Penetration testing and vulnerability assesment is a practice that every day becomes more important to our businesses. Today we need to make security stress tests in order to discover potential vulnerabilities that may exist in our systems.
Category Archives: Information Security
Privacy Guidelines for android
Android is weak by nature… If you want to keep your android secured, you should take a lot of considerations. Every day, the software is designed to be more and more intrusive, however, such level of intrusion could expose yourself to hackers.
Exploits Censorship
Many people wanted, many times without success, criminalize any researcher investing time in bug hunting, specially in security related applications.
In many societies, this is a TABU, some people think that found a vulnerability and develop a proof of concept, is the equivalent of making a weapon. They argue that such exploits could be used to carry attacks, at the end of day, that could affect the property and life.
How to become a real hacker
After many years in the area, I decided to write this article for beginners in the field.
How to become a real hacker?
Alice and bob are no longer online
In the past few years Diffie-Hellman has become unsupported in the main internet websites, do you know the implications?
But this is not the only thing happening, many reputable websites, including banks, social networks and search engines have chosen to continue to support for TLSv1.0 and SSLv2 “for compatibility reasons”
SSH: A path from linux to linux using blackberry
Suppose that you are away from your home or work, and some issue happens suddenly with your server, or you want to test something on your server right now. You can use your blackberry device to reach your server from anywhere.
Continue reading SSH: A path from linux to linux using blackberry
How to activate automatic updates on Fedora 9-17
Now Fedora comes with “PackageKit”, a graphical tool for automated updates. However, the packagekit updates need the approval from the user and also a graphical interface.
Continue reading How to activate automatic updates on Fedora 9-17
Speeding up or Securing up the Encrypted Root Filesystem on Fedora 10
Fedora, and some others Linux distributions doesn’t provide you any simple way to setup the cypher properties on root filesystem.
Here, we will provide you enough information about the cypher process on fedora and one technique to speed up and/or secure up the cypher using XTS instead CBC-ESSIV
Continue reading Speeding up or Securing up the Encrypted Root Filesystem on Fedora 10
Corporate LDAP Servers Weakness Statistics
Based in my securityfocus topic responce, and also in some information security audits that i’ve done, i think in the idea to statistical prove the attack risk level at some organization.
| Number of accounts | Having almost one weak key probability |
| 10 | 0.401 – 40.1% |
| 25 | 0.722 – 72.2% |
| 50 | 0.923 – 92.3% |
| 100 | 0.994 – 99.4% |
SPAN Port / Mirroring Monitoring
Some network administrators dont know how to handle and correctly install network monitoring applications, IDS and other products who requires network traffic inspection, there is no knowledgment about how span port where designed and it limitations for full-duplex networks.
When the network are in full-duplex mode, the span port have a natural loss of packets that not vary across the hardware.
Continue reading SPAN Port / Mirroring Monitoring