In case my readers haven’t noticed, I’ve changed the tagline of the blog from “A blog about Information Security, Cryptography, and Privacy” to “A blog about Information Security, Privacy, and Ethical Hacking”. If you don’t see it, try clearing your browser cache.
The reason for this small change in direction is threefold:
- When I started this blog a couple of years ago, cryptography was one of my main interests. These days, whilst I still like reading up on advances in cryptography, I don’t find it as interesting as other aspects of information security.
- Cryptography itself can be seen as a big part of “Information Security”, so it seemed pointless to effectively include it twice in the tagline.
- I’ve worked as a penetration tester for almost 6 months now, so ethical hacking is now something I am focusing on and wanting to write about more.
So I’m going to start a small series of simple but detailed tutorials on various skills required when penetration testing. They will range from basic usage of nmap/nessus/metasploit to the more advanced cracking of stolen hashes and attacking web applications. If people have suggestions for other tutorials, be sure to contact me and I’ll do my best to put one together.
I will shortly be getting back to more regular blogging on security issues, but I thought I would inform the readers of my blog that recently I was awarded an MSc in Information Security from Royal Holloway, University of London. I was working on it for the past two years, and am happy to announce that I received a “Pass with Distinction”, the highest grade possible.
Last night I was also informed that my MSc Project (on Fuzz testing Web Applications) received a SearchSecurity.co.UK award for being of “outstanding quality”.
That’s all the personal news for now. I’ve been very busy at work over the past two months, so I have had less time to do personal projects like updating this blog. As Christmas nears, I’ll have more time for these sorts of things. For now, thanks for reading!
I’ve written and published two new security articles as part of the Yahoo! Contributor Network. The first is about reducing your digital footprint, which is something I’ve been interested in for a while now. If you aren’t careful, a lot of information about yourself can be found online. Some of it might be true, some of it might be false, but most of it you probably don’t want lingering in search engine results. My article will tell you how to best map your digital footprint, and then how to go about reducing it.
The second article is on the top 5 online password managers, something every sensible person on the Internet should have. With so many different websites, you can either have the same password (highly insecure) or generate a unique password for each. Online password managers mean you don’t have to remember all your passwords, though as I’ve pointed out before, you can generate highly secure and easy to remember passphrases for the most secure sites you visit.
Various organisations have revealed the existence of yet another piece of malware used for targeted attacks against a country’s infrastructure. Flame (also known as Flamer and sKyWIper), was discovered jointly by Kaspersky Lab, Iran’s MAHER Center, and CrySyS Lab of the Budapest University of Technology and Economics.
The most visible difference between Flame and earlier pieces of targeted malware like Stuxnet and Duqu is the size, expanding to 20 megabytes when fully installed (Stuxnet was only half a megabyte). CrySyS Lab, which discovered Duqu in 2011, have described Flame as “arguably… the most complex malware ever found.”
More information on Flame can be found below:
Identification of a New Targeted Cyber-Attack - Iran National CERT (MAHER)
The Flame: Questions and Answers – Kaspersky Lab
sKyWIper: A complex malware for targeted attacks [PDF] – CrySyS Lab
Meet ‘Flame’, The Massive Spy Malware Infiltrating Iranian Computers – Threat Level (Wired)
Flame malware – more details of targeted cyber attack in Middle East – Naked Security (Sophos)
Flame: Massive cyber-attack discovered, researchers say – BBC News
A few months ago I joined the UK Yahoo! Contributor Network, which pays people to write specific articles that are then published on Yahoo! After a few assignments about movies and mobile technology, the editors were impressed enough to let me write on various security related topics.
I’ve written three so far, the first of which has just been approved and published, so please go read it and share it with friends:
How to secure your Facebook account
Unlike the rather technical and complex articles on this blog, my Yahoo! articles will apply to as many people as possible. If you’ve ever wondered about the security of your Facebook account, or have friends who need it drastically, this article should help you out.