Infosec Weekly Radar, February 06 – 12 ,2012

Two Approaches to Managing Mobile Devices

We are using mobile phones everywhere at work, home and for managing our life. so we have all the necessary applications like mail apps, text editors, calendar and more. Here you can find a guest post by Richard Stiennon, a security industry analyst, speaker and author of Surviving Cyberwar where he outline two ways to manage your mobile devices security.

Allowing employee-owned mobile devices on the organization’s network promises immediate cost savings and an increase in employee satisfaction and productivity.  But the bring-your-own-device model doesn’t come without challenges.

http://blog.lumension.com/4177/two-approaches-to-managing-mobile-devices/

CatTrade (Ransomware Affiliate)

Winlock are popular Trojan that locks user’s operating system, the malware will block access to operating system and ask victim to insert a code that can be purchased by sending SMS and in response he will receive the activation PIN code.

The same malicious program can be used for legitimate purposes such as blocking some system component from running like games or unnecessary application defined by the company.  Here you can find a useful post by Xylibox on reversing a new kind of Winlock Trojans.

http://xylibox.blogspot.com/2012/02/cattrade-ransomware-affiliate.html

Did the 2006 Symantec Breach Expose RSA’s SecurID?

Kevin McAleavey posted analyses about symantec source code leakage and it’s influence on RSA SecurID product.

“In my capacity as a coder and antimalware researcher, I was asked to independently download and examine the contents of Symantec code which was publicly available, including snippets of code released in early January, as well as the Norton Utilities source code released on January 13.”

http://www.infosecisland.com/blogview/20137-Did-the-2006-Symantec-Breach-Expose-RSAs-SecurID.html

CISSP Reloaded Domain 2Access Controls

If you are planning to study for the CISSP exam here @J4vv4d started a series of posts that are going to cover the 10 CISSP domains.

“When you tell someone that they have a risk – they’ll either ignore you thinking you’re a doomsday naysayer (log it in their risk register and accept the finding). Thank you for bringing it to their attention and say their team will fix it straight away; or get that wide eyed crazy fearful look, grab you by the shoulders and shake you demanding to know what they should do before they all die.”

http://www.j4vv4d.com/?p=438

WPA Cracking with oclHashcat-plus

Here you can find tutorial about how to crack WPA using backtrack5 with oclHashcat-plus. You start by capturing the hash using airodump and aircrack-ng. Next you run oclHashcat on windows machine here the demo used windows seven and conduct dictionary and bruteforce attacks.

http://adaywithtape.blogspot.com/2012/02/wpa-cracking-with-oclhashcat-plus.html

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share
You can leave a response, or trackback from your own site.