You definitely don't need a CISSP certificate to blog on this one, just make sure you don't forget that there should be a limit on everything, even the hugs on the beach.
Saturday, August 19, 2006
On the Insecurities of Sun Tanning
You definitely don't need a CISSP certificate to blog on this one, just make sure you don't forget that there should be a limit on everything, even the hugs on the beach.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Wednesday, August 16, 2006
AOL's Search Queries Data Mined
While one of AOL's searchers was publicly identified, enthusiasts are tweaking, and randomly scrolling the then leaked, now publicly available search queries data. Here's someone that's neatly data mining and providing relevant summary of the top result sites, and the top keywords. SEO Sleuth :"was created out of the recently released AOL search data. Welcome to the AOL Keyword Analyser. This tool provides insights that have never before been publically available on the web. I claim: First tool on the web as far as I know that allows you to view what keywords people searched for it in search engines. First time you can see how much organic traffic each site gets from a search engine. First opportunity the public can see how many clicks individual SERPs get."
Surprising results speaking for the quality of the audience by themselves. Meanwhile, the EFF is naturally taking actions.
Related posts:
Data mining, terrorism and security
Shots From the Wild - Terrorism Information Awareness Program Demo Portal
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Saturday, August 12, 2006
Bed Time Reading - Symbian OS Platform Security: Software Development Using the Symbian OS Security Architecture
Prr, did I hear someone start counting mobile malware samples, prr?Try getting to know the OS itself, the main proof of concept faciliator representing today's constantly growing mobile malware family. A review of this recommended bed time reading book :
"Symbian OS is an advanced, customizable operating system, which is licensed by the world's leading mobile phone manufacturers. The latest versions incorporate an enhanced security architecture designed to protect the interests of consumers, network operators and software developers. The new security architecture of Symbian OS v9 is relevant to all security practitioners and will influence the decisions made by every developer that uses Symbian OS in the creation of devices or add-on applications. Symbian OS Platform Security covers the essential concepts and presents the security features with accompanying code examples. This introductory book highlights and explains:
* the benefits of platform security on mobile devices
* key concepts that underlie the architecture, such as the core principles of 'trust', 'capability' and data 'caging'
* how to develop on a secure platform using real-world examples
* an effective approach to writing secure applications, servers and plug-ins, using real-world examples
* how to receive the full benefit of sharing data safely between applications
* the importance of application certification and signing from the industry 'gatekeepers' of platform security
* a market-oriented discussion of possible future developments in the field of mobile device security"
Malware authors indeed have financial incentives to futher continue recompling publicly available PoC mobile malware source code, and it's the purchasing/identification features phones, opening a car with an SMS, opening a door with an SMS, purchasing over an SMS or direct barcode scanning, mobile impersonation scams, harvesting phone numbers of infected victims, as well as unknowingly interacting with premium numbers are the things about to get directly abused -- efficiently and automatically. And whereas there are more people on Earth with mobile phones compared to those with PCs, it doesn't necessarily mean everyone's having a smart phone -- perhaps Bill Gates "remarkable" cash on the poor proposition could soon undermine the $100 laptop one.
People are getting more aware on the social engineering basics of today's mobile malware, and running a mobile phone anti-virus would be nothing more than a marketer's dream come true -- end users positioning themselves as security savvy buyers. Mobile operators tend to have God's eye view on their networks, therefore epidemics are far from reality, targeted attacks (events and places where the masses gather or pass by), and directly exploiting the lack of awareness in certain regions could make an impact. South Korea's advances in mobile communications let its citizens have more phone bandwidth than an average ADSL user, but I would still have to see this getting abused at a level going beyond the sophisticated impersonation scams going on all the time.
Worth taking your time to read this book, go through Chapter 1 discussing "Why a Secure Platform?" is the basics of mobile devices security, as well.
Related posts:
Privacy issues related to mobile and wireless Internet access
Digital forensics - efficient data acquisition devices
The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking
Mobile Devices Hacking Through a Suitcase
Bed Time Reading - The Baby Business
Bed Time Reading - Rome Inc.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Anti Satellite Weapons
Continuing the discussion on the ongoing weaponization of space, and the consequently emerging space warfare arms race. Micro satellites directly matching other satellites trajectories, and taking advantage of high energy concentration in the form of lasers? For sure, but why bother damaging an entire reconnaissance satellite when you can basically spray its lenses to prevent it from using its core function:"But the ability to operate autonomously near another satellite could also be used for offensive purposes, says Theresa Hitchens of the Center for Defense Information in Washington DC, US. If an ANGELS-like satellite were sent towards another country's satellite, it could be used as a weapon, she says. "It’s not far fetched to think that you could equip such little satellites with radio frequency jammers or technologies to block image capability," she told New Scientist. For example, a mini satellite could spray paint on the lens of a satellite's camera in order to blind it, she says. "There's a huge potential for this to be used as an anti-satellite weapon of some sort."
Quite a creative space provocation, isn't it?
Related resources and posts:
Anti Satellite Weapons
Anti Satellite Weapons @ FAS
Is a Space Warfare arms race really coming?
Weaponizing Space and the Emerging Space Warfare Arms Race
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Posts (Atom)