As most of this blog reader already know, in past years there was a lot of activities related to public research for GSM auditing and cracking. However when there was huge media coverage to GSM cracking research results, the tools to make the cracking was really early stage and still very inefficient. Now Frank Stevenson , norwegian [...]
Archive for the 'technology' Category
GSM cracking in penetration test methodologies (OSSTMM) ?
Published by July 23rd, 2010 in Privacy, intelligence, interception, security and technology. 2 Comments
Snake-oil security claims on crypto security product
Published by July 19th, 2010 in Privacy, business, management, security and technology. 3 CommentsSecurity market grow, more companies goes to the market, but how many of them are taking seriously what they do? You know, doing security technology mean that you are personally responsible for the protection of the user’s information. You must make them aware of what they need, exactly what your are doing and which kind of [...]
Web2.0 privacy leak in Mobile apps
Published by July 17th, 2010 in Privacy, intelligence, security and technology. 0 CommentsYou know that web2.0 world it’s plenty of leak of any kind (profiling, profiling, profiling) related to Privacy and users starts being concerned about it. Users continuously download applications without knowing the details of what they do, for example iFart just because are cool, are fun and sometime are useful. On mobile phones users install [...]
AES algorithm selected for use in space
Published by July 8th, 2010 in Privacy, security and technology. 0 CommentsI encountered a nice paper regarding analysis and consideration on which encryption algorithm it’s best suited for use in the space by space ship and equipments. The paper has been done by the Consultative Committee for Space Data Systems that’s a consortium of all space agency around that cumulatively handled more than 400 mission to space. [...]
Blackberry Security and Encryption: Devil or Angel?
Published by July 7th, 2010 in Privacy, business, intelligence, interception, security and technology. 1 CommentBlackberry have good and bad reputation regarding his security capability, depending from which angle you look at it. This post it’s a summarized set of information to let the reader the get picture, without taking much a position as RIM and Blackberry can be considered, depending on the point of view, an extremely secure platform or [...]
Botnet for RSA cracking?
Published by June 30th, 2010 in Privacy, security and technology. 0 CommentsI read an interesting article about putting 1.000.000 computers, given the chance for a serious botnet owner to get it, to crack RSA. The result is that in such context attacking an RSA 1024bit key would take only 28 years, compared to theoretical 19 billion of years. Reading of this article, is extremely interesting because it gives [...]
Patent rights and opensource: can they co-exist?
Published by June 27th, 2010 in technology. 0 CommentsHow many of you had to deal with patented technologies? How many of the patented technologies you dealed with was also “secrets” in their implementation? Well, there’s a set of technologies whose implementation is open source (copyright) but that are patented (intellectual property right). A very nice paper about the topic opensource & patents that i suggest to [...]
China Encryption Regulations
Published by June 16th, 2010 in Privacy, business, cyberwarfare, intelligence, security and technology. 0 CommentsHi all, i found this very interesting paper on China Encryption Import/Export/Domestic Regulations done by Baker&Mckenzie in the US. It’s strongly business and regulatory oriented giving a very well done view on how china regulations works and how it may behave in future. Read here Decrypting China Encryption’s Regulations (form Bakernet website) .
Mobile Security talk at WHYMCA conference
Published by June 2nd, 2010 in Privacy, business, interception, security and technology. 0 CommentsI want to share some slides i used to talk about mobile security at whymca mobile conference in Milan.Read here my slides on mobile security . The slides provide a wide an in-depth overview of mobile security related matters, i should be doing some slidecast about it putting also audio. Maybe will do, maybe not, it [...]
iPhone PIN: useless encryption
Published by June 1st, 2010 in Privacy, security and technology. 0 CommentsI recently switched one of my multiple mobile phones with which i go around to iPhone. I am particularly concerned about data protection in case of theft and so started having a look around about the iPhone provided protection system. There is an interesting set of iPhone Business Security Features that make me think that iPhone is [...]
Exploit code against SecurStar DriveCrypt published
Published by May 25th, 2010 in Kudos, Privacy, security and technology. 0 CommentsIt seems that the hacking community somehow like to target securstar products, maybe because hacking community doesn’t like the often revealed unethical approach already previously described in this blog by articles and user’s comments. In 2004 a lot of accusation against Hafner of SecurStar went out because of alleged intellectual property theft regarding opensource codes such [...]
Quantum cryptography broken
Published by May 20th, 2010 in Privacy, interception, security and technology. 0 CommentsQuantum cryptography it’s something very challenging, encryption methods that leverage the law of phisycs to secure communications over fiber lines. To oversimplify the system is based on the fact that if someone cut the fiber, put a tap in the middle, and joint together the other side of the fiber, the amount of “errors” that will [...]
Because security of a cryptographic system it’s not a matter of “how many bits do i use” but using the right approach to do the right thing to mitigate the defined security risk in the most balanced way.
Encryption is not scrambling: be aware of scrambler!
Published by April 20th, 2010 in Privacy, security and technology. 0 CommentsMost of us know about voice scrambler that can be used across almost any kind of voice based communication technology. Extremely flexible approach: works everything Extreme performance: very low latency but unfortunately… Extremely weak: Scrambling cannot be considered secure. Only encryption can be considered secure under the Kerckoff’s principle . So please don’t even consider any kind of analog scrambler if [...]
SecurStar GmbH Phonecrypt answers on the Infosecurityguard/Notrax case: absolutely unreasonable! :-)
Published by February 1st, 2010 in Privacy, business, interception and technology. 0 CommentsUPDATE 20.04.2010: http://infosecurityguard.com has been disabled. Notrax identity became known to several guys in the voice security environments (cannot tell, but you can imagine, i was right!) and so our friends decided to trow away the website because of legal responsibility under UK and USA laws. UPDATE: Nice summary of the whole story (i know, it’s [...]
About the SecurStar GmbH Phonecrypt voice encryption analysis (criteria, errors and different results)
Published by January 30th, 2010 in Privacy, business, interception, security and technology. 4 CommentsThis article want to clarify and better explain the finding at infosecurityguard.com regaring voice encryption product evaluation. This article want to tell you a different point of view other than infosecurityguard.com and explaining which are the rational with extensive explaination from security point of view. Today i read news saying: “PhoneCrypt: Basic Vulnerability Found in 12 out [...]
O3B Networks: a new satellite broadband approach
Published by January 26th, 2010 in technology. 0 CommentsThat’s something amazing, “other 3 billion” broadband coverage not trough fiber but trough satellite. A project where also google is one of the shareholder, covering 3 billion persons trough low orbit, low latency broadband (10GBit) satellite network. Check here technical infrastructure details on ITU website.
Location Based Services: the big brother thanks you ;-)
Published by December 1st, 2009 in Privacy, intelligence, interception and technology. 0 CommentsDo you use your iphone, google phone, blackberry or nokia smartphone with cool built-in GPS? Well law enforcement can now know even better where you are, at any time, even with historical data and much better than BTS based location systems. Sprint has given 8 million times customer’s GPS information to law enforcement (sound something like a [...]
This is big business, this is the American way
Published by July 31st, 2009 in cybercrime, security and technology. 0 Comments43 years old “UFO eccentric” hacker Gary McKinnon just loses appeal against his extradition to the States for computer crimes he committed 7 years ago. If you’ve lived under a rock during the last few years what this dude did was basically break into .gov computers looking for UFO related material. Probably the last case of recreational [...]
Iphone jailbreaking crashing towers? FUD!
Published by July 30th, 2009 in business, security and technology. 0 CommentsIt’s interesting to read a news about an anti-jailbreaking statement by apple that say that with jailbreaked phones it may be possible to crash mobile operator’s towers: By tinkering with this code, “a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the [...]
Nokia World in Stuttgard 2-3 September
Published by July 11th, 2009 in business and technology. 0 CommentsEveryone who’s business is directly connected to mobile, aggregators, operators and generally speaking mobility application should really attend Nokia World where most of the world key people in the mobile business . It’s extremely interesting to see the evolution of the business models related to the Application Portals, how the mobile operators are changing their approach [...]
Saas business models growth a lot during the past few years and i personally appreciate it. No software to be installed, configured, maintained, service available when you needed with a early adoption time and most important reduction (or apparent reduction) of the total costs of ownership. I had few experience with SaaS business (as a customer) and [...]
Mobile platform hacking: worms and botnet from phones?
Published by July 7th, 2009 in security and technology. 0 CommentsThe hacking community is finally starting seriously auditing and hacking Symbian OS, even if it’s difficult, hard to work on, unpleasant to debug it . There are so many mobile operating systems (Symbian OS, Nokia S40, Windows Mobile, RIM OS, Mac OS X, Android/Linux, Brew) that a worm/virus being able to leverage a cross-platform vulnerability it’s [...]
The real goal of online marketing: lead generation
Published by July 7th, 2009 in business, management and technology. 0 CommentsOften i discuss about online marketing, however it include the mysterious “marketing” magic word that’s tipically subject to misunderstanding and misconception . The end goal of online marketing is to generate qualified leads coming from international markets. Some interesting links about it, and how things should be properly done are below: Online registrations into lead [...]
How the various audio compression codec sounds?
Published by July 6th, 2009 in technology. 0 CommentsYou know, we would not be able to use VoIP and have cheap international phone calls without audio compression codecs. It’s plenty of them, some royalty free, some patented by telco’s lobby (think that some patented and royalty-based codec it’s also a standard, where all market player have to pay the most aggressive one that acquired [...]
Voice Security and Privacy slides
Published by July 6th, 2009 in Privacy, intelligence and technology. 0 CommentsBelow my slides on voice security and privacy from Security Summit 2009. mmm, yes i am working in this area from 2005, will write again about it. 2009: Voice Security And Privacy (Security Summit – Milan) [...]
