Quantcast

Archive: Feb 2013

Hackers in Government 2: Principal Differences Between Hackers and Politicians

This entry reflects Nick Farr’s comparison of deceptively polite and mercantile politicians on the one hand, and straightforward hackers who are scrupulous about all the little details of a system on the other. To sort of illustrate the general idea of politics, I think politicians’ driving core...

Hackers in Government

Nick Farr, a well-known inspirer of the Hackerspaces idea in the United States and the author of the Hackers on a Plane project, delivers a great talk ‘Yes We Could: Hackers in Government’ at the SIGINT event held by the Germany-based Chaos Computer Club to express his viewpoints on how...

Hacking in the Far East 8: Summarizing the Most Striking Security Flaws

Proceeding to the summary, Paul S. Ziegler lists the top three security-related problems he has encountered during the years spent in the Eastern Asia. After I’ve shown you all of this cool stuff that we can do and all these weird vectors, we’re going to sum them up a little, and we’re going to look at...

Hacking in the Far East 7: Too-Near Field Communication

In this part, Paul Ziegler gets critical about the way near field communication technology is implemented in Japan, from a security person’s perspective. Next thing we’re going to look at is what I like to call the Too-Near Field Communication, which is kind of an international topic, because if you...

Hacking in the Far East 6: Wireless Insecurity and the SEED Encryption Algorithm

Security of wireless communication in Eastern Asia and details of the crypto algorithm used in South Korea are the issues Paul S. Ziegler looks into here. Let’s jump to wireless for a second. So, if any of you have been wardriving recently in a European city or in an American city, and you’ve seen all...

Hacking in the Far East 5: Effects of Lifetime Employment and Bonus System on Corporate Security

Paul S. Ziegler points out the issues of corporate security in Eastern Asia, namely the peculiarities of an employee’s perspective upon taking responsibility. We’re going to move on to probably one of the most fun parts of this, at least if you like stories that make your hair stand up. We’re going...

Hacking in the Far East 4: Locked but Unsafe

This part of Paul Ziegler’s presentation is dedicated to an insight into the security measures for mailboxes and electronic PIN code locks in Japan and Korea. Mailboxes in Japan No matter if you live in an apartment or in a mansion, one of the other central parts you will run into is this thing: it’s a...

Hacking in the Far East 3: Home Insecurity in Japan

Based on Paul S. Ziegler’s observations, in this section you can learn some facts about the measures adopted in Japan to prevent intrusion into one’s home. What we’re going to look at next is ‘home insecurity’. I have this basic approach that if anyone has access to your home, your work...

Hacking in the Far East 2: The Suit Works Wonders

Paul S. Ziegler is now shifting the focus over to the importance of one’s appearance and the Asian stereotypes with regard to informal classes of foreigners. For every element I’m going to point out to you today, after this we’re going to look at the exploitation vector, because that’s what makes...

Hacking in the Far East

The entry reflects an extremely interesting insight into the peculiarities of general security perception in Eastern Asia, presented by the well-known German computer security specialist Paul Sebastian Ziegler at Hack In The Box 2012 Conference. Today’s talk is entitled “I Honorably Assure You: It Is...

Advanced Phishing Tactics Beyond User Awareness 8: The Countermeasures

As a summary, Accuvant’s Eric Milam and Martin Bos are providing some food for thought on why user awareness is insufficient for preventing phishing attacks. Martin Bos: Like in every good presentation, what we really wanted to talk about here is why user awareness isn’t working. Once again, this was...

Advanced Phishing Tactics Beyond User Awareness 7: Getting Persuasive

Martin Bos and Eric Milam are now singling out some attributes of a successful attack, such authenticity of secure login page, excessive requests script, etc. Martin Bos: So, then what we do is we log in to our free GoDaddy email account, infosec@humana-portal.com. And what we do is we just save it in...

Advanced Phishing Tactics Beyond User Awareness 6: Payloads and Post Exploitation

This post highlights the possible options of picking the right payload, some tips to get around AVs, and the importance of what you do after getting the shell. Martin Bos: Alright, next thing you’ve got to do is, obviously, choose the payload (see image). I know this is more of my corporate slot....

Advanced Phishing Tactics Beyond User Awareness 5: Credential Harvesting and Other Attack Vectors

The speakers from Accuvant now proceed to demonstrate a couple of tricks they utilize for greater attack plausibility and credential harvesting on a pentest. Martin Bos: The next thing you got to do is choose the attack vector (see image). And this goes back to our research: what type of AV they are using,...

Advanced Phishing Tactics Beyond User Awareness 4: Creating an Attack Scenario

In this section, Martin Bos and Eric Milam are discussing the different nuances to be taken into account for optimal phishing attack implementation workflow. Martin Bos: The next thing we do is we have to create a scenario. How are we going to get these people to click on the link? So, the first thing that...

Advanced Phishing Tactics Beyond User Awareness 3: Creating a Valid Email List for the Attack

Accuvant’s Martin Bos and Eric Milam now demonstrate a demo on building a list of company employees based on Jigsaw data and some social engineering tricks. Martin Bos: Basically, what we’re doing here is we’re going to look for a company. The first thing you want to do is do an ‘-s’ and...

Advanced Phishing Tactics Beyond User Awareness 2: Anatomy of a Spear Phishing Attack

Sharing their pentesting experience, Martin Bos and Eric Milam outline the stages of a spear phishing attack and analyze email harvesting as a starting point. Martin Bos: Here are our obligatory statistics (see image); every presentation has to have some statistics. Like I said, these are more for the...

Avira Internet Security 2015 review

$41.76 A few usability imperfections laid aside, Avira Internet Security 2015 efficiently confronts malicious software without slowing your PC down. Usability:  Features:  Efficiency:  Support:  Overall:  Buy Now Featherlight system performance impact combined with...

Advanced Phishing Tactics Beyond User Awareness

Accuvant LABS’ Senior Security Consultant Martin Bos and the Company’s Principal Security Assessor Eric Milam spotlight the issues related to spear phishing from the pentester’s perspective during their session at Hack3rCon event. Martin Bos: Hi everybody! We’re here from Accuvant LABS; we’re...

An Attacker’s Day into Human Virology 6: Crossing the Frontier

The primary issue looked into within this part of the presentation is blurring and crossing the border between the realms of biological and computer viruses. Same Essence, Different Materialization Now, you guys who are security researches probably know that software is vulnerable. And all these data,...

An Attacker’s Day into Human Virology 5: Thoughts on Designed Biological Viruses and Darwinian Computer Viruses

The matters Guillaume Lovet touches upon in this section have to do with the frontier between bio and PC viruses, and whether it can be crossed spontaneously. Guillaume Lovet: The defense mechanisms: we’ve been over some of those already. Detecting viruses inside of the body makes use of heuristics; we...

An Attacker’s Day into Human Virology 4: Which World Wins the Race?

Ruchna Nigam proceeds with the analysis of self-preservation techniques, attack hallmarks, and individual advantages of the viruses from both worlds concerned. Attacking the Defenses Something really smart that you can see in human viruses is that instead of trying to penetrate the defenses of the body,...

An Attacker’s Day into Human Virology 3: Common Properties of Human and Computer Viruses

Ruchna Nigam, representative of the FortiGuard Labs, now takes the floor to talk about some essential things human and computer viruses have in common. Ruchna Nigam: Okay, now that you have had your Biology lesson, let’s look at some of the attack strategies that are common between the biological world and...

An Attacker’s Day into Human Virology 2: Structure and Hallmarks of the Immune System

Having introduced the subject, Guillaume Lovet breaks down the human immune system into constituents and does some comparing with computer defense mechanisms. What do we have in our bodies to fight against viruses? (see right-hand image) Basically, the immune system is divided in two different subsystems....

Advanced Encryption Package 2014 Professional review

$49.95 With its easily understandable controls and decent functionality, this program is a good pick for those who seek to start using file encryption. Usability:  Features:  Efficiency:  Support:  Overall:  Download System Requirements Operating System: Microsoft Windows...

An Attacker’s Day into Human Virology: Human vs Computer

This entry reflects the Black Hat Europe presentation based on the research by Fortinet’s Guillaume Lovet and Axelle Apvrille, dedicated to comparing the human virus defense mechanisms with those implemented in computers. Guillaume Lovet: This presentation is a bit different from the other talks that you...

Lavasoft Ad-Aware Pro Security review

$36.00 Ad-Aware Pro Security does the trick providing basic spyware protection but might not cope with new and sophisticated threats. Usability:  Features:  Efficiency:  Support:  Overall:  Download Judging an application by its name might sometimes drive you into wrong...

Moti Yung and Adam Young on Kleptography and Cryptovirology 6: The Summary

Having explained the concepts and applications of cryptovirology and kleptography, Moti Yung now provides a set of conclusions on the subject. I will now move to the conclusion. I showed you several malware attacks, either general malware or Trojans, I mentioned just Trojans inside cryptosystems. In each...

Moti Yung and Adam Young on Kleptography and Cryptovirology 5: Skeptical Experts and Smart Attackers

Moti Yung now outlines how the expert community and antivirus industry reacted to his and Adam Young’s book, and dwells on the applied aspects of kleptography. Reactions to “Malicious Cryptography – Exposing Cryptovirology” Book We got some reaction to what we described in our book....

Moti Yung and Adam Young on Kleptography and Cryptovirology 4: Password Snatching and Secure Info Stealing

The main subjects covered in this section are two types of attacks doable through the use of cryptovirologic techniques and aiming at latent info retrieval. The Classic and Deniable Password Snatching Attack The second idea that I will cover is password snatching that we did. A typical password snatching...