Archive for February, 2010

Top 25 Most Dangerous Programming Errors

Posted in IT Security on February 19, 2010 by cobra

Over thirty international security organisations have come together, to publish a list of the 25 most dangerous programming errors leading to vulnerabilities that can be exploited for cybercrime and espionage. The idea behind the publication of the list is to make developers aware of the causes of many weaknesses and their ramifications in terms of overall security.

Organisations that contributed to the compilation of the list include, McAfee, Microsoft, Oracle and Symantec as well as organisations such as the Open Web Application Security Project (OWASP) and the Web Application Security Consortium (WASC).

This is a MUST Read Publication everybody, please learn and try applying these practices as part of your security awareness program.

Credit Card Chip and PIN is Broken

Posted in IT Security on February 14, 2010 by cobra

Researchers at the University of Cambridge have described (“Chip and PIN is Broken”) a method for fooling the EMV protocol used in ‘Chip and PIN’ banking cards into apparently accepting any PIN. Following the EC card debacle at the turn of the year, this means more problems for the banking industry – indeed there are grounds for concern about the security of the system as a whole. The new discovery could explain the many fraud cases in which stolen cards have been used to make payments in shops despite the EMV terminal requiring PIN entry. Many victims have sworn that their PIN is not known by anyone else. There are even reports of cases in which the PIN notification was sitting unopened in a drawer where the victims themselves did not even know the PIN.

Please click here to read the University of Cambridge Research Document on this subject

🙂

How I Cracked your Windows Password (Part 1)

Posted in IT Security on February 1, 2010 by cobra

How Windows creates and stores password hashes and how those hashes are cracked.

Passwords tend to be our main and sometimes only line of defense against intruders. Even if attackers do not have physical access to a machine they can often access a server through the remote desktop protocol or authenticate to a service via an outward facing web application.

The purpose of this article is to educate you on how Windows creates and stores password hashes, and how those hashes are cracked. After demonstrating how to crack Windows passwords I will provide some tips for ensuring you are not vulnerable to these types of attacks.

Please enter here to read more about this Dangerous technique.