pexels-photo-14551-large

How to easily secure your smartphone

Most people these days have a smartphone. These phones are actually no longer just mobile phones, in reality they are powerful mobile computers with several GB RAM, multicore CPUs and many GB storage. Despite these characteristics which bring them closer to computers than to phones, most of their users don’t consider security and privacy in the way they should do with their personal mobile computers. Actually, users are split in two categories: those who care about security and privacy and those who don’t. The advices below are meant to address both categories and they are sorted according to the difficulty…

Read More

blog2-default_header

Awesome Malware Analysis – Resources

Source and credit: https://github.com/rshipp/awesome-malware-analysis   I save it here for easier reference. Do note that this list grows a lot !   A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php. Awesome Malware Analysis Malware Collection Anonymizers Honeypots Malware Corpora Open Source Threat Intelligence Tools Other Resources Detection and Classification Online Scanners and Sandboxes Domain Analysis Browser Malware Documents and Shellcode File Carving Deobfuscation Debugging and Reverse Engineering Network Memory Forensics Windows Artifacts Storage and Workflow Miscellaneous Resources Books Twitter Other Related Awesome Lists Contributing Thanks Malware Collection Anonymizers Web traffic anonymizers for analysts….


car-hack

Car hacking again… now at high speed!

Not even a week has passed since I was writing about “Not yet worried about vehicle hacking? You should be!” and we see in the news that at Blackhat that exactly this is happening. At BlackHat USA this week, the security researchers Charlie Miller and Chris Valasek are scheduled to present their latest findings in the world of car hacking. Again ! Miller and Valasek have already made names for themselves last year with the dramatic hacking of Jeep Cherokee, a interfering with its entertainment system, engine and brakes, while it was being driven down a busy highway at 70mph. Fiat Chrysler announced…


car-hack

Not yet worried about vehicle hacking? You should be!

  As a matter of fact, it is not only vehicles that can be hacked, actually any IoT device can be hacked. AV-Test.org published this paper about vulnerabilities in the fitness wristbands and Apple Watch, which shows how they tested and how secure the devices are. However, a hack of these IoT devices is not as dangerous as hacking a vehicle. I am not saying that they don’t matter, on the contrary. This is why I am mostly interested in vehicles: hacking can be dangerous and it is, with manufacturer’s permission at least, to improve their security.   According to the RSA…


2016-07-20 12.40.08

IT Security News has its own Android App

I have finally found the time to make the app I always wanted to have for the “IT Security News” service.   Here is the page on Google’s Play Store: And the screenshots of the app:       Right now it is available only on Android devices, soon it will be available in the Apple’s Appstore.   Help me spread the word about it so that I can have some downloads 😉 Thanks.


fbpurity

How to get rid of Pokemons in your Facebook feed

Short version For those who are really, really, pissed off: Install FB Purity: http://www.fbpurity.com/ Open the FB Purity Facebook app by clicking on the word “FBP” near the search bar. Write in the main screen the word “pokemon” Save the configuration Enjoy your Pokemon free feed   Longer version Go and install FB Purity from http://www.fbpurity.com/install.htm. This means that you need to install an extension for your browser. F.B. Purity is compatible with the following web browsers: Firefox, Google Chrome, Safari, Opera and Maxthon, running on Windows, Mac, Linux. Open the FB Purity Facebook app by clicking on the word “FBP” near…


ransomware-email

Social engineering at its best: ransomware delivery methods

I wrote already about Ransomware (and here), but in a more generic way as I will do now. From me to me, with the subject “Documents from work” is the subject of a new Locky ransomware. Attached is a Word document containing macros. In the document (which is actually an archive) is a file called  word\vbaProject.bin. That file seems to be the trigger that downloads the ransomware binary.   This is the link to the VirusTotal detection: https://virustotal.com/en/file/28ba8362af69958964bf8d7e23664cddc625e67b55ff5d5e95e9feef74158e96/analysis/1469020147/ At the moment of writing this post, 30/53 engine detect it.   My goal is not to analyze here the ransomware, but the delivery….


phd

What’s the deal with a PhD?

I found long time ago this animated GIF on the Internet and now I managed to download it. I don’t know who created it, so I can’t give credit to anyone. Why I post this here? Because it matters and because it is exactly my experience which I like to share. Not many know, but I have been part of the PhD program of the Politehnica University Bucharest in Romania for 5 years, immediately after graduating the same university’s Computer Science faculty (field: Software Engineering). My diploma was related to Distributed Systems as well, namely about how to use CORBA…


bmw-connected

BMW and cybersecurity

Not a month passes without seeing some major car manufacturer that has cybersecurity issues. This month we have seen made public a report from February 2016 related to BMW. The short story   The BMW ConnectedDrive Web portal was found to contain a vulnerability that could result in a compromise of registered or valid vehicle identification numbers, Vulnerability Lab warns. The security bug, affecting the BMW ConnectedDrive online service web-application, is a VIN (Vehicle Identification Number) session vulnerability, security researcher Benjamin Kunz Mejri reveals. VIN, also known as chassis number, is a unique code used in the automotive industry to…


API-icon

Web Services: SOAP vs REST

There is a permanent discussion going on and I have seen quite a lot of answers. SOAP (Simple Object Access Protocol) vs. REST (Representational State Transfer) Which one to use and when? Let’s see first the main characteristics of both: S.No SOAP REST 1. SOAP stands for Simple Object Access Protocol. REST stands for Representational State Transfer. 2. SOAP is a protocol. It defines some standards that should be followed strictly. REST is an architectural style. It doesn’t define so many standards like SOAP. 3. SOAP is highly secure as it defines its own security. REST inherits security measures from the…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close