Wednesday, 4 February 2015

Private IPv4 and IPv6 address spaces

In the Internet addressing architecture, a private network is a network that uses private IP address space, following the standards set by RFC 1918 for Internet Protocol Version 4 (IPv4), and RFC 4193 for Internet Protocol Version 6 (IPv6). These addresses are commonly used for home, office, and enterprise local area networks (LANs), when globally routable addresses are not mandatory, or are not available for the intended network applications. Under IPv4, the private IP address spaces were originally defined in an effort to delay IPv4 address exhaustion, but they are also a feature of IPv6, the next generation Internet Protocol.

These addresses are characterized as private because they are not globally delegated, meaning that they are not allocated to any specific organization, and IP packets addressed with them cannot be transmitted through the public Internet.

Tuesday, 3 February 2015

To Flash, or not to Flash?

Adobe suffers its third critical vulnerability (CVE-2015-0313) for this year. The vulnerabilities are exploited by the use malicious advertisements known as malvertising attacks. Due to the fact advertisements are designed to load once a user visits a site, the infection happens automatically. 

The affected version of this third vulnerability were:
  • Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Mac OS X
  • Adobe Flash Player 13.0.0.264 and earlier 13 x versions
There are two Flash player updates already released by Adobe to mitigate the two previous vulnerabilities (CVE-2015-0310, CVE-2015-0311) and new updates are expected during this week for the latest vulnerability. 

In the meanwhile, make sure your flash does not load automatically by enabling the click-to-play feature of your web browser, make sure your AntiVirus solution is up-to-date, make sure you have the latest Flash player installed downloaded only by the legitimate Adobe website and last but not least, use an ad-blocker. 

Sunday, 4 January 2015

Abertay Ethical Hacking Society run their fourth annual Security Conference: Securi-Tay IV

Securi-Tay [1] is an Information Security conferece held by the Abertay Ethical Hacking Society [2], and supported by the Abertay University in Dundee. The aim of the conference is to provide an opportunity to industry professionals, students and information security enthusiasts to attend and share knowledge and information. This year will be the fourth year the conference is taking place (hence the IV) and it will be held on February 27th, 2015. Personally, I believe this conference offers a fantastic opportunity to students to meet and network with experts in the area of security, share information and have a first glance on how their future in the security industry can be like. 

I was very pleased to get accepted to speak at the conference this year and I am already looking forward to it.

Thursday, 1 January 2015

The Bug Bounty List - Bug Hunting

I started finding serious security issues and vulnerabilities back in 1998. Back then the community was so immature that I was getting so much grief every time I was trying to explain what I had found. The common response was "why did you check our system/application", "who told you to alter the input", "this was not suppose to happen, you broke it", "the others don't know to do this; why did you do it" and all sort of similar discussions. Unfortunately, back then they weren't any bug bounty or recognition programs for the poor security enthusiast like myself.

I am glad to see that the community starts becoming more mature and understands how valuable can be for a business the discovery of a security issue or a vulnerability by a "white hacker". I am also glad there are bug bounty programs out there which reward security researcher and security enthusiasts who discover security issues.

Thursday, 18 December 2014

Safer Payments online, in-store and especially during the peak retail periods

Online shopping and retail in-store purchases dramatically increase at certain times, like during the recent festive period, and unfortunately these are also times when we see increases in skimming, phishing attempts, and cyber-attacks. Because of the number of incidents and the alarming statistics released over the years, consumers feel rather insecure when shopping online and more specifically every time they need to use their card details. Recent high profile data breaches have affected consumer’s confidence and the feeling of being insecure during a transaction, which in turn has had an impact on the number of purchase transactions. Businesses need to ensure that all necessary steps are taken towards the security of their customer’s data so that they can eventually bring them back into their trust.