InfoSec

0

Announcing new online courses

0

Starting Inspiratron talks podcast

For a while, I have been preparing for this step. This blog got it’s audio podcast show and it is called Inspiratron talks. First I will give some links and then talk about mission and vision of the podcast. Inspiratron talks is hosted at the moment on SoundCloud:

At the moment, two episodes can be found. However, I am hoping to release one episode per week during the season, however, there may be some breaks around the Christmas and during the summer.

You can listen to podcasts using the following Podcast directories:

www.stitcher.com/podcast/inspirat…talks?refid=stpr
www.acast.com/inspiratrontalks
www.blubrry.com/inspiratron/

0

The art of trolling and its connection to innovation

Recently I watched the following talk from DefCon named “The art of trolling”, which reminded me of my earlier days and stuff I did:

Also, interestingly enough, I was on an event where we had a number of speakers (academics and policy makers) talking about innovation policy, innovation management and similar. However, from all these talks, one point was missing: very often innovation is made for Lulz.

Let me start with two examples of trolling I was involved with, which required quite some bit of work and let’s call it out of the box thinking, with some degree of innovation.

 

Introducing trolls

Trolling politically motivated news commenters

I

OWASP Seraphimdroid
0

Educational framework added to OWASP Seraphimdroid

OWASP Seraphimdroid is back after Google Summer of Code with a new version, this time, it will be 2.5 and some exciting changes, we thought that may help users protect their security and privacy. I would like to briefly write about our new features. The app is available on old good place: Google play (https://play.google.com/store/apps/details?id=org.owasp.seraphimdroid)

What is new?

Educational component

From the very beginning of OWASP Seraphimdroid project, as a project leader, I saw in it a project that contains an educational component. However, until now we aimed to develop a number of features that will on technical level protect users. I have been writing about the development previously:

OWASP SERAPHIMDROID ANDROID SECURITY PUBLISHED

NEW VERSION OF OWASP SERAPHIMDROID

0

Introduction to reverse engineering

1. Introduction

Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation. This involves taking some device, system or software and breaking it apart, analyze it and conclude how it works. When reverse engineer conclude how system works he can take advantage of it, he can recreate it, document it or fix flaws. Reverse engineering is commonly used to document system that is poorly documented and designers are no longer available, to retrieve lost source code and fix problems, to use undocumented API for interoperability, to create competitive project similar as reversed project or to overcome protection. Here we will focus on software reverse engineering in

OWASP Seraphimdroid
0

New version of OWASP Seraphimdroid (v2.0) is published

Dear users and security aware people, we have a great announcement. The new version of OWASP Seraphimdroid is published with some very interesting breakthrough features. If you liked OWASP Seraphimdroid before, now you will probably love it. We have improved machine learning aided permission scanner, new settings scanner, improved SMS interceptor, improved application locker, and some more. OWASP organized OWASP Code Summer Sprint, where OWASP Seraphimdroid participated as one of the project. Student that was proposed some and was selected to develop improvements on OWASP Seraphimdroid was Kartik Kohli. I had opportunity to mentor him as OWASP Seraphimdroid project leader. So let’s start explaining the major improvements.

If you are not aware or do not know what features

0

The art of cyber war

This is the post about a lecture. Very interesting one, held on New York information security meetup by Carl Herberger, Vice President of Security Solutions at Radware.

I found this talk quite interesing because he pointed out that in industry we are facing something we can call a war by its execution. It does not need to be carried by a nation state and he also points out that wars may not be carried because of the territorial and military reasons, but they may have economic or asset dimension. It is described how deception is important in warfare as Sun Tzu said, but also how deception is used in cyberspace. He also gave quite interesing statistics, such as that average cyber

1

Chasing script-kiddies and hackers on my blog

This morning, I was wondering over my admin dashboard and realized there are couple of guys (hackers or script-kiddies) trying to hack me. Well, to be hones guess my user name and password. So far, they were failing, but some of them were returning and trying every couple of hours, when my blocking mechanism release the block. Particularly, one guy from Moldova, one from Romania and one from Ukraine. To say it on the beginning… I ain’t gonna say something very smart here, I was just playing a bits of forensics here and there, to find out who they are. And to be honest, I am not satisfied, since I have not found much apart from IP address of machine

8

USSD Code List for Android Smartphone

Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider’s computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.

USSD messages are up to 182 alphanumeric characters in length. Unlike Short Message Service (SMS) messages, USSD messages create a real-time connection during a USSD session. The connection remains open, allowing a two-way exchange of a sequence of data. This makes USSD more responsive than services that use SMS.

Some of these codes may lead you to a menu use the option key (far left soft key) to navigate. Some of the

0

Hacker’s lament

But did you, in your three-piece psychology and 1950’s
technobrain ever take a look behind the eyes of the Hacker? Did you ever
wonder what made him tick, what forces shaped him, what may have molded
him?

I am a Hacker, enter my world….

Mine is a world that begins with school… I’m smarter than most
of the other kids, this crap they teach us bores me…

Damn underachiever. They’re all alike.

I made a discovery today. I found a comupter. Wait a second,
this is cool. It does what I want it to. If it makes a mistake it’s
because I screwed it up. Not because it doesn’t like me…
Or feels