2012-03-28

Hackers Claim To Be 'LulzSec Reborn'

Update 27-Mar-2012:
Undeterred by the recent arrest of key hackers tied to Anonymous and LulzSec, members of a mischief-making ring calling themselves "LulzSec Reborn" took on some high-profile targets this week.

2012-03-27

Securing your Board of Directors' communication portal

Interesting article, talks about how to secure the board of directors, who arguably have access to the most confidential data in the entire organization.

2012-03-21

Full Disk Encryption

Advantages of full disk encryption:   According to researchers, full-disk encryption is hampering police forensics.

Update - 21-Mar-2012:
So, what is the best way to protect personal data on a workstation?
Is it Full Disk Encryption?
  • Yeah, but what if a court orders you to reveal your password?
  • Or what if a guys just steals your encrypted laptop and runs away?
Here is an article with the best solution. The solution described is around creating hidden, encrypted volumes using TrueCrypt.

Indian company hacks GSM and usurps IMSI

Seems like GSM service providers are not always encrypting the traffic as they should be.

2012-03-17

MS12-020 RDP Vulnerability

Another 0-day bug, which has been in the wild for 1 year..! Still a mystery how the POC got leaked!!!

Microsoft blames security info-sharing program for attack code leak.

Update 04-May-2012:
Microsoft boots Chinese firm for leaking Windows exploit

2012-03-15

"Quis custodiet ipsos custodes" – "Who watches the watchmen" Awards!!!

The Big Brother Awards honor individuals, companies and government institutions that “have severely violated privacy.” There are three prize categories: People, Companies and Government.

The winners:

  1. Dutch minister Edith Schippers was awarded the People prize
  2. Facebook won the Company award
  3. The Government prize was awarded to the national police (the KLPD)

Anonymous Rolls Out A Hacking OS

Update: 15-Mar-2012:
Surprises keep on coming...
Anonymous has now released a Ubuntu based distribution, to "test the security of the websites". Points to note:
  • It has only been released as a live-cd. Hence, there is no intention of hiding some back-doors in there
  • They explicitly refuse to accept donations for this project. I can only assume they are well funded
Update: 16-Mar-2012:
In their twitter feed, Anonymous declares, "The Anon OS is fake it is wrapped in trojans. RT"

In India, 112 government websites hacked in three months

This is really insane, about time the Govt becomes serious about IT Security.

2012-03-10

How Anonymous plans to use DNS as a weapon

Update 08-Mar-2012:
This is of course only a theoretical concept. A full scale DNS attack has not ever been conducted.

Update 29-Mar-2012:
Alright so Operation Global Blackout is fast approaching, i.e. 31-Mar-2012... That is the day Anonymous is supposedly going to take down the internet, using DDoS on DNS servers. Of course, there are varying theories around this threat, but all in all this still seems very unlikely to completely bring down the internet.

Update 01-Apr-2012:
The days comes and goes, and there is no evidence of even an attempt to attack the DNS servers.

Update: 26-May-2012:
So, anonymous fooled us (or joked or lied) about trying to bring down the internet. Of course, we all know a simple DDoS attack is not going to cripple the net. Here is an article that actually tells us how to kill the internet, and let me assure you, it ain't simple.

2012-03-08

Free Cryptography Course

Cryptography, is one IT Security subject that is closest to my heart, and is also probably the most important subject for we guys to be knowledgeable in. Stanford University is offering a free online 6-week course, and I am amazed to see what an unbelievable course they have setup. 

The course officially starts on 12-Mar-2012, but they have already released the first week's course material, and I can tell you this is NOT one of the typical "free" non-sense stuff.

Each week, the students have to study the video lectures, then pass an online exam, plus an assignment. It is pretty intense.

Anonymous Take Out Vatican Site

07-Mar-2012:   
This seems out of the ordinary. Anonymous attacks the catholic church!!

13-Mar-2012:
The same website gets hacked a second time.. This time the justification even more bizarre

2012-03-07

Online Virus Analyser

A very good list of websites to trust when trying to clean your network of a malware infection.

2012-03-01

WhereDidYouWearIt.com

Okay, internet for sure has many many concerns and issues when it comes to user privacy, with all the social networking sites, blogs, video-sharing, file-sharing, etc. etc.

However, this one site, for sure makes we wonder if we have started to cross the line..?!!!?

Detect if visitors are logged into Twitter, Facebook or Google+

A nice hack to know what Social Networking tools are your web-visitors logged on to.

Schneier reveals three biggest information security risks in 2012

Always a good read by Bruce Schneier.

SQL and XSS vulnerabilities will be the fastest growing threat of 2012

What to look out for in 2012

Stolen NASA Laptop Had Space Station Control Code

"NASA had 5,408 computer security lapses in 2010 and 2011". Full story here

NASA says it was hacked 13 times last year

Hackers had 'full functional control' of Nasa computers

NASA's rebuttle: "The thief cannot control the space station, because the codes can only be used from within the Command Center at Houston." Never heard something as stupid as this.