2015-06-30

Kaspersky Hack - Duqu 2.0

I am not sure what is the big fuss around the hack. Anyone sane reading the details of the attack, would immediately appreciate the responsible disclosure by the company. I fully agree with them, when they say:
They say there are two kinds of companies, those who know they have been hacked, and those who don't know they have been hacked.
Another article that speaks a bit more about what happened.

US Navy just paid millions to stay on Windows XP

Now, I completely agree that there could be legacy applications which are dependent on XP. However, considering this has been decommissioned for a while now, there is no good excuse - considering the country's defense depends on them.

Proxies For Secure Web Browsing

Does your office block out access to personal email accounts, social networking sites, etc?

Have you ever wanted to check your email or log on to your bank account but the only available internet connection was an unsecured wifi or a publicly shared network (like at cybercafes and airports).

Well for security freaks like us it is not really hard to keep ourselves safe. All we need to do is setup an old PC at home, to act as a proxy (or a hop off point to the internet). Once that is done, you can use an untrusted system or internet connection to establish a secure connection to your home PC and then browse to the net.

There are a number of softwares available out there to accomplish this:

(1) Psiphon: Really simple and straight forward to install. Perfect for beginners and newbies.

(2) VNC: A very useful and feature packed, open source tool.

Update 30-Jun-15:
Note: the free proxies may not be really "free", and may be forcing a HTTP (unencrypted session for malicious purposes). Another post, more geared towards TOR

2015-06-16

LastPass Compromised

LastPass (a popular password management site) has been compromised. The company announced in their blog. Errata also has a good impact assessment on the topic.

2015-06-15

Encrypting Windows Hard Drives

Bruce Schneier discusses the 'best of the worse' full-disk encryption tools available. I quote the conclusion below:
Based on what I know about BitLocker, I think it's perfectly fine for average Windows users to rely on, which is especially convenient considering it comes with many PCs. If it ever turns out that Microsoft is willing to include a backdoor in a major feature of Windows, then we have much bigger problems than the choice of disk encryption software anyway.
Whatever you choose, if trusting a proprietary operating system not to be malicious doesn't fit your threat model, maybe it's time to switch to Linux.

History of the insecure internet

A very well written article of the history of the internet, and why till date it remains an insecure nightmare :  Part One and Part Two

2015-06-01

Tiversa - CyberSecurity firm that hacks to extort

A former employee of P2P cybersecurity firm Tiversa who has turned whistleblower testified that the firm hacks clients in order to fake data breaches and then extorts clients to pay for its 'incident response' services.
Full Story

Stegosploit - Exploiting via an image

A brilliant hack.. how to run an exploit from an image? All the victim needs to do is load an image on his browser.