A Django site.
January 14, 2016

Inside Security News
insecnews
is about »
» Security BSides Athens 2016, Greece

I am pleased to announce that the Information Security Research Group is a proud community supporter of the effort being put into organising the Security BSides Athens 2016 in Greece held on the Saturday, 25 June 2016. More information about the event can be found … Continue reading

June 30, 2011

Inside Security News
insecnews
is about »
» Hope it is not you!

If you see Trojan:Win32/Popureb.E or something called Popureb [1] in your Antivirus software then start making backups and look for your PCs restore CDs/DVDs to restore your system. [1] – http://www.computerworld.com/s/article/9217953/Rootkit_infection_requires_Windows_reinstall_says_Microsoft?taxonomyId=85

March 16, 2011

Inside Security News
insecnews
is about »
» How serious and consequential any one failure would be?

Reading the article about Japan’s Nuclear reactors[1] and the issues the country is now facing because of a number of critical failures that occurred; with this post I would just like to point out how this, in a similar fashion, … Continue reading

October 13, 2010

Inside Security News
insecnews
is about »
» Increase of Cyber attacks

Cyber attacks are on the increase. Not just because I say so, it is a fact [1,2,3]. Cyber criminals are turning to the virtual world and usually the figures demonstrate their success in doing so. Some countries are even thinking of having … Continue reading

July 26, 2010

Inside Security News
insecnews
is about »
» Expire my data

Like milk, when data is stored in our refrigerated data storage facilities it should have an expiration date. Imagine a milk that degraded in your fridge and disappeared after the expiration date. The perfect solution to taking out the trash … Continue reading

January 4, 2010

Inside Security News
insecnews
is about »
» Decaf COFEE put me to sleep

Decaf[1] is the hackers reply to Microsoft's COFEE tool set. Once again creating a tool to combat a set of tools as old as Sysinternals is nothing new or surprising. If it did not happen we would have been surprised.

Unfortunately (and thank god) systems are open and when they are closed (-source) people can still reverse-engineer and break them. This is the nature of the system, be that a PC, Apple, hardware, software or a mobile phone.

In other news an Xbox 360 thief was caught when the original user's account automatically signed in [2]. Proving that with some effort it is possible to track and catch thieves that keep and connect Internet-capable systems. Hear that UK!

Links used:
[1] - http://www.theregister.co.uk/2009/12/14/microsoft_cofee_vs_decaf/
[2] - http://www.theregister.co.uk/2009/12/30/x_box_theft_suspect_racked_down/

December 18, 2009

Inside Security News
insecnews
is about »
» Interception of video feeds from US drones in Iraq

"Shia fighters are said to have used off-the-shelf software programs such as SkyGrabber to capture the footage."[1]

Why the BBC calls this a hack [cause it sounds cool I guess] I have to idea. This is a classic interception case. Get a program (SkyGrabber in this case) and start receiving the broadcasted satellite communications. The US should not have had insecure satellite communications in the first place.

Links:
[1] Iraq insurgents 'hack into video feeds from US drones' - http://news.bbc.co.uk/2/hi/middle_east/8419147.stm

October 22, 2009

Inside Security News
insecnews
is about »
» e-Crime Wales Summit 2009

The e-Crime Wales 2009 Summithttp://www.ecrimewales.com/ held at Llandudno, Wales is over and a number of great speakers attended. Our own Prof. Andrew Blyth presented our findings on the installation of 15 IDS sensors in Welsh SME's around Wales. Hopefully the attendees (business owners etc) would have come into contact with a number of security professionals and brought upto date on how to protect their businesses or at least where to go from here.

The few that I did see at least, from the live feed, all pointed out the need to be aware of the security implications of using online resources and complacency should not an option, even though most people choose it. There is always one question that that needs to be answered before deciding to got (or watch the live feed) one of these events, 'What information will I walk away with?' . I think that it is a great opportunity to be exposed to the horror stories that the speakers have to offer through their experience and you can always pickup and relate to them at some point or hope not to.

Check out the twitter feed here [http://twitter.com/ecrimewales] with some questions and answers and a general overview of the speakers key points.

A picture of Prof. Andrew Blyth, Ed Gibson & Chris Corcoran http://bit.ly/3drSUL

A great service provided by SpamHaus are the advisory lists they provide (i.e., Spamhaus Block List, Exploits Block List and Policy Block List ). Check them out at http://www.spamhaus.org/.

e-Crime Wales also have a blog at http://ecrimewales.posterous.com/

Update (@11:20): We got a mention in the Welsh Daily Post: "E-crime costs Welsh companies hundreds of millions of pounds annually" - Oct 22 2009 - Daily Post - http://www.dailypost.co.uk/business-news/business-news/2009/10/22/e-crime-costs-welsh-companies-hundreds-of-millions-of-pounds-annually-55578-24989506/

August 7, 2009

Inside Security News
insecnews
is about »
» Facebook PI, the spy who knew.

Facebook. A composite word that has nothing to do with a face or a book. Maybe if you post your face then we have at least a face. Still it is the top of the top in social networking, keep many in touch and up-to-date with their weird and wacky friends (yes I did say you are weird, get over it!).

If you have been using it lately (those who do) you may have noticed some weird behaviour in one of its facilities. This facility is the 'Friend Suggestion' option that can be obviously deduced that it would suggests people/ friends you may or may not know. Which you would in turn add, remove or just ignore.

The thing that is starting to spook people is the suggestion [1] of people/ friends that you may know in real life, have no affiliation on Facebook (as in no common friends etc.) and yet it knows that you might be interested in them or know them from somewhere/ somehow. I read some forms really quickly and can only deduce that it is either people who have supplied their email account details and Facebook has used the accounts to make connections with people and their emails [2].

Why you would want Facebook to have your contact details I have no idea. But that is a personal matter which I do not agree with.

Yes I know Facebook must have some other complex algorithm that some how finds other people you might know through facts found on your profile or numerous degrees of separation etc. It is really spooky though when people are suggested when they have no commonalities, no common friends, nothing as they are new users on Facebook, and yet it knows to suggest them to you.

Beware of what you post and what applications you use on Facebook as everything can be used!

From a marketing perspective, it is a win for Facebook. Funny eh, but true! But who knew, they do!

Links Used:

[1] Yahoo Questions - Facebook is too scary .. how the heck does it know? - http://uk.answers.yahoo.com/question/index?qid=20090717220041AA5xudy

[2] insidefacebook .com - Facebook Now Suggesting Friends Found in Imported Contact Lists? - http://www.insidefacebook.com/2009/06/12/facebook-now-suggesting-friends-found-in-imported-contact-lists/

July 3, 2009

Inside Security News
insecnews
is about »
» When numbers boomerang and collide in AES encryption

I was really surprised, yes there is a pattern to me being surprised and my blog postings (I blog usually when something surprises me), to read[1, 2] that AES has been attacked [2] (i.e. cryptanalysis attack by using a related-key boomerang attack) which presents weaknesses (local collisions) in the AES algorithm. Still it is claimed that we are still secure as it might be possible to reduce the complexity to 2110.5 data and time,compared to the current 2119, which attacks are still both computationally unfeasible for AES-256.

2119 * wishes it is so!

Links Used:
[1] Bruce Schneier, 'New Attack on AES' - http://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html
[2] Alex Biryukov and Dmitry Khovratovich, "Related-key Cryptanalysis of the Full AES-192 and AES-256" - https://cryptolux.uni.lu/mediawiki/uploads/1/1a/Aes-192-256.pdf