Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link : http://technicdynamic.com
Following the hacking ofMedElaouniaccounton Facebook,we adviseall usersMoroccan,especially thosefor motion#Feb20,to change theirpassword insocial networksusinga secure connection.
Allmajor sitesborneencryptionof data transfer(GMail,Twitter,Facebook..),but unfortunately notsoautomatic.Thereforethesecurityforceby typingthefollowing addresses: httpS://www.facebook.com/instead ofhttp://facebook.com httpS://gmail.cominstead ofhttp://gmail.com httpS://twitter.cominstead ofhttp://twitter.com Ifyou useMozillaFirefox,there is a plugin-ForceTLSandyou couldinstallthatdoes this jobautomatically. Werecommend usingapublicunsecureconnectionin a cafefor example,without using thehttpS. Ifyou have errorsandmay not use thisconnection method, thank youprevent,we will try togive youalternatives.
Cyber crime is a fact often cited to scare IT managers, directors and other officers for the sole purpose of promoting the sale of services and the establishment of costly protection, this trend is about to be caught up by the reality. It is time to afford a short walk to the wonderful world of piracy policy.
Of course, this article reflects only a personal opinion and is based on facts or analysis that everyone can see on the net to get his own opinion: Recently, the press echoed many cases related directly or indirectly to cybercrime. On the other hand, targeted attacks on individuals (phishing, social or otherwise) are not considered here, the many blogs of antivirus vendors already provide good analysis.
It may be mentioned, very briefly, several relatively recent important cases:
Windows has always been maligned and criticized in terms of security it offers low or non-compliance with privacy. Free and true, these claims persist even today, this article is to describe some weaknesses inherent in this operating system, and only (mostly).
First of all, worth remembering that the main attractions of Windows are easy to use and user friendliness. These are actually the result of multiple abstraction layers that prevent and end-user to be a computer expert to perform many tasks. Successive layers of abstraction are responsible for interpreting user commands by asking a number of assumptions.
For example:
on a single-user station, it is possible to dispense with the login window (and thus the appeal of the gina - the key combination Ctrl + Alt + Delete which is not accessible by applications) to directly connect without a password.
Web browsers allow the user to dispense with the management of passwords and personal information.
By default, the wireless client will prefer Windows automatic reconnection to a network, even if it does not have the baseline characteristics (only the SSID or network name must be identical).
implementations of ARP in Windows are themselves also simplified, paving the way for various attacks on local networks.
automatic execution of certain media provides direct access to the application they contain (CDRom, USB, etc.)
support for multiple multimedia formats used to display a multitude of comfort graphics, video, animations or games.
and so on.
All these simplifying assumptions are sources for potential attacks. The ARP spoofing / poisoning is a known example of a long time. Similarly, native wireless client in Windows are not suitable for professional use.
But when is it the other features offered by Windows? What can be done with little skill and cost (your neighbors, your family)? This article, far from offering a manual for any hacking to everyone, is primarily intended to alert you and make you care when all your computer activities, to promote the value of anonymity on the Internet to advise the use of simple means of encryption and strong passwords ... ... Read more »
Since Linus Torvalds and his Linux system, open source has grown considerably.But what is Open Source?It is the act of making public the source code of software.Open source is governed by a set of licenses, the best known is theGNU Public License.This source code is no longer the Possession of a private person, a group of people, or society, as was the case since the birth of the computer in 60 years, until the 80/90 years.Larger companies followed suit currently no independent developers and in turn offer professional-quality software as open source.But behind this intellectual ferment, what are the consequences for safety, for open source projects?
The benefits
Multiple re-readings of the code
Whether student, professional, amateur or just whatever their level, methods, culture, nationality, the programmer has access to the code.He can read it to understand and anticipate debugging.Readings of these cross many bugs can be detected.Among these bugs, there are certainly directly affect the security of software, such asbuffer overflow.This is calledapplication security holes. ... Read more »
Hackers use several attack techniques. These attacks can be grouped into three different families:
Direct attack.
Collateral attack by bounce.
Attacks by indirect answers.
We will see in detail these three families.
Direct attacks
This is the simplest of attacks. The hacker attack directly from the victim's computer. Most of the "script kiddies" using this technique. Indeed, they are using hack programs are only loosely definable, and many of these programs send packets directly to the victim.
If you get attacked in this way, there are great chances for you to trace the origin of the attack, identifying the same time the identity of the attacker.
Cryptography is the science of converting information "in the clear" in coded information that is not understandable, then, from the coded information, to restore the original information.
Symmetric cryptography and asymmetric cryptography
Symmetric cryptography
We speak of symmetric cryptography where multiple people use the same key to encrypt and decrypt messages. The main disadvantage of this system is the sharing of this unique key between different people: How to send to everyone and securely this unique key that allows you to encrypt and decrypt?
Asymmetric cryptography
In this type of cryptography, each user has two keys:
A private key that must be kept secret.
A public key that is available to all other users.
These two keys are mathematically related. In practice, the public key used to encrypt messages, and the private key used to decrypt them.Once the encrypted message, only the recipient is able to decrypt it. The utility PGP (Prety Good Privacy) works this way. The integrity of information
Good cryptography is to offer a guarantee of the integrity of information.Indeed, it should not be possible to modify encrypted information seamlessly.A process of checking the integrity of the message (encrypted and unencrypted) must be established.This process is performed by a hash function.The result of a hash (hash in English) is a kind of digest of the original message. ... Read more »
Principles of computer security and market developments
Introduction
There are currently too often security architectures based solely on the prevention and perimeter defense. There are many other elements to compose a security architecture. Any security architecture (and more generally the same approach to security) must be based on a triptych as:
Prevention
Detection
Reaction
These three aspects are currently covered very differently by the market despite an undeniable necessity.
Prevention
Prevention is fundamental and is generally well understood by many. The principle: do everything you need to protect themselves. It is most often to adopt the following approach:
Risk Analysis
Defining a security policy
Implementation of a solution focused on one or more firewalls.
Audit of the solution
Updates
The market today cover very well this approach: the consulting firms are very active in the risk analysis. Integrators propose and implement solutions with a vengeance. Companies specialize in security audits, others make the technological safe and can trigger updates (usually performed by the integrator).
In 2005, about 218 European companies, more than 50% have suffered financial losses related to computer problems. The same year, another study highlighted that only 30% of companies had taken precautions to ensure the availability and reliability their data.
What are the risks for computer data?
There are different types of risks to company data, the main ones are:
The purpose of this document is to familiarize readers with the basics of computer security, as defined in ISO 7498-2, for example.
The objectives of computer security
Computer security has several objectives, of course related to the types of threats and types of resources, etc ...However, the main points points are:
prevent the unauthorized disclosure of data
prevent the unauthorized modification of data
prevent the unauthorized use of network resources or computer in general
The scope of information security
These objectives apply in different areas or fields of applications, each using different techniques to attain the same objectives, and these fields are:
physical security programs (screens, power cables, power consumption curves ...)
the security of operating systems
communications security
Terminology of computer security
Computer security uses a well-defined vocabulary that we use in our articles.In order to understand these articles, it is necessary to define some terms:
Vulnerabilities: what are the security vulnerabilities in one or more systems. Any system as a whole has seen vulnerabilities, which can be exploited or not.
Attacks (exploits) represent the means to exploit a vulnerability. There may be several attacks for the same vulnerability but all vulnerabilities are not exploitable.
The cons-measures: these are the procedures or techniques to address a vulnerability or to counter a specific attack (in which case there may be other attacks on the same vulnerability).
Threats: These are determined opponents can mount an attack exploiting a vulnerability.
For other definitions, see ISO 7498-2 defines no fewer than 59 words, while other definitions are also available in our lexicon.
