Internet Security Whitepapers

10 Reasons not to Buy an iPhone

Internet Security Whitepapers Hacking Mobile Phones, PDA & Handheld Devices

The iPhone looks cool, but if you're a serious business user, there are other, less expensive cell phones that provide better functionality. And even if you're not a business user, unless you have plenty of money lying around and absolutely must have the latest neat gadget as soon as it comes out, I'd recommend waiting for version 2 of the iPhone, which, we hope, will cost less and fix at least a few of these issues.

8 Steps to Protect Your Cisco Router

Internet Security Whitepapers Hacking Routers, Cable Modems and Firewalls

Network security is a completely changing area; new devices like IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), and Honeypots are modifying the way people think about security. Companies are spending thousand of dollars on new security devices, but forgetting the basic, the first line of defense: the border router. In this article it will give you 8 steps, easy to follow, to minimize your Cisco router exposure by turning off some unused services, applying some access control and applying some security options available on that.

A Guide to Security Hardening for Apple Mac OS

Internet Security Whitepapers MAC OS Hacking

This document covers numerous methods to harden Mac OS X, from both a local user and network perspective. It is primarily aimed at the single-user Macintosh client machine owned and used by a security conscious user. Its methods can be equally applied to a multi-user machine; however there are numerous additional security risks presented the moment a Mac OS X machine is made multi-user.

A Large Scale Study of Web Password Habits

Internet Security Whitepapers Web Based Password Cracking

Passwords play a large part of the typical web user's experience. The are the near universal means for gaining access to accounts of all kinds. Email, banks, portals, dating and social networking sites all require passwords. So important are they that HTML has a special form field to allow for the special treatment they require, and an important role of SSL is protecting the secrecy of passwords from observers of the connection. Alternative to passwords certainly exist. Hardware authentication, e.g. [1], is sometimes used for access to corporate networks. However, this requires an issuing authority and seems to be limited to environments that justify the cost, such as in the employer-employee relationship. Challenge response authentication has the advantage that observing a single successful sign in does not allow an attacker to gain the secret.

A Man-In-The-Middle Attack Using Bluetooth

Internet Security Whitepapers Bluetooth Hacking

During the SA3-31 meeting in Munich, it was decided that the Bluetooth link between peripheral devices did not require integrity protection. This contribution indicates that a man-in-the-middle attack may be possible on the bluetooth link in a WLAN interworking environment. The attacker lures the victim to connect to a malicious WLAN access point. The attack does not require to know the Bluetooth link key. The attacker can repeat this attack on the same victim many times in any WLAN network. A discussion of countermeasures against this attack can be found in a companion contribution.

A Simple Procedure for Finding Guessing Attacks

Internet Security Whitepapers Web Based Password Cracking

Security protocols that use weak passwords (e.g. human chosen) can be subject to guessing attacks [GLMS93]. Guessing attacks exist in two flavours: online and offline. In online guessing attacks the intruder is allowed to generate fake messages and to supply them to the honest agents, for instance for checking whether a certain guess is correct. In offline guessing attacks, on the other hand, the intruder first gathers some knowledge K from the protocol execution, and then proceeds offline to perform a password search.

Active@ Password Changer

Internet Security Whitepapers System Hacking

Active@ Password Changer lets you reset local user passwords and change Windows login security restrictions on Windows NT / 2000 / XP / 2003 systems: this is useful when the Administrator’s password is forgotten or lost, or when the Administrator’s user account has been disabled or locked out.

Advanced Hacking Techniques: Implications for a Mobile Workforce

Internet Security Whitepapers Hacking Mobile Phones, PDA & Handheld Devices

Laptops are being deployed within enterprises at an increasing rate, mostly because of the flexibility and convenience they provide employees, and in turn, the productivity gains they provide for the companies. It's impossible to go anywhere today without seeing people working outside the traditional office setting on their laptops - at the local coffee shop, while lounging in the park, standing at their kitchen counters, waiting at airport gates, and working in their hotel rooms.

Advanced SQL Injection in SQL Server Applications

Internet Security Whitepapers SQL Injection

This document discusses in detail the common 'SQL injection' technique, as it applies to the popular Microsoft Internet Information Server/Active Server Pages/SQL Server platform. It discusses the various ways in which SQL can be 'injected' into the application and addresses some of the data validation and database lockdown issues that are related to this class of attack. The paper is intended to be read by both developers of web applications which communicate with databases and by security professionals whose role includes auditing these web applications.

Alternate Data Streams - What's Hiding in Your Windows NTFS?

Internet Security Whitepapers Cryptography System Hacking

Hackers and malware authors have a strong motivation to keep you from finding their malicious software on your system. If you find it, you can delete it. If you delete it, the malware author doesn't make money-yes, this is a for-profit business. Panda software, a respected anti-virus and anti-malware vendor, reports that from January - March of 2006, 70% of the malware released on the Internet was trying to make money for the authors in one way or another.