Avoiding Enterprise Software Vendor Lock-In

February 3, 2010 by ADMIN · Leave a Comment

By Bozidar Spirovski, CISSP, MCSA, MCP

Large enterprises rely on software products. And as everything else in large enterprises, the software products are large, complex, cumbersome and nearly unchangeable. This last attribute is better known as vendor lock-in. Software vendors love vendor lock-in.

Cell Phone Tapping: GSM Encryption Hacked

January 11, 2010 by ADMIN · 1 Comment

By Michael Coats for Information Security Short Takes

GSM cellular networks in the US and Europe use the A5/1 stream cipher meant to ensure cellular calls cannot be listened into by unauthorized parties monitoring radio traffic. However, the guarantee of privacy is no longer ensured. New attack techniques were unveiled at the Hacking at Random conference in The Netherlends which would allow an attacker to decrypt cellular calls made over a GSM network. The attacker only needs the new software and about $500 in radio monitoring equipment.

DECAF: Counter Forensics COFFEE Tool

January 6, 2010 by ADMIN · Leave a Comment

By Bozidar Spirovski, CISSP, MCSA, MCP

After the leak of Microsoft COFFEE into the wild, a tool emerges that will supposedly make life very difficult for a forensic investigator using COFFEE. The tool is titled DECAF and is freely available, although not open source. The tool does not need to be installed, and when configured in ‘LockDown Mode’ offers a set of Counter-Forensics functions upon detecting a COFFEE process running on the computer. The following options Counter-Forensics functions are available…

Simplified Analysis: Forging A Biometric ID

December 22, 2009 by ADMIN · 2 Comments

By Bozidar Spirovski, CISSP, MCSA, MCP

Security of biometric ID’s like biometric passports is a very frequent topic of discussion and we all know there are issues. But most of those issues are related to encryption, materials and generally anything that requires a lot of technical knowledge. Here is an example of the possibility to create a fake Biometric ID…

Cloud Based Vulnerability Management

December 17, 2009 by ADMIN · Leave a Comment

By Bozidar Spirovski, CISSP, MCSA, MCP

The services are usually delivered as a dedicated Black Box appliances that are placed within your infrastructure. They perform the scanning or IPS/IDS, but the results are then sent to the ‘cloud’ where reports are generated. Most companies are offering the usual set of services…

GenApple Boasts First Information Brokerage

December 6, 2009 by ADMIN · Leave a Comment

By Bozidar Spirovski, CISSP, MCSA, MCP

The Internet is filled with free information, from search engines, to answer portals, to e-learning portals. However, something is missing. Every person has knowledge that they possess that another person may want, and to gain this knowledge there might have to be a personal relation. GenApple seeks to create a marketplace where people can sell that knowledge and information.

Cloud Computing Challenges Infrastructure

November 29, 2009 by ADMIN · Leave a Comment

By Bozidar Spirovski, CISSP, MCSA, MCP

Cloud Computing is becoming more and more the buzzword of every conference, meeting and article. Yet it is still in it’s inception, and there are multitude of issues and problems. Here are the mechanisms by which we can approach the level of trust that we have in our infrastructure for the cloud.