Computer Misuse Act (Of Singapore)

Internet Security Whitepapers Hacking Laws

In this Act, unless the context otherwise requires -- "computer" means an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device or group of such interconnected or related devices.

The Phishing Guide: Understanding and Preventing Phishing Attacks

Internet Security Whitepapers Phishing Social Engineering

This paper covers the technologies and security flaws Phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organisations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against the next phishing scam to reach their in-tray.

Firewalking

Internet Security Whitepapers Scanning

This paper describes Firewalking, a technique that can be used to gather information about a remote network protected by a firewall. The purpose of the paper is to examine the risks that this technique represents. This paper is intended for a technical audience with an advanced understanding of network infrastructure and TCP/IP packet structures. Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information can pass through a given gateway. Also, using this technique, an attacker can map routers behind a packet-filtering device. To fully understand how this technique works, we first need to understand how traceroute works. This paper provides an introduction to traceroute.

Steel Bolt Hacking - The Computerman’s Guide to Lock Picking

Internet Security Whitepapers Physical Security

Steel Bolt Hacking, or Lock Picking as it's most commonly known, is fast becoming a competitive sport among computer people. And it's far more than just picking locks. The 'sport' includes cracking combinations, push button door locks, electric key cards, and just about anything that has a lock to it. Lock picking sports groups are beginning to spring up in the U.S., the fastest growing groups are within the computer industry. Most computer people are fascinated with unlocking codes, bypassing security protocols and finding program vulnerabilities that can be exploited. Picking locks and cracking combinations are no different.

RFID Malware: Design Principles and Examples

Internet Security Whitepapers RFID Hacking

Radio Frequency Identification (RFID) is a contactless identification technology that promises to revolutionize our supply chains and customize our homes and office. This paper will demonstrate that the security breaches that RFID deployers dread most — RFID malware, RFID worms, and RFID viruses — are right around the corner. RFID attacks are currently conceived as properly formatted but fake RFID data; however no one expects an RFID tag to send a SQL injection attack or a buffer overflow. Unfortunately, the trust that RFID tag data receives is unfounded. To prove our point, this paper will describe the basic design principles of RFID malware. We will provide concrete examples for several target platforms, featuring a fully illustrated specimen of a self-replicating RFID virus. Our main intention behind this paper is to encourage RFID middleware designers to adopt safe programming practices.

Open-Source Security Testing Methodology Manual (OSSTMM 2.2)

Internet Security Whitepapers Penetration Testing

This manual is a combination of ambition, study, and years of experience. The individual tests themselves are not particularly revolutionary, but the methodology as a whole does represent the benchmark for the security testing profession. And through the thoroughness of its application you will find a revolutionary approach to testing security. The objective of this manual is to create one accepted method for performing a thorough security test. Details such as the credentials of the security tester, the size of the security firm, financing, or vendor backing will impact the scale and complexity of our test – but any network or security expert who meets the outline requirements in this manual will have completed a successful security profile. You will find no recommendation to follow the methodology like a flowchart. It is a series of steps that must be visited and revisited (often) during the making of a thorough test.

Four Different Tricks to Bypass StackShield and StackGuard Protection

Internet Security Whitepapers Buffer Overflows

Stack shielding technologies have been developed to protect programs against exploitation of stack based buffer overflows. Among different types of protections, we can separate two major groups. Those that modify the environment where applications are executed, for example PaX now integrated into the OpenWall project, and those that alter the way programs are compiled. We will focus on the last group, specially in StackGuard, StackShield, and Microsoft’s new stack smashing protection. Techniques that exploit stack based buffer overflows on protected programs and environment have been presented in the past. Here we’ll describe how the studied protections work, and then we’ll present four more tricks to bypass stack smashing protections, some of which are extentions of older techniques, and some we think are novel.

Original Hack of a Thrustmaster Game Controller

Internet Security Whitepapers Hacking USB Devices

You can open up any USB device and turn it into your own device. Apply sensors to it's inputs and use them as continous controllers. USB-devices such as gamecontrollers and joysticks connected to the computer are working with 0-5 V. A gamecontroller such as the wireless Thrustmaster Firestorm is working with 3 V (sensor-input 2.5V). You can hook up any sensor to the game controller that is working with 2.5 V.

Social Engineering: Techniques that can bypass Intrusion Detection Systems

Internet Security Whitepapers Social Engineering

The purpose of this paper is to explain how Social Engineering can defeat Intrusion Detection (ID) Systems. As we now enter the 21st Century, the computer age and cyber warfare is in full swing. Companies and organizations are still not fully addressing or understanding the issue of Social Engineering. The concept of Social Engineering can cause destruction to networks and cost companies millions of dollars. This paper will try to bring to light exactly how Social Engineering exposes the vulnerabilities of Intrusion Detection Systems and what can be done to protect ourselves against these vulnerabilities.

SolarWinds Toolset Administrator Guide

Internet Security Whitepapers Scanning Hacking Routers, Cable Modems and Firewalls

The SolarWinds Toolset provides the tools you need as a network engineer or network consultant to get your job done. Toolset includes best-of-breed solutions that work simply and precisely, providing the diagnostic, performance, and bandwidth measurements you want, without extraneous, unnecessary features. SolarWinds was founded by network professionals and continues to design tools for the network professional by listening to and enlisting the help of network professionals. This document contains information for the tools contained in all toolset editions.

Explore What's Inside Security Science

Global Internet Security News Global Internet Security News
Elevates people's awareness level by providing the most informative security related news and events, which includes, but is not limited to, financial and business security, information and technology security, as well as corporate and individual security worldwide.
Information Security Information Security
Security Policy Resource page, a compiled research project of the SECURITY-SCIENCE team. The ultimate goal of this project is to offer everything you need for swift development and implementation of information security policies. You'll find a great set of policies posted here, including, but is not limited to, procedures and guidelines, that you can easily align to your company’s security requirements.
Internet Security Tools Internet Security Tools
State of the art security technology solutions (software, hardware, appliances and gadgets--including HOWTOs and guidelines) for computer and network defense, perimeter protection and environment security and safety.
Learn Internet Security Science Learn Internet Security Science
Provides superior security education on how to counter attack security risks, threats and vulnerabilities by using the most advanced techniques practiced and put into application by professional hackers, forensics, investigators and penetration testers.
Grokker - Technology Encyclopedia Hackopedia
A free security encyclopedia for computer, Internet and security terms and definitions created, researched, reviewed and maintained by Security-Science.
Internet Security Experts - Knowledge Exchange Internet Security Experts
An avenue for exchanging knowledge and KNOW-HOWs which allows users to interact with each other for mutual assistance and support by collaborating, asking, answering and sharing information about security related issues and concerns that benefit everyone.