Saturday, 13 June 2015

How to initialize your brand new SSD (Windows)

If you decide to buy a new Solid State Drive a.k.a. SSD, before you can use it, you have to initialize and partition it. 

Otherwise it will seem to you that you connect the drive and nothing is happening. You can do the initialization by connecting the SSD through a USB cable (SATA to USB).

  1. Attach the SSD as a secondary drive and load Windows from your existing drive.
  2. In Windows 7 and earlier, open 'Disk Management' by right clicking on 'Computer' and selecting 'Manage', then 'Disk Management'. In Windows 8 and later, move the mouse to the lower left corner of your desktop and right-click on the Start Icon, then select Disk Management.
  3. When Disk Management opens, a pop-up should appear and prompt you to initialize the SSD.
  4. Select MBR (Master Boot Record) and click OK
  5. Right click in the area that says Unallocated and select New Simple Volume...
  6. The New Simple Volume Wizard will open, click Next
  7. Leave the Specify Volume Size as the maximum (default value) and click Next
  8. Select a Drive Letter and click Next
  9. In the Format Partition screen, decide on a Volume label (the name you want to give the drive) and click Next
The drive is now formatted and ready for use.

Sunday, 7 June 2015

InfoSec 2015, BSides London 2015 and 2600

My first time at InfoSec was something like ten years ago, or more. It was interesting to see how the event has evolved over the years. Once again, it was really exciting to be among so many colleges in information security during InfoSec and Security BSides London

As always, I enjoyed my rounds at InfoSec and that I had the chance to chat and catch up with a number of people from the Information Security community and to a number of vendors about their products and their cybersecurity strategies for the next year. 

Friday, 5 June 2015

Understanding the significance of Operations Security (OPSEC) in a fast evolving threat landscape

It is not the first time a military term is being used by the Information Security community in order to describe an Information Assurance process. Operations Security (OPSEC) is a military term referring to the protection of different types of unclassified information which could end up exposing the security of an entity if put together and combined. In other words, in information security OPSEC describes the process by which publicly available information (unclassified) can be used against us if taken advantage by cyber criminals and/or adversaries with malicious intent.

Friday, 29 May 2015

BSides London 2015 - Virtual Terminals, POS Security and Becoming a Billionaire Overnight!

Yes, it is true. The talk was short-listed and it was voted for the BSides London 2015 conference! Thank you all for voting for my talk. 

I am looking forward to fantastic line-up of talks at the conference. As you probably noticed at the schedule page, the session is not to be recorded due to the sensitive content, so please, do respect this request. 

This means that if you want to find out more about the talk, you will have to be there and attend the session
Tripwire (@TripwireInc) posted a short article about my forthcoming Security BSides London 2015 talk, which you can find at this link.
 
As far as I know Track 2 is quite big and I really hope there are going to be enough spaces for everyone. For those attending the talk, mark it down on your schedule, tweet about it and follow me @drgfragkos to find out more! :) 

I have only one thing to say to you for now: Great things do come, to those who attend ;)

If you want to tweet about the talk dont forget to use the BSides London 2015 handler: #BSidesLDN2015

Copy-Past Tweet for sharing: 

Virtual Terminals, #POS Security and Becoming a Billionaire Overnight! via @drgfragkos at @BSidesLondon #BSidesLDN2015

I am looking forward to the event, hoping to have a chance to speak to all of you at the conference and potentially share a drink or two. I really appreciate your interest in this field and I can only hope my talk will keep you all excited once more. I really believe that anyone who has the opportunity to be at this conference should not miss the chance. We are all going to be there and if you have like five minutes to spare, come and say hi.

Tuesday, 26 May 2015

NitlovePOS - POS terminals being targeted through phishing emails

Cyber-criminals and fraudsters have started targeting employees working on Point-of-Sales terminals in order to get their hands on card details. 

There is now evidence that social engineering and spear phishing emails are actively being used and have become the next attack method against employees who have access to payment applications, virtual terminals and electronic cash registries. 
The new malware is named NitlovePOS [Virus Total Detection Rate] and it targets track one and track two data by scanning the processes running. In other words, it is yet another memory-scraping malware that sends the captured data to a remote server over SSL.