Skip to content

Category: InfoSec

Information Security

AGCOM seeks input on IoT

Like Ofcom in the UK, Italian AGCOM seeks input on Internet of Things. In the pursuit of business cases that will help Telecommunication Service Providers to leave the corner in which they stand as infrastructure providers like a worn out elderly catcher, the internet of things looks like a potential new business, where the chances are looking potentially better than in voice or data communications. The challenge for the carriers is the same as before, though: They need to embrace innovation, even if it means breaking traditional business processes. If… Read more AGCOM seeks input on IoT

Over 11,000 claimants join class action against Facebook’s NSA collusion | ITProPortal.com

Over 11,000 claimants join class action against Facebook’s NSA collusion according to the IT Portal. Indeed, the use of technology coming from companies like Facebook, Google or Apple is sexy – and the alternative is, as Srems said, “living in the stone age”. Years ago, having and using a mobile phone was a choice of technology. It became a choice of participating in society or not. School teachers and project groups in schools often manage times, meetings, places and information on the lasses and projects using WhatsApp, while the App… Read more Over 11,000 claimants join class action against Facebook’s NSA collusion | ITProPortal.com

Trojaner-Hersteller FinFisher wurde gehackt

Trojaner-Hersteller FinFisher wurde gehackt (heise security news-Foren) One of the commenter of the Heise article gives some juicy bits on the leaked data from Finfisher:   “Ein Großteil der 40G sind leider verschlüsselt. Es gibt einen Ordner (www/FinFisher/), da scheinen Kundenspezifische Lösungen drin zu sein. Da sind alle Dateien mit GPG verschlüsselt. Ich glaube kaum, dass dazu die Privatekeys auftauchen. Anderseits nutzen einige Dateien auch “nur” die Zip interne verschlüsselung. Insebesondere das 30GB große Archiv www/FinFisher/Engineers7117/FinSpy/Images/FinSpy-PC+Mobile-2012-07-12 -Final.zip dass eine .tib enthält, das ist ein Acronis TrueImage Disk image. Auch gibt es zwei verschlüsselte Zips mit scheinbar geklauten privaten Fotos. Wer kennt einen guten Zip Passwort Bruteforcer? Auch interessant, in der Datenbank sind scheinbar alle Kundenpasswörter unverschlüsselt (aber überwiegend zufällige). Der Support hat einmal das Passwort “F1nF1sher4You” rausgegeben 🙂 Genauso wird in einer Datei “finfisher!@§$%” ich glaube als sowas wie ein Salt verwendet. Der Zufallszahlengenerator “realRand” wird mit der Uhrzeit geseeded. Übrigens speichern die Jede IP, die sich versucht ein oder auszuloggen.” That Finfisher has been exposed, even with sourcecode put up in github is hard enough. That potentially private photos are within the data file adds insult to injury. You can draw all kinds of conclusions from this leak (read this for more info) including a lot… Read more Trojaner-Hersteller FinFisher wurde gehackt

iOS security myths debunked

In iOS security myths and threats,  Many of the underlying myths (like “iOS is safer than Android, as it has a walled garden approach in iTunes that keeps malign approaches beyond the fence”) are debunked. Good reading.

How Europe can avoid to be living in a reality distortion field of ‘security’.

It is fairly surprising, what lately surfaces as being published from the distortion field around telecommunication infrastructure,  some three letter agencies and the German government. Golf-ball shaped architectural elements rais suspicion, “small cylindric white objects” have been seen removed from the neutral grounds of amicable allies’s embassies in Berlin lately, and the rules of conduct for the DoD stemming from 2005 are updated already for the members of that part of the administration in Germany. The grounds and reasons for current actions given to the general public are at least… Read more How Europe can avoid to be living in a reality distortion field of ‘security’.

Hackers can break Tor Network Anonimity with USD 3000 | Security Affairs

Next Blackhat promises to be  interesting: Hackers can break Tor Network Anonimity with USD 3000 | Security Affairs. as Pierluigi Paganini, a renowned expert in Information Security says:   — I confess you to be very excited to see the presentation of the two experts, as they had anticipated, with a limited budget, it is possible to track users on Tor network, so let’s imagine the capabilities of  a persistent attacker with much more computational capability and with a “couple gigabit links”. — Indeed, that would be some news for the information security… Read more Hackers can break Tor Network Anonimity with USD 3000 | Security Affairs