Feed aggregator

It's tough at the top for anti-virus products

Security blogs - Mar, 06/18/2013 - 21:47

Results of independent tests by AV-Comparatives looking at the real world protection offered by leading packages show that competition is as fierce as ever.

The tests use 569 real-world malicious URLs. 138 of these are blocked by a Windows 7 system with all its patches up to date, leaving 431 to be intercepted by security software. The tests use MS Security Essentials as a baseline providing a 95.4 percent level of protection. You can see the full results on an interactive chart but it’ll come as no surprise that it's all pretty close.

Tags: Viruses & Malwarel33tdawg
Categorías: Bundle Security blogs

Google asks to make surveillance orders public, cites First Amendment

Security blogs - Mar, 06/18/2013 - 21:45

Google has asked the court overseeing terrorism-related surveillance programs at the U.S. National Security Agency to allow the company to publish information on the number of surveillance requests it receives.

Tags: GooglePrivacyIndustry NewsPRISMl33tdawg
Categorías: Bundle Security blogs

Details of NSA Data Requests from US Corporations

Security blogs - Mar, 06/18/2013 - 19:00

Facebook (here), Apple (here), and Yahoo (here) have all released details of US government requests for data. They each say that they've turned over user data for about 10,000 people, although the time frames are different. The exact number isn't important; what's important is that it's much lower than the millions implied by the PRISM document.

Now the big question: do we believe them? If we don't, what would it take before we did believe them?

Categorías: Bundle Security blogs

10 formas en que das información sin darte cuenta

Security blogs - Mar, 06/18/2013 - 16:11
La filtración de Snowden pone en evidencia la gran cantidad de información recolectada por la Agencia de Seguridad Nacional (NSA, por sus siglas en inglés) para rastrear objetivos extranjeros. Estas revelaciones de la NSA son inquietantes, pero quizás lo sea más saber que no sólo las autoridades estadounidenses controlan tus datos. Como en “Un mundo feliz”, la novela distópica de noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

La OTAN acuerda reforzar la ciberseguridad, aunque con desacuerdos

Security blogs - Mar, 06/18/2013 - 16:04
BRUSELAS (Reuters) -  Los ministros de la OTAN acordaron el martes reforzar las defensas cibernéticas de la alianza militar pero difirieron en torno a cuánto debería hacer para proteger a aliados más pequeños de ataques de piratería informática potencialmente devastadores. El año pasado, la OTAN afrontó más de 2.500 "casos significativos" de ataques cibernéticos en noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

COBIT será guía para integrar la operación de TI

Security blogs - Mar, 06/18/2013 - 15:54
COBIT puede ser utilizado por las empresas para optimizar el uso de sus activos de información y darle valor a la operación del negocio.   Ciudad de México.- COBIT es un marco de trabajo que puede ser utilizado por las empresas para optimizar el uso de sus activos de información y darle valor a la operación del negocio. En este post presentamos la forma en que está organizado este noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

‘Hackean’ la web oficial de Brasil sobre los preparativos para el Mundial de fútbol 2014

Security blogs - Mar, 06/18/2013 - 15:45
La página web oficial del Gobierno de Brasil sobre los preparativos para la Copa Mundial de fútbol 2014 ha sido atacada por ‘hackers’ y no es accesible para los usuarios de Internet. El servicio de prensa del Ministerio de Deportes ha emitido un comunicado afirmando que el acceso al sitio web www.copa2014.gov.br está temporalmente cerrado debido a un masivo ataque DDoS. noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

IPv6 Security - An Overview

Security blogs - Mar, 06/18/2013 - 15:43
The advent of IPv6 changes not only the network components, but also the security field shifts. We see new types of attacks or at least variations of the attacks we know from IPv4. This article provides an overview of the IPv6 security vulnerabilities that arise with the launch of IPv6. noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

SearchYourCloud Broadens Security And Search Capability To Android And Google Drive

Security blogs - Mar, 06/18/2013 - 14:54
Android users can safely secure content in the cloud without worry over unintended access concerns(author unknown)
Categorías: Bundle Security blogs

Frost & Sullivan: Further Progress In M2M Toward Internet Of Things Requires A Focus On Security Risks

Security blogs - Mar, 06/18/2013 - 14:51
Strong focus on security necessary to drive continued M2M deployment in enterprises(author unknown)
Categorías: Bundle Security blogs

The NSA's Prism must be countered with public policy, says crypto guru Phil Zimmermann

Security blogs - Mar, 06/18/2013 - 07:18

The National Security Agency's Prism surveillance system is a dangerous hostage to fortune that must be countered using public policy and not simply clever security technologies alone, privacy campaigner and encryption luminary Phil Zimmermann has argued.

It's an unexpected position for a man whose new company, Silent Circle, sells possibly the single most credible anti-surveillance service on the market not to mention writing his own chapter in the history books by inventing the legendary Pretty Good Privacy (PGP) encryption software in the early 1990s.

Tags: EncryptionNSAPRISMl33tdawg
Categorías: Bundle Security blogs

Episode #167: Big MAC

Security blogs - Mar, 06/18/2013 - 07:00
Hal checks into Twitter:

So there I was, browsing my Twitter timeline and a friend forwarded a link to Jeremy Ashkenas' github site. Jeremy created an alias for changing your MAC address to a random value. This is useful when you're on a public WiFi network that only gives you a small amount of free minutes. Since most of these services keep track by noting your MAC address, as long as you keep cycling you MAC, you can keep using the network for free.

Here's the core of Jeremy's alias:

sudo ifconfig en0 ether `openssl rand -hex 6 | sed "s/\(..\)/\1:/g; s/.$//"`

Note that the syntax of the ifconfig command varies a great deal between various OS versions. On my Linux machine, the syntax would be "sudo ifconfig wlan0 hw ether..."-- you need "hw ether" after the interface name and not just "ether".

Anyway, this seemed like a lot of code just to generate a random MAC address. Besides, what if you didn't have the openssl command installed on your Linux box? So I decided to try and figure out how to generate a random MAC address in fewer characters and using commonly built-in tools.

What does a MAC address look like? It's six pairs of digits with colons between. "Pairs of digits with colons between" immediately made me think of time values. And this works:

$ date +00:11:22:%T

Just print three pairs of fixed digits followed by "hh:mm:ss". I originally tried "date +%T:%T". But in my testing, the ifconfig command didn't always like the fake MAC addresses that were generated this way. So specifying the first few octets was the way to go.

The only problem is that this address really isn't all that random. If there were a lot of people on the same WiFi network all using this trick, MAC address collisions could happen pretty easily. Though if everybody chose their own personal sequence for the first three octets, you could make this a lot less likely.

The Linux date command lets you output a nine-digit nanoseconds value with "%N". I could combine that with a few leading digits to generate a pseudo-random sequence of 12 digits:

$ date +000%N

But now we need to use the sed expression in Jeremy's original alias to put the colons in. Or do we?

$ sudo ifconfig wlan0 hw ether $(date +000%N)
$ ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:02:80:12:43:53

I admit that I was a little shocked when I tried this and it actually worked! I can't guarantee that it will work across all Unix-like operating systems, but it allows me to come up with a much shorter bit of fu compared to Jeremy's solution.

What if you were on a system that didn't have openssl installed and didn't have a date command that had nanosecond resolution? If your system has a /dev/urandom device (and most do) you could use the trick we used way back in Episode #85:

$ sudo ifconfig wlan0 hw ether 00$(head /dev/urandom | tr -dc a-f0-9 | cut -c1-10)
$ ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:7a:5f:be:a2:ca

Again I'm using two literal zeroes at the front of the MAC address, so that I create addresses that don't cause ifconfig to error out on me.

The expression above is not very short, but at least it uses basic commands that will be available on pretty much any Unix-like OS. If your ifconfig needs colons between the octets, then you'll have to add a little sed like Jeremy did:

$ sudo ifconfig wlan0 hw ether \
00$(head /dev/urandom | tr -dc a-f0-9 | sed 's/\(..\)/:\1/g;' | cut -c1-15)

$ ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:d9:3e:0d:80:57

Jeremy's sed is more complicated because he takes 12 digits and adds colons after each octet, but leaves a trailing colon at the end of the address. So he has a second substitution to drop the trailing colon. I'm using cut to trim off the extra output anyway, so I don't really need the extra sed substitution. Also, since I'm specifying the first octet outside of the "$(...)", my sed expression puts the colons in front of each octet.

So there you have it. There's a very short solution for my Linux box that has a date command with nanosecond resolution and a very forgiving ifconfig command. And a longer solution that should work on pretty much any Unix-like OS. But even my longest solution is surely going to look great compared to what Tim's going to have to deal with.

Tim wishes he hadn't checked into Twitter:

I'm so jealous of Hal. I think his entire command is shorter than the name of my interface. This command is painful, quite painful. I would very much suggest something like Technitium's Mac Address Changer, but since Hal set me up here we go...

To start of, we need to get the name of our target interface. Sadly, the names of the interfaces aren't as simply named as they are on a *nix box. Not only is the name 11 times longer, but it is not easy to type. If you run "ipconfig /all" you can find the name and copy/paste it. (By the way, I'm only going to use PowerShell here, the CMD.EXE version would be ugly^2).

PS C:\> $ifname = "Intel(R) 82574L Gigabit Network Connection"

The MAC address for each interface is stored somewhere in the registry under this even-less-easy-to-type Key:
HKLM:\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\[Some 4 digit number]\

First, a bit of clarification. Many people (erroneously) refer to Keys as the name/value pairs, but those pairs are actually called Values. A key is the container object (similar to a directory). How about that for a little piece of trivia?

With PowerShell we can use Get-ChildItem (alias dir, ls, gci) to list all the keys and then Get-ItemProperty (alias gp) to list the DriverDesc values. A simple Where-Object filter (alias where, ?) will find the key we need.

PS C:\> Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Control\Class\`{4D36E972-E325-
11CE-BFC1-08002bE10318`}\[0-9]*\ | Get-ItemProperty -Name DriverDesc |
? DriverDesc -eq "Intel(R) 82574L Gigabit Network Connection"

DriverDesc : Intel(R) 82574L Gigabit Network Connection
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SY...0318}\0010
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SY...0318}
PSChildName : 0010
PSProvider : Microsoft.PowerShell.Core\Registry

Note: the curly braces ({}) need to be prefixed with a back tick (`) so they are not interpreted as a script block.

So now we have the Key for our target network interface. Next, we need to generate a random MAC address. Fortunately, Windows does not requires the use of colons (or dots) in the MAC address. This is nice as it makes our command a little easier to read (a very very little, but we'll take any win we can). The acceptable values are between 000000000000 and fffffffffffe (ffffffffffff is the broadcast address and should be avoided). This is the range between 0 and 2^48-2 ([Math]::Pow(2,8*6)-2 = 281474976710654). The random number is then formatted as a 12 digit hex number.

PS C:\> [String]::Format("{0:x12}", (Get-Random -Minimum 0 -Maximum 281474976710655))
PS C:\> [String]::Format("{0:x12}", (Get-Random -Minimum 0 -Maximum 281474976710655))

We have a random MAC address value and we know the Key, now we need to put those two pieces together to actually change the MAC address. The New-ItemProperty cmdlet will create the value if it doesn't exist and the -Force option will overwrite it if it already exists. This results in the final version of our ugly command. We could shorten the command a little (very little) bit, but this is the way it's mother loves it, so we'll leave it alone.

PS C:\> ls HKLM:\SYSTEM\CurrentControlSet\Control\Class\`{4D36E972-E325-11CE-BFC1-
08002bE10318`}\0*\ | Get-ItemProperty -Name DriverDesc | ? DriverDesc -eq
"Intel(R) 82574L Gigabit Network Connection" | New-ItemProperty -Name
NetworkAddress -Value ([String]::Format("{0:x12}", (Get-Random -Minimum 0
-Maximum 281474976710655))) -PropertyType String -Force

You would think that after all of this mess we would be good to go, but you would be wrong. As with most things Windows, you could reboot the system to have this take affect, but that's no fun. We can accomplish the same goal by disabling and enabling the connection. This syntax isn't too bad, but we need to use a different long name here.

PS C:\> set interface name="Wired Ethernet Connection" admin=DISABLED
PS C:\> set interface name="Wired Ethernet Connection" admin=ENABLED

At this point you should be running with the new MAC address.

And now you can see why I recommend a better tool to do this...and why I envy Hal.

Categorías: Bundle Security blogs

Yahoo discloses user data requests from US law enforcement agencies

Security blogs - Mar, 06/18/2013 - 06:28

 Yahoo has received between 12,000 to 13,000 requests for user data from law enforcement agencies in the U.S. between Dec. 1 and May 31 this year, the company said Monday.

The most common of these requests concerned fraud, homicides, kidnappings, and other criminal investigations, Yahoo CEO Marissa Mayer and General Counsel Ron Bell wrote in a blog post.

Tags: YahooPRISMPrivacyl33tdawg
Categorías: Bundle Security blogs

Texas becomes first state to require warrant for e-mail snooping

Security blogs - Mar, 06/18/2013 - 06:24

Texas Gov. Rick Perry has signed a bill giving Texans more privacy over their inboxes than anywhere else in the United States.

On Friday, Perry signed HB 2268, effective immediately. The law shields residents of the Lone Star State from snooping by state and local law enforcement without a warrant. The bill's e-mail amendment was written by Jonathan Stickland, a 29-year-old Republican who represents an area between Dallas and Ft. Worth.

Tags: Privacyl33tdawg
Categorías: Bundle Security blogs

Will new tectonic fault system kill the Atlantic?

Security blogs - Mar, 06/18/2013 - 06:19

The dying Mediterranean Sea may have contaminated the Atlantic with a subduction zone. One day, it could help destroy the vast ocean.

Oceans come and go over hundreds of millions of years. New ones are born when continents are ripped apart, allowing hot magma to bubble up and solidify into oceanic crust. They die when continents collide and force oceanic crust back down into the mantle.

Tags: Sciencel33tdawg
Categorías: Bundle Security blogs

What the NSA doesn’t have: iMessages and FaceTime chats

Security blogs - Lun, 06/17/2013 - 23:44

Since The Guardian began leaking top-secret National Security Agency (NSA) documents just 11 days ago, several tech companies responded to the revelations about the PRISM program. The likes of Google, Facebook, and Apple objected to the tone of the press coverage, saying that any suggestion they've ever given a government agency direct access to their servers is false.

Over the weekend, tech companies started responding with additional transparency too. Facebook and Microsoft revealed ranges of how many government information requests they're getting about how many accounts.

Tags: AppleNSAPrivacyPRISMl33tdawg
Categorías: Bundle Security blogs

How CyanogenMod's founder is giving Android users their privacy back

Security blogs - Lun, 06/17/2013 - 23:35

What if you could privately use an application and manage its permissions to keep ill intending apps from accessing your data? That’s exactly what Steve Kondik at CyanogenMod—the aftermarket, community-based firmware for Android devices—hopes to bring to the operating system.

It’s called Incognito Mode, and it’s designed to help keep your personal data under control. Kondik, a lead developer with the CyanogenMod team, published a post on his Google Plus profile last week about Incognito Mode.

Tags: CyanogenModAndroidPrivacyl33tdawg
Categorías: Bundle Security blogs

How to turn a Raspberry Pi into a portable Tor proxy (Onion Pi)

Security blogs - Lun, 06/17/2013 - 23:32

We all know that Prism is most likely just the tip of the snooping iceberg. While some of us may run Tor on our PC or Mac, there may be times when when we are working on a device that is not our own, or perhaps even a Chromebook, tablet or phone.

Enter the stalwart Raspberry Pi, which can be transformed into a portable Tor device for browsing on the go.

Tags: RaspberryPiTorPrivacyl33tdawg
Categorías: Bundle Security blogs

British government rewards bad parents

Security blogs - Lun, 06/17/2013 - 23:17

The British Government will be deciding what its citizens can see on the internet by the end of 2013 because some adults decided to breed and cannot take responsibly for what they spawned.

Under David Cameron's Britain, filters will be installed on every ISPs server which will forbid access to content deemed unfit for children.

Tags: UKIndustry Newsl33tdawg
Categorías: Bundle Security blogs

10 reasons Android beats iOS 7

Security blogs - Lun, 06/17/2013 - 23:12

Six years after the first iPhone launched, Apple has finally made some major changes to the look and feel of its mobile operating system. Most of these improvements — including the new Notification Center, quick multitasking and Wi-Fi direct transfers — have been available on Android devices for years. So, if you wanted to transfer files quickly between phones, you could have done that just by tapping them together as long ago as 2011 . If you wanted to move quickly and easily between open apps, Android has provided a really great task-switching menu since version 4.0.

Tags: AndroidAppleiOSGooglel33tdawg
Categorías: Bundle Security blogs