Editorials

Talking Points

Antonio Ieranò 04/29/2011 Editorials

Image via Wikipedia Talking Points Plenty of stuffs this week, as usual, we cannot start without talking about the Royal Wedding Today is the day, the royal wedding is coming and everyone is so excited that can’t stop himself from opening any email, link, search result or whatever related to the biggest event in human history .Ok may be a little too much but for sure the royal wedding event is moving tons of gadget, interest and cybercriminal activities online but how could not expect something like this, where media are so deeply involved?as a matter of fact several security…

Spear Phishing: can it fool me?

Antonio Ieranò 04/21/2011 AI Tech Update, Editorials, Editorials in English, My Best Articles, Tech Update in English

Image via Wikipedia Recent articles in the news remind me that anyone can be fooled by a good scam. the problem is always the trust we gave to the communication we received. is not just a financial problem (you remember the Madoff scam?) but a problem that can hit anyone, even expert guys can fall.The most recent was the hack occurs at Oak Ridge National Laboratory, but it is just the last of an infinite series. Also the RSA securID breach was prepared with spear phishing. What is spear phishing? Spear phishing is an e-mail spoofing fraud attempt that targets…

TCP Split Handshake Issue

Antonio Ieranò 04/14/2011 Editorials

Image via WikipediaTCP Split Handshake Issue those days I’ve read on the news a lot of noise about an NSS test that were reporting a TCP handshake security hole (TCP Split Handshake Issue) in several commercial firewalls. The question is interesting from several points of view: are IPS and firewall really secure? is a vulnerability really a security issue? how does this vulnerability affect me? http://portadiferro.blogspot.com/2011/04/tcp-split-handshake-issue.html Related articles Other Considerations On TCP Split Handshake (paulsparrows.wordpress.com) TCP Split Handshake: Why Cisco ASA is not susceptible (paulsparrows.wordpress.com) TCP Split Handshake: The (Never)ending Story… (paulsparrows.wordpress.com) TCP Split Handshake Attack Explained (paulsparrows.wordpress.com) Hacker ‘handshake’…

Atti di fede razionale (Update)

Antonio Ieranò 03/25/2011 Editoriali in Italiano, Editorials, My Best Articles, Personal, Sic Transit Gloria Mundi

Rileggo un vecchio post e lo trovo stranamente attuale nonostante l’età (del post, non la mia, maleducati ) il tema della veridicità delle fonti diviene sempre piu pressante nel mondo moderno dove i centri di approvvigionamento delle informazioni sono molteplici. La questione mi è ritornata in mente diverse volte nel recente passato. A cominciare dall’affaire wikileaks per poi passare alle nostrane vicende politiche con ruby e papy ed infine alla recente tragedia giapponese. Wikileaks mostracome le informazioni che spesso vengono presentate la pubblico non siano veritiere, esiste una dfferenza sotanziale, a leggere I cable segreti ripubblicati, tra cio che si…

What Does a Spamhaus Attack Feel Like? – Black Hat Forum Black Hat SEO

Antonio Ieranò 01/17/2011 Editorials

What Does a Spamhaus Attack Feel Like? – Black Hat Forum Black Hat SEOBy BlackBeautyI am writing a manual on how to do this as I have been struggling with a targeted attack and have defeated them each and every time they attempted to shut me down. I have one more migration and I am done. …Black Hat Forum Black Hat SEO – http://www.blackhatworld.com/blackhat-seo/ Related articles Spamhaus: Spamhaus forged (again) in malware phish attack (boxofmeat.net) Did Anonymous attack the Spamhaus project? (nakedsecurity.sophos.com) Spamhaus DDoS blamed on shady Russian hosts, not Anonymous (go.theregister.com) Appeals judges berate spammer for “ridiculous,” “incompetent” litigation…

SECURITY: Web Browsing infection and protection basics

Antonio Ieranò 01/10/2011 AI Tech Update, Editorials, Editorials in English, My Best Articles, Tech Update in English

As the 2010 ended we learned that it was the most prolific years in terms of malware, new malware and botnets. And also we found out that internet browsing has been the most used vehicle to spread infection and attack.Actually seems not to be an astonishing news, ou contraire, but it is interesting to notice that the focus has shifted from OS related threats to application and browsing vulnerability. this allowed malware to attack new surfaces, virtually any operating systems with internet browsing capabilities is subject and can be target of an attack or an infection: pc, smarthphone, tablet, consoles…

The Firesheep firestorm

Antonio Ieranò 10/28/2010 Editorials

Image via Wikipedia The Firesheep firestormNetworkWorld.comIan Paul notes an emerging security specification, from the IETF, called HTTP Strict Transport Security (STS). Essentially, it’s a policy mechanism that Web … Related articles Is It Ethical For Mozilla To Refuse To Block Firesheep Add-in? (lockergnome.com) How To Protect Against Firesheep Attacks (yro.slashdot.org) Firesheep, a day later (codebutler.com) Liar, Liar, Sheep on Fire (boingboing.net) Managing HSTS Data (sidstamm.com) Unencrypted Wireless: In Like a Lion, Out Like a Lamb (eset.com) Firesheep Exposes the Soft Underbelly of Website Security (tjantunen.com) Related posts: (ISC)2 SecureRome Conference 2013 Introduction To Network Security – Part 1 I’m 48…So…

End of life for CSA? That’s okay!

Antonio Ieranò 06/17/2010 Editorials

This is an intersting aticle from network world! http://www.networkworld.com/community/node/62568 End of life for CSA? That’s okay! New Cisco endpoint security strategy is a better fit for the cloud and the company By joltsik on Wed, 06/16/10 – 1:20pm. Earlier this week, Cisco announced its intentions to end-of-life the Cisco Security Agent (CSA) at the…

End of life for CSA? That’s okay! was originally published on The Puchi Herald Magazine

Politicando… politica ed informazione

Antonio Ieranò 04/26/2010 Editoriali in Italiano, Editorials, My Best Articles, News From The World, Notizie in Italiano, Sic Transit Gloria Mundi

Stavo parlando, qualche giorno fa, con un amico e si commentava come le fonti ufficiali di informazione (giornali e telegiornali in primis) hanno presentato la diatriba tra Fini e Berlusconi. Effettivamente abbiamo entrambi osservato come si sia presentata una questione squisitamente politica in termini di mera gestione del potere. Nulla si è detto sul valore politico delle posizioni di Fini che rappresentano una legittima espressione di una visione di stato e intervento sulla cosa pubblica (mi si conceda, nel senso più alto di fare politica) che può essere condivisibile o meno, ma sicuramente rispettabile. Si è invece presentata la questione…

Security for Dummies 002: l’ecosistema criminale

Antonio Ieranò 03/30/2010 Aggiornamenti tecnici in Italiano, AI Tech Update, Editoriali in Italiano, Editorials, My Best Articles

Se nel precedente post abbiamo descritto come sia cambiato il mondo delle reti informatiche negli ultimi anni, qui vedremo come sia cambiato di conseguenza l’ecosistema criminale, introducendo, di qua e di la, alcuni concetti cari alla security di oggi. Perché lo fai Innanzitutto capiamoci: il motivo per cui un criminale compie le sue azioni è per ottenere denaro. le azioni che il criminale compie sono orientate a: consentirgli il reperimento diretto del denaro consentirgli di creare l’ambiente adatto che poi gli permetterà di agire come al punto 2.1 per ottenere denaro i veicoli disponibili sono fondamentalmente: truffa, o assimilabile, con…