Recent Posts
Information Security Short Takes
Return To Blog Listing
Information Security and ICT Strategy Analysis and Tutorials
Recent Posts Tagged With 'computer security'
Reminder Tutorial - Enable Auditing on Windows 7
Auditing is a one of the major tools used in detecting system intrusions or malicious activity on systems and network. And yet, even in the 'secure by design' incarnation - Windows 7, the Microsoft Client OS log event entries in the security log out...
Nessus vs Retina - Vulnerability Scanning Tools Evaluation
We have mentioned our favorite vulnerability scanning tools in this blog. But a lot of time has passed since, so it is time to put these tools against each other and evaluate the quality of the results received when scanning the same target.UPDATE: A...
New Version of Microsoft Baseline Security Analyzer
Our Microsoft Baseline Security Analyzer scanner has just reported that a new version (2.1.1) is available. It can be downloaded from the following URLhttp://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&d...
Windows 7 Full Disk Encryption with Truecrypt
After the TrueCrypt Full Disk Encryption Review and the 5 rules to Protecting Information on your Laptop, we are following up with a practical test of full disk encryption of Windows 7.Shortinfosec is a great promoter of full disk encryption of lapto...
Corporate Information Security during Layoffs - What will get stolen
A recent study confirmed the long known fact - any employee that is being fired will try to steal something from his now ex-employer.While 20 years ago one the companies had to worry about stolen petty cash or office supplies, today such items are no...
Tutorial - Hidden Operating System with Truecrypt
Starting from version 6, Truecrypt boasts an interesting function- creation of a hidden operating system. With this article we walk through the process of creating the hidden OS and analyze the possible uses of such a solution.The conceptThe basic id...
Securing an Application Backend - always forgotten
It is a well known fact that 80% of all attacks come from the inside. But in the world of Web2.0 and online applications, the back-end of the system is usually forgotten.Let's analyze a common web application design The web application is designed to...
Cracking a TrueCrypt Container
This week i tried to open an old TrueCrypt container. It turned out that i had forgotten the password. So I endeavored into the realm cracking the TrueCrypt container. Here are my experiencesThe problemI have a TrueCrypt container in which i hold my ...
SANS Announced Top 25 Programming Errors
Today in Washington, DC, experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber ...
Scalpel - File Carving from Partially Wiped Evidence Disk
On the previous article on proper information disposal, a visitor suggested that Darik's Boot and Nuke (DBAN) can be used for emergency evidence destruction. While it is quite correct, DBAN takes time to finish. So, what evidence can be recovered fro...
Information Disposal Procedure
Your organization bought computers, used them and now it's time to discard them. Most old hardware is donated to schools or is simply auctioned off. However, all that data contains a lot of confidential information, and it is essential that such data...
System Hardening Process Checklist
Most administrators and security officers are well aware of the necessity of system hardening for corporate systems.Hardening is the process of securing a system by reducing its surface of vulnerability. By the nature of operation, the more functions...
WMI Scanning - Excellent Security Tool
When doing a security assessment for a large organization, you need to collect a multitude of information for a proper assessment.One of the essential elements in a network assessment is systems inventory. While most security personnel would use a po...
New Helix3 Forensic CD - Welcome
E-fense has published a new version of their acclaimed Helix Forensic Live CD. It is now in version 2.0. Here are the first impressions of the new version.Just as the old version, the new one contains two major componentsA LiveCD (Based on Ubuntu) - ...
Tutorial - A Poor Man's Secure USB
USB Flash thumbdrives are efficient, large capacity, fast and very resilient. So everyone uses them for transport of files, and very often for transport of corporate documents. But USB thumbdrives are also very easy to loose and steal. Naturally, the...
Tutorial - Computer Forensics Evidence Collection
Following up on the Tutorial - Computer Forensics Process for Beginners , here is a step-by-step tutorial on how to process a suspect computer to obtain dumps of RAM memory and Disk Drive using Helix Forensic CD.Our suspect computer is a Windows XP V...
Tutorial - Computer Forensics Process for Begginners
Computer forensics is currently a very popular term, and a lot of conferences are organized and books written on the subject. This, together with the popularity of the CSI series, brings an aura of certain very special, even magical steps that forens...
3 Controls to Secure Corporate Offline Computers
Information Security has many aspects that are easily overlooked. A frequent major security hole is the offline equipment which is temporarily or permanently out of use. Such equipment is not subject to frequent scrutiny, and information theft from s...
Ratproxy - Google Web Security Assessment Tool
The Google security team has released a free, open-source Web app security assessment tool. The tool is called Ratproxy, and can be found here:http://code.google.com/p/ratproxy/Google describes it as a semi-automated, largely passive web application ...
Microsoft Patch Reissued
A vulnerability of the Bluetooth stack of MS operating systems was patched in MS08-030. However, Microsoft re-releases the patch, to include MS Windows XP Service Pack 2 and 3.Here is the statement by Christopher Budd of MicrosoftAfter we released MS...
Preventing Online Credit Card Theft - Revisited
Online Credit Card Theft is a very old and frequently discussed topic. And yet, a lot of people in the world are still victims to credit card theft. So, in a brief morning post, here are several simple pointers to minimize the risk of online theft.NE...
Be Aware of Security Risks of USB Flash Drives
In several occasions i noticed a trend by which companies are identifying and protecting themselves against information theft and virus infections from all electronic transport channels, like email, web, file transfers, p2p etc. Those same companies ...
Check Your DNS Zone Transfer Status
The DNS service is a very low maintenance service. It is configured very easily, and runs with nearly no intervention. This is especially true for Windows DNS Servers. The downside of such ease of use means that the DNS server is often forgotten by t...
