ArchivesQuicksearchJoin our Google GroupPoll boxAre you planning to obtain a security certification in 2008?
Archives StatisticsLast entry: 2008-04-30 08:11
89 entries written
57 comments have been made
Top Referrersallmuzz.com (4581)
mp3leben.com (1274) lyrics-catalog.com (644) www.google.com.mt (4) www.smartcity.ae (3) search.yahoo.com (2) www.google.com (2) search.live.com (1) www.example.com (1) www.google.co.uk (1) |
Home | Contact Us
Wednesday, April 30. 2008Wireless modem considerations
Unfortunately one other reality is that a number of ISP's install wireless modems without setting up any sort of security. What's worse is that if the client doesn't speak up - they don't quite advise the customer of what could be at risk. Basically as long as your laptop/device successfully connects to the wireless LAN that is setup up for you, they're out of there. SOO - this is where we come in to offer some advice. If you connect to your wireless router without a password, its time to get hold of a technician who knows his business and set up some security on it. That's not all... Recent developments published by Petko D. Petkov reveal some pretty nasty things an attacker can do to Thomson Speedtouch wireless modems - which is what a lot of us Maltese people have at home to connect to the internet. Thanks to a friend of mine who first pointed out the article above, it is now possible that if an attacker sees your default network name (SSID) then it would be possible for him to crack your default password and use your internet connection. Therefore here are some healthy tips you could pass onto your technician if you're not confident to set them yourself. Use WPA2 encryption rather than WEP/WPA. Note that this will affect usage of early PDA's wireless and even computers with Windows XP. In fact you will need to download a patch for Windows XP to use WPA2. Also certain old wireless adapters (802.11b) might not have updated drivers, so do your homework to see if your adapter can use WPA2 before you start changing anything.
Change the default name of your router to something else. Invent an name.
If you don't have a password - PUT ONE. If the router is using a default password, its a good idea to change it unless you don't mind sharing your internet conenction with your neighbours. Continue reading " Wireless modem considerations"Sunday, April 20. 2008Thursday, April 17. 2008Tuesday, April 15. 2008Tuesday, April 15. 2008Businesses: Top 10 security threats to watch out for
There are lots of ways business networks can be compromised, and more are developing all the time.
They range from technology exploits to social engineering attacks, and all can compromise corporate data, reputation and the ability to conduct business effectively. Since we all like lists  here are 10 such threats and some suggestions on what to do about them.1. Virtual host security Read the full-article and grab the details here. Take a look at the NSA's published 10 best security practices.  Wednesday, April 9. 2008Thursday, March 27. 2008Blackhat Europe + Twitter [Sandro] Just a quick notice - If anyone's interested in what's going on @ Blackhat Europe, I'm posting quick notes on my twitter account. http://twitter.com/sandrogauci [Donald] So we're back from Black Hat and the cold Dutch weather and I must admit that overall the amount of cool stuff that goes on during the conference overwhelmed me. More than the presentations (which hook you in themselves) - it was the people that we met and socialized with in the evenings. Amsterdam city is a great city for the urban runner - a must visit if you enjoy hectic run-arounds. Fine restaurants and lots of good company. On the other hand, if you're a bit like me, I would tend to go for a more relaxed area - nevertheless (I'm not complaining) - I loved it and would definitely jump at the opportunity to go there again next year. Wednesday, March 19. 2008Wednesday, March 19. 2008Wednesday, February 27. 2008Wednesday, February 27. 2008Safer internet campaign launched We acclaim another step in the right direction, in line with the scope of http://maltainfosec.org In a bid to combat cyber exploitation of children, IT Minister Austin Gatt yesterday announced an intensive awareness campaign as students marked Safer Internet Day. Echoing a post on the Times of Malta 27th Feb 2008 Thursday, February 21. 2008Thursday, February 14. 2008Wednesday, February 13. 2008PassPack and why it does not work
Note: We posted a followup on this.
 PassPack is a new service that addresses the ever growing problem of passwords. PassPack is an online password manager for people who travel or change computers often. Unlike other password managers, PassPack is available 24/7 via internet, nothing to download or install. Great! Problem solved. But how do they achieve this? With AES encryption (the same as used by the US Government) and an SSL Secure Connection, your data travels safely over the internet. But let's suppose a hypothetical "bad-guy" gets into our servers, all he'd find would be a bunch of illegible data (not even PassPack can read your data). What caught my eye was the part where they state that not even PassPack can read your data, which reminded me of the Hushmail incident. The free secure email service makes claims that: By using Hushmail, you can be assured that your data will be protected from that kind of broad government surveillance. Which is simply not the case. In fact later on in their FAQ, Hushmail have a section which explains that they have to comply with the law just like everyone else. Same with PassPack - the encrypted data on their servers cannot be accessed off their servers without the password. The problem is that, if need be, PassPack is able to read your password and then use it to decrypt your information. So what about the other claims?
Well - not today's loggers! Nowadays, both commercial and underground/malware keyloggers support screen capturing. This means that if you are in an internet cafe, there always is the chance that not only are your keystokes monitored, but also your all your activity on the computer, including screen captures and mouse clicks. But it is not all bad - I do like PassPack's idea of tackling the problem of multiple passwords. Some of the features that they offer are also pretty interesting such as the "Anti-Phishing Welcome Message". While this is not nothing new and Yahoo and others have been using such features, it is good to see them more widespread. However, as you might have guessed, I won't be handing out my google, hotmail or amazon passwords to PassPack. Wednesday, February 13. 2008Humor: Microsoft vs Google
On February 1st, 2008 Microsoft offered $44.6 billion for Yahoo. A truly desperate attempt to catch Google.
 Source: http://eatliver.com/i.php?n=2801
Thursday, February 7. 2008EU twinning agreement in information security
As reported on MaltaMedia Dec 27,2007
 In June 2005 Malta, as a Beneficiary Country, signed a Twinning Agreement entitled Capacity Building Programme in Information Security with the United Kingdom, as a European Union Member State for a period of 28 months. The project implementation was entrusted to Malta Information Technology and Training Services Ltd (MITTS Ltd) as the Government’s designated INFOSEC Authority under the direction and guidance from the Ministry for Investment, Industry and Information Technology (MIIIT). The UK Twinning Partner was entrusted to Northern Ireland Public Sector Enterprises (NI-CO) in conjunction with QinetiQ Ltd which is an international defence and security company. The purpose of this Twinning Agreement was to increase the understanding and facilitate the implementation of the EU Council Security Regulations 2001/264/EC issued on the 19th of March 2001 and to support Information Security measures in the Government of Malta Public Service to enable adherence to these regulations, which is a compulsory condition for all the Member States and thus of the Acquis Communautaire. In this light the project saw to the basic, advanced and specialised training of officials in the Public Service, government agencies and entities in particular areas related to Network Security, Wireless Security and Digital Forensics. Study visits were organised for Maltese personnel to travel to various European countries to view operational security processes in practice with the aim of sharing good practices and acquire knowledge from other EU Member States. The Twinning Agreement came to an end in October 2007 and has been mainly financed by the European Union. The full article can be read here. Thursday, February 7. 2008Truecrypt version 5 out!
The new truecrypt supports full disk encryption with preboot authentication - yay for the truecrypt team! Another feature that I have personally been waiting for was Mac OS X support. Since OS X support had been on the to do list for such a long time, thanks to the OS X Crypt guys for showing that it is possible to have Truecrypt for mac
 Check out whats new here. For an instructional video go here. Tuesday, February 5. 2008How to buy and sell on eBay scam-free Have you been ever scammed on eBay? If so, read on... Ask eBay users about auction fraud and payment scams, and you'll hear different stories with the same theme: While eBay can be a great marketplace, both buyers and sellers need to beware. Continue reading "How to buy and sell on eBay scam-free" Tuesday, February 5. 2008Myths, Fads and False Economies
For those of you wondering what the title is on about, I invite you download this PDF presentation (E. H. Spafford 2001, 2002) and you'll know exactly what it refers to.
 Albeit rather outdated, this 26 page presentation by the Center for Education and Research in Information Assurance and Security (CERIAS) talks about valid myths and misconceptions that these days still surround us. After presenting a (humorous) pictorial time-line of the evolution of computers, he talks some of the causes of security problems, followed by their effect and a bunch of myths that we somehow are lead to believe. In that so, he then continues to explain the reality of things the way they actually are. How about security expertise? Spafford again shows us the reality of things amidst general misconceptions that continue to float around us. Still valid today --- Spafford concludes with the following points which we acclaim - Security is an unattainable absolute. Like I very often like to evangalise during security awareness sessions I hold from time-to-time, hopefully we are now a bit more aware that... - Security is not simple. Monday, January 28. 2008Top 10 cyber threats for 2008 - from SANS Institute SANS, a US-based educational body lists the 10 most dangerous cyber threats. The list reveals growing technical expertise and professionalism among hackers acting for financially or politically motivated paymasters. IT bosses need to respond by setting up cyber defenses in depth, limiting access to information on a need-to-know basis, and educating users." - Said Timothy Mullen, vice-president of consulting services at UK-based NGS Software. Definitely, attackers are targeting popular, trusted websites where users have an expectation of effective security, while at the same time, using insecure websites to infect the browsers of visitors with viruses, Trojans and key loggers. SANS Institute Top 10 Cyber Threats for 2008...read on... Continue reading "Top 10 cyber threats for 2008 - from SANS Institute" |
Calendar
CategoriesQuick links
MadVIP.net
MySQL Geek Computer Domain - MALTA SecGeeks Google Blogoscoped SIPVicious ExchangeInbox GiGa in Security Forensics Wiki Security Catalyst Forum Forensic Focus Google Online Security CCCure online testing Layer 8 InfoSec Writers Our GOOGLE group MaltaMeter SearchMalta.com Richard Bejtlich Matasano Chargen Previous | Next  Blog AdministrationRSS Feed |
|||||||||||||||||||||||||||||||||||||||||||||||||
I am pretty sure that there are a number of you out there reading this blog over a wireless network. Given that wireless is so widely distributed these days, its not uncommon that users are unaware of how insecure their wireless setup maybe.
