1st High Criminal Court ordered an audit of all the recording done by the TIB since 2006. Read more here.
Hackers hacking hackers are always pretty fun. And I am not talking about ZF05 (which was cool reading, even if not as cool as ~El8 was), I am talking about this.
This is big business, this is the American way
Published by July 31st, 2009 in cybercrime, security and technology. 0 Comments43 years old “UFO eccentric” hacker Gary McKinnon just loses appeal against his extradition to the States for computer crimes he committed 7 years ago. If you’ve lived under a rock during the last few years what this dude did was basically break into .gov computers looking for UFO related material. Probably the last case of recreational [...]
Iphone jailbreaking crashing towers? FUD!
Published by July 30th, 2009 in business, security and technology. 0 CommentsIt’s interesting to read a news about an anti-jailbreaking statement by apple that say that with jailbreaked phones it may be possible to crash mobile operator’s towers: By tinkering with this code, “a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the [...]
1st august 2009: Switzerland start realtime internet interception
Published by July 21st, 2009 in cyberwarfare, intelligence, interception and security. 0 CommentsThe intelligence strength is increasing everywhere… also in Switzerland that had a well known privacy protection approach! Read the WikiLeaks Article
UAE government placing backdoors into Blackberry devices
Published by July 21st, 2009 in Privacy, cyberwarfare, intelligence, interception and security. 0 CommentsNice attempt to place backdoors inside Blackberry devices. It seems that UAE government wanted to do something nasty placing backdoors trough software upgrades in Etilsat (local mobile operator) blackberry devices, obviously with the cooperation of the mobile operator itself. Fortunately, the power of the security community discovered and unveiled the facts. Check it out. Etisat patch designed for [...]
Nokia World in Stuttgard 2-3 September
Published by July 11th, 2009 in business and technology. 0 CommentsEveryone who’s business is directly connected to mobile, aggregators, operators and generally speaking mobility application should really attend Nokia World where most of the world key people in the mobile business . It’s extremely interesting to see the evolution of the business models related to the Application Portals, how the mobile operators are changing their approach [...]
Saas business models growth a lot during the past few years and i personally appreciate it. No software to be installed, configured, maintained, service available when you needed with a early adoption time and most important reduction (or apparent reduction) of the total costs of ownership. I had few experience with SaaS business (as a customer) and [...]
Mobile platform hacking: worms and botnet from phones?
Published by July 7th, 2009 in security and technology. 0 CommentsThe hacking community is finally starting seriously auditing and hacking Symbian OS, even if it’s difficult, hard to work on, unpleasant to debug it . There are so many mobile operating systems (Symbian OS, Nokia S40, Windows Mobile, RIM OS, Mac OS X, Android/Linux, Brew) that a worm/virus being able to leverage a cross-platform vulnerability it’s [...]
The real goal of online marketing: lead generation
Published by July 7th, 2009 in business, management and technology. 0 CommentsOften i discuss about online marketing, however it include the mysterious “marketing” magic word that’s tipically subject to misunderstanding and misconception . The end goal of online marketing is to generate qualified leads coming from international markets. Some interesting links about it, and how things should be properly done are below: Online registrations into lead [...]
Voice encryption in government sectors
Published by July 6th, 2009 in Privacy, business, cyberwarfare, intelligence, interception and security. 0 CommentsI will make some in depth articles about how voice encryption really works in government environments. The open standards and open source still have to reach the military and government environments for what’s related to secure speech. To give you an idea of the complexity and kind of particular issues that exists, look at the USA 3G [...]
How the various audio compression codec sounds?
Published by July 6th, 2009 in technology. 0 CommentsYou know, we would not be able to use VoIP and have cheap international phone calls without audio compression codecs. It’s plenty of them, some royalty free, some patented by telco’s lobby (think that some patented and royalty-based codec it’s also a standard, where all market player have to pay the most aggressive one that acquired [...]
Voice Security and Privacy slides
Published by July 6th, 2009 in Privacy, intelligence and technology. 0 CommentsBelow my slides on voice security and privacy from Security Summit 2009. mmm, yes i am working in this area from 2005, will write again about it. 2009: Voice Security And Privacy (Security Summit – Milan) [...]
