background preloader

Secure Web

Facebook Twitter

Open Source NAC (Network Access Control)


SecureDataTransfer. SecureCloud. How Dropbox sacrifices user privacy for cost savings. Note: This flaw is different than the authentication flaw in Dropbox that Derek Newton recently published.

How Dropbox sacrifices user privacy for cost savings

Summary Dropbox, the popular cloud based backup service deduplicates the files that its users have stored online. This means that if two different users store the same file in their respective accounts, Dropbox will only actually store a single copy of the file on its servers. The service tells users that it "uses the same secure methods as banks and the military to send and store your data" and that "[a]ll files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password. " However, the company does in fact have access to the unencrypted data (if it didn't, it wouldn't be able to detect duplicate data across different accounts). This bandwidth and disk storage design tweak creates an easily observable side channel through which a single bit of data (whether any particular file is already stored by one or more users) can be observed. Introduction. Smartphone Forensics: Cracking BlackBerry Backup Passwords « Advanced Password Cracking – Insight.

BlackBerry dominates the North American smartphone market, enjoying almost 40 per cent market share.

Smartphone Forensics: Cracking BlackBerry Backup Passwords « Advanced Password Cracking – Insight

A 20 per cent worldwide market share isn’t exactly a bad thing, too. The total subscriber base for the BlackBerry platform is more than 50 million users. Today, we are proud to present world’s first tool to facilitate forensic analysis of BlackBerry devices by enabling access to protected data stored on users’ BlackBerries. One of the reasons of BlackBerry high popularity is its ultimate security. It was the only commercial mobile communication device that was ever allowed to a US president: Barack Obama has won the privilege to keep his prized BlackBerry despite resistance from NSA.

All data transmitted between a BlackBerry Enterprise Server and BlackBerry smartphones is encrypted with a highly secure AES or Triple DES algorithm. Sounds pretty secure, does it? Backups are good. Backups are also evil. Creating device backup is quite simple; again, following the manual: TechDirt. Facebook Places: Your Friends Are Here, But What About Your Privacy? Open Source Center - Login. Dark Web Terrorism Research : Research : Artificial Intelligence Laboratory : Eller College of Management : The University of Arizona.

The Dark Web Project and Forum Portal As part of its Dark Web project, the Artificial Intelligence Lab has for several years collected international jihadist forums.

Dark Web Terrorism Research : Research : Artificial Intelligence Laboratory : Eller College of Management : The University of Arizona

These online discussion sites are dedicated to topics relating primarily to Islamic ideology and theology. The Lab now provides search access to these forums through its Dark Web Forum Portal, and in its beta form, the portal provides access to 28 forums, which together comprise nearly 13,000,000 messages. The Portal also provides statistical analysis, download, translation and social network visualization functions for each selected forum. Here are some important links for the Dark Web project and Portal: The GeoPolitical Web Project Interested in accessing the Dark Web Forum Portal? You may request an account by submitting a Username Request form (available at Fill out the form completely to ensure your application is responded to Write down your Username and Password.

Searching the Searchers with SearchAudit. Searching the Searchers with SearchAudit John P.

Searching the Searchers with SearchAudit

John, Fang Yu, Yinglian Xie, Martin Abadi, and Arvind Krishnamurthy August 2010 Search engines not only assist normal users, but also provide information that hackers and other malicious entities can exploit in their nefarious activities. With carefully crafted search queries, attackers can gather information such as email addresses and misconfigured or even vulnerable servers. We present SearchAudit, a framework that identifies malicious queries from massive search engine logs in order to uncover their relationship with potential attacks. Seed, expands the set using search logs, and generates regular expressions for detecting new malicious queries. Queries as seed, SearchAudit discovers an additional 4 million distinct malicious queries and thousands of vulnerable Web sites. Live Messenger user credentials. Deep packet inspection.

Bij deep packet inspection (DPI) wordt elektronisch dataverkeer tussen zender en ontvanger inhoudelijk geanalyseerd.

Deep packet inspection

Dit gaat verder dan de inspectie van afzender- en ontvangeradres zoals routers dat voor het verder leiden van de gegevens noodzakelijkerwijs moeten doen. Het internet functioneert doordat gegevens in gestandaardiseerde brokstukken worden verdeeld, verpakt en verstuurd. De inhoud van de pakketjes speelt voor het functioneren van het internet als zodanig geen rol. Top Secret America. Google Agonizes on Privacy as Advertising World Vaults Ahead. What They Know. Put your pants back on: Chatroulette logging IP addresses, screengrabbing users. Panopticlick. Report Phishing Sites. US-CERT collects phishing email messages and website locations so that we can help people avoid becoming victims of phishing scams.

Report Phishing Sites

You can report phishing to us by sending email to What Is Phishing? Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. Learn More About Phishing The following documents and websites can help you learn more about phishing and how to protect yourself against phishing attacks: Methods of Reporting Phishing Email to US-CERT In Outlook Express, you can create a new message and drag and drop the phishing email into the new message.

Schneier on Security.