Archive for category Privacy & data protection
WPA2 Might Be Spoofed!
Posted by Mourad Ben Lakhoua in News, Privacy & data protection, Vulnerabilities, Vulnerabilities & attacks on July 26, 2010
WPA2 (Wireless Protected Access ver. 2.0) – is the second version of a set of algorithms and protocols that protect data in wireless networks. As expected, WPA2 should significantly increase the security of wireless networks Wi-Fi compared with previous technologies. The standard provides the mandatory use of more powerful encryption algorithm AES (Advanced Encryption Standard) and authentication of 802.1X.
Panel of researchers reported discovering vulnerability in this protocol while it is widely used as a secure standard for wireless network. AirTight Networks said that this vulnerability concerns networks that match the IEEE802.11 Standard. The first demonstration of this vulnerability will be held in Defcon 18 on this week at Vegas.
Hole 196 is the name of this vulnerability and it uses the Man-in-the-middle method of attack, where the user is authorized in a WiFi network to intercept and decrypt all data transmitted and received by others on the same wireless network. Information that the exploit code will be publicly available, so that everyone can test it and use it, while there will be update by and standardizing bodies have been able to make adjustments in WP2.
Md Sohail Ahmad who will be demonstrating the attack at Defcon says that it took about 10 lines of code in open source MadWiFi driver software, freely available on the Internet, and an off-the-shelf client card for him to spoof the MAC address of the AP, pretending to be the gateway for sending out traffic. Clients who receive the message see the client as the gateway and “respond with PTKs”, which are private and which the insider can decrypt.
We will be following this research especially that all Access points are using this protocol and there should be un update available before the demo to fix this vulnerability.
make sure you subscribe to my RSS feed!
Secure Live-CD Ubuntu Privacy Remix 9.04r3 is Out!
Posted by Mourad Ben Lakhoua in News, Operating System, Privacy & data protection on January 11, 2010
Ubuntu Privacy Remix (UPR) developers released a new modified version of the Linux Ubuntu operating system and now are available for download online.
UPR is a Live CD Destro that aims to provide users with an environment that allows to safely handling personal information, the system installed on the computer running UPR remains untouched.
The risk of theft of such private data arises not only from “conventional” criminals, trojans. rootkits, keyloggers etc. Ubuntu Privacy Remix is a tool to protect your data against unsolicited access.
To mitigate the risks Ubuntu Privacy Remix tries to create such a working environment on any PC with the following measures:
• The system resides on a read-only CD, Spyware and other malicious software cannot be installed permanently.
• The system completely ignores any potentially compromised local (S-)ATA hard disks.
• The system kernel is modified so that it cannot activate any network hardware. No LAN/WLAN/Bleutooth/Infrared etc.
• The system is based on free software which can be verified in source code.
• To ease working with a non-modifiable system, UPR introduces “extended TrueCrypt-Volumes”, which can store program configuration like GnuPG settings, OpenOffice dictionaries etc. permanently and securely within an encrypted volume.
The OS software component, including the system kernel, has been updated to the latest versions and as a result the creators managed to get rid of some bugs and vulnerabilities. In addition to the CD version there is a special utility to create bootable USB-drive directly from the protected environment.
you can download Ubuntu Privacy Remix 9.04r3 here.
make sure you subscribe to my RSS feed!
DisCryptor Protects Your Privacy
Posted by Mourad Ben Lakhoua in Privacy & data protection, Software Security, Tools on October 26, 2009
DisCryptor is a complete software for protecting your privacy by providing a free personal product to save sensitive data, send important documents via E-mail and transfer folders on USB memory in an easy and very fast way.
After the installation you will have a very rich dashboard that provides tab for creating new virtual or physical drive so it only needs to click to start encrypting the disk.
You can also creat a traveler disk this functionality will help you encrypt your usb drive so your entire content will be encrypted with a very high security level , the interesting point that later when you are looking to open your files on any PC it is possible even if you have no DisCryptor on it , by choosing Travel disk functionality and you burn an autorun soft to a CD/DVD , and you just need to have the CD and the USB device or external hard drive to open your file.
it is also possible to use this software package to encrypt your files, Encrypted file in software DisCryptor will always has a .DCF extension and icon of DisCryptor logo.
Maybe the biggest panic for any person is to remember passwords. You can imagine how a person will remember thousands of passwords or to write them on a sheet of paper this all is very risky and easy to be lost. Here this software solved the issue by providing a solution to manage passwords and store them in an encrypted way (Hash function includes SHA-256, SHA-384 a SHA-512..), even when you create a password it automatically show the security Level of this password according to the chosen security profile and it is recommended to use the strongest password as possible and keep you tracking your passwords.
Currently there are three types of license a free personal edition, a Business edition and an Enterprise edition you can read more details about Discryptor Here.
make sure you subscribe to my RSS feed!
IT workers 'breaching security'
Posted by Mourad Ben Lakhoua in Privacy & data protection on June 13, 2009
Security breaches in organisations are increasingly being done by IT staff, new research indicates.
The study by security firm Cyber Ark found that 35 per cent of technology workers access sensitive corporate data without authorisation, a rise of two percentage points from 12 months ago.
According to the survey, the most popular information that is being accessed without approval are customer databases and merger plans, both cited by 47 per cent of respondents, followed by copies of research and development plans, chief executive’s password and financial reports.
Udi Mokady, chief executive of Cyber Ark, said: ‘Unauthorised access to information such as customer credit card data, private personnel information, internal financial reports and R&D plans leaves a company vulnerable to a severe data leak with the risk of financial or regulatory exposure and damage to its brand, or competitors obtaining critically important competitive information.’
More than 400 IT and technology workers across the UK and the US were questioned as part of the study.
[Source: BCS]
make sure you subscribe to my RSS feed!
Hackers penetrate US air traffic control systems
Posted by Mourad Ben Lakhoua in News, Privacy & data protection, Vulnerabilities & attacks on May 9, 2009
According to a reportPDF by the US Federal Aviation Administration (FAA), in recent years hackers have repeatedly penetrated air traffic control systems via the internet. These incidents have been sufficiently serious that the hackers have been in a position to turn off power to servers.
In early 2009, hackers penetrated a web server, from where they were able to work their way further into FAA systems and were able to gain access to the personal details of 48,000 current and former FAA employees. In other cases, intruders were able to obtain an administrator password and use it to install their own applications on West coast air traffic domain controllers. In 2006, a virus even forced the FAA to shut down a portion of its air traffic control systems in Alaska.
Most intrusions merely caused problems operating local administrative networks; internal connections mean that such attacks could, however, quickly spread to air traffic control systems. This would endanger real time monitoring of airspace, communications and the dissemination of flight information.
[Source: h-online]
make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for the Privacy & data protection category.
SUBSCRIBE
Latest Comments