Quantcast

Archive: Dec 2012

TrueCrypt review

Free TrueCrypt 7.1a effectively secures sensitive data by utilizing military-grade crypto algorithms. Usability:  Features:  Efficiency:  Support:  Overall:  Download TrueCrypt 7.1a is one of the simplest, best organized and most efficient encryption utilities we have come...

VX – The Virus Underground 6: Hoaxes, Social Engineering and Cryptography

At the end of the Q&A part, SkyOut touches upon VXer’s attitude to hoaxes, cryptography, and the blurred line between the legal and illegal in their activity. QUESTIONS? – You mentioned hoaxes. You say you do viruses and you don’t want to harm anybody, but to prove that hoaxes work you need to...

avast! Free Antivirus 2015 review

Free avast! Free Antivirus 2015 is light on the system, remarkably easy to use, and fairly effective in malware protection. Usability:  Features:  Efficiency:  Support:  Overall:  Download Quick setup, comprehensive controls, commendable speediness, decent feature set, and...

VX – The Virus Underground 5: Discussing Interaction with Antivirus Companies

SkyOut now invites 24C3 conference attendees to participate in a more down-to-earth discussion which starts with insight into relation between AVs and VXers. QUESTIONS? Ok, we have a lot of time, so we can have a little discussion if you want. – So, first question would be: in the beginning and the end...

VX – The Virus Underground 4: Problems of the VX Scene

SkyOut brings attention to the main problems of the virus underground, and summarizes the presentation’s key points with regard to the state of VX scene. Connection between VX and AV So what connection do we have between VX and AV: VX – virus exchangers, and AV – antivirus companies? –...

VX – The Virus Underground 3: VXers’ Communication Channels

The subjects touched upon by Marcell Dietl in this part are types of payloads and malware out there, as well as the way VXers communicate with each other. Types of Payloads So, what types of payloads do we have? First of all, what’s a payload? A payload is everything else but reproduction. Reproduction is...

VX – The Virus Underground 2: Cross-Platform Malware and Virus Spreading Techniques

As part of his insider’s perspective, VXer SkyOut now focuses on the underground’s prevalent programming languages applicable for coding cross-platform malware, and highlights the common techniques used for virus distribution. Cross-Platform Malware So, let’s talk a bit about cross-platform malware,...

VX – The Virus Underground

The German VXer and social engineer Marcell Dietl, aka SkyOut, gives a presentation at 24C3 conference organized by Chaos Computer Club (CCC) to describe the different groups of virus coders and shed light on how they are affecting the VX scene. Ok, what shall this speech be about? Well, it shall be an...

G Data AntiVirus review

$29.95 G Data AntiVirus is a streamlined and highly effective solution for everyday security provision. Usability:  Features:  Efficiency:  Support:  Overall:  Buy Now Not only does the motto “Security Made in Germany” being currently used in G Data product...

Owning Bad Guys and Mafia with JavaScript Botnets 5: Tips to Maintain Online Privacy

The final part of Chema Alonso’s Defcon talk comprises a demo on infecting users through the rogue proxy server, and some general security tips to follow. I wanted to do a real demo, but first I’d like to show you the control panel and what it looks like. Of course, we turned off the proxy server on...

Owning Bad Guys and Mafia with JavaScript Botnets 4: Bypassing Anonymity

In this entry Chema Alonso continues exposing the weird, perverted, maleficent, and simply naive people whose personal data got retrieved under the research. Of course, we discovered psychotics. This is what the control panel looks like (see image), and as you can see, this guy was searching xnxx.com for...

Owning Bad Guys and Mafia with JavaScript Botnets 3: Scammers Exposed

Chema Alonso demonstrates several hilarious findings retrieved during his research, dissecting the Nigerian, dating, and other popular scams out there. So, the question is: who the hell uses proxy services on the Internet? How many of you are using this kind of services on the Internet? If you read related...

Microsoft Security Essentials review

Free Microsoft Security Essentials does the trick for those who seek basic virus protection. Usability:  Features:  Efficiency:  Support:  Overall:  Download Microsoft Security Essentials was introduced in 2008 as a free antivirus solution maintaining adequate protection for...

Owning Bad Guys and Mafia with JavaScript Botnets 2: Creating a JavaScript Botnet from Scratch

Having rejected several overly complicated tactics, Chema Alonso and his colleagues came up with a fairly simple, yet effective method for making a botnet to be used in their study, which is being thoroughly described in this part of the presentation. Another idea that we thought might work in our case is...

Owning Bad Guys and Mafia with JavaScript Botnets

Spanish computer security expert Chema Alonso gives a great talk at Defcon 20 about the ways to expose online scammers through the use of JavaScript botnets. The title of this session is “Owning bad guys and mafia with JavaScript botnets”. I hope you will enjoy the topic. But before I start, I...

Getting Ahead of the Security Poverty Line 8: Questions and Answers

Final part of Andy Ellis’ keynote at HITBSecConf 2012 is dedicated to answering questions from the event attendees, relating to the role of CSO in a company. Now I’m happy to take a question or two or five from the crowd, if anybody wants them. – Hi! My question is: often a big mistake that...

Getting Ahead of the Security Poverty Line 7: Increasing Security Value over Time

Andy Ellis elaborates here on the methods to prioritize security tasks within organizations and thus maintain high security value in the long-term perspective. As security professionals, we have a lot on our plates, we have a lot of things to do. How many people here juggle? If you try to learn to juggle,...

Getting Ahead of the Security Poverty Line 6: Third-Party Security Reviews

This section of the keynote sheds light on common mistakes made while evaluating vendor services, and outlines the most judicious approach to this activity. Another area we’ve recently been looking at is third-party security reviews. Everybody probably has this, certainly, in these days of outsourcing;...

Getting Ahead of the Security Poverty Line 5: Security Awareness Enhancement Practices

This part of the keynote is dedicated to optimization of security awareness training programs, and the common drawbacks of external audits for organizations. Let’s talk about a couple of other problems and things we’ve done to deal with them. Security awareness – anybody here involved in security...

Getting Ahead of the Security Poverty Line 4: Effecting Long-Term Change

Andy Ellis now makes emphasis on risk reduction in a long-term perspective, concurrently highlighting some scare techniques security vendors tend to leverage. Now let’s look at some ways that people act, and I’m going to include a couple of my anecdotes here. First one isn’t me. So, I went and took 3...

Getting Ahead of the Security Poverty Line 3: Perceived and Actual Risk

The subject matter Andy Ellis focuses on here is the so-called Set-Point Theory of Risk Tolerance addressing the concept of perceived and actual risk. The Peltzman Effect Why are things getting worse for the organizations? And this comes back to the Peltzman effect. Sam Peltzman is an economist at the...

Getting Ahead of the Security Poverty Line 2: Degrees of Security Value

In this entry, Akamai’s Andy Ellis dwells on the degrees of security assurance within organizations, and explains why adversaries succeed in their attacks. How much security value is ‘good enough’? We’d all love to have perfect security; we’re not going to be there though. This graph is...

Getting Ahead of the Security Poverty Line

Andy Ellis, the Chief Security Officer at Akamai Technologies, gives a keynote at ‘Hack in the Box Amsterdam’ event, providing an in-depth view of the concept of present-day information security, its goals and constituents. Let’s start off with defining the security poverty line; the security...

Secure Password Managers and Military-Grade Encryption on Smartphones 5: The Summary

Elcomsoft employee Dmitry Sklyarov draws conclusions based on the study he and his colleague Andrey Belenko conducted about password keepers for smartphones. Now I’m going to move on to summary and conclusions. We mentioned iOS passcode many times during this presentation, and it’s probably a really good...

Secure Password Managers and Military-Grade Encryption on Smartphones 4: Paid iOS Password Managers

Having shed light on the specificities of free password managers for iOS, Dmitry Sklyarov now focuses on the popular paid password apps for this platform. Now that we have reviewed free password applications, it’s actually fair to assume that paid apps should be better than free ones. They should...

Secure Password Managers and Military-Grade Encryption on Smartphones 3: Free Password Keepers for iOS

It’s Dmitry Sklyarov’s turn to take the floor and talk about popular free password managers for iOS, their security implementation details, and common drawbacks. iOS Password Managers (Free) Actually, there are lots of applications available for people in the App Store, and we’ll start with free...

Secure Password Managers and Military-Grade Encryption on Smartphones 2: Device Backup and BlackBerry Password Managers

This part of the presentation accentuates data backup on smartphones, and provides an overview of popular password management applications for BlackBerry. Threat Model Let’s now move to the threat model. Throughout the research we assume that the attacker has physical access to the device, or the attacker...

Secure Password Managers and Military-Grade Encryption on Smartphones: Oh, Really?

Andrey Belenko and Dmitry Sklyarov, security researchers representing Elcomsoft Co. Ltd headquartered in Moscow, give a presentation at Black Hat Europe event to raise relevant issues of data protection on smartphones. We would like to welcome you on our talk at Black Hat Europe 2012. Today I’m here with...

Social Engineering Defense Contractors on LinkedIn and Facebook 6: Preventive Measures

In conclusion, Jordan Harbinger tells a few stories from his past experience to underscore the weakest human component in information security chain. Solutions So, the solutions are obvious, right? Training: sure, you got policies with respect to social media in your company, and you’ve got this classified...