A picture speaks a thousand words.
Browser security
I was asked by a friend to recommend a list of tools to protect his browser and secure his surfing experience.
A picture speaks a thousand words.
A picture speaks a thousand words.
Insecure passwords
Was in the middle of a "Penetration Testing" exercise and came across an application that sends the users' credentials in cleartext. I was surprised as I rarely encounter this scenario.
This got me thinking if popular apps such as "Facebook" and "Gmail" send our credentials in cleartext too? Fired up "Paros" and the rest they say is history.
This got me thinking if popular apps such as "Facebook" and "Gmail" send our credentials in cleartext too? Fired up "Paros" and the rest they say is history.
"SecureBrowsing"
My latest column explores the "Firefox" addon called "SecureBrowsing". Here is the excerpt.
"The Internet is a dangerous place to venture because it is rife with websites hosting malware and malicious code deployed o compromise your systems. How do you thwart hackers from fulfilling their insidious objectives?"
"The Internet is a dangerous place to venture because it is rife with websites hosting malware and malicious code deployed o compromise your systems. How do you thwart hackers from fulfilling their insidious objectives?"
"Tamper Data"
My latest column explores the "Firefox" addon called "Tamper Data". Here is the excerpt.
"HTTP Proxies are a necessary tool in the arsenal of a penetration tester. Common HTTP Proxies harnessed for testing web applications for vulnerabilities include Paros, Burp and Webscarab. My personal favourite is Paros, which is written in Java and thus, platform independent. However, I recently discovered a comparable tool called Tamper Data."
"HTTP Proxies are a necessary tool in the arsenal of a penetration tester. Common HTTP Proxies harnessed for testing web applications for vulnerabilities include Paros, Burp and Webscarab. My personal favourite is Paros, which is written in Java and thus, platform independent. However, I recently discovered a comparable tool called Tamper Data."
"jhead"
My latest column explores a tool called "jhead". Here is the excerpt.
"Smartphones are feature packed and owned by nearly everyone in developed countries. We cannot get by with our daily lifes without them. They provide us with a pocket sized gadget to surf the World Wide Web, direct us to where we want to go via the built-in Global Positioning System (GPS)and even permit us to take videos as well as photographs on the go. The caveat of this device is that it records a lot of sensitive data about its owner by default."
"Smartphones are feature packed and owned by nearly everyone in developed countries. We cannot get by with our daily lifes without them. They provide us with a pocket sized gadget to surf the World Wide Web, direct us to where we want to go via the built-in Global Positioning System (GPS)and even permit us to take videos as well as photographs on the go. The caveat of this device is that it records a lot of sensitive data about its owner by default."
"WebHTTrack"
My latest column on the "Linux" version of "HTTrack". Here is the excerpt.
"HTTrack Website Copier is aopen source tool to download an entire website from the Internet locally onto your desktop for offline browsing. It is a Windowssoftware that spawned WebHTTrack, its Linux/Unix/BSDrelease. The tool dumps and mirrors the complete contents of the source website you specify to a local directory by replicating the exact directory structure, files and links.
This is beneficial for a security practitioner who wants to perform offline security testing against a website without impacting the server hosting it ."
The latest issue of "Hakin9" also features an article by my friend, Remus Ho.
"HTTrack Website Copier is aopen source tool to download an entire website from the Internet locally onto your desktop for offline browsing. It is a Windowssoftware that spawned WebHTTrack, its Linux/Unix/BSDrelease. The tool dumps and mirrors the complete contents of the source website you specify to a local directory by replicating the exact directory structure, files and links.
This is beneficial for a security practitioner who wants to perform offline security testing against a website without impacting the server hosting it ."
The latest issue of "Hakin9" also features an article by my friend, Remus Ho.
"Windows Update" compromised
A lot of news recently about "Flame" and one method that the malware used to spread itself was via "Windows Update". Fascinating read.
"Secure Deletion"
My latest column on ensuring endpoint privacy using secure deletion. Here is the excerpt.
"The Internet has empowered us to do more with our electronic devices. We do everything from our taxes to shopping and sending private messages. Our devices become a hotbed of personal data that is of interest to malicious parties. Deletion of files and caching is insufficient in preventing harvesting of your information that resides on your devices. The solution is secure deletion or wiping to overwrite those files with random data to eliminate the chances of data recovery."
"The Internet has empowered us to do more with our electronic devices. We do everything from our taxes to shopping and sending private messages. Our devices become a hotbed of personal data that is of interest to malicious parties. Deletion of files and caching is insufficient in preventing harvesting of your information that resides on your devices. The solution is secure deletion or wiping to overwrite those files with random data to eliminate the chances of data recovery."
"Digital Forensics Platform"
My latest column on the DEFT 7 forensics environment. Here is the excerpt.
"Digital Forensics is a niche domain within Information Security. It can be further divided into System and Network Forensics. System Forensics requires an indepth knowledge of Operating Systems (OS) and file systems whilst Network Forensics requires an extensive understanding of network protocols and discernment of application behaviour."
"Digital Forensics is a niche domain within Information Security. It can be further divided into System and Network Forensics. System Forensics requires an indepth knowledge of Operating Systems (OS) and file systems whilst Network Forensics requires an extensive understanding of network protocols and discernment of application behaviour."
"Secure Your DNS"
My latest and first column of the year is out. Here is the excerpt.
"Do you trust your ISP’s DNS setup? I don’t! DNS is susceptible to attack by malicious entities to target innocent victims just like any other protocol. The solution is to engage OpenDNS as your trusted DNS service which is harnessed by home and enterprise networks globally."
"Do you trust your ISP’s DNS setup? I don’t! DNS is susceptible to attack by malicious entities to target innocent victims just like any other protocol. The solution is to engage OpenDNS as your trusted DNS service which is harnessed by home and enterprise networks globally."
Subscribe to:
Posts (Atom)
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...