Friday, February 27, 2015
Wednesday, July 9, 2014
So you think your cell phones are safe do you? These days for most of you your smartphone is your life, but I can tell you that your smartphones are not impervious to hacks when connected to a network—cellular or wi-fi. In this video, you will see a host of real-time phone hacks to tackle the question of mobile phone security. Oh, just to let you now....they are NOT too secure!
Tuesday, July 8, 2014
Hackers have the time and desire to hack anything. they do it for fun. In this blog entry I would like to introduce you to Information security researcher Mathew Solnik. In the video he gives a first-hand demonstration on how to remotely send commands to a car and remotely tell it what to do. A hacker, or even you, can do this for very little cost and effort not that Solnik spent a little over a grand and about a month of work to to reverse-engineer a car's computer system to make it ready for a takeover. Wait until you see how simple this can be.
Sunday, June 22, 2014
I know this comes as no surprise to savvy folks like you, but G Data, a german Cyber Security firm conducted a test of the Star N9500, a cheap Android-powered smartphone made in China, ships with more than just an 8-megapixel camera and quad-core processor. According to G Data, it has discovered malicious software—which could be used to track the phone’s user and manipulate the device remotely—embedded in the device.
G Data, said it discovered a so-called Trojan-horse malware, called Usupay.D, in the phone’s Google Play app store.
It said it fielded several complaints from buyers of the phone and ran tests on a newly purchased device. During testing, it was discovered that the spyware on the smartphone sends phone identification and specification data to an unidentified server located in China.
G Data said the malware could also operate phone functions remotely, like turning on the camera, though it said it found no evidence that had happened in the phone it studied.
It also said that sending data to a Chinese served doesn’t necessarily suggest an attacker targeting the phone is based there.
G Data could not say how the malware ended up on the phone.
The N9500, similar to the best-selling Samsung Galaxy S4, is a popular low-cost smartphone, found on Amazon.co.uk for between £85 ($141) for a new 5.0 inch version to £119.89 for a new 5.7 inch HD version.
The malicious software is pre-installed in the so-called firmware, the software that comes with the phone and operates its systems. It can therefore not simply be deleted like a regular app installed from a third-party app store.
The malware program itself was identified by Kaspersky Lab in March 2013. G Data says its analysis is the first time Usupay.D has been discovered bundled with a mobile phone.
Saturday, June 21, 2014
One of the biggest problems I see in most security programs is a lack of metrics that REALLY measure the effectiveness of the program. IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization.
It is essential that whomever is leading your cyber security program chooses and designs effective measurement strategies and addresses the data requirements of those strategies.
There is a Security Process Management Framework that allows for the production of analytical strategies for security metrics data. I will discuss that in my next blog. Using this framwork, youcan take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time.
On any account, here are examples of security measurement ideas that will allow you to have effective measurements of your program.
- Define security metrics as a manageable amount of usable data
- Design effective security metrics
- Understand quantitative and qualitative data, data sources, and collection and normalization methods
- Implement a programmable approach to security using the Security Process Management Framework
- Analyze security metrics data using quantitative and qualitative methods
- Design a security measurement project for operational analysis of security metrics
- Measure security operations, compliance, cost and value, and people, organizations, and culture
- Manage groups of security measurement projects using the Security Improvement Program
- Apply organizational learning methods to security metrics
I will expound on these, and other concepts in upcoming posts.
Sunday, June 8, 2014
Cyber Sense: Derek A. Smith on Cyber Security: Defending against Denial of Service Attacks: The Denial of service attack, also known as DoS, is one of the most common attacks on the internet so it is important that you understan...
Cyber Sense: Derek A. Smith on Cyber Security: Security as a business enabler: One thing that business for get is that security is supposed to be an enabler, not an inhibitor. What I mean is that often security ge...