hakin9_2011_03_39.pdf

PRACTICAL PROTECTION IT SECURITY MAGAZINE

03/2011 (39)

team

Dear Readers,

People always try to protect their personal or sensitive

information from others. However, in today’s world – in the

era of the Internet- there are numerous options to obtain this

data. Looking at the recent attack on Facebook, WikiLeaks

scandal, click frauds or Night Dragon operation we can see

how often and, in some way, how easy it is to get secret

information. Very often these attack become unnoticed for a

long time, like it was with Night Dragon -discovered after 2

years. That is why we devote this issue to one of the most

commonly seen fraud – identity fraud.

Our ID fraud expert, Julian Evans prepared for you a

glance at the methods to protect your personla information

and prevent the misuse of these data.

Gary Miliefsky also touches the topic of identity theft. In

his article Guarding Against Identity Theft he shows you the

best practices, tools and technologies to protect personally

identifiable information.

Hopefully, the advice from our experts will trigger a more

responsible actions when you will click a strange link or

provide your personal information next time..

Editor in Chief: Karolina Lesińska

karolina.lesinska@hakin9.org

Editorial Advisory Board: Matt Jonkman, Rebecca Wynn,

Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt

DTP: Ireneusz Pogroszewski

Art Director: Ireneusz Pogroszewski

ireneusz.pogroszewski@software.com.pl

Proofreaders: Justin Farmer, Michael Munt

Top Betatesters: Rebecca Wynn, Bob Folden, Shyaam Sundhar,

Steve Hodge, Nick Baronian.

Special Thanks to the Beta testers and Proofreaders who helped

us with this issue. Without their assistance there would not be a

Hakin9 magazine.

Senior Consultant/Publisher: Paweł Marciniak

CEO: Ewa Dudzic

ewa.dudzic@software.com.pl

Enjoy your reading

Karolina Lesińska

Editor-in-Chief

Production Director: Andrzej Kuca

andrzej.kuca@hakin9.org

Marketing Director: Karolina Lesińska

karolina.lesinska@hakin9.org

Subscription: Iwona Brzezik

Email: iwona.brzezik@software.com.pl

Publisher: Software Press Sp. z o.o. SK

02-682 Warszawa, ul. Bokserska 1

Phone: 1 917 338 3631

www.hakin9.org/en

REGULARS

6 in Brief

Latest News From the IT Security World

Armando Romeo, eLearnSecurity

ID Theft Protect

Whilst every effort has been made to ensure the high quality of

the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only for

informative purposes.

All rights to trade marks presented in the magazine are

reserved by the companies which own them.

To create graphs and diagrams we used program

8 Book review

Ninja Hacking

by Michael Munt

The editors use automatic system

Mathematical formulas created by Design Science MathType™

A Beginners Guide to Ethical Hacking

by Shyaam Sundhar

DISCLAIMER!

The techniques described in our articles may only

be used in private, local networks. The editors

hold no responsibility for misuse of the presented

techniques or consequent data loss.

40 ID fraud expert says...

Identity Proof Your Personal Data

by Julian Evans

44 Emerging Threats

Choosing an IDS/IPS Engine

by Matthew Jonkman

03/2011

CONTENTS

BASICS

10 The Best Way to Learn and Apply Cryptography

by Arkadius C. Litwinczuk

The CrypTool project is about making the sometimes daunting subject

of cryptography more accessible and easy to understand. It is the most

comprehensive cryptography learning tool worldwide.

16 Analysis of a Scam

by Rich Hoggan

It’s all to often that we hear about being scammed on the Internet especially

when using Craigslist – the popular website for selling and buying almost

anything on the Internet. But it seems as though the majority of the website

has become devoted to messages warning us of the potential for getting

scammed.

ATTACK

18 Bluetooth Mice Can Leak Your Passwords!

by Aniket Pingley, Xian Pan, Nan Zhang, Xinwen Fu

In this article, we will introduce a hidden vulnerability in Bluetooth mouse

communication that may leak critical information including passwords.

Bluetooth mouse communication is generally unencrypted. By sniffing raw

Bluetooth mouse communication, we are able to reconstruct the mouse

trajectory on screen with default mouse acceleration enabled. Therefore,

if passwords are typed through a software keyboard, the sniffed mouse

movement will expose the passwords.

DEFENSE

22 Secure Env for PT

by Antonio Merola

Security awareness guideline about setting a controlled environment to

conduct technical security testing and assessments, in order to protect

companies and professionals from possible legal implications.

28 Knowing VoIP – part III

by Winston Santos

In previous chapters we have talked about the marvelous world of VoIP,

what it allows us to do, accomplish and so on. Now let’s focus on the

dangers that we need to be aware of and thecountermeasure as well.

32 Guarding Against Identity Theft

by Gary Miliefsky

In my last article I made predictions on the ever growing and dynamic

landscape of cyberwar and cybercrime – bottom line, some of my

predictions are already coming true this year so it’s time to become even

more vigilant to guard your personal identity and for your organization to

do the same.

www.hakin9.org/en

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: