Establishing a penetration testing methodology is becoming increasingly important when considering data security in web applications. The more we come to rely on networked communication and cloud-based data systems, the more we leave ourselves vulnerable to potentially damaging cyber attacks by outside parties.
While designing and safeguarding secured systems has […]
A mythological three-headed dog was supposed to guard the gates of Redmond. But it turns out that Kerberos was very poorly implemented in numerous versions of Microsoft Windows.
On November 18th, Microsoft released a crucial security bulletin. A severe vulnerability existed in Windows that can be exploited for privilege escalation […]
All businesses handle sensitive data of one kind or another. Whether this is confidential client information, financial details, or even employee addresses, it should all be treated carefully and shouldn’t be put at risk. Data is most frequently put at risk when it is shared – this is typically […]
Two years ago I wrote a basic and a straightforward guide here in Infosec Institute Resources on how to survive a hacker conference or convention and an information security gathering which I think should be expanded, improved and should also focus on enjoying such eximious event.
Another definite reason why […]
SSH service running on port 22 is one of the most widely used services on the Internet. There are numerous reasons for its widespread use, among which is direct access to the remote system over a security encrypted communication channel. SSH service distinguishes among lesser used SSH-1 and most […]
Mobile devices these days handle lots of sensitive information – messages, photos, contacts and more. The question about how this data is stored on the device will obviously arise, especially since mobile devices are more prone to theft. In this article, we will explore why data on a device […]
Although the Internet is responsible for a lot of amazing improvements in modern society, there is a whole different story when it comes to our privacy. Indeed, there are several alarming privacy breaches that require our attention and call for immediate action.
Rather than standing idle and taking the punch […]
We’re coming to the end of a period of Saturn and Pluto being in mutual reception. It started on October 16th 2012, and it’ll end on December 24th of this year. In the middle of that time, in June 2013, Edward Snowden, a man who’s about my age, revealed […]
We have seen various vulnerabilities in Android apps in the previous articles. Before moving ahead with other vulnerabilities in Android applications in this series of articles, I would like to introduce an awesome tool named Drozer.
Drozer is a framework for Android security assessments developed by MWR Labs. It is […]
Financial institutions conducting online brokerage, alternative payments, Internet banking and other similar activities have been facing a growing number of malware-based attacks. According to Wontok SafeCentral, modern malware ranging from botnets to keyloggers to ransomware to spyware is capable of emptying bank accounts in seconds.
The institutions responsible for monetary […]
Wrong conviction and bad habits
Before the introduction of the Masque vulnerability and related attacks, I desire to contextualize my analysis. The security community is assisting with the rapid rise in the number of attacks against mobile platforms.
The situation appears particularly worrying for the Android platform, for which the number […]
You can’t say I didn’t warn you. In August, I wrote about the growing Chinese cyberwarfare threat. In my research for that article, I spent many hours reading publically available whitepapers and reports from American, Canadian, and British agencies. Before I even started my research, I was vaguely aware […]
Lately I’ve gotten a few questions from prospective clients about AD security group scope. I wanted to take a minute to give an overview of what group scopes are and why they’re meaningful. I’ll also talk a little bit about Microsoft’s best practice models for using group scope and […]
There was someone in my extended family who ran an investor relations firm. For his sake, I won’t name him. One day, he sent my late father death threats via email. My father was no computer geek, but he was a highly intelligent man with a much greater awareness […]
Every day, we share information about us or what we do on the Internet, and our information is targeted by multinational companies in order to build high profile marketing campaigns.
What are the company’s limits in collecting information? What does the company know about us?
Focus on the big player of […]
A new feature here, lets discuss a popular CISSP topic and review a single potential question you may see on the CISSP exam.
Symmetric key cryptography is an important concept you need to know to pass the CISSP, and is a subject you should know if you are planning on […]
StingRay is an IMSI-catcher (International Mobile Subscriber Identity) designed and commercialized by the Harris Corporation. The cellular-surveillance system costs as much as $400,000 in the basic configuration, and its price varies with add-ons ordered by the agency.
The IMSI-catcher is a surveillance solution used by military and intelligence agencies […]
Just when we thought we had our applications secured, they pull us back in.
No, this isn’t a case of directory traversal bugs reappearing in IIS, access bugs resurfacing in Tomcat, or trained web developers deciding to abandon sound security principles. Instead, it is a result of up to 300,000 […]
Take a moment and think about how many different passwords you use. Most of us have Google, Facebook, and Twitter accounts. Hopefully, your user accounts on both your home and work PCs are password protected. It’s probable that you use your Google, Facebook, and Twitter accounts to authenticate with […]
We all know how important it is nowadays to have a clean online record, almost as important as having no previous criminal offences. That is why often page 1 of well-used, popular search engines like Google, Bing and Yahoo is considered sometimes your digital business card or personal record; […]