Jul 302015
 

The Internet of Things and Smart Cities – Security and Privacy Aspects In a world where the technology is constantly improving itself by the hour, the demand for a seamless integration of human needs and the digital word is on the rise. With every new device that we are procuring for our day to day jobs, the ability to integrate it with the World Wide Web and make it more accessible and user friendly is Read More…

Jun 302015
 

This article presents the key risks with DirectAccess and how to audit them. Let’s begin by first understanding the DirectAccess technology. Introduction of DirectAccess From the Wikipedia definition DirectAccess, also known as Unified Remote Access, is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet. Direct Access overcomes the limitations of VPNs by automatically establishing a bi-directional connection from client computers to the corporate network so users Read More…

Apr 152015
 

Introduction Is your server protected against port scanning?  The general answer will be “Yes, I have a firewall which restricts access to internal servers from the Internet.” What if I tell you I can still scan the ports on your server and your firewall wouldn’t know about it! If the web application running on a publicly exposed server is vulnerable to SSRF (Server Side Request Forgery) then it is possible to do port scans on Read More…

Apr 102015
 

The Payment Card Industry Security Standards Council recently released their updated Information Supplement: Penetration Testing Guidance. The guidance document was last published in 2008 under the heading ‘Requirement 11.3 Penetration Testing’ The updated document marks a major difference in the approach taken by the PCI Council to clarify and educate stakeholders about the standard’s requirements for penetration testing. The new supplement focuses on the: Scope of testing Capability of the penetration tester Methodology of testing Read More…

Mar 032015
 

INTRODUCTION Point-of-sale (POS) is the place where a retail transaction is completed. It is the point at which a customer makes a payment to the merchant in exchange for goods or services. Majority of retail POS systems also include a debit/credit card reader. POINT-OF-SALE INTRUSIONS What is it? When attackers compromise the computers and servers that run POS applications, with the intention of capturing payment data. Hospitality and retail companies are the top targets — Read More…

Mar 022015
 

Introduction Cuckoo Sandbox is an Open Source Automated Malware Analysis system that has been gaining more and more attention in recent years. The fact that Cuckoo is fully open source makes it a very interesting system for those that want to modify its internals, experiment with automated malware analysis, and setup scalable and cheap malware analysis clusters. [1] Malware is the raw-material associated with many cybercrime-related activities. Cuckoo is a lightweight solution that performs automated Read More…

Feb 162015
 

Overview ASUS Router RT-N10 Plus is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the result_of_get_changed_status.asp script. A remote authenticated attacker could exploit this vulnerability using the flag parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. Technical details Multiple Read More…