Stories of ordinary insecurity: Clickjacking, Pharming and Phishing Comments Off on Stories of ordinary insecurity: Clickjacking, Pharming and Phishing

Stories of ordinary insecurity: Clickjacking, Pharming and Phishing

Posted by on Oct 1, 2013 in Training

Clickjacking: when a click hides the scam Marco is a great football fan. Each day he reads the news about his favorite team on different sites, from the official ones to the less known ones. Probably it is the time of the day he loves the most, but will it be forever? During one of his voyages in the web, Mark has been attracted by a link that showed a sensational news regarding his team. He clicks on it, being euphoric and nothing happens. “It’s a problem with the site” he thinks. But no. A few days later Marco receives an email with a picture of himself in pajamas and with a message below: “I ​​have so many pictures like this, I can spy on you, but if you pay me I will stop doing it.” (Clickjacking attacks may allow access to the web cam and microphone by changing the settings of the software Adobe Flash) Wikipedia says: During a normal web browsing, the user clicks with the mouse pointer on an object (such as a link), but in reality its click is redirected, unbeknownst to him, on another object. Typically the vulnerability exploits Javascript or Iframe. Pharming: original site or web page created ad hoc? Joseph spends many...

Learn More
Hacker White Hat VS Black Hat VS Grey Hat Comments Off on Hacker White Hat VS Black Hat VS Grey Hat

Hacker White Hat VS Black Hat VS Grey Hat

Posted by on Sep 26, 2013 in Training

The Hackers have become mythological figures of our time. We saw them hack in front of a PC in spy movies, intent to steal secret information and sensible data. We hear the news stations talking about it, just look back at the cases of Wikileaks and Anonymous. In the majority of the cases they are presented like out laws. But do we know really who they are and what the hackers do? There are three main figures of hackers, who called in the jargon of information security are respectively: White Hat, Black Hat and Grey Hat. In short, The good, The bad, and the middle way between the previous ones. Today we also talk also about ethical hacker: a professional who is able to penetrate informational systems using the same instruments and techniques of Black Hat hackers, but in a controlled way and within a set of professional services well coded (there are nearly fifteen years of literature on the subject, as there is always someone who suddenly claims themselves an expert). Hackers are not created equal: White Hat – Are the hackers that are hired by agencies and companies, to find out their own vulnerability that way at the end they can make their own changes. Black Hat – Are the bad ones...

Learn More
Vulnerable information systems? Penetration testing is the answer Comments Off on Vulnerable information systems? Penetration testing is the answer

Vulnerable information systems? Penetration testing is the answer

Posted by on Sep 26, 2013 in Training

It’s science: a weak immune system , bacteria or malicious viruses can trigger diseases that weaken the human body. So we try to support a healthy diet and do regular check-ups to make sure that everything is normal. A computer system is not very different from us in this regard. Vulnerability tests Cyber ​​attacks are becoming more frequent, so it’s good to periodically test the vulnerability through penetration tests. Why? Answers may vary: Finding weaknesses in infrastructure, applications and between people in order to develop appropriate controls. Ensuring that properly functioning security measures have been implemented, as this provides an assurance to the senior management. Testing your applications at risk. You have to take into account that those who develop the software can make mistakes and create unsafe application. Identifying new bugs in existing software and creating patches and updates to fix them. It’s good to know that even new updates may cause new bugs. The penetration test looks for vulnerabilities, it tests them and uses them to access the system. Most of the times, the test is over when it reaches this goal. A dangerous habit, since there could be other vulnerabilities that have not been assessed yet. The vulnerability tests may also generate false positive result ,...

Learn More