Tag Archive: opera

Jul 28

Major Flaw In Android Phones Would Let Hackers In With Just A Text

A security gap on the most popular smartphone operating system was discovered by security experts in a lab and is so far not widely exploited. It would let malicious code take over a phone instantly.

Source: Major Flaw In Android Phones Would Let Hackers In With Just A Text

Jun 29

MIG: Mozilla InvestiGator by mozilla

Mozilla’s platform for real-time digital forensics and incident response of modern infrastructures

MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. Watch on YouTube

MIG is composed of agents installed on all systems of an infrastructure that are be queried in real-time to investigate the file-systems, network state, memory or configuration of endpoints.

It’s an army of Sherlock Holmes, ready to interrogate your infrastructure within seconds.

Capability Linux MacOS Windows
file inspection check check check
network inspection check check (partial)
memory inspection check check check
vuln management check (planned) (planned)
system auditing (planned) (planned) (planned)

Imagine that it’s 7am on a saturday morning, and someone just released a critical vulnerability for your favorite PHP application. The vuln is already exploited and security groups are releasing indicators of compromise. Your weekend isn’t starting great, and the thought of manually inspecting thousands of systems isn’t making it any better.

MIG can help. The signature of the vulnerable PHP app (an md5 of a file, a regex on file, or just a filename) can be searches for across all your systems using the file module. Similarly, indicators of compromise such as specific log entries, backdoor files with {md5,sha{1,256,512,3-{256,512}}} hashes, IP addresses from botnets or signature in processes memories can be investigated using MIG. Suddenly, your weekend is looking a lot better. And with just a few command lines, thousands of systems will be remotely investigated to verify that you’re not at risk.

Source: MIG: Mozilla InvestiGator by mozilla

May 26

Teaching Encryption Soon to Be Illegal in Australia

Under the Defence Trade Control Act (DTCA), Australians could face up to ten years in prison for teaching encryption. Criminal charges will go into effect next year. The new legislation will make it illegal for Australians to  teach or provide information on encryption without having a permit. Also Read: Authorities Uncover Bitcoin-Funded Gunrunning Operation Australia’s […]

Source: Teaching Encryption Soon to Be Illegal in Australia

Apr 18

CALL FOR PAPERS | eDemocracy

CALL FOR PAPERS | eDemocracy.

 

e-Democracy 2015: Citizen rights in the world of the new computing paradigms 
6th International Conference on 
e-Democracy
CALL FOR PAPERS 
December 10-11, 2015, Athens, Greece
www.edemocracy2015.eu

Information and communication technologies move fast; faster than society, faster than governments, faster than the law. Connectivity is already impressive, but the near future brings about the interconnection of everything, via the Internet of Things. It also brings fundamental changes to our computing paradigm, with cloud computing gaining momentum and being expected to become the prevalent computing paradigm in the years to come. Increasingly more data are being collected, about almost everything one can imagine; and they remain there, in cyberspace, for ever, sometimes even resisting efforts to delete them. These data are so attractive that a new science, going by the name “big data” has already emerged. All these developments constitute in most cases an improvement in our everyday lives, but sometimes infringe our rights as citizens. The challenge, therefore, is to safeguard citizen rights in the face of a new era, landmarked by new computing paradigms.
This is the theme of the 6th occasion of the International Conference on e-Democracy that will be held in Athens, the cradle of democracy, on 10-11 December 2015. The conference is organized by the Scientific Council for the Information Society, in co-operation with the Hellenic Data Protection Authority and a substantial number of European and Greek universities and academia. It is intended, similarly to previous occasions, to provide a forum for presenting and debating the latest developments in the field, from a technical, political, and legal point of view.
The conference will include keynote addresses, tutorials, panels, Ph.D. colloquia and sessions, workshops, special, regular and poster sessions. All papers will be peer reviewed. Acceptance will be based on quality, relevance, and originality. Accepted papers will be published in the conference proceedings and selected papers will be invited to participate (after the necessary enhancements) to the evaluation process for inclusion in special issues of peer-reviewed journals.
The working language of the 6th International Conference on “e-Democracy ‘15: Challenges for Citizen Rights in the World of the New Computing Paradigms” is English. It is possible, however, that papers on Greek Law cases of e-Democracy issues be presented in Greek.
Topics of interest
The topics of interest include, but are not limited to, the following:

  • e-Democracy and e-Participation
      o e-Campaigning, e-Politics
      o e-Voting
      o Information and Consultation Platforms
      o Collaborative working environments for e-Democracy
      o Social computing and e-Democracy

• e-Government

    o Open and Big Data for e-Government
    o Cloud computing for e-Government
    o m-Government
    o e-Government services and administrative burdens
    o Business process modeling for e-Government systems
    o Tools and models for e-Government development
    o Case studies and European projects

• Security, Privacy and Trust

    o Security, Privacy and Trust in e-Business services
    o Security, Privacy and Trust in e-Government services
    o Security, Privacy and Trust in Online Social Network Services
    o Cloud Computing Security and Privacy
    o Identity Management, Identity Theft and Trust Management
    o Information Audit and Trust
    o Digital Rights Management
    o Trust and Reputation in Digital Environments
    o Cyber attacks and advances on network security
    o Cryptographic Technologies
    o Anonymisation Methodologies and Best Practices
    o Privacy by Design and Default Methodologies
    o Tracking Technologies and Do-Not-Track Systems
    o Privacy Impact Assessment Methodologies
    o Privacy Enhancing Location and Mobility Management
    o Security and Privacy Audit, Risk and Governance
    o Security and Data Protection Education
    o Tradeoffs between security and efficiency, usability, reliability and cost

• e-Crime, e-Fraud and Digital Forensics

    o Cyber Crime Detection and Prevention
    o Internet Fraud, Cyber War
    o Computer Forensics and Anti-forensics

• Social, legal and ethical issues

    o Digital Divide
    o Internet Addiction
    o Transparency and Accountability in Data Protection
    o Ethics in Digital Societies
    o Surveillance Technologies and Legal Implications
    o Freedom of Expression and Privacy
    o Freedom of Information and Privacy
    o Social factors of collaborative creativity

Important Dates
Full paper submission deadline: May 31, 2015
Notification of decision: July 15, 2015
Camera-ready deadline: July 30, 2015

Instructions for Authors
Submitted papers must not substantially overlap with papers that have been published or that have been simultaneously submitted to a journal or a conference with proceedings. All submissions should be appropriately anonymised (i.e., papers should not contain author names or affiliations, or obvious citations). Submissions should be at most 15 pages, including the bibliography and well-marked appendices, and should follow the LNCS style (http://www.springeronline.com/lncs). Submissions are to be made to the submission web site at https://easychair.org/conferences/?conf=edemocracy15. Only pdf files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of 31 May 2015 (11:59 p.m. American Samoa time). Authors of accepted papers must guarantee that their papers will be presented at the conference. Efforts will be made to publish the conference proceedings by Springer in the Lecture Notes in Computer Science (LNCS) series.

The authors of selected accepted papers will be invited to extend their work for further publication in the Emerald journal Information and Computer Security (http://www.emeraldinsight.com/journal/ics# ).

Conference Steering Committee
Sokratis K. Katsikas, University of Piraeus, Greece (Chair)
Vassilis Zorkadis, Vice-President of SCIS, Greece (Vice-chair)
Philippos Mitletton, Secretary General of SCIS, Greece (Secretary)
Lazaros Iliadis, Democritus University of Thrace, Greece
Constantina Costopoulou, Agricultural University of Athens, Greece
Constantine Yialouris, Agricultural University of Athens, Greece
Elias Pimenidis, University of the West of England, UK
Spyros Voulgaris, Vrije Universiteit, The Netherlands
Irene Vassilaki, Board member of SCIS, Greece
Charalampos Patrikakis, Technological Educational Institute of Piraeus, Greece

Conference Honorary Chair
Alexander B. Sideridis, Agricultural University of Athens, Greece

Program Committee Chair
Sokratis K. Katsikas, University of Piraeus, Greece

Program Committee
Isaac Agudo, University of Malaga, Spain
Evgenia Alexandropoulou, University of Macedonia, Greece
Zacharoula Andreopoulou, Aristotle University of Thessaloniki, Greece
Maria Bottis, Ionian University, Greece
Christos Bouras, University of Patras, Greece
Athena Bourka, ENISA, Greece
David Chadwick, University of Kent, UK
Vassilios Chryssikopoulos, Ionian University, Greece
Nathan Clarke,University of Plymouth, UK
Tina Costopoulou, Agricultural University of Athens, Greece
Ernesto Damiani, University of Milan, Italy
Sabrina De Capitani Di Vimercati, University of Milan, Italy
Christos Douligeris, University of Piraeus, Greece
Carmen Fernández-Gago, University of Malaga, Spain
Simone Fischer-Hübner, Karlstad University, Sweden
Sara Foresti,University of Milan, Italy
Steven Furnell, University of Plymouth, UK
Jürgen Fuß,University of Applied Sciences Upper Austria,Austria
Dimitris Geneiatakis, EC Joint Research Center Ispra, Italy
Christos Georgiadis, University of Macedonia, Greece
Dimitris Gouscos, University of Athens, Greece
Stefanos Gritzalis, University of the Aegean, Greece
Mp.Gupta,Indian Institute of Technology Delhi (IIT Delhi), India
Marit Hansen,Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Germany
Lazaros Iliadis, Democritus University of Thrace, Greece
Dimitra Kaklamani, National Technical University of Athens, Greece
Christos Kalloniatis, University of the Aegean, Greece
Ioanna Kantzavelou, Technological Educational Institute of Athens, Greece
Maria Karyda, University of the Aegean, Greece
Vasilis Katos, Bournemouth University, UK
Spyros Kokolakis, University of the Aegean, Greece
Nicholas Kolokotronis, University of Peloponnese, Greece
Panayiotis Kotzanikolaou, University of Piraeus, Greece
Costas Lambrinoudakis, University of Piraeus, Greece
Maria Lambrou, University of the Aegean, Greece
Konstantinos Limniotis, University of Athens, Greece
Antonio Lioy, Politecnico di Torino, Italy
Javier Lopez, University of Malaga, Spain
Nikos Lorentzos, Agricultural University of Athens, Greece
Euripidis Loukis, University of the Aegean, Greece
Emmanouil Magkos, Ionian University, Greece
Vicky Manthou, University of Macedonia, Greece
Nikolaos Marianos, University of the Aegean, Greece
Giannis Marias, Athens University of Economics and Business, Greece
Olivier Markowitch, Université Libre de Bruxelles (ULB), Belgium
Vashek Matyas, Masaryk University, Czech Republic
Vojtech Merunka, Czech Technical University in Prague, Czech Republic
Lilian Mitrou, University of the Aegean, Greece
Martin Molhanec, Czech Technical University in Prague, Czech Republic
Haris Mouratidis, University of Brighton, UK
Maria Ntaliani, Agricultural University of Athens, Greece
Christoforos Ntantogian, University of Piraeus, Greece
Martin Olivier, University of Pretoria, South Africa
Rolf Oppliger, eSECURITY Technologies, Switzerland
Andreas Pashalidis, K.U.Leuven, Belgium
Charalampos Patrikakis, National Technical University of Athens, Greece
Guenther Pernul, University of Regensburg,Germany
Elias Pimenidis, University of the West of England, UK
Nineta Polemi, University of Piraeus, Greece
Bart Preneel, K.U. Leuven, Belgium
Andreja Pucihar, University of Maribor, Slovenia
Gerald Quirchmayr, University of Vienna, Austria
Muttukrishnan Rajarajan, City University, UK
Kai Rannenberg, Goethe University Frankfurt, Germany
Panagiotis Rizomiliotis, University of the Aegean, Greece
Carsten Rudolph, Fraunhofer Institute for Secure Information Technology, Germany
Christoph Ruland, University of Siegen, Germany
Pierangela Samarati, University of Milan, Italy
Einar Snekkenes, Gjovik University College, Norway
Miguel Soriano,U niversitat Politècnica de Catalunya (UPC), Spain
Diomidis Spinellis, Athens University of Economics and Business, Greece
Paul Spirakis,University of Patras, Greece
Stephanie Teufel, University of Fribourg, iimt, Switzerland
Marianthi Theocharidou, Athens University of Economics & Business, Greece
Yannis Theocharis,University of Mannheim, Germany
Aggeliki Tsochou,Ionian University, Greece
Irene Vassilaki, SCIS, Greece
Maro Vlachopoulou, University of Macedonia, Greece
Vasileios Vlachos, Technological Educational Institute of Larissa, Greece
Spyros Voulgaris, VU University Amsterdam, The Netherlands
Edgar Weippl, Vienna University of Technology, Austria
Christos Xenakis, University of Piraeus, Greece
Constantine Yialouris, Agricultural University of Athens, Greece
Jianying Zhou, Institute for infocomm research, Singapore
Vassilis Zorkadis, Hellenic Data Protection Authority, Greece
Sotiris Karetsos, Agricultural University of Athens, Greece

Download CfP

Mar 24

DNS leak test

What is a DNS leak and why should I care?

When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.

DNS or the domain name system is used to translate domain names such as www.privacyinternational.org into numerical IP addresses e.g. 123.123.123.123 which are required to route packets of data on the Internet. Whenever your computer needs to contact a server on the Internet, such as when you enter a URL into your browser, your computer contacts a DNS server and requests the IP address. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your Internet activities.

Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity network. DNS leaks are a major privacy threat since the anonymity network may be providing a false sense of security while private data is leaking.

via DNS leak test.

Mar 20

cSploit/android · GitHub

cSploit – The most complete and advanced IT security professional toolkit on Android.

cSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments on a mobile device.

Once cSploit is started, you will be able to easily map your network, fingerprint alive hosts operating systems and running services, search for known vulnerabilities, crack logon procedures of many tcp protocols, perform man in the middle attacks such as password sniffing ( with common protocols dissection ), real time traffic manipulation, etc, etc .

This application is still in beta stage, a stable release will be available as soon as possible, but expect some crash or strange behaviour until then, in any case, feel free to submit an issue here on GitHub.

via cSploit/android · GitHub.

Jan 18

To Avoid Detection, Terrorists Made Messages Seem Like Spam – Slashdot

HughPickens.com writes: It’s common knowledge the NSA collects plenty of data on suspected terrorists as well as ordinary citizens, but the agency also has algorithms in place to filter out information that doesn’t need to be collected or stored for further analysis, such as spam emails. Now Alice Truong reports that during operations in Afghanistan after 9/11, the U.S. was able to analyze laptops formerly owned by Taliban members. According to NSA officer Michael Wertheimer, they discovered an email written in English found on the computers contained a purposely spammy subject line: "CONSOLIDATE YOUR DEBT."

According to Wertheimer, the email was sent to and from nondescript addresses that were later confirmed to belong to combatants. "It is surely the case that the sender and receiver attempted to avoid allied collection of this operational message by triggering presumed "spam" filters (PDF)." From a surveillance perspective, Wertheimer writes that this highlights the importance of filtering algorithms. Implementing them makes parsing huge amounts of data easier, but it also presents opportunities for someone with a secret to figure out what type of information is being tossed out and exploit the loophole.

via To Avoid Detection, Terrorists Made Messages Seem Like Spam – Slashdot.

Jan 13

KeySweeper

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring.

KeySweeper.

Oct 27

Watch That Windows Update: FTDI Drivers Are Killing Fake Chips

The FTDI FT232 chip is found in thousands of electronic baubles, from Arduinos to test equipment, and more than a few bits of consumer electronics. It’s a simple chip, converting USB to a serial port, but very useful and probably one of the most cloned pieces of silicon on Earth. Thanks to a recent Windows update, all those fake FTDI chips are at risk of being bricked. This isn’t a case where fake FTDI chips won’t work if plugged into a machine running the newest FTDI driver; the latest driver bricks the fake chips, rendering them inoperable with any computer.

via Watch That Windows Update: FTDI Drivers Are Killing Fake Chips.

Oct 26

Malwr – Malware Analysis by Cuckoo Sandbox

What is Malwr?

Malwr is a free malware analysis service and community launched in January 2011. You can submit files to it and receive the results of a complete dynamic analysis back.

Mission

Existing online analysis services are all based on closed and commercial technologies, often with intents to leverage people’s data to own profit and with no real transparency on how the data is being used. We are researchers ourselves and felt the need of an alternative solution.

Our mission is to provide a powerful, free, independent and non-commercial service to the security community, independent or academic researchers with no other goal than facilitating everyone’s daily work and give a contribution to the community.

Independent

Malwr is operated by volunteer security professionals with the exclusive intent to help the community. It’s not associated or influenced by any commercial or government organization of any sort.

Non-Commercial

We do not profit on your data. The files you submit, the information you provide and any other use you make of the website is not commercialized in any way. We create and use open source technology. We’re not advertising any commercial product, we are not collecting data to enrich any existing product.

via Malwr – Malware Analysis by Cuckoo Sandbox.

Older posts «