Smartphone Security Tips

Smartphone Security Tips
image: wikipediaChristmas & New year is here and its the time many people buy/exchange gifts. So if the next shiny gift in your hand is a smartphone, then remember following tips to be safe & secure your data.1. Don't loose track of your phone.This one goes non-technical. Don't loose the sight of your smartphone. Keep you eyes on it when you leave it anywhere, especially at the airport security checkin. The nature of data stored on phone makes it

Password analysis from 10,000 leaked Hotmail passwords

On 5th October theregister reported more than 10,000 password were leaked mysteriously on pastebin.com. See this tweetAs a followup study "Acunetix Web Application Security Blog" did an analysis on the kind of password people use.Some interesting findings are as follows-Statistics: The list initially contained 10,028 entries.There are 8931 (90%) unique passwords in the list. The longest password was 30 chars long: lafaroleratropezoooooooooooooo.The shortes

Cheat Sheets: Networking, Hacking, Security, Administration, Tools

Here is a bunch of CheatSheets which might be useful from time to time to use as a reference:# TCP/IP and tcpdump Cheat Sheet - SANS.org# Google Hacking and Defense Cheat Sheet - SANS.org# Intrusion Discovery Cheat Sheet Windows - SANS.org# Intrusion Discovery Cheat Sheet Linux - SANS.org# SQL Injection Cheat Sheet - ha.ckers.org# Cross Site Scripting Cheat Sheet - ha.ckers.org# Web application Cheat Sheet - secguru.com# Linux Security Quick Reference Guid...

UNtrusted Certificates from UNtrusted CA

Following HDMoore's twit I stumbled on this case of Man-in-the-middle attack with a valid SSL certificate from a shady reseller.Eddy Nigg was able to buy a certificate in the name of mozilla.com from a reseller of comodo named 'Certstar'.In response of this issue, comodo saysThat reseller's ability to sell Comodo certificates has been suspended while weinvestigate why they are apparently not fulfilling their contractual obligationsto us. We revoked your ce

Wardriving Pune

On 10th November 2008, ClubHack with support of Cyber Crime Cell of Pune Police conducted a Wardriving in Pune, Maharashtra.This Wardriving aimed at analysis of wireless network security in Pune city at common places like ITparks, residential areas, market areas, hotels, airport etc.To our amaze, we found nearly 81% of Pune's wifi to be insecure ( I count WEP as insecure)Find the report and analysis @ http://wardrive.in/

New Features in Nmap

In Fyodor’s talk at Blackhat he talked about the research he’s been doing, and the ways that research has helped him to improve Nmap with lot many enhancements. Let's have a look at the most interesting one.Abstract:One of Fyodor’s main focuses was improving Nmap’s speed through improvedefficiency. One of the best ways to do this is to allow for scans of fewerports, but this requires that you choose those ports carefully so as to miss aslittle as possible

Force Gmail to Always Use Secure Connection

On 24th July 2008, Google rolled out an option which you can use to force your communication with Gmail server over secure channel (read HTTPS).If you go to the Settings and select "always use https", Gmail will automatically redirect to the secure version. Until now, you had to manually type https://mail.google.com/ in the address bar or bookmark the address.As per Google"If you sign in to Gmail via a non-secure Internet connection, like a publicwireless