Latest News From the IT Security World
By Armando Romeo, eLearnSecurity and ID Theft Protect
Security by Hiding!
By Ali Hadi
I was once talking to a friend of mine about client side attacks, and how they can lead to a full compromise of the companies private network. He told me that they were safe because: first – they use a third party to host their website, and second – no one knows what IP address ranges they are using for their local LAN! When he finished I asked him if he accepts a challenge? I told him I would send him an email containing their ISP name and full IP address ranges they are using. He accepted the challenge! It was really one of the simplest tasks I’ve ever done in this field. Read how simply the hidden network can be found!
RFID for Newbies, Sauce Security
By Gildas Avoine
Everyone knows what RFID means. However, details behind this word are usually unknown or misunderstood. We provide in this article an introduction to the Radio-Frequency IDentification technology and highlight the related security and privacy issues related to this ubiquitous technology. This is an introducing article to RFID security issues. Read it before enjoying the rest of the content!
RFIDIOt for Mac OSX
By Israel Torres
RFID when first introduced years ago convinced many that it would be the way of the future. Inventory systems would be smarter, tracking things and even people would be simpler. One could simply walk into a store, pick up their items they needed and walk out comforted by the thought that this exchange automatically deducted whatever they walked out with from their established accounts. Cars could pull up to gas stations fuel up, be automatically detected and billed accordingly. People could walk right into their office building or homes without ever have to worry about spilling their coffee looking for keys. Then the fear came…
RFID Security and Privacy Issues
By Gary Milefsky
Here’s a real-world scenario: You’re a successful executive at a large software company. You’re about to be robbed but it won’t be through cyber-crime or zero-day malware exploiting CVEs, as I usually write about. As you walk into your local Starbucks to pick up your favorite cup of coffee, a young man bumps into you, says excuse me and heads to his car with his cup of coffee. Next thing you know, while you’re out having coffee, this young man has actually cloned your RFID card for building access and access to your office… Read what are the threats and how to secure yourself against them.
Passive RFID Tag Security: Electronic Product Code E-Passport and Contactless Credit Card
By Michel Barbeau
Because on their impact on the applications, security vulnerabilities of RFID tag technologies, when they are uncovered, easily draw media attention. The wireless security and access control of some key recent RFID-based technologies have been, although, interestingly designed. From this article you will learnwhat three key RFID-based applications are doing to secure their wireless communications and chip access.
The RFID and NFC Radio Frequency – Enabled Security Threat
By Julian Evans
A discussion on how radio frequency-enabled technology could leave people vulnerable to identity theft and then potential identity fraud. Read the article and find out why Expert Julian Evans claims, that it’s only a matter of time before someone or a cybercrime gang finds a method that steals both the personal and business data from the many material objects that will in the future use RFID and NFC. This article is a very good update of the most current issues in RFID security.
RFID and Privacy – An Interview With Dr. Ann Cavoukian
By Rebecca Wynn
Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world. An avowed believer in the role that technology can play in protecting privacy, Dr. Cavoukian’s leadership has seen her office develop a number of tools and procedures to ensure that privacy is protected in Ontario – and around the world. Dr. Cavoukian is Ontario’s first Information and Privacy Commissioner (IPC) to be re-appointed for an unprecedented third term. On July 15th 2011 our long time contributor, Rebecca Wynn, ask Dr. Cavoukian about her views on Radio Frequency Identification…
MITM using Cain: Client Side Attacks
By Bharath Siva Kumar
As a Boss, have you ever tried to find out what your employee is working on with his office desktop? As a network admin, have you thought of finding who is flooding the network with trivial issues? As a parent, are you eager to know what sites your kid is browsing? If your answer is yes to any one of the above, then the solution is right here. It is obvious that you just have to behave as a Man-in-the-Middle (MITM) to sort out the things. Let us have a panoramic view of MITM and how to perform it in a stealthy way.
When is Private Not Private? Making Sense of European Privacy Law
The EU has recently changed the law regarding the saving of cookies on users’ computers by websites. The Privacy and Electronic Communications Regulations (PECR) have been updated to increase privacy for website visitors and require websites to obtain consent from visitors prior to storing a cookie on the visitor’s computer. Let’s think about this for a moment – this is a piece of European legislation. The internet, by contrast, is not limited to the realms of the EU. So, in effect, the law applies to everyone with a website, whether or not they are hosted inside the EU. On the face of it, this makes little sense – the legal aim is clear, but the aim does not coincide with practical realities. Read the article to find out how do we get to the situation where laws are passed that no-one seems to understand…
The Astalavista Experience
By Sven Adelt
Astalavista.com is an IT News & Security community. It serves as a starting point for IT and security news with its continuous news stream on the main page. But Astalavista is much more, for the technical interested and IT savvy people there are a multitude of tools which can be used. These range from diagnostic tools like dig, ping and traceroute to information gathering tools, DNS tools and encryption/decryption routines. Finally you can test your IT security skills on the Wargames section. Read more about it and find out how to make advantage of all mentioned above.
By Jim Gilbert
Jim’s cartoons are non-figurative. The reason of this lies in his long search, how to combine words and graphics. As a result he started to draw cartoons. Specifically he is excited about The Asylum because of its minimal nature, minimal drawing, minimal words, minimal characters… maximum content. Enjoy the last set of series The Asylum by Jim Gilbert. Since September issue, we welcome a new cartoonist.