Traffic light systems security issues
We often see movie scenes in which hackers are able to hack systems for the control of traffic lights, with catastrophic consequences, unfortunately we must be conscious that threat actors are really able these complex infrestructures causing serious problems.
Trafﬁc lights were originally designed as standalone […]
Bacula supports file encryption on the file daemon, which sends encrypted data to the storage daemon for storage. Since the file daemon encrypts the data prior to sending it to the storage daemon, the storage daemon only sees the encrypted data. It’s important to realize that file contents are […]
If you have ever hired a Professional Services team to do an integration project, you know that it takes planning and tenacity to pull it through to the end. Depending on the breadth of the integration, the difficulty of accomplishing this varies. So, what makes an Identity Management integration […]
When configuring the Bacula client, we don’t need the full-blown Bacula installation, but just the bacula-client package that we can simply install by using the apt-get command. The client configuration consists of editing the /etc/bacula/bacula-fd.conf configuration file and ensuring that the name and the password in the Director definition […]
This article presents the integral concepts of Bacula operation and management, which are integral parts of every Bacula backup solution and must be understood in detail. When using Bacula, we must first be up-to-date with the following Bacula terminology:
Director: the director’s name and the access password used for authentication […]
To view Part I of this article, please visit http://resources.infosecinstitute.com/website-hacking-101/.
In this Part, we are going to briefly introduce Path Traversal, usage of Delimiters, and Information Disclosure attack.
We are going to present simple solutions to simplified problems involving the attacks.
Exercise 8: Path Traversal
Figure : A simple webpage in which you […]
In this endeavor I’ve chosen to use Bacula backup software for the reasons outlined above. First we must talk about the Bacula server, but the outlined concept refers to all backup servers out there. There are multiple questions that need addressing: in a virtualized environment, should we backup our […]
In this article, we will look at another cool utility named iDB for pentesting iOS applications.
Before that, i would like to apologize for coming up late with this article. A lot of you have been requesting articles on different topics and i promise that i will write on them […]
Five Eyes and more
In the last twelve months, whistleblower Edward Snowden has revealed to the public how invasive is the cyber strategy of the US government and its cyber allies, Canada, the UK, Australia, and New Zealand.
These governments have an intense cooperation in signals intelligence, also known as SIGINT, […]
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to all devices related to digital data. The goal of Computer forensics is to perform crime investigations by using evidence from […]
Every analysis begins with specific goals in mind. As a forensics investigator, you are expected to know the type and importance of information you are looking for while investigating a computer crime. Computer forensics investigations involving a Windows box rely heavily on meticulous inspection of the keys, subkeys and […]
The particular exploits in this article take advantage of systemic query factory vulnerabilities, vulnerabilities which exist throughout an entire application’s SQL generation code, found in a deprecated version of OSCommerce’s development/unstable tree (specifically version 3.0.3 alpha) that were implemented by other developers into their own product’s stable tree. While […]
Acceptable Use Policies (AUPs) are an essential component to all organizations, companies, and other establishments offering Internet or Intranet access.
According to network security provider GFI, an Acceptable Use Policy should successfully define which network systems the policy covers; explicitly prohibit illicit behavior, distribution, and communications; establish privacy guidelines; and […]
A few weeks ago, I wrote an article for 2600 Magazine. (If you’re curious, publication has been confirmed and you’ll probably see it in the Winter 2014-2015 issue.) The form email you get when you email an article submission says:
“We don’t recommend sending PGP encrypted articles as we frequently […]
A honey pot is a computer system that is expressly set up to attract and trap an attacker who is attempting to compromise the information systems in an organization. Honeypots can also analyze the ways in which attackers try to compromise an information system, providing valuable insight into potential […]
This article introduces Android forensics and the techniques used to perform Android forensic investigations. We will discuss Android file systems, data acquisition, analysis, and various tools available for Android Data Extraction.
The smart phone market is growing higher and higher. With the drastic changes in technology, smart phones are becoming […]
The cloud is expanding. More applications are being run online. More data is being stored online. More businesses are relying on public, private, and hybrid clouds for their apps, records, and backups. And more hackers are taking advantage.
Why Security Breaches Happen in the Cloud
Hackers aren’t attacking the cloud; the […]
In this article we will learn about one of the most important features introduced by Microsoft from the perspective of network access protection (NAP). We will also cover all the main concepts surrounding NAP and various design scenarios and best practices.
Network Access Protection (NAP) is a platform to check […]
1. IntroductionCreating a backup procedure is a very important aspect for a company, because a loss of data can result in great damage to the company, possibly even a company going bankrupt. Proper backup mechanisms are usually not in place or are poorly designed, which becomes evident once it’s […]
Security experts at Trend Micro have recently uncovered a hacking campaign dubbed “Operation Emmental” which targeted Swiss bank accounts with a multi-faceted attack.
Bad actors were able to bypass the two-factor authentication mechanism used by the bank to secure its customers’ accounts. The researchers at TrendMicro coded the campaign […]