cyberwarfare intelligence interception Privacy security

Licensed by Israel Ministry of Defense? How things really works!

29 January 2010 - 10:12 am

You should know that Israel is a country where if a company need to develop encryption product they must be authorized by the government.

The government don’t want that companies doing cryptography can do anything bad to them and what they can do of good for the government, so they have to first be authorized.

Companies providing interception and encryption must apply to a license because Israel law on this is so restrictive to be similar to china law.

That’s because those kind of technologies are considered fundamental for the intelligence and espionage capabilities of Israel country.

To give some example of “Licensed by Israel Ministry of Defense” companies:

GSM encryption products “Licensed by Israel Ministry of Defense” - Gold-lock

Interception of communication products “Licensed by Israel Ministry of Defense” - Verint

HF encrypted Radio “Licensed by Israel Ministry of Defense” - Kavit

Surveillance services and equipment “Licensed by Israel Ministry of Defense” - Multi Tier Solutions

For example how to apply for a “License by Israel Ministry of Defense” if you do encryption technologies in Israel?

Be sure to be an israeli company, click here and fill the forms.

Someone will contact you from encryption-control@mod.gov.il and will discuss with you whether to give you or not the license to sell.

What does the department of defense will require from an israeli company in order to provide them the authorization to make and sell interception and encryption products?

Well, what they want and what they really ask nobody knows.

It’s a secret dealing of Israel Ministry of Defense with each “licensed” company.

What we know for sure is that Verint, a “Licensed by Israel Ministry of Defense”, placed a backdoor to intercept companies and governments in the US and Netherland into the interception systems they was selling.

Verint, a Licensed by Israel Ministry of Defense Company, provided to Israel government eavesdropped communications of private and government users in the United States and in the Netherland .

CIA officier reported that Israel Ministry of Defense was known to pay Verint a reimbursement of 50% of their costs in order to have from Verint espionage services trough their commercial activity on selling “backdoored” interception equipment to spy foreign users.


It can be a legitimate doubt that the cooperation within the Israeli Ministry of Defense may be problematic for an Israeli company that want to sell interception and encryption product abroad.

Those companies may be forced to make the interests of Israel Ministry of Defense and not the interests of the customers (like Verint scandal is a real-world example).

So, how would a “Licensed by Israel Ministry of Defense” be a good things to promote?

It represent the risk that the “Israel Ministry of Defense”, like is publicly known that it has already have done with Verint, will interfere with what the company do.

It represent the risk that the “Israel Ministry of Defense” may reasonably provide “reimbursement” of costs paying the company and get what they would likely would like to get.

So, what does really “Israel Ministry of Defense” want from Israel companies doing encryption and interception technologies?

Should we ask ourself whether Israeli companies doing encryption and interception businesses are more interested to do business or to do “outsourced espionage services” for their always paying customer, the “Israel Ministry of Defense”.

For sure, in the age of financial crisis, the Israel Ministry of Defense is a paying customer that does not have budget problem…

Strict control, strict rules, strong government strategic and military cooperation.

Be careful.

If you want to read more about this matters, about how technologies from certain countries is usually polluted with their governments military and secret services strategies stay tuned as i am preparing a post about this .

You will much better understand about that subjects on the “Licensed by Israel Ministry of Defense”.

Tags , , , , | Comment (0)
technology

O3B Networks: a new satellite broadband approach

26 January 2010 - 9:59 pm

That’s something amazing, “other 3 billion” broadband coverage not trough fiber but trough satellite.

A project where also google is one of the shareholder, covering 3 billion persons trough low orbit, low latency broadband (10GBit) satellite network.

Check here technical infrastructure details on ITU website.

Tags | Comment (0)
business management

Index of economic freedom

21 December 2009 - 11:43 am

When looking at facts and figures about globalized world, the index of economic freedom is a nice tool to make proper considerations.

Tags , , , | Comment (0)
intelligence interception Privacy technology

Location Based Services: the big brother thanks you ;-)

1 December 2009 - 7:13 pm

Do you use your iphone, google phone, blackberry or nokia smartphone with cool built-in GPS?

Well law enforcement can now know even better where you are, at any time, even with historical data and much better than BTS based location systems.

Sprint has given 8 million times customer’s GPS information to law enforcement (sound something like a semi-automatic request).

Read here.

Nice extract is:

Sprint Nextel provided law enforcement agencies with its customers’ (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers.

The informations was provided at wiretapping and interception industry conference ISS WASH in Washingtown.

If you want see directly the video:


Sprint: 50 million customers, 8 million law enforcement GPS requests in 1 year from Christopher Soghoian on Vimeo.


Then you know that “big brother” is watching you only because you let him to watch you.

Tags , , , | Comment (0)
cyberwarfare intelligence interception Privacy

Gold-Lock Security Encryption Contest: be careful!

25 November 2009 - 2:56 pm

This post is to talk about the “unfair” marketing approach of Gold-Lock, an israeli company doing mobile voice encryption authorized by Israeli Ministry of Defence .

Following an announcement seen on Linkedin “Information Security Community” group:

GoldLock is offering US$ 100.000 and a job for an unencryption

GoldLock, an israeli encryption and security company is offering US$ 100.000 and a job to anyone capable to decrypt a cellular conversation contained in a file provided in their site ( https://www.gold-lock.com/app/en/?wicket:interface=:8 ::::).
The transcription must be sent back to GoldLock until February 1st, 2010.
The contest is open to all and any tools or technology may be used.
Good luck to all!!!

I commented:

Not having a public protocol specification is not even scientifically serious to make a marketing tricks like this.
I would say to gold-lock, let’s release the source code and let anyone compile the cryptographic engine if you trust not to to have something nasty inside… ;)

Toni Koivunen from F-secure said:

So… They will pay $100k if you get through the AES and the hassle with keys.
If someone would pull it off they would certainly make a truckload more money elsewhere. Plus they would retain the rights to the code/technology that they created, which isn’t the case if they go for the $100k since the License pretty clearly says that:
# An assignment letter to Gold Line, in a form satisfactory to Gold Line of your technology and the Work Plan (the “Technology”). Such assignment form shall enable Gold Line to transfer the rights on the Technology to Gold Line, including the right to register patents and all other rights.
# A release and waiver form, in a form satisfactory to Gold Line, duly executed by you and any other participant of any rights to the Technology.
Plus of course Gold Line retains the right to change the rules of the game with prior notice. Or needing to notify afterwards either.
Sounds fair :)

Michel Scovetta from Computer Associates said:

It sounds like the purpose of this is to get some cheap testing out of it, and to be able to say something like, “The best crypto experts in the world tried to break it, and were unable to.”

According to some of the docs on Gold Lock’s website, they use ECC-256 and a “modified DH key exchange” (which tingles my spidey senses), SHA-256, and then XOR for the actual data encryption. They use practically blasphemous language like, “Each component of the Gold Lock Enterprise solution is tested and proven secure against any conceivable attack.”

*Proven* secure? *Any conceivable* attack? Yikes!

In another doc on their site, they talk about their first layer relying on 1024-bit RSA. GoDaddy doesn’t even allow 1024-bit keys to be used anymore when generating $20 SSL certificates. They quote 300 billion MIPS-years to break, but if my math is correct, that comes down to about 52 days on the top supercomputer right now. Not trivial, but this is an offline attack, so time is on the side of the attacker.

The description then talks about the device generating 16k keys when you register the device. If the protocol is “secure”, then it should be “secure” with only a single key. If it’s not secure with a single key, then generating 16k keys could only make it 16k times more secure, which is far off from a proof of security.

I agree with Fabio - a fair contest would be to include source code and the cryptographic specification. Also, as other contests have proven (e.g. SecureWebMail), the weakest point isn’t usually the cryptography. It’s all of the other stuff, and it doesn’t look like any of it is being disclosed for the contest.

http://xkcd.com/538/

Mike

I would say that all those considerations from security experts from well known and established security companies bring us to consider that:

  • Gold-lock is not transparent on their encryption at all and they work trough bad practice of Security Trough Obscurity (no one know what’s inside the product)
  • Gold-lock is not playing a fair game by proposing this ‘security contest’
  • Gold-lock being certified by Israeli ministry of defence may raise doubt related to possible relationship with the intelligence… Read by post Certified by Israeli MInistry of Defense.

Voice security is a sensible matters and lacks of transparency and governmental relationship for cryptographic choices usually does not provide anything good…

Think about it…

Tags , , , | Comment (0)
security

Recuva: Nice windows data recovery tool

12 November 2009 - 1:10 pm

Not a professional tool but an easy, quick and free one.

If you just accidently deleted some files on windows or your employee leave the company deleting all his data, well that you get out from trouble quickly.

It also came out in a ‘portable’ version to be loaded from an usb stick drive.

Check Recuva recovery tool

Tags | Comment (0)
business management security

Military contractors going commercial

10 November 2009 - 11:48 am

Most military contractors are suffering from the restriction of government’s budgets for military expenses and are moving into commercial markets, still they have to adjust a lot of things.

Read here a nice analysis from rochtel on how military contractors should adapt their strategy.

Tags , | Comment (0)
cybercrime Privacy

Disk encryption sometimes ‘works’

9 November 2009 - 2:53 pm

I am one of the person convinced that a computer disk encryption system will not protect you from public authorities if they are convinced enough and the case is very important.

There are a lot of way to convince a person to release a password.

However there’s a case in Australia where not revealing the disk password resulted in a successful way to avoid going in jail:

Secret code saves man who spied on flatmates

My opinion is just that spying flatmates is not a so relevant and particular crime and that law enforcement did not used ‘convincing systems’ to get the password of encrypted disk.

UPDATE 29.06.2010: It also worked for Daniel Dantas against FBI .

Tags , , | Comment (0)
cyberwarfare intelligence security

Brazilian Electrical Blackout: preview of cyberwar

7 November 2009 - 3:44 pm

In 2005 and 2007 in Brazil million of people was targetted by a blackout.

Initially it appeared like an accident.

Now it’s known that was caused by a cyber attack against electricity control systems.

That was just a preview of what a cyber attack in a cyberwar means.

In near future we’ll probably see something like ‘virtual custom offices’ at internet borders, defining what get in and what get out like several “not so democratic” countries are doing.

Does the cyberwar will affect digital rights? Probably yes, even i hope not.

Tags | Comment (0)
intelligence interception Privacy

Political conflict in Turkey between Prosecutors and Wiretappers

7 November 2009 - 3:38 pm

It seems that in Turkey the Telecommunication Directorate (TIB), in charge of managing the wiretapping, intercepted the president of the Judge and Prosecutors Associations.

Prosecutors and Judge usually does not like being tapped, and so the 1st High Criminal Court ordered an audit of all the recording done by the TIB since 2006.

Read more here.

Tags , , , | Comment (0)
Uncategorized

Come back to blogging

7 November 2009 - 3:34 pm

I come back to blogging. Why i stopped my blogging trial period?

1st because being busy @work

2nd because my blogging software expired and i hate wordpress editor (i really need a blogging client for my own way of making information).

I use this software called Ecto that cost about 17 EUR and it’s pretty useful to keep blog post editing offline.

Comment (0)
business cybercrime security

Conventionality is not morality.

6 August 2009 - 8:43 pm

During my daily RSS OCD reading I had to deal with this article: it has been written by a “senior anti-virus researcher at Kaspersky Lab’s“. Talk about personal interest.

I wont comment on the practical implications of useless signature based AV’s and how cyber criminals will never need amateur-ish projects to carry on their malicious tactics.

But what is always interesting is watching the very same people who use billion dollar scare tactics to sell you a perfectly useless piece of software (which will give you a false sense of security, hence will make you more insecure), talking about ethics.

Comment (1)
interception security

Hackers Hacking Hackers

3 August 2009 - 1:22 pm

Hackers hacking hackers are always pretty fun.

And I am not talking about ZF05 (which was cool reading, even if not as cool as ~El8 was), I am talking about this.

Comment (0)
cybercrime security technology

This is big business, this is the American way

31 July 2009 - 3:26 pm

43 years old “UFO eccentric” hacker Gary McKinnon just loses appeal against his extradition to the States for computer crimes he committed 7 years ago.

If you’ve lived under a rock during the last few years what this dude did was basically break into .gov computers looking for UFO related material.

Probably the last case of recreational hacking I’ve heard about.

So his case is obviously going to be a classical “Strike one to educate one hundred” kind of message to every hacker attacking american computer systems: we can reach you everywhere you live and have you extradited to our country where we will sentence you to life in prison.

Unless you are a multi millionaire cyber criminal living in Russia or a chinese spy, of course.

Comment (0)
cybercrime cyberwarfare intelligence

Russia: the best worldwide place for cybercrime business

30 July 2009 - 11:44 am

Russia is a very beautiful place for any committed cybercrime business owner.

FBI and Mcafee are trying to do something, do they will ever succeed?

I don’t think so, it’s a political issue as russia is not going to extradite any cybercriminal and is not going to provide strong international cooperations.

Always remember that in Russia Business Network has been strongly suspected to had done cooperations with Russian government that leveraged in different occasion their power and skills.

Are russian politicians more interested to protect their cyber-warriors skills and activities or to provide international cooperation?

Quite easy to answer…

Tags , | Comment (0)
business security technology

Iphone jailbreaking crashing towers? FUD!

30 July 2009 - 9:14 am

It’s interesting to read a news about an anti-jailbreaking statement by apple that say that with jailbreaked phones it may be possible to crash mobile operator’s towers:

By tinkering with this code, “a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data,”

So fun, as the Baseband Processor interface of iPhone is precisely the same of Google android and all Windows Mobile powered devices:

Basically the operating system use AT commands (do you remember old hayes modem commands?) with additional parameters documented and standardized by 3GPP that let more deep (but not that much deep) interaction with the mobile networks.

Please note that those AT commands are standard and widely available on all phones and are the interface to the Baseband Processor.

On iPhone that’s the list of commands that an from apple point of view could let “a international hacker to crash the tower software” :

Undocumented commands on iPhone

Damn, those European anarchist of Nokia are providing publicly also their AT command sets, and are AVAILABLE TO ANYONE:

Nokia AT Commands

Oh jesus! Also the terrorist oriented Microsoft corporation let third party to use AT commands:

Windows Mobile AT Commands

It’s absolutely unacceptable that also RIM, canadian funky against USA, provide access to AT commands:

Blackberry AT commands

And it’s unbelivable to see that Google Android also document how the system speak to the Baseband Processor and find on forums that it’s ease to access it:

Google Android Basedband Processor

Not to speak to ALL other mobile manufactuer that use the very same approach and let any party to speak via AT commands to the baseband processor of the phone.

Is the baseband processor of iphone buggy and the AT&T tower software buggy so that it’s dangerous to let the user make experiment with it?

Probably yes, and so those are only excuse because the software involved are not robust enough.

Apple, be careful, you have the trust of your users because you are apple you always have done things for the user advantages.

Users does like telephone companies that are huge lobbies that try to restrict and control users as much as possible.

If you, Apple, start behaving like a phone company users will not trust you anymore.

Be careful with FUD statements.

Tags , , | Comment (0)
business cybercrime cyberwarfare management

chinese espionage: the worst and more silent threat for western countries

27 July 2009 - 10:03 pm

Hi all,

in the past few years i saw an incredible increase in the amount of “public” news about espionage against different western countries and usually coming from far-east, typically china.

China want to be the largest economic power within 2020 and it’s following a grow rate of 8% per year. Their “controlled” capitalism without the inefficiency of the democracy it’s something that’s beating the western countries, less efficient because democratic.

China, in order to quickly grow it’s R&D capacity make an extensive use of espionage, it’s estimated that Chinese government have more than 1.000.000 intelligence agents worldwide.

And they know how to do espionage, their “spy” does not cost that much like western countries’ spy, less guarantee, less payments.

Also they are using cyber espionage as an important source of information and competitiveness against western countries companies and government R&D results. China is so un-cooperative that now also western countries spying each other, or even Russian, use chinese internet space as the “start base” for their internet based espionage activities.

I knew of a USA phisher that used to build it’s own trojan with a chinese version of Windows Xp with a chinese version of the Microsoft Visual Studio development suite. Why? For information deception, in order to tweak the forensics effort of the FBI analyst and have them think that it’s own attacks was coming from China!

Any investigators that see an attack coming from china typically think “oh shit, it comes from china, we’re lost”, and now even cybercrime use China like a far-west, untouchable base for cyber attacks.

Back tracing attacks coming from china it’s like trying to find out what’s inside a black hole, it’s a one-way trip and no information comes back.

To give better an idea of what i am speaking about just get the following list of reference:

Germany accuses China of industrial espionage

Chinese trainee goes on trial as French industry fears espionage

U.S. Vulnerable to Chinese Cyber Espionage

Massive Chinese Espionage Network

Cyber Spy Network Also Targetting Finland

How do the western countries defend themself?

That’s a nice points to speak about because there’s no simple way to defend against espionage other than considering it like a serious and concrete threat.

Governments should be able to get more understanding that their approach to informations systems and information security policy must not only exists on paper but also be applied everywhere in order to be effective. Governments are complex organizations and only a few are enough smart to be able to quickly and efficiently make security policies really be implemented organization-wide. But they are trying to, especially the most competitive ones like USA, UK and Germany .

Companies instead should acquire awareness of the problem that is present, available, concrete as concrete is the chance that someone enter into the offices to steal good (not for espionage). For that reason companies place alarm systems, access control with badge, camera monitoring systems.

But espionage does not mean fighting and protecting against poor thieves but instead against more sophisticated, either technically and socially, attacker that can use old school intelligence techniques always effective. Getting employed and stealing information while working. Simulate to be customers to establish a link trust with a salesman and then find a reason to let him execute some malicious software “hey, but my modellization software demostrate that your model used to measure the performance of your product it’s not the one you advertised. Check it out, see your self with the software we used!”. What do you think the salesman will do in order to catch the prospect customer?

Only awareness, knowledge about the issues can make such risk to be considered seriously.

Governments should provide financing to industrial associations, chamber of commerces and similar agencies in order to make such awareness national wide and let entrepreneurs became conscious and became prepared to recognize, identify and stop espionage activities.

The law perspective

Governments should strenghten their laws in order to be able have the required rights tools to enforce the protection from espionage.

Look at the analysis made by my smart cousin Angelo Pietrosanti on espionage “Is the European R&D Equally protected from espionage as in the US R&D?”

Country Civil Sanction against trade secret threat Criminal Sanction against trade secret threat Year of last modificationg
USA 5 mln $ up to 10(for domenistic) or 15 (for foreigners) Years of Jail 1996 (Economic Espionage Act)
Germany YES up to 3 Years of Jail 1986
France 0.03 mln $ up to 2 Years of Jail 1992
UK YES NO 1984
Italy YES up to 2 Years of Jail 1942
Switzerland YES up to 3 Years of Jail 1986
Finland YES up to 3 Years of Jail 1990
Sweden YES up to 6 Years of Jail 1990
The Netherlands YES up to 4 Years of Jail 1992

What this table show?

  • Outdated law (except USA)
  • Not so serious sanctions against espionage activities. (except USA)

Maybe some european policy on this could help.

In conclusion

We are in an economic war where the winner is not the one having more forces, but the one being more technologically advanced, and economically clever.

Chinese are demonstrating to be enough aggressive and clever, will the western countries be able to react both on the defense and the attack in this war?

Tags , , , , | Comment (0)
business cybercrime

Criminal business model: Somali pirate case study

27 July 2009 - 10:00 pm

Hi all,

this blog post is to have a nice economical point of view on somali pirates business model, something nice as also crime is a business and need it’s business evaluation:

An economic Analysis of Somali Pirates Business Model

It sounds much like a great deal, check it out the details:

The attack model and costs

The negotiation phase (Offer and Counter offer)

The resolution

And for the pleasure of home gamer, Cuttrhouat Capitalism: the game

Tags , | Comment (0)
Uncategorized

Letter from a suicide hackers

27 July 2009 - 9:51 pm

The concept of freedom of an hacker, killing himself not to loose the most important value of his life.

Read there

Tags , | Comment (0)
cyberwarfare intelligence interception security

1st august 2009: Switzerland start realtime internet interception

21 July 2009 - 2:27 pm

The intelligence strength is increasing everywhere… also in Switzerland that had a well known privacy protection approach!

Read the WikiLeaks Article

Tags , , | Comment (0)
cyberwarfare intelligence interception Privacy security

UAE government placing backdoors into Blackberry devices

21 July 2009 - 2:25 pm

Nice attempt to place backdoors inside Blackberry devices.

It seems that UAE government wanted to do something nasty placing backdoors trough software upgrades in Etilsat (local mobile operator) blackberry devices, obviously with the cooperation of the mobile operator itself.

Fortunately, the power of the security community discovered and unveiled the facts. Check it out.

Etisat patch designed for surveillance

Wired magazine: Blackberry spies

Security exists only with transparency.

Tags , , , | Comment (0)
cyberwarfare intelligence

Chinese Spying NSA/USA buying Cryptographic Equipment on Ebay

12 July 2009 - 9:14 pm

It’s amazing.

A chinese guy has been engaged within an espionage activity for the People’s Republic of China buying and exporting cryptographic equipments, radio and other secure hardware on eBay.

It’s unbelivable, read there, Chi Tong Kuok found on eBay:

  • 1 software for a VDC-300 airborne data controller, used for secure satellite communications from the American military aircraft
  • 1 GPS receiver with anti-spoofing defence (maybe there’s interested in understanding how this know that a packet is spoofed or not? Me too!)
  • 1 NSA developed AN/CYZ-10 crypto key management device
  • 2 PRC-148 handheld digital military radios
  • 1 KG-175 TACLAN, an NSA designed encryption device used to communicate with classified military computer networks, such as Defense Department’s SIPRNet (Secret Internet Protocol Router Network) .

It’s important to underline that good crypto should not require “secret methods” as the security methods should be secure even if revealed, like any cryptographic technology.

But chinese probably understood that this is not the approach of NSA that prefer using custom, self-made, self-analyzed cryptographic technologies that are probably a lot weaker than nowadays cryptographic standards.

So, why not buy some export restricted military secure technology on ebay?


Tags , | Comment (1)
business technology

Nokia World in Stuttgard 2-3 September

11 July 2009 - 3:46 pm

Everyone who’s business is directly connected to mobile, aggregators, operators and generally speaking mobility application should really attend Nokia World where most of the world key people in the mobile business .

It’s extremely interesting to see the evolution of the business models related to the Application Portals, how the mobile operators are changing their approach to the market, the increasing of value added services related to mobile industry.

And the most important things is, the mobile operators will be able to became financial operators to really provide mobile payment systems integrated into any day digital life?

And if this will happen, how the manufacturer and operating system provider will play this game?

Tags , | Comment (0)
business technology

Saas: is the end of the myth?

10 July 2009 - 7:00 am

Saas business models growth a lot during the past few years and i personally appreciate it.

No software to be installed, configured, maintained, service available when you needed with a early adoption time and most important reduction (or apparent reduction) of the total costs of ownership.

I had few experience with SaaS business (as a customer) and i have to say that the following Gartner Group analysis on SaaS businesses imho tell you the truth only for half of statements:

  • There is always a partial integration issue (not all systems are so flexible to really integrate into your business like you would like)
  • There is often a lacks of the technical requirements needed by the specific business case
  • I DO NOT agree that there is a barrier in the costs, as SaaS usually let you start spending only a few. However it’s true that while doing the deployment you should be more conservative in the usage of features and items (es: I am using for my company a hosted VoIP PBX system, we pay for each extension we add. We don’t have test extension or extensions that are not strictly needed because it costs. When we had an internal VoIP PBX system, we was plenty of test extension. This slightly increase some complexity in maintenance and deployment, even if the total cost of maintenance is a lot lower than an internal system to be managed.

So we can assume that Saas it’s for most but not for all, especially if the need of customizations for the very specific business needs are relevant.

An in depth analysis and testing has to be carried on, in order to discover all the limits of the solution, on functionalities and pricing, to really discover if the specific solution fit the business need.

Tags , | Comment (0)
business management

Best advices by world leaders

10 July 2009 - 6:36 am

Today i found a very nice set of 22 ‘best advices’ on Fortune coming from world leaders and i would really like to link there some of the most interesting ones (at least for me).

I think that those suggestion let you work and manage your projects and goals (in any situation you play a leadership role, being business or personal stuff) in a proper, rational and effective way.

Colin Powel: Focus on performance, not power

Jim Sinegal: Show, don’t tell

Mort Zuckerman: Do what you love

Meredith Whitney: Always set realistic goals

Lauren Zalaknick: Listen (others opinion)  

Robin Li: Underpromise and overdelivery (while running a company)

Mika Brzezinski: Use failure to motivate yourself

Tags , | Comment (0)
security technology

Mobile platform hacking: worms and botnet from phones?

7 July 2009 - 8:33 am

The hacking community is finally starting seriously auditing and hacking Symbian OS, even if it’s difficult, hard to work on, unpleasant to debug it .

There are so many mobile operating systems (Symbian OS, Nokia S40, Windows Mobile, RIM OS, Mac OS X, Android/Linux, Brew) that a worm/virus being able to leverage a cross-platform vulnerability it’s just a theory.

Trusted computing platforms, security model of J2ME Java only phones (like RIM and S40), digital signature everywhere are all tools that make massive hacking on mobile platform really difficult.

It’s difficult and costly to develop on mobile platforms, it’s difficult and costly too doing hacking on that platforms.

Still look at a very nice achievement of paper from SEC Consult called Pwning Nokia phones (and other Symbian based smartphones) .

Can we expect future worms or botnet on mobile? I don’t expect so, too many different OS with hard-to-beat security model.

And even if a worm would be able to penetrate a single mobile paltform bugs, mobile operators would be able to block it very quickly (compare how many GSM/UMTS operator exists compared to Internet Service Provider?).

Tags , | Comment (0)
business management technology

The real goal of online marketing: lead generation

7 July 2009 - 7:57 am

Often i discuss about online marketing, however it include the mysterious “marketing” magic word that’s tipically subject to misunderstanding and misconception .

The end goal of online marketing is to generate qualified leads coming from international markets.

Some interesting links about it, and how things should be properly done are below:

I would really like to see an effective leverage of online techniques and tools as the main interface and providers of information, the main pre-sales agent of the company explaining almost everything required to get back a qualified lead.

Tags , , | Comment (0)
business cyberwarfare intelligence interception Privacy security

Voice encryption in government sectors

6 July 2009 - 11:02 pm

I will make some in depth articles about how voice encryption really works in government environments.

The open standards and open source still have to reach the military and government environments for what’s related to secure speech.

To give you an idea of the complexity and kind of particular issues that exists, look at the USA 3G Wireless Security: A Government Perspective and the A Waveform Architecture to Support Security and Interoperability in Multi-National Wireless Networks for Tactical Communication .

They are using so-custom protocols like Secure Communications Interoperability Protocol that require the use of patented MELPe ultra-narrowband codec that there’s not a real market of application and equipment using this. Only a small elite of government controlled companies from few countries manage this de-facto lobby.

Should we change this bringing open standards also to government sectors?

Tags , , , | Comment (0)
business management

Product Management

6 July 2009 - 10:50 pm

You know, product management it’s a job for half-fish, half-meat guys, that understand both business needs and technology issues.

I found two amazing and very well done presentations about it, i suggest to read it as it clarify a lot of things of the marketing and technical activities applied to the management of products inside companies to reach the market.

The strategic Role of Product Management

Very in depth presentation. Ask yourself, do you know what’s the differences between marketing and promotions, sales, advertising? How to really manage the core of the company, the product?

Strategic Role - Product Management

View more presentations from Afzal Khan.

Product Management for BrainMates

Very smooth presentation going to the point: A product is the tiny overlap between the needs of a business, the aspirations of it’s development team and the unsatisfied desires of the customer.

Product Management For Brainmates

View more presentations from Alan Jones.
Tags , | Comment (0)
intelligence

Women as agents of future geopolitical changes

6 July 2009 - 10:39 pm

Nice to read about Global Trends 2025 from United States National Intelligence Council.

Tags , | Comment (0)
technology

How the various audio compression codec sounds?

6 July 2009 - 10:36 pm

You know, we would not be able to use VoIP and have cheap international phone calls without audio compression codecs.

It’s plenty of them, some royalty free, some patented by telco’s lobby (think that some patented and royalty-based codec it’s also a standard, where all market player have to pay the most aggressive one that acquired the patent while defining the standards).

However, there is a nice collection from vocal, to understand how they sounds.

Tags | Comment (0)
cybercrime cyberwarfare intelligence

Hackers hired from UK Office of Cyber Security

6 July 2009 - 10:25 pm

It seems that in UK the management became illuminated, they discovered that the most efficient way to fight a cyber war is to hire soldier that play in the battlefield everyday, only for passion.

U.K. Employs ‘Naughty Boys’ to Battle Other Hackers U.K. Employs ‘Naughty Boys’ to Battle Other Hackers

Tags , , , | Comment (0)
intelligence Privacy technology

Voice Security and Privacy slides

6 July 2009 - 10:15 pm

Below my slides on voice security and privacy from Security Summit 2009.

mmm, yes i am working in this area from 2005, will write again about it.

2009: Voice Security And Privacy (Security Summit - Milan)

sux

Tags , , , | Comment (0)

« Previous Page

« Previous Page