Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Secure Password Managers and Military-Grade Encryption on Smartphones 4: Paid iOS Password Managers

Having shed light on the specificities of free password managers for iOS, Dmitry Sklyarov now focuses on the popular paid password apps for this platform. Now that we have reviewed free password applications, it’s actually fair to assume that paid apps should be better than free ones. They should...

Secure Password Managers and Military-Grade Encryption on Smartphones 3: Free Password Keepers for iOS

It’s Dmitry Sklyarov’s turn to take the floor and talk about popular free password managers for iOS, their security implementation details, and common drawbacks. iOS Password Managers (Free) Actually, there are lots of applications available for people in the App Store, and we’ll start with free...

Secure Password Managers and Military-Grade Encryption on Smartphones 2: Device Backup and BlackBerry Password Managers

This part of the presentation accentuates data backup on smartphones, and provides an overview of popular password management applications for BlackBerry. Threat Model Let’s now move to the threat model. Throughout the research we assume that the attacker has physical access to the device, or the attacker...

Secure Password Managers and Military-Grade Encryption on Smartphones: Oh, Really?

Andrey Belenko and Dmitry Sklyarov, security researchers representing Elcomsoft Co. Ltd headquartered in Moscow, give a presentation at Black Hat Europe event to raise relevant issues of data protection on smartphones. We would like to welcome you on our talk at Black Hat Europe 2012. Today I’m here with...

Social Engineering Defense Contractors on LinkedIn and Facebook 6: Preventive Measures

In conclusion, Jordan Harbinger tells a few stories from his past experience to underscore the weakest human component in information security chain. Solutions So, the solutions are obvious, right? Training: sure, you got policies with respect to social media in your company, and you’ve got this classified...

Social Engineering Defense Contractors on LinkedIn and Facebook 5: Tactic for Eliciting Private Data

Having obtained basic data on the targets, Jordan Harbinger makes a bold move to get their almost intimate details by applying more advanced social engineering. Step 6: [Hypothetically] Elicit classified info Now that I have tons of information about the company, the facilities and how things work from the...

Social Engineering Defense Contractors on LinkedIn and Facebook 4: Executing the Attack

Jordan Harbinger highlights the use of social engineering while carrying out the attack, and provides the specific data he managed to retrieve via such tactic. Step 5: Execute the attack So, I added a bunch of my targets on Facebook and I was able to get the privacy settings down so that if I added a few...

Social Engineering Defense Contractors on LinkedIn and Facebook 3: Associating with Targets

This part is about the strategy Jordan Harbinger implemented to get in touch with targets and learn their additional personal details for a successful attack. Step 3: Associate and gain rapport with targets So, now I was in and it was time to see what I could dig up. I want to make sure that I get something...

Social Engineering Defense Contractors on LinkedIn and Facebook 2: Selecting the Targets

The next phase of Jordan Harbinger’s social engineering study involves joining the environment with potential targets who have top secret level clearances. The question is: was this just some face-to-face magic that social engineers, or myself, can work in person that was getting this type of result, or is...

Social Engineering Defense Contractors on LinkedIn and Facebook

Jordan Harbinger, expert in interpersonal dynamics and social engineering, gives a great keynote at DerbyCon event, highlighting the methods it takes to elicit confidential information from people with top secret level security clearance. Thank you guys for coming to DerbyCon, aka EarlyCon, aka HangoverCon...