Apple iPhone 5S Fingerprint Hackathon

The new Apple’s iPhone 5S comes with a fingerprint scanner and this new feature has some hackers drooling.

iPhone5SThere is a hacking bounty for anyone who is able to hack the fingerprint locking feature. A group of security researchers has offered more than $13,000 in cash along with bottles of booze, Bitcoin currency, books and other goodies to the first hacker who breaks the device in a contest promoted on the website. Other companies such as IO Capital, which donated $10,000, are adding to the bounty to encourage hackers to help research the security of the fingerprint biometric scanner.

How secure is the Windows 8 included Anti Virus known as Windows Defender?

How secure is the new Windows 8 anti virus known as Windows Defender?

Does it have a protection against malware which uses UAC bypass/process injection/rootkits/process persistence/running the binary directly in the memory`? How much can I trust windows defender? Is it better than regular AVs like Kaspersky/AntiVir?

By TheUnknown on July 28, 2013 | IT Blog, MS Windows, Security | A comment?
Tags: , , ,

How secure is Ubuntu’s default full-disk encryption?

How secure is the encryption offered by ubuntu (using the disk utility)? What algorithm is used underneath it?

If someone could at least provide a link to some documentation or article regarding that I would be very grateful.

Reference:

enter image description here

WAF Process Creation for Integration of IT and Business

A client has asked me to help them out with their WAF processes. Currently they have a few critical web applications being protected by a couple of WAFs. I have managed to get the WAFs tuned and ready for production. The company is fairly large and is expanding. Thus, I want to tackle the manageability of their web applications’ security by creating a process which will integrate the IT department of the company with the Business side. At the same time, I am wanting to put together what so far appears to be three different processes I am about to create into just one.

Sending HTTP 403 as. 200 – “Silent Identification of Admin”

A researcher recently reported an issue in a site about using script on a 3rd party site to discover if a user is an admin.

Here’s the scenario:

  • Main site is target.example
  • Attacker site is evil.example
  • target.example has SSL and HSTS and redirects all http traffic to https using a 301 redirect
  • the session cookie on target.example is httponly and “secure”
  • evil.example has javascript that loads javascript src from target.example/admin/utility and using success/error of loading that html page can execute attack javascript

Example javascript that would be on evil.example:

By TheUnknown on | IT Blog, Security, Web Design | A comment?
Tags:

Apple iPhone
Cloud Computing
EMC
EMC Clariion
IT Blog
Linux
Mac OS
MS Windows