web-archive-net.com » NET » S » SHORTINFOSEC.NET

Total: 241

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Information Security Short Takes
    strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Do you actually value your privacy Many years ago on a great satire TV show named Top Lista Nadrealista The Surrealists Top Chart I watched a sketch named Do you want to be anonymous The sketch presented a TV crew walking through Sarajevo asking random people do they want to be anonymous Everyone on that sketch claimed to want to be anonymous while wilfully giving all kinds of personal information just to be on TV Today I witnessed the same level desire for anonymity by more than 500 people on Linkedin A user on Linkedin posted the image below and it got more than 500 responses so far It took some 2 minutes to grab the entire comment thread in a single page and another 5 minutes to make a regex to filter the actual e mail addresses Why is this important It s the year 2014 and with a simple offer of Linkedin contacts one can collect a very nice amount of high quality e mail addresses valid regularly read addresses for spamming phishing spear phasing etc Also with a nice too l for OSINT one can use this source information yo collect even more about them for identity theft Ask yourself do you wish to be anonymous or are you willing to give you privacy away for a minute on TV or a connection on social networks Here is an anonymised sample of what can be read lanc mail com crai ynow com davi n com gab ologies com sub mail com yog mail com dan mail com Contact me for a full list of ANONYMISED addresses if you need them for academic purposes What do you think Tell Us in the comments 12 39 PM 11 comments Email this post Labels information security privacy We are all Persons of Interest We provide a huge amount of information about us to many different online services Naturally these companies use that information to understand us in ways we have never imagined with only one goal Sell products make money This process will not stop We are living in a new industrial revolution with little regulation and protection Regulation will happen but very slowly In the meantime we need to understand what is happening and learn to adjust and live in this new industrial revolution We are all persons of interests for the data crunching machine of advertising We are being watched You can review the presentation I did at INFOSEK 2013 below What do you think about your privacy Tell us in the comments 9 40 AM 4 comments Email this post Mac OS X Mavericks still cannot fully escape the ghost of Steve Jobs Yesterday evening I took the early adopter plunge and upgraded to

    Original URL path: http://www.shortinfosec.net/ (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Information Security Posts
    Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Information Security Posts These are our Information Security Posts Published on Shortinfosec Corporate Security Process Hunting for hackers Google fraud style Corporate Security Are the hackers winning The call records theft security of batch processing Real and Bizarre Information Security Situations Be Aware of Security Risks of USB Flash Drives Tutorial Measures for minimizing Spear Phishing Attacks Is Skype a good Corporate Tool Citibank PIN Heist Sources of Security Breach Personal Data Protection Anonymizing John Doe 8 Tips for Securing from the Security experts GPS Fleet Tracking Risks or Benefits Information theft Minimize targets of opportunity Internet Social Engineering Avoid Con Tricks 3 Rules to Avoid Problems due to Changes in Development Nobody s safe Google s personal data stolen 4 Controls to Avoid Risks of Fully Trusting a System 3 Controls to Secure Corporate Off Computers Control Delegated Responsibility Caveats of strong perimeter security Portrait of Hackers 8 Steps to Better Securing Your Job Application Information Disposal Procedure Security Concerns Cloud Cloud Computing Securing an Application Backend always forgotten Dissecting Social Engineering Free Product Scam Tutorial Secure Web Based Job Application Email security leaks in corporate e mails Google Voice No Privacy Remains 3 Things no book about hacking will ever tell you 5 Minute Security Assessment 5 biggest mistakes of information security Business Continuity and Disaster Recovery Business Continuity Plan for Blogs Business Continuity Plan for Brick Mortar Businesses Example Business Continuity Plan For Online Business Business Continuity Analysis Communication During Power Failure High Availability Clusters have Issues Know the Difference Backup vs Archive iPhone Failed Disaster Recovery Practical Insight Google s Ratproxy Web Security Tool for Windows Web Services Security Web Site that is not Easy to hack Part 2 HOWTO the web site attacks Web Site that is not that easy to hack Part 1 HOWTO the bare necessities Checking web site security the quick approach Strategic Choice Proper Selection of Web Hosting Protecting from Meddling Web Applications Tutorial Using Ratproxy for Web Site Vulnerability Analysis Tutorial Making a Web Server Creating Your Own Web Server Network security Template to Regulate your Firewall Configurations Obtaining a valid MAC address to bypass WiFi MAC Restriction Example Bypassing WiFi MAC Address Restriction 5 Rules to Home Wi Fi Security Template Corporate Information Security Policy San Francisco WAN Lockout Pointing Fingers at Everyone Responsible Network Access Control A Solution with Problems Example SMTP message spoofing Tutorial Mail Header Analysis for Spoof Protection DHCP Security The most overlooked service on the network Whisperbot No

    Original URL path: http://www.shortinfosec.net/2008/01/information-security-posts.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Downloads
    excellent forum Freeware Strategy Games and Multiplayer Shooters Warify A simple DNS information gathering tool Backtrack An Excellent Penetration Testing Suite Security for idiots and others that care blogarama the blog directory Hardware and Software Tutorials that Count Blog Archive 2014 1 January 1 2013 2 November 1 October 1 2012 8 July 1 June 1 March 1 February 1 January 4 2011 16 December 1 September 1 August 2 July 1 June 6 May 3 March 1 January 1 2010 47 December 2 November 7 October 8 September 6 June 1 May 1 April 2 March 13 February 1 January 6 2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Downloads Welcome

    Original URL path: http://www.shortinfosec.net/2008/01/downloads.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Write for ShortInfosec
    2012 8 July 1 June 1 March 1 February 1 January 4 2011 16 December 1 September 1 August 2 July 1 June 6 May 3 March 1 January 1 2010 47 December 2 November 7 October 8 September 6 June 1 May 1 April 2 March 13 February 1 January 6 2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Write for ShortInfosec You have an idea for an article about information security Submit articles to shortinfosec at gmail dot com Please include author name brief bio and a link to your blog site The general policy of gust articles are We accept submissions for articles by other bloggers as long as

    Original URL path: http://www.shortinfosec.net/2009/04/write-for-shortinfosec.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Contact Us
    care blogarama the blog directory Hardware and Software Tutorials that Count Blog Archive 2014 1 January 1 2013 2 November 1 October 1 2012 8 July 1 June 1 March 1 February 1 January 4 2011 16 December 1 September 1 August 2 July 1 June 6 May 3 March 1 January 1 2010 47 December 2 November 7 October 8 September 6 June 1 May 1 April 2 March 13 February 1 January 6 2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9

    Original URL path: http://www.shortinfosec.net/2008/01/about.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Content and Privacy Policy
    June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Content and Privacy Policy Content Policy All tutorials solutions and opinions stated on the blog should be credited only to the author and do not reflect the position nor are in relation to the author s employer All examples and scenarios unless referring to publicly available information are of fictional nature and have no intention to be related real situations in any company All personal information and names presented on this site unless referring to publicly available information are of fictional nature and cannot to be related real persons All tutorials solutions and opinions are of an informative purpose and should be used as a guideline only Specific implementation level solutions must be prepared

    Original URL path: http://www.shortinfosec.net/2008/01/content-and-privacy-policy.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Tutorial - Computer Forensics Evidence Collection
    the only link and let it perform inventory of the system Save the result as a PDF on your evidence USB After Winaudit finishes close it and close the Helix mainwindow It will ask whether you like to record all activities in a PDF file Confirm that you wish to and save the PDF on your evidence USB The above process will create an MD5 hash of the memory dump on the evidence USB Open this file and take note of the MD5 hash II Disk drive evidence collection Turn off the computer ungracefully pull the plug this will prevent any possible shutdown scripts from running and possibly erasing data on the computer Boot it up again and from the BIOS select to boot from CD ROM I n a real corporate investigation you may need assistance of IT to provide passwords since most corporate PC s are set up with BIOS password and disabled from booting from CD to prevent possible information theft Boot the Helix Linux OS When booted select Adepto from the Forensics Menu Similarly to the memory dump above select the drive you wish to make a dump of and select your evidence USB as destination For hash you can choose severa The example is with SHA 1 After the dump is finished choose the last tab report and choose to save the dump report as PDF to the evidence USB Copy all files to your analysis computer and verify the hashes of the memory and disk dumps again using md 5sum and sha 1sum whichever you used initially Using VDK mount a copy of the disk image for investigation The mount command is vdk open path to dump file dump filename dd L free drive letter HERE You can download and review the forensic log documents created in this tutorial 5 19 MB ZIP file Helix Evidence Collection Sample Logs zip Verification sums SHA1SUM c7d189a78a715fd96127677d39d5ace1d5854ea5 MD5SUM 9b61fad0cf4418175cb7e387c6962c49 This concludes the easy part of computer forensics evidence collection Shortinfosec will follow up with exercises of the analysis part Related posts Tutorial Computer Forensics Process for Beginners Talkback and comments are most welcome 12 06 PM Email this post Labels Computer security forensics How To information security 24 comments Anonymous said Consider putting the article s authors name along with the date in which it was written When is the follow up article coming out on analysis November 24 2008 at 5 15 PM Yasmara id said Wow thanks this is vey usefull info March 3 2009 at 11 22 PM tips paid review said good writing nice tutorial June 28 2009 at 11 51 AM mlm software said Thank you very much to share this information It is very useful and informative mlm software September 3 2010 at 5 19 PM Forex trading strategies said This is a realy nice tutorial Like the reading Tnx November 3 2010 at 11 23 AM Benjamin Wright said On the SANS Institute s forensics blog I have published new

    Original URL path: http://www.shortinfosec.net/2008/07/tutorial-computer-forensics-evidence.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Tutorial - Computer Forensics Process for Begginners
    forensics Computer forensics process Below is a diagram of the forensics process It is a generic process but applies in computer forensics In order to properly apply the forensic process to computers let s expand the generic diagram into the following As you can see in computer forensics a lot of evidence can be collected while the computer is running That is a one shot chance and you ll never have it again when you turn off the computer Your Forensic Toolkit Every trade needs it s tools For the beginner investigator here is my recommended toolkit Helix forensic CD your basic tool for the investigation Digital camera capturing physical state of the suspect computer Evidence USB 4 GB Capacity for removing smaller evidence files from the evidence computer Evidence USB hard drive 500 GB will be enough for most purposes for making an evidence copy of the disk drive Analysis computer probably a laptop but sparkling clean no viruses Trojans cookies or similar wildlife on it since they can corrupt the evidence Even if the evidence isn t corrupted it may be considered as contaminated and become inadmissible in a formal case VDK driver for the analysis computer if using windows this driver will enable you to mount a DD image created during the evidence collection Antivirus Antispyware Rootkit detector software for the analysis computer Steps of the forensic process process 1 Evidence collection 1 1 While the suspect computer is running Make an image of the RAM Memory and store it on the evidence hard drive USB Make MD5 SHA 1 hash of the image and save it and write it down in a notebook Make an inventory of all processes network connections installed software hardware everything you can about the computer Save this in a file on the evidence hard drive USB Make MD5 SHA 1 hash of the file and save it and write it down in a notebook 1 2 When the suspect computer is off Make an image of the hard disk drive and store it on the evidence hard drive USB Make MD5 SHA 1 hash of the image and save it and write it down in a notebook Photograph the suspect computer from all sides Save the pictures on on the evidence hard drive USB Make MD5 SHA 1 hashes of the photographs and save them and write them down in a notebook If any immediate physical tampering is apparent photograph it specifically and possibly expand the investigation with a forensic expert who will look for evidence regarding the tampering method fingerprints tool markings Open the computer and photograph the interior under good lighting Save the pictures on on the evidence hard drive USB Make MD5 SHA 1 hashes of the photographs and save them and write them down in a notebook 2 Evidence analysis Load copies of the evidence images into your analysis computer Confirm that the copies have the same MD5 SHA 1 hashes as the original noted ones Search

    Original URL path: http://www.shortinfosec.net/2008/07/tutorial-computer-forensics-process-for.html (2016-04-27)
    Open archived version from archive