Posts Tagged ‘securitate’

Black Hat Europe 2010

Thursday, April 15th, 2010

Black Hat Europe 2010 se desfasoara chiar acum in Barcelona:

  • programul conferintei si multe materiale de la speakeri (prezentari, paper-uri etc) sunt deja online
  • via Costin Raiu: “This year marks an important milestone, as the conference was relocated from Amsterdam to Barcelona, in order to accommodate the increasing number of delegates. It is also a first in regard to the three tracks, a jump up from two – last year.”
  • keynote-ul a fost facut de Max Kelly, CSO Facebook
  • cum abordeaza echipa Facebook securitatea informatica: “We will use all legal mean available to identify attackers. We will use all legal resources to protect facebook and our users and prevent future attacks” – practic, prioritatea lor este prinderea criminalilor informatici, nu jocul de-a soarecele si pisica
  • fireshark – tool pentru analiza infectiilor web: injectii cu JavaScript, redirectari, script-uri obfuscate
  • pe twitter: #BlackHatEU

Tags: , , , | 1 Comment »

Conferinta Agora despre Securitate

Wednesday, April 14th, 2010

Am fost astazi la conferinta de securitate organizata de Agora, unde am vorbit despre piata underground: “Cât valorezi? Pretul datelor tale pe piata neagră”.

Prezentarea mea s-a bazat pe research-ul facut de colegul meu, Dmitry Bestuzhev, research al carui rezumat il puteti vedea mai jos:

Din pacate a trebuit sa plec relativ repede de la Intercontinental, asa ca daca nu am apucat sa vorbim astazi la conferinta, ma puteti contacta oricand.

Tags: , , , , | 1 Comment »

Implicatiile location-based services in securitatea online

Monday, April 12th, 2010

Saptamana trecuta am stat de vorba cu James Lawson de la ITWeb despre location-based services si implicatiilor lor, atat in securitatea personala de zi cu zi, cat si in securitatea informatica. Cateva quote-uri si un link catre articolul complet:

As devices become more connected to the Internet, so their ability to connect to social networks has increased. While location-based technology provides trend-setting social media services, the potential for its misuse potentially outweighs its usefulness.

This is the view of Stefan Tanase, senior security researcher at Kaspersky Lab’s EEMEA global research and analysis team, who adds that location-based technology is the ‘next big thing’, creating a series of hot topics on a public timeline in the user’s own city and area.

(…)

Tanase says this can also create an online threat. “Criminals usually seek personal data for identity theft. Providing location-based information gives them additional information to further recreate your persona.

“Before the advent of Web 2.0, criminals had a far more difficult time collecting information for their targeted attacks,” he says, adding that criminals were more reliant on social engineering to get personal information.

“But with social networks we see the trend of criminals being able to access publicly available information from the Internet – which gives them an edge.”

He adds that geo-location technologies are being used to fool people into accessing Web pages infected with malicious code. Criminals can use information from an IP address to locate where a user is, and tailor false articles based on their location to drive them through to sites where malicious code exploits vulnerabilities in their browser, he explains.

“Twitter and Facebook are usually more active and more open,” says Tanase, adding that there is a quick turnover of information with these regularly used sites. He explains that location information is always fresh. “This provides an opportunity for criminals to know where you are and act appropriately.”

Articolul complet pe site-ul IT Web: Locating your privacy

Tags: , , , | 1 Comment »

Scurte, de weekend

Sunday, April 11th, 2010

Tags: , , | 2 Comments »

Despre securitatea zborurilor si poza din header

Friday, April 9th, 2010

Zbor foarte mult (si vorbesc serios cand spun asta). In 2009 am facut 59 de zboruri si am fost plecat din tara peste 110 zile. Cunosc controalele de securitate din aeroporturi mai bine decat imi doresc – nu ca m-ar deranja asta. Stiu exact care curea declanseaza detectorul de metale, ce lucruri din rucsacul meu se vad suspect la raze X si ce chef de viata are sau n-are cainele mirositor de la Otopeni :)

Problema e ca masurile clasice de securitate sunt mai mult sau mai putin inutile. Da, te scapa de problemele mici, de un cutit sau un pistol in avion, dar nu ofera nicio protectie in fata atacatorilor cu adevarat motivati.

Adevaratele masuri de securitate sunt cele pe care nu le vede nimeni – nici eu, pasagerul de rand, nici ei, teroristii, dupa cum bine spunea Bruce Schneier. Vorbesc aici de intelligence, de servicii de informatii, lucruri care nu vor fi niciodata inlocuite de raze X, detectoare de metale, body scannere, caini si oameni care cauta prin bagaje.

Si daca tot vorbim de zbor, iata si de unde vine fotografia din header:

Still Silence by Stefan Tanase

Tags: , , , | 4 Comments »