All posts in Security

deutschlandfunk

old time radio
At the end of last year a friend gave my contact information to a radio producer with an interesting project. She wanted to learn as much she could as you can from a person through different means:

  • Getting his writing analyzed
  • Getting his voice analyzed
  • Using a private detective to follow him for a couple of days
  • And of course the digital perspective (which is where I tried to pitch in)

Basically we had a target (which gave us written permission to hack him and his systems) and the idea was to go, collect all the information we could from his online presence, hack any of his accounts and / or his personal computer. One of the things we had in mind, was since “the Target” was one of the producers, is that we didn’t want to kill any of his devices.

Keep Reading →

Workshops in Cologne

"Dreamarena Extreme" by denisdervisevic, CC-BY-2.0.

I’m going to be giving to workshops in Cologne in July, with what I think are really fun topics: WordPress Security and Hands-on security for beginners.

So embrace this opportunity to learn some hacking or security for a one time only startup friendly price

Keep Reading →

Horizon and cookies

openstack-logo-100x100

I’ve been working with the Havanna release of OpenStack the last couple of days and ran across a default setting that should be avoided in any deployment: using cookies as the session backend.

The source of the problems has been known at least since October 2013  in Django and other frameworks: clear-text client-side session management.
There is even OSVDB entry and Threatpost covered it in an article.

Keep Reading →

Launch of Practical security

#practicalsecurity

This is a topic that I have been thinking about for a long time and finally started creating some content for it. The idea is to create a series of posts, workshops and presentations that will help create security awareness at many levels. The topics will go across the board but I will be starting with those I think will have a greater impact in reducing the amount of low-hanging fruit out there.

Keep Reading →

Social over-sharing

Image from www.avgjoeguide.com

In some parts of the world over-sharing or just sharing information about you, your life-style and family can be really dangerous. There are many types of information one can over-share on the Internet, typically on social media sites like Facebook, Twitter, Google+ or Foursquare :

  • Personal information, for example: name, maiden name, birthday, schools we attended, who are our friends and family, pictures.
  • Geo-location or location information: this information tells people where you are and where to find you. Keep Reading →

Smart phone / mobile phone tracking and privacy

renew+orb

The first hand-held mobile phone was demonstrated by Motorola in 1973 and since 90s, mobile phones have become one of the technologies that have the biggest impact on the way we live. Cell phones or mobile phones have reached an impressive 96.2% of the world population and have penetrations rates of over 100% in developed nations. This information technology has spread faster that any other, including TV, Radio and the Internet. Can you remember how we lived before cellphones?

Keep Reading →

Do Reverse Proxies provide real security?

OSSTMM

Have you ever questioned the security best practices?

In the process of building / designing the infrastructure for a new project the following question was asked: “shouldn’t we use a reverse proxy to secure or protect the web servers?” Of course the first question I asked myself is “do reverse proxies provide real security?” or is this a best / common practice that has been adopted without foundation? Keep Reading →

WebOS Security

I had the pleasure of attending WebOS Developer Workshop in Mainz on Saturday Thgtwi (@thgtwi) did a great job with the organization. SuVuK(@SuVuK_open) did a nice report on the contents of the Workshop in his blog.

I took the opportunity talk about Security in the WebOS platform. I ran some tests based on WebOS 3.X, which is currently available for the HP TouchPad and is being opensourced as Open WebOS. Keep Reading →

Implementing effective controls: Venezuela to block stolen mobile phones

Even though a don’t agree with many of the decisions and laws created in Venezuela, I think this is great example of implementing a control for a big risk. Keep Reading →

Ubuntu Firefox: This address is restricted

I got the weirdest of errors today trying to open a web page on port 6000: ThisAddress-is-restricted

After reading for a while I found out that de Mozilla Foundation built in this protection for “Cross-Protocol” scripting attack with a form of Port Banning.

To overide this protection use one of the following steps:

  • In the user’s profile directory the all.js, add the following line at the end of the file user_pref("network.security.ports.banned.override", "1-65535");
  • In the defaults/pref/ sub-directory of the installation directory (multi-user systems) add the following line at the end of the file user_pref("network.security.ports.banned.override","1-65535");
  • Open a new window, in the address type: about:config and add a new entry of the type string with this name network.security.ports.banned.override and value 1-65535.

If you want to set free only one port change the range for that port o list of ports.

12Next