Understanding and Preventing Phishing Attacks

Internet Security Whitepapers Phishing

This paper covers the technologies and security flaws Phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organisations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against the next phishing scam to reach their in-tray.

Take Control of Your iPhone

Internet Security Whitepapers Hacking Mobile Phones, PDA & Handheld Devices

The iPhone is for Mac OS X, Windows XP, and Windows Vista users. What about this book? I estimate that roughly 90 percent of the material is appropriate for both platforms. This is obviously so when covering the iPhone’s features. Even when an iPhone is connected to a computer, differences are slight. Still, when it comes to troubleshooting, differences exist, such as when describing where iPhone information is stored on a computer’s hard drive. In this case, the book has more information for Mac users, since I am a die-hard Mac user and Mac troubleshooting is in my blood. Still, I firmly believe this book is valuable for users of either platform.

Effectiveness of Internet Filtering Software Products

Internet Security Whitepapers Internet Content Filtering Techniques

This report presents the findings of a study commissioned by the Australian Broadcasting Authority (ABA) and NetAlert into the effectiveness of a number of Internet content filtering products. The study examined both how easy the products were to install and use, and how effectively they filtered Internet content. The products under evaluation all attempt to effectively filter the Internet, blocking access to "undesirable" content, such as pornography or racist propaganda, and letting all other content pass through untouched. In reality, this is an impossible goal as the Internet is just too big and dynamic, and all products will pass through some content they should have blocked and block some content that should have passed through.

Preventing Identity Theft: A Guide for Consumers

Internet Security Whitepapers Social Engineering

Few crimes have made people more anxious more quickly as the sudden onslaught of identity theft. It's in the newspapers every day and on the news every night. People are worried that someone’s going to run up charges on their credit cards or fleece their bank accounts while their backs are turned. And there’s some reason to worry: All a thief has to do is steal something as basic as a Social Security number to become a real public enemy. And while these crimes are relatively easy to commit, investigating and prosecuting them are complex and timeconsuming matters. So it’s up to all of us to be identity-smart and make sure we keep this crime from spreading. It’s a battle we can win. Follow the tips in this booklet, be careful, and we'll keep a big step ahead of identity thieves. It’s up to all of us to prevent identity theft.

Password Attack on Kerberos V and Windows 2000

Internet Security Whitepapers System Hacking

Kerberos V authentication protocol is described in more detail. The Windows 2000 implementation of Kerberos V protocol requires the use of the pre-authentication data in the KRB_AS_REQ message by default, which makes it harder to implement offline password attacks. If pre-authentication is not used, anyone can make a request for a TGT and launch an offline password attack against it. The default implementation of preauthentication data cons ists of an encrypted timestamp and a cryptographic checksum created with a key derived from the user’s password.

Password Cracking and Brute-Force Tools

Internet Security Whitepapers System Hacking

Brute-force techniques take advantage of rising hardware performance combined with falling hardware cost. This time-memory tradeoff means that it is actually easier to pregenerate an entire password dictionary and execute lookups of password hashes. These pregenerated dictionaries, often referred to as Rainbow Tables, consist of the entire key space for a combination of length and content. For example, one dictionary might consist of all seven character combinations of lower- and uppercase alphanumerics, while another dictionary might consist of nine character combinations of only lowerand uppercase letters. These dictionaries are encrypted with DES, MD5, or whatever target algorithm the user desires.

Internet Content Filtering: Better Practices for ISP's

Internet Security Whitepapers Internet Content Filtering Techniques

There are many ways that content can be filtered for the user at a home or office. For parents at a home there primary concern may be pornography and chat rooms. For an owner or manager of a company your primary concern would also include time wasting sites like online games, shopping, news, and many more. Companies have a bigger challenge because they may have employees that need different levels of filtering. You may not want to block everyone from online shopping. There is probable someone that needs to do that. This article will talk about the basics of Internet content filtering. It will also describe a filtering solutions created by PowerNOC that companies and ISP's can use to create a filtering solution that can't be circumvented.

Password Cracking in the Field: Operating Systems and Database Management Systems

Internet Security Whitepapers System Hacking

Password cracking in the field is about the implementations of encryption algorithms. The information on these implementations on several platforms is fragmented. This document tries to provide some grip on the implementation and weaknesses in widely used software like operating systems and database management systems. Password cracking in the field is written for the Master of Science course System and Network Engineering in co-operation with Jeroen van Beek and Eric Nieuwland from KPMG. This document is written for Research Project 1 for the course System and Network Engineering at the University of Amsterdam.

User's Guide - Truecrypt Free Open-Source On-The-Fly Encryption

Internet Security Whitepapers Cryptography

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Until decrypted, a TrueCrypt volume appears to be nothing more than a series of random numbers. Entire file system is encrypted (i.e., file names, folder names, contents of every file, and free space). TrueCrypt never writes decrypted data to any storage device (it only temporarily writes data being decrypted to RAM).

Protecting Poorly Chosen Secrets from Guessing Attacks

Internet Security Whitepapers System Hacking

In a security system that allows people to choose their own passwords, those people tend to select passwords that can be easily guessed. These poorly chosen passwords are vulnerable to attacks based upon copying information (for example, the result of applying a one-way hash function to a password or of encrypting a message using password as the encryption key) and experimenting off-line.

Explore What's Inside Security Science

Global Internet Security News Global Internet Security News
Elevates people's awareness level by providing the most informative security related news and events, which includes, but is not limited to, financial and business security, information and technology security, as well as corporate and individual security worldwide.
Information Security Information Security
Security Policy Resource page, a compiled research project of the SECURITY-SCIENCE team. The ultimate goal of this project is to offer everything you need for swift development and implementation of information security policies. You'll find a great set of policies posted here, including, but is not limited to, procedures and guidelines, that you can easily align to your company’s security requirements.
Internet Security Tools Internet Security Tools
State of the art security technology solutions (software, hardware, appliances and gadgets--including HOWTOs and guidelines) for computer and network defense, perimeter protection and environment security and safety.
Learn Internet Security Science Learn Internet Security Science
Provides superior security education on how to counter attack security risks, threats and vulnerabilities by using the most advanced techniques practiced and put into application by professional hackers, forensics, investigators and penetration testers.
Grokker - Technology Encyclopedia Hackopedia
A free security encyclopedia for computer, Internet and security terms and definitions created, researched, reviewed and maintained by Security-Science.
Internet Security Experts - Knowledge Exchange Internet Security Experts
An avenue for exchanging knowledge and KNOW-HOWs which allows users to interact with each other for mutual assistance and support by collaborating, asking, answering and sharing information about security related issues and concerns that benefit everyone.