SecurityOrb.com's Kellep Charles takes a look into three main reasons when computer security issues occurs. They are Configuration Weaknesses, Technology Weaknesses and Policy Weaknesses.
Showing posts with label Computer Security. Show all posts
Showing posts with label Computer Security. Show all posts
Thursday, July 30, 2009
Monday, February 16, 2009
Microsoft puts $250,000 bounty on conficker authors
Microsoft 'Posse' puts $250,000 bounty on conficker authors - Creators of Conficker/Downadup worm now carry a price on their heads
Source: Darkreading.com
Tuesday, November 11, 2008
Types of Wireless Attacks
Standard wireless communication occurs when the end user and the wireless access point are able to communication on a point-to-point basis without interruptions. There are many attack variations in existence against wireless networks that breaks the standard communication format. These attacks includes the denial of service attacks, the man in the middle attacks and the WEP key-cracking attack to name a few and are described below.Denial of Service (DoS) attacks
The objective of a Denial of Service (DoS) attack is to prevent authorized users access to legitimate network resources by denying them service. A DoS occurs when the malicious attacker sends an abundant of garbage data to the wireless access point choking all other communications to legitimate users.
Man-in-the-middle attacks
A man-in-the-middle attack consists of a malicious user (hacker) inserting themselves into the data path between the client and the AP. In such a position, the malicious attacker can delete, add, or modify data. The man-in-the middle attack also enables the malicious attacker access to sensitive information about legitimate users such as username and passwords, credit card numbers and social security.
War driving
Wardriving is the mapping of wireless access points (WAP) by driving or walking through populated areas carrying wireless equipment such as a laptop or a PDA to detect active wireless access points. The tools used for this are available freely off the Internet in the form of Netstumbler and Ministumbler (http://www.netstumbler.com/). Once the malicious attacker located vulnerable wireless access points, they are able to mount attacks to other locations under the cover the compromised network.
Wired Equivalent Privacy (WEP)
The Wired Equivalent Privacy (WEP) authentication consists of each frame being encrypted as it is transmitted to the wireless access point. WEP possess many deficiencies such as the ability to be compromised within a short period of time. Hackers can fairly easily decode WEP-encrypted information after monitoring an active network for less than one day. An application such as WEPCrack (wepcrack.sourceforge.net/) is a freely available tool often used to implement such an attack.
Friday, May 16, 2008
CSI Stick - Get Forensic Data from Cell Phones Anywhere
Paraben is pleased to announce it has shipped initial orders of the CSI Stick. Paraben's CSI Stick is a thumb drive sized cell phone forensic acquisition tool. The data acquired from the CSI Stick can be viewed in Device Seizure or DS Lite. With the CSI Stick, you can get the following data:
* Phonebook
* Call Logs
* Camera Pictures
* Text Messages (SMS)
* Multi-media Messages (MMS)
* and much more...
Version 1.0 of the CSI Stick supports many Motorola and Samsung phones. For more information on model support and product details, visit http://www.csistick.com/details.html.
What you get:
* One CSI Stick Base Unit
* Two Motorola Tips
* One Samsung Tip
* One Remote Charger
* One Female USB Charger Tip * Carrying Case * How to Guide
PRICE: $199.00 U.S.
Paraben will be adding support for new manufacturers with new data tips. Upgrading your CSI Stick is easy. When an upgrade is available, simply purchase the upgrade package and we'll ship you new data tips and instructions on how to update your CSI Stick.
Don't wait to place your order. Call us at 1.801.796.0944 or visit http://www.csistick.com/.
Thursday, May 15, 2008
Taxonomy of Computer Security
Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym "CIA", but it is not restricted to these three broad concepts.
Additional areas that are often considered part of the taxonomy of computer security include:
Additional areas that are often considered part of the taxonomy of computer security include:
- Confidentiality -- Ensuring that information is not accessed by unauthorized persons
- Integrity -- Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users
- Authentication -- Ensuring that users are the persons they claim to be
- Access control -- Ensuring that users access only those resources and services that they are entitled to access and that qualified users are not denied access to services that they legitimately expect to receive
- Nonrepudiation -- Ensuring that the originators of messages cannot deny that they in fact sent the messages
- Availability -- Ensuring that a system is operational and functional at a given moment, usually provided through redundancy; loss of availability is often referred to as "denial-of-service"
- Privacy -- Ensuring that individuals maintain the right to control what information is collected about them, how it is used, who has used it, who maintains it, and what purpose it is used for
Wednesday, January 30, 2008
File Sharing Applications: Another way to be a victim of identity theft
File Sharing Applications: Another way to be a victim of identity theft
If you are using a peer-to-peer file sharing program to download music and videos, you may be a prime candidate for Identity Theft. Applications such as Limewire, Edonkey and numerous others on the Internet may also allow individuals to download personal documents from your computer at will. The issue stems from the sharing of the “My Documents” folder as the default folder for sharing media. Most users and file sharing applications will select the “My Documents” folder because that is where most of the media files are located. But think about it... what else do you have in the “My Documents” folder? Family Pictures, Personal Documents and etc...
To date, I have read and heard of individuals accessing mortgage applications, loan paper work and even 1040 tax information with the social security numbers of a whole family.
My recommendation if you do insist on using a file sharing program is to create a folder where the sharing can take place such as “Shared Documents” and do not place any personal information in that folder.
If you are using a peer-to-peer file sharing program to download music and videos, you may be a prime candidate for Identity Theft. Applications such as Limewire, Edonkey and numerous others on the Internet may also allow individuals to download personal documents from your computer at will. The issue stems from the sharing of the “My Documents” folder as the default folder for sharing media. Most users and file sharing applications will select the “My Documents” folder because that is where most of the media files are located. But think about it... what else do you have in the “My Documents” folder? Family Pictures, Personal Documents and etc...To date, I have read and heard of individuals accessing mortgage applications, loan paper work and even 1040 tax information with the social security numbers of a whole family.
My recommendation if you do insist on using a file sharing program is to create a folder where the sharing can take place such as “Shared Documents” and do not place any personal information in that folder.
Wednesday, January 23, 2008
Linux Desktop PC
Linux Desktop PC
Linux, a very popular operating system has been gaining a lot of ground in the desktop PC market lately. Linux already a strong player in the enterprise and server market continues to grow at a steady pace. Every year, I hear more buzz talk about the integration or introduction of new product lines using various Linux distributions by vendors and computing professionals trying to break away from the grapples of Microsoft Windows.
Recent events has convinced me that 2008 will be a good push forward for Linux desktop users.
Dell will offer Ubuntu Linux 7.10 on its XPS 1330 laptops, while Sears.com is selling a fully equipped Linux desktop PC for $299, minus a $100 rebate. SecurityOrb.com, has also started offering Linux-based security desktop on their site and lastly Lenovo has launched a range of laptops pre-installed with Novell's SuSE Linux operating system.
There are many different flavors of Linux such as Ubuntu, Redhat, SuSE, Slackware and Fedora. For a comprehensive list, description and download information check out: http://www.securityorb.com/LinuxDistributions.html
These are just a few of the recent Linux based desktop PC news that has passed my way, but there are countless and more to come as well.
Linux, a very popular operating system has been gaining a lot of ground in the desktop PC market lately. Linux already a strong player in the enterprise and server market continues to grow at a steady pace. Every year, I hear more buzz talk about the integration or introduction of new product lines using various Linux distributions by vendors and computing professionals trying to break away from the grapples of Microsoft Windows.
Recent events has convinced me that 2008 will be a good push forward for Linux desktop users.
Dell will offer Ubuntu Linux 7.10 on its XPS 1330 laptops, while Sears.com is selling a fully equipped Linux desktop PC for $299, minus a $100 rebate. SecurityOrb.com, has also started offering Linux-based security desktop on their site and lastly Lenovo has launched a range of laptops pre-installed with Novell's SuSE Linux operating system.There are many different flavors of Linux such as Ubuntu, Redhat, SuSE, Slackware and Fedora. For a comprehensive list, description and download information check out: http://www.securityorb.com/LinuxDistributions.html
These are just a few of the recent Linux based desktop PC news that has passed my way, but there are countless and more to come as well.
Tuesday, January 22, 2008
Computer Viruses: Malware Analysis
Malware Analysis
Dynamic analysis and static analysis are two approaches to analyzing malware on a comprised system once it has been discovered after a computer related incident. Dynamic analysis consist of examining the inputs and outputs produced by the malware, its interaction on the system as to what files are being read or written to and what effects it is applying to the system . The examiner concern is not with the internals of the malware, but the malware's functionality and behavior. Whereas static analysis being the more difficult of the two analysis approaches consists of extracting and reviewing readable data located in the malware binary and converting machine language to readable source code for analysis. Unlike the dynamic analysis approach which usually requires execution of the malware, the static analysis approach does not making it a safer approach, but much more exhausting process.
Dynamic analysis and static analysis are two approaches to analyzing malware on a comprised system once it has been discovered after a computer related incident. Dynamic analysis consist of examining the inputs and outputs produced by the malware, its interaction on the system as to what files are being read or written to and what effects it is applying to the system . The examiner concern is not with the internals of the malware, but the malware's functionality and behavior. Whereas static analysis being the more difficult of the two analysis approaches consists of extracting and reviewing readable data located in the malware binary and converting machine language to readable source code for analysis. Unlike the dynamic analysis approach which usually requires execution of the malware, the static analysis approach does not making it a safer approach, but much more exhausting process.
Subscribe to:
Posts (Atom)
Posts
