May 27, 2011

Call Interception Demonstrated On New Cisco Phones

Call Interception Demonstrated On New Cisco Phones: "mask.of.sanity writes 'Researchers have demonstrated a series of exploits that turn Cisco IP phones into listening bugs, and could allow a denial of service attack capable of silencing a call center. It allows internal staff and competitors with a little publicly-available information to hijack the phones, wiretap calls and eavesdrop on confidential meetings. The attacks work through a sequence of exploits against the latest Cisco phones enabled to run off the shelf. Most people are vulnerable, the researchers say, because they do not harden their systems in line with recommended security requirements.'

Confessions of a Computer Repairman

Confessions of a Computer Repairman: "nk497 writes "What really happens to your PC when it's handed over to computer repair cowboys? We reveal the horror stories from computer repair shops — the dodgy technicians that install pirated software, steal personal photos, lie about hardware upgrades, upsell to the unsavvy, or simply steal your PC to sell on. Plus, we tell you how to avoid such dodgy fixers and find a trustworthy repairman."

May 3, 2011

Repudiate This!

I've been hearing this term at work a lot lately so here is the Wikipedia definition for digital non-repudiation.

Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:[1]
  • A service that provides proof of the integrity and origin of data.
  • An authentication that with high assurance can be asserted to be genuine.
Proof of data integrity is typically the easiest of these requirements to accomplish. A data hash, such as SHA2, is usually sufficient to establish that the likelihood of data being undetectably changed is extremely low. Even with this safeguard, it is still possible to tamper with data in transit, either through a man-in-the-middle attack or phishing. Due to this flaw, data integrity is best asserted when the recipient already possesses the necessary verification information.
The most common method of asserting the digital origin of data is through digital certificates, a form of public key infrastructure, to which digital signatures belong. They can also be used for encryption. The digital origin only means that the certified/signed data can be, with reasonable certainty, trusted to be from somebody who possesses the private key corresponding to the signing certificate. If the key is not properly safeguarded by the original owner, digital forgery can become a major concern.

Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE

Wow, this is just incredible.

Sony Breach Gets Worse: 24.6 Million Compromised Accounts At SOE: "An anonymous reader writes with an update to yesterday morning's news that Sony Online Entertainment's game service was taken offline to investigate a potential data breach related to the PSN intrusion. SOE has now said that they too suffered a major theft of user data.
'... personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007. The information from the outdated database that may have been stolen includes approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.'"

Google Chrome Canary Now Available for Mac [Downloads]

Click here to read Google Chrome Canary Now Available for MacGoogle Chrome Canary Now Available for Mac [Downloads]: "OS X: Google's released the 'Canary' version of their popular Chrome browser for OS X, giving Mac users earlier access to advanced features. More »"