Category ArchiveSecurity Articles
Filed under: Defacements, Hacktivism, Penetration Testing, Personal Opinions, Security Articles
posted by D1m on 09 Aug 2007
How Crackers Deface Websites? Why They Do It?
Through the following post I am not purposing to influence you to start defacing, but to briefly give you a better understanding of how and why it is done.
Almost everyday I visit Zone-H’s archive of special digital attacks, I find that at least 1 or 2 attacks were done against US governmental web servers. The domain suffix of the defaced websites was *.gov. Does this fact means that they are totally secure? I don’t think so… Obviously the web servers may host very confidential data. In this case the web server administrators seemed to have allowed threats against governmental assets. Any unwanted consequences that a breach of security can lead to, are mainly caused by the irresponsibility and lazyness of system administrators and web developers.
Filed under: Exploits, Penetration Testing, Security Articles
posted by D1m on 17 Mar 2007
Pen-Test Paper: How An Internal Network Becomes External
My friend SuRGeoN from Greece wrote a very interesting pen-test paper which explains how easy is to convert an internal network into an external with the port redirection technique. He demonstrates the attack scenarios – including network architecture diagrams – and goes into great technical details about them.
Filed under: Privacy, RFID, Security Articles
posted by D1m on 22 Jan 2007
Main Issues Of Privacy With Respect To The Possible Introduction Of RFID Chips As Stock Trackers
Radio Frequency Identification or RFID chips come in many different sizes and shapes, such as cards and tags. They are already in use all around us and one of the most notable uses of RFID is that of pet chipping. These are usually tiny chips that can be embedded in almost everything and are able to identify living beings and a huge number of objects along with their properties, by transmitting the in chip stored information about them. [2]
A large number of retailers worldwide hope that RFID will replace the less-precise barcode. This is for a number of advantages, including the automation of stock tracking for cutting costs for them and for the manufacturers. [2] Despite the advantages for the retailers and the parties involved in the supply chain, the possible near future implementation of RFID chips as stock trackers raises specific privacy issues for the consumers.
This essay discusses these privacy issues with respect to the possible introduction of RFID chips as stock trackers. I will also provide a few notable examples of successes and failures in the RFID marketplace and possible solutions for mitigating privacy issues involved in stock tracking.
Filed under: Personal Opinions, Security Articles
posted by D1m on 22 Jan 2007
The Evolution Of Cybercrime + Personal Opinion
Criminallawyergroup.com is a very interesting read as it gives an account on the evolution of cybercrime. Some good points are made towards the end about the lack of regard for the social aspect of cybercrime with most concentration on the financial side of things. It is worrying that cybercrime is reported to cost $50 billion globally per year.
In my opinion, as technologies advance, there will be always security vulnerabilities and cyber-criminals to exploit them for a variety of motivations (political, religious etc).
Most of the cyber-criminals are seeking financial gain rather than notoriety for their actions.
Filed under: Personal Opinions, Security Articles
posted by D1m on 16 Jan 2007
Would I Hire A Hacker?
If I was a manager recruiting security programmers, prior to the final decision on whether to employee a hacker or not, I would require positive feedback for the psychometric tests that the hacker would be obliged to attend in order to have his motives evaluated.
I would also make sure that appropriate controls for hiring hackers are in place and that my company’s policy supports it. Despite the in-depth technical knowledge of the hackers, there are possible significant risks for the companies hiring them and thus many different aspects of the lives of the hackers need to be assessed.