tagged w/ Bozidar Spirovski
-
-
-
GSM cellular networks in the US and Europe use the A5/1 stream cipher meant to ensure cellular calls cannot be listened into by unauthorized parties monitoring radio traffic. However, the guarantee of privacy is no longer ensured. New attack techniques were unveiled at the Hacking at Random conference in The Netherlends which would allow an attacker to decrypt cellular calls made over a GSM network. The attacker only needs the new software and about $500 in radio monitoring equipment.
http://information-security-resources.com/2010/01/11/cell-phone-tapping-gsm-encryption-hacked/GSM cellular networks in the US and Europe use the A5/1 stream cipher meant to ensure... more
-
-
After the leak of Microsoft COFFEE into the wild, a tool emerges that will supposedly make life very difficult for a forensic investigator using COFFEE. The tool is titled DECAF and is freely available, although not open source. The tool does not need to be installed, and when configured in ‘LockDown Mode’ offers a set of Counter-Forensics functions upon detecting a COFFEE process running on the computer. The following options Counter-Forensics functions are available…
http://information-security-resources.com/2010/01/06/decaf-counter-forensics-coffee-tool/After the leak of Microsoft COFFEE into the wild, a tool emerges that will supposedly... more
-
-
Security of biometric ID’s like biometric passports is a very frequent topic of discussion and we all know there are issues. But most of those issues are related to encryption, materials and generally anything that requires a lot of technical knowledge. Here is an example of the possibility to create a fake Biometric ID…
http://information-security-resources.com/2009/12/22/simplified-analysis-forging-a-biometric-id/Security of biometric ID’s like biometric passports is a very frequent topic of... more
-
-
-
The Internet is filled with free information, from search engines, to answer portals, to e-learning portals. However, something is missing. Every person has knowledge that they possess that another person may want, and to gain this knowledge there might have to be a personal relation. GenApple seeks to create a marketplace where people can sell that knowledge and information.
http://information-security-resources.com/2009/12/06/genapple-boasts-first-information-brokerage/The Internet is filled with free information, from search engines, to answer portals,... more
-
-
-
Reading through a Windows security log or any other log can be very difficult and time consuming, so a lot of companies have created their own tools to analyze windows event logs. But before you start going commercial, there is a tool that will get you going without any cost. Against all odds, it’s a tool made by Microsoft!
http://information-security-resources.com/2009/11/19/windows-security-logs-and-ms-log-parser/Reading through a Windows security log or any other log can be very difficult and time... more
-
-
Every organization has some form of Information Security Risk Assessment - some perform a formal risk assessment, others simply use their practical experience. There aren’t that many tools that assist the organization in performing risk assessment. The most widely used one is Excel, but it is far from a good choice.
http://information-security-resources.com/2009/11/11/microsoft-threat-assessment-modeling/Every organization has some form of Information Security Risk Assessment - some... more
-
-
Any organization should have a simple and brief procedure to treat information carriers for systems that are to be discarded. All that hardware contains a lot of confidential information, and it is essential that such data is properly erased so it cannot be recovered. Here is a brief summary of the crucial information disposal procedure elements.Any organization should have a simple and brief procedure to treat information... more
-
-
While the real thing may take time, some budget lobbying, and the guts to admit that you are not perfect, here instead is a very fast security self-assessment which will give you a rough idea of where you stand.While the real thing may take time, some budget lobbying, and the guts to admit that... more
-
-
Analyzing an incident when the manufacturer claims that it’s an operator error and the operator claims that it is an application error is one of the most daunting tasks of a security officer. And this is a type of incident that the security officer will be called upon to investigate simply because the management needs an independent observer and has doubts both in the operator as well as the manufacturer. Here is what to do when thrown into the fire…Analyzing an incident when the manufacturer claims that it’s an operator error... more
-
