Cloud computing is changing the way we interact with devices, software, data and processes. But some things never change, and one thing that remains true across the old and new computing paradigms is the importance of authentication to confirm the identity of the user and/or system with which we’re […]
At the beginning of this year, an Intermap poll found that cloud security is still a major obstacle to cloud adoption, with 40% of respondents still wary of going to the cloud for that reason, although many experts, such as the panel at the most recent RSA Conference, say […]
In the previous article, we had already configured the Mod-Security Firewall with OWASP Core Rule Set (CRS). But installing and configuring the Mod Security alone is not enough, as we are using the standard OWASP Core Rule set. The common problem with standard OWASP (CRS) is that it gives […]
Canadian Chinese Embassy spokesperson Yang Yundong can’t pull the wool over my eyes.
“The Chinese government has always been firmly opposed to and combated cyber attacks in accordance with the law. In fact, China is a major victim of cyber attacks,” he said on July 29th.
Mr. Yundong released that statement […]
When a cookie has secure flag set, it will only be sent over secure HTTPS, which is HTTP over SSL/TLS. This way, the authentication cookie will not be disclosed in insecure communication (HTTP). It turns out, however, that an insecure HTTP response can overwrite a cookie with secure flag […]
Tor is the acronym of “The onion router”, a system implemented to preserve online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers that hide user information, eluding surveillance of government and other bad actors.
The Tor project was born in the military sector, sponsored […]
Voice over Internet Protocol (VoIP) is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. VoIP communication has reduced the cost of international calls dramatically allowing people to dial ISD calls with a cheaper […]
The number of employees using their personal devices for work-related purposes is absurd. Let’s just say there’s an employee or two in every organization using personal devices at work, and be done with it.
Maybe that’s true… maybe it isn’t. The point is – and most of us know it […]
Network Administration is a field that has an enormous amount of responsibility associated with it. Despite the fact that it sounds like a relatively straightforward concept at the outset – keep the systems talking to each other- that simple phrase covers a multitude of different compatibility issues, operating systems, […]
Have New Backdoors Been Discovered in iOS? An Interview With iOS Developer and Digital Forensics Expert Jonathan Zdziarski
When the HOPE X (Hackers On Planet Earth) 2014 convention started on July 18th, one particular presentation caught the undivided attention of information security professionals. Ever since, the tech media’s been buzzing… Are there really newly discovered backdoors in iOS’s code? Is Apple spying on the countless millions of […]
Cloud computing has really changed how organizations operate and store their data. Cloud computing attracts big organizations with tags such as huge savings on cap-ex, op-ex, on-demand, and availability. These are all valid and good features, but the cloud actually comes inherent with a lot of security concerns. One […]
Libemu is a library which can be used for x86 emulation and shellcode detection. Libemu can be used in IDS/IPS/Honeypot systems for emulating the x86 shellcode, which can be further processed to detect malicious behavior. It can also be used together with Wireshark to pull shellcode off the wire […]
It is estimated that today approximately three-quarters of the human population has a mobile phone. Crowdsensing, a new business model, allows this large number of mobile phones to be used not only for exchanging information between their users, but also for activities that may have a huge societal […]
What is a digital certificate?
The digital certificate is a critical component of a public key infrastructure. It is an electronic document that associates the individual identity of a person to the public key associated with it.
A certificate can then be associated with a natural person, a private company or […]
Firstly, this vulnerability is not related to the Oracle database or the Oracle Company in any way. In cryptography, an ‘oracle’ is a system that performs cryptographic actions by taking in certain input. Hence a ‘padding oracle’ is a type of system that takes in encrypted data from the […]
Introduction to SCSI
The SCSI (Small Computer System Interface) defines a way to exchange data between a computer and its peripheral devices, like a hard drive, a tape drive, a scanner, etc . The primary purpose of SCSI is to support multiple devices to be connected together over a fast […]
Kuluoz is a known botnet which was released mid 2012 and was known by different names such as weelsof, win32, Dofoil, etc. Kuluoz is usually spread by sending suspicious mail to the target user, and later the traffic leaving the network consists of POST requests encoded in a unique […]
Nmap Cheat Sheet: From Discovery to Exploits, Part 3: Gathering Additional Information about Host and Network
As we discussed before, this is our third installment in our Nmap series.
Nmap is well known for port scanning, port discovery, and port mapping. But we can do many more things by the Nmap NSE script. We can do email fingerprinting, retrieve a Whois record, use UDP services, etc.
People feel endangered by cyberterrorists, and this topic has raised an alarm in many societies. Many experts in the IT field and many political figures have elaborated on the possibility of cyberterrorists infiltrating governmental agencies, private corporations or damaging the technological part of the military or the services and […]