Archive for the ‘Security’ Category

10 € = the price of our private data

December 23, 2011

Lately, a mobile operator had a new offer, made this way:
-refuel your mobile account, twice, each one 10€ minimun,
and you give 10€ more

-within some weeks
-use a well know payment operator

further condition required: a payment operator valid subscription of course

the payment operator needs name,surmane,email,credit card … at least

so, these data mean 10€! :O


Pirates in AVAST ?!?! :O

September 17, 2010


more info here

GPS security

March 7, 2010

Technology that depends on satellite-navigation signals is increasingly threatened by attack from widely available equipment, experts say.

While “jamming” sat-nav equipment with noise signals is on the rise, more sophisticated methods allow hackers even to program what receivers display.

At risk are not only sat-nav users, but also critical national infrastructure.

read full article here: Sat-nav systems under growing threat from ‘jammers’

Security, two-factor authentication, man-in-the-browser attacks, etc

February 19, 2010

Home banking, webmail via https, e-commerce website … and so on!
Authentication is really important, and your browser tells you when you’re surfing over a secure connecti0n and when not.

Fraudsters are beating strong two-factor authentication and are proving that any authentication method that relies on browser communications can be defeated. A layered fraud prevention approach can thwart these attacks.
Criminals are successfully launching man-in-the-browser attacks that circumvent strong two-factor and other authentication that communicate through the user’s browser. The fraudsters are also successfully having telecommunication carriers forward phone calls used to authenticate users and/or transactions to the fraudster’s phone instead of the legitimate user’s phone. These attacks were successfully and repeatedly executed against many banks and their customers across the globe in 2009. While bank accounts are the main immediate targets, these attack methods will migrate to other sectors and applications that contain sensitive valuable information and data within the next three years.
A layered fraud prevention approach that includes server-based fraud detection and out-of-band transaction verification that precludes call forwarding to illegitimate user phone numbers can and has mitigated these threats.

read full article here: Where Strong Authentication Fails and What You Can Do About It

source: Attenzione con l’Internet Banking

GSM mobile eavesdropping…

January 21, 2010

Very interesting interview to Karsten Nohl, about mobile GSM eavesdropping.

Nohl: We showed that GSM, the widely used cell phone standard, is insecure, and explained how your neighbor might already be listening in on your calls. After GSM’s security was declared outdated several times before, we were the first to make tools available for people to verify its insecurities.

full interview here: Q&A: Researcher Karsten Nohl on mobile eavesdropping

source: Come intercettare le comunicazioni dei cellulari