That's the signal that hacked our network." - Keller - Transformers I the movie.
In "Transformers" the movie, Decepticons used a "signal" to hack the military network. Being a security professional, at first sight given the current technologies that I know, I think that this is not something realistic, at the time being. Hacking nowadays is done on different levels including application, network, systems and even physical. Physical here denotes fooling people and physical locks. However, after…
Continue
Added by Terminator on September 9, 2009 at 1:44pm —
4 Comments
Finally , I'm moving my blog to blogspot.com. You can find it at
http://eterminator.blogspot.com/ Continue
Added by Terminator on July 2, 2009 at 12:59pm —
No Comments
I'm writing these lines from Baltimore MD, where SANSFIRE conference has taken place. I was taking the SEC 542 Web App pen testing class with Kevin Johnson from Inguardians.com and the founder of the SAMURAI web application pen testing environment. It's a great class with a lot of experience being transferred from Kevin who is an excellent experienced security consultant. Learning the whole methodology and p…
Continue
Added by Terminator on June 21, 2009 at 1:35pm —
1 Comment
I was shocked to hear that
china is planning to deploy a software, Green Dam Youth Escort, which is supposed to filter out pornographic and improper content. Certain parties were concerned about freedom of the community to reveal their opinions in political issues. However, I'm more concerned about something else..
Ima…
Continue
Added by Terminator on June 10, 2009 at 7:00am —
3 Comments
Evil intended people can't get what they want most of the time if their victims where aware enough about the risk of what they are doing. clicking a link is way more dangerous that it looks.
Being a security professional, always talking about security, vulnerabilities, malicious websites, all this stuff made my family kind of aware about some of the risks involved with cyber-space. A couple of days ago, my little ten years old brother came along and asked me "Did you leave me an offline message…
Continue
Added by Terminator on May 28, 2009 at 6:11am —
No Comments
All what we have been talking about to prevent cybercrimes has nothing to do with the real criminals themselves!!. All this geeky technical stuff is good but cyber crimes are really very easy to commit! and very tempting!, because the punishment is not imminent. Usually, when cyber criminals are doing their attacks they have this feeling that they are safe, because they are sitting at home or at a cyber café physically way far from the "crime scene". Why is cybercrime numbers raging while physic…
Continue
Added by Terminator on May 12, 2009 at 9:00am —
2 Comments
Back in the 20th century, NSA had this program "echelon" that aimed basically at "tapping" all communications going in/out or inside the US. They had some legal issues but it was ignored as usual and the spying went on. The spying relied mainly on intercepting satellite traffic because back then there was no fiber optics. Since the introduction of the fiber optics network overseas, eavesdropping did not work very well. Tapping wires especially optical fibers weren't that easy. It needed physical…
Continue
Added by Terminator on April 23, 2009 at 11:30am —
1 Comment
Consider this scenario. There is only one operating system in the world that everybody uses. Now it’s going to be very easy for the attackers to write one exploit that runs on every single machine on earth!
On the contrary, if every single machine had its own operating system, then an attacker must write malware for every specific user.
The point from this argument is that heterogeneity of platforms makes it statistically harder on the attacker to write a malware that spreads well. The problem i…
Continue
Added by Terminator on March 30, 2009 at 8:55pm —
No Comments
In many cases, it's desired to know the IP address of someone in the reconnaissance phase. The first question to ask is what information do I have about this person. In most cases it's possible that you have the email or IM of the target. First let's discuss the methods:
Method #0x01
if you have a web server hosted someplace where you can see its logs then it's very easy to send someone a URL of an image or any webpage hosted on your web server (http://123.123.123.123/veryfunnyimage.jpg) whene…
Continue
Added by Terminator on December 10, 2008 at 2:00pm —
32 Comments
I've been wandering around surfing the net as usual when I found out this very odd thing... we all know that 25Dec(ember) is the christmas and 31 oct(ober) is the halloween. The weird thing is at the same time 25 dec(imal) number is euqal to 31 oct(al) number !! what a conincidence.It's like 25 dec = 31 oct -> christmas = halloween!! I think this must have a meaning don't you think??
Continue
Added by Terminator on November 5, 2008 at 12:30pm —
No Comments
About the google chrome browser. I've been looking around for a while and have a theory about it.
Although the beta version looks very promising and has dozens of new features especially concentrating on privacy and security, the software is still in the beta version. Meaning that there are lots of bugs and issues. When it comes to browsers, i think it's a very high risk to try something insecure or that's my opinion. I know some of you might think I'm paranoid!, but I believe that nowadays, br…
Continue
Added by Terminator on September 6, 2008 at 1:30pm —
8 Comments
I've been struggling for a week now with that piece of metal of mine (mobile phone) trying to install a simple app and yet I couldn't !!. The problem is that symbian (God saves their brains!) decided that no application to be installed on your very own mobile except if it's signed by symbian (hmm maybe someone is paranoid over there or something!!! ) . Of course there's that "self signing" thing that you can do. But it only grants you access to limited set of APIs and you cannot access all syste…
Continue
Added by Terminator on July 4, 2008 at 4:00pm —
3 Comments
Social networks is actually a crawling disaster with all this information passing, threats that we never thought of has emerged leading to serious problems
I was reading this article on Outpost security lab and they suggested few practices to make surfing through social networks more secure.
Best Practices:
"
Use the latest browser software and install Windows Updates as soon as they become available.
Use a firewall to protect your system against unknown threats; use up-to-date antivi…
Continue
Added by Terminator on June 22, 2008 at 8:00pm —
1 Comment
I've been to a friend of mine yesterday and sadly i forgot the keys inside the car and locked the doors. Usually in these situations I have to go back home and get my spare keys. But this time it was different. One of my friends said "wait I have a master key that opens all cars!" . I was like "hahaha ok that's a joke, so what are we going to do now". And then I was surprised that he actually was trying to open MY CAR with HIS car's keys !!! . The strangest was that it opened!! .. If I didn't se…
Continue
Added by Terminator on June 22, 2008 at 7:38am —
No Comments
well here we are with passwords again. I talked earlier about passwords importance and risks. Today I wanna talk about best practices.
Generally, system administrators advise employees to follow the following practices to keep their passwords secured :
•Use very lengthy passwords. It’s ok to have a meaning if it’s long enough (using a sentence of 100 characters for example as a password). But this means you’ll have to memorize a new sentence every now and then. And even a sentence for every sit…
Continue
Added by Terminator on June 3, 2008 at 2:00pm —
2 Comments
How can you prove yourself?
Well, everyone wants to prove himself by working hard and so on but I didn’t mean that here. I meant how can you prove yourself literally?. How can we be sure that you are yourself?! If there’s somebody telling me “I’m Mr. John Doe”, probably I want him to prove it; maybe by showing me his national number identification card or something similar. But what about computers?
Since a long time passwords have been the most popular way for authentication and proving ident…
Continue
Added by Terminator on June 2, 2008 at 4:14pm —
No Comments
