Non-repudiation is a much desired property in the digital world. This article describes that property and shows how it can be achieved by using digital signatures.
2. Defining the problem
Digital documents are ubiquitous. Having received a document, we want to make sure that:
1. The sender is really the one […]
It’s the holidays, a key time for cybercrime that exploits the bad habits of unaware internet users. Attackers can defraud and monetize their actions with little effort. During the Christmas holidays, more than other times of the year, a growing number of internet users make and plan their shopping […]
Electronic messaging has become an important part of our lives. Users can send messages to recipients on the other side of the world at nearly no cost. The low cost of message delivery has enabled unsolicited senders to deliver their messages using electronic messaging. Some of these unsolicited messages […]
(or “Why PCI-DSS-Compliant Passwords Aren’t Enough” or “PCI-DSS-Compliant Password Analysis Reveals One-Quarter Still Trivially Compromisable”)
Thanks to PCI-DSS requirements and other security standards that specify a minimum length and strength of password, most sysadmins now have the awareness and patience necessary to set up a basic password policy. However, many […]
This article will briefly discuss the host-based intrusion detection system (HIDS) and an abstract approach that can be used to design an application firewall.
As per OSSEC, HIDS is an application-level firewall that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting, and active response. This is […]
Bridged networking can be used when we want our guest virtual machine to get the IP address from our router and be able to see the host and all other machines in our LAN network. This is also a requirement if we want to have a server on the […]
There are different kind of backend networks that we can use with QEMU. In order to specify the backend network, we need to use the -netdev command-line option. This is directly connected to the -net command-line option. The -netdev has multiple syntaxes presented below that directly correspond to the […]
Now that we’ve created the image for our guest, we must continue with installing the operating system on it. In Virtualbox/VMWare, we usually select the CD-ROM to boot from the iso installation image and start the virtual machine, after which the installation is automatically started by booting from the […]
As the year 2013 draws to a close, we decided to make some predictions for the most popular Security Trends in 2014. Here is what we think are the major points that will determine the determine the Security Landscape in the coming year.
Big Boom in Mobile Security
Security is catching […]
In this article we’ll present how we can use Qemu instead of Virtualbox/VMWare. Those products are all great, but sometimes we would just like to use something a little more lightweight, which is when Qemu comes into play.
Qemu can be used in one of the following ways:
Together with KVM/XEN: […]
What Is Social Engineering?
Social engineering is manipulating people into doing something, rather than by breaking in using technical means. It is the art of gaining access to buildings, systems, or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. For example, instead of […]
One of the most common image formats is JPEG. It surely deserves a particular discussion, and, in addition, it’s very frequently used as Cover Media, in association usually with the following steganographic algorithms:
The Jsteg is one of the most classical steganographic algorithms used. It is absolutely the first algorithm […]
In the previous applications we have looked at how we can hijack method implementations during runtime using Cycript, and even change the logic of the code rather than changing the complete implementation using GDB. All of these things have been done to serve a purpose, which is to make […]
The year is closing and it’s time for prediction of the evolution of the security landscape in 2014. It’s easy to predict an increase in the volume of cyber attacks made by cyber criminals and state-sponsored actors, so I decided to hazard a series of controversial predictions based on […]
Part 1: Introduction
The information revolution, which resulted in the Internet and in modern communication technologies, has pushed our society more and more toward the use and management of information in digital format. Thousands and thousands of data items currently are riding the Internet every day; their representation could be […]
This article was inspired by two factors: 1) the petition filed by Anonymous on the White House’s We the People website in the beginning of 2013, demanding decriminalization and absolution for all DDoS attacks and sentences, respectively; 2) the lack of through research on that matter (although that is […]
Firewalls are used to control the inbound and outbound traffic on a protected network. They have an ability to block and allow the internal as well as external services within the network. Before allowing access to the service, a firewall may also force the client / user to pass […]
Similarly to the real real-life situation where a GhostNet report is followed by the one on the Shadow network, these articles come as a logical continuation of the events described in the former case (GhostNet part I & GhostNet part II).
The “Shadow network” again covers the subject […]
Internet usage is growing dramatically, but the vast majority of Internet users don’t have any security backgrounds. Nor do a large majority of companies care about information security, and the severity of any attack could harm the valuable assets of these companies. They don’t give their employees security awareness […]
Introduction: Initial Detection/Mitigation Challenges
Before we go to the main topic of this article, let us take heed of two factors that exacerbate the buildup of effective defensive powers against Layer 7 DDoS attacks. First, the lack of knowledge about this matter leads an inexperienced IT security staff to take […]