| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Denial of Service
|
|
Social Engineering
|
|
SQL Injection
|
|
ElcomSoft vs. Adobe: How AEBPR cracked Adobe's Acrobat E-Book Reader While some believe that products such as AEBPR open the door for widespread piracy of copyrighted e-book material, others believe that companies such as Elcomsoft are working in the interests of e-book publishers: by exposing inherent weaknesses in any security model, holes are able to be patched, security improved, and material ultimately better protected from piracy. Dmitry Sklyarov's cause has been taken up by civil liberties groups such as the Electronic Freedom Foundation (EFF); protest actions have been staged and websites such as www.freesklyarov.org and www.boycottadobe.com have emerged. At the time of writing (August 2001), Dmitry Sklyarov was released on bail pending trial in Northern California; even though Adobe has dropped out of the Federal government's case against Sklyarov, the government is continuing to pursue prosecution of the case.
By Austen Woods, 04/03/2004
|
|
First Step Data Capture - Key Stroke Loggers Key stroke logging, depending on how it is implemented, can easily bypass the best host and network security, collecting valuable key information for use in later attacks or information gathering exercises. Key stroke logging through the d ata it captures can also remove the requirement to brute force attack encrypted information, as pass phrases are typed and then recorded by the logger in the clear.. Key stroke logging has been around since the days of the first mini-computer systems and it is still effective today as a first step data capture utility.
By Nigel Lewis, 03/28/2004
|
|
The Art of Reconnaissance - Simple Techniques. In the text that follows we shall concentrate on reconnaissance with a motive i.e. trying to attack a particular target say victim organization. Victim organization is in India and all the information available with us is a domain name victim.co.in (as we go along we will confirm if this really belongs to the victim organization). With this knowledge how do we launch an attack against the victim organization?
By Sai Bhamidipati, 03/24/2004
|
|
Red Teaming: The Art of Ethical Hacking Red Teaming is a process designed to detect network and system vulnerabilities and test security by taking an attacker-like approach to system/network/data access. This process is also called "ethical hacking" since its ultimate purpose is to enhance security. Ethical hacking is an "art" in the sense that the "artist" must possess the skills and knowledge of a potential attacker (to imitate an attack) and the resources with which to mitigate the vulnerabilities used by attackers. Although this paper discusses the methodology and tools used to perform Red Teaming, its purpose is to discusses the overall role of Red Teaming in evaluating a system's/network's security posture. The paper does not intend to be a "how-to" guide to Red Teaming, rather it justifies the need for such methods to provide an accurate situational awareness for network/system security.
By Chris Peake, 03/24/2004
|
|
Anti-Hacking: The Protection of Computers In the Computer Security industry, there are many solutions available to help combat cyber crime. Firewalls and Intrusion Detection systems are in place across the Internet to help protect more networks than ever before. Teams at software corporations work diligently on creating patches for known vulnerabilities, yet everyday the number of computers that are compromised increases. It seems like almost every week a big Internet or software company has a security incident, so what does this say about the Computer Security industry? Even with the software available to defend the networks of companies, it takes more than that. The education of the security administrators is the key to using those software packages correctly.
By Chadd Schlotter, 03/24/2004
|
|
Routine External and Internal Hacking, An Important Part of Information Assurance One of asop's many fables was "The Hare and the Tortoise". In it, the Tortoise challenged the Hare to a race and the Hare, believing her assertion to be simply impossible, assented to the proposal; and they agreed that the Fox should choose the course and fix the goal. On the day appointed for the race the two started together. The Tortoise never for a moment stopped, but went on with a slow but steady pace straight to the end of the course. The Hare, lying down by the wayside, fell fast asleep. At last waking up, and moving as fast as he could, he saw the Tortoise had reached the goal, and was comfortably dozing after her fatigue. The moral of the story was that "Slow but steady wins the race."
By Benjamin Herman, 03/24/2004
|
|
Corporate LAN Intranet Server Compromise I plan to compromise the Intranet server on our corporate LAN and install an illicit application of some sort. I do not want to use my normal user account or my normal system to hack into the server. Disclaimer for myself: I am the administrator of my company's Intranet server. I have performed the tasked outlined below with the full knowledge of my managers and co-workers, and the blessing of the Audit and Data Security departments. Along those same lines, the names of the people, domains, and systems involved have been changed, as well as the IP addresses (to protect the innocent and the not-so-innocent).
By Unknown, 03/24/2004
|
|
The Flat Footed Hacker You have a firewall protecting your resources from the Internet. You operate a proxy server for your users to access the Internet without them having to directly touch the Internet. You are diligent with the latest system patches. Even through your efforts, are you still leaking too much information out to the bad guys?
By Unknown, 03/23/2004
|
|
Known Attacks Against Smartcards This document analyzes, from a technical point of view, currently known attacks against smart card implementations. The purpose of this analysis is to give the necessary background for the assessment of the mechanisms that can enhance the security of smart cards. This document is mainly intended for people who are considering the use of cryptographic modules and who need to compare several options with respect to their security.
By Hagai Bar-El, 03/22/2004
|
|
The easiest way to get around SSL This paper explains how it is often possible, with the simple substitution of a string, to get around a "secure" implementation based on an incorrect use of SSL. Please note that this document does not contain any information about weaknesses of the SSL protocol; it simply shows the easiest way to get around the correct functioning of the SSL protocol. In this document typical "weakly secure" implementation based on the SSL protocol are illustrated. A simple test application is also proposed to check if existing implementations are indeed "weakly secure".
By Roberto Larcher, 03/22/2004
|
|
Page: 1234 5 67 |
