Cybersecurity, hackingLeave a comment

Ubiquitous Security – 2010 Brings Focus To Mobile Issues

SysRisk

It’s no secret that I have been focusing on wireless security issues over the past two years, and I have been very vocal about how ‘wireless’ is not limited to wireless LAN. We are approaching a turning point where securing organizations will require even more emphasis on ID management and access control to establish accountability for effective monitoring, thereby establishing metrics based upon and sound measurement processes. Overall, the future challenge for governance will move from writing policy and pushing paper to sound statistical analysis (see more at securitymetrics.org), intricate log analysis, and stronger technical skills among security professionals. Introduction … Continue reading Ubiquitous Security – 2010 Brings Focus To Mobile Issues

hackingLeave a comment

God Mode – The Only Way To Admin Windows

SysRisk

Now people with alternative intentions in mind can get a promotion beyond administrator and become…. won’t say it to stay on good terms with …. This ZDNet Japanese article was released late last night, so don’t know if the English press caught on yet or not – here is the synopsis. In a nutshell, if you create a directory in Windows XP, Vista, and Win7 and name it “GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}” without the quotes, then open that folder, all of the control panel, system admin tools, and everything you need to take control of a locked down system becomes available. We’ve tried … Continue reading God Mode – The Only Way To Admin Windows

DevelopmentLeave a comment

WorkPapers – Latest Version Now Freeware

SysRisk

This title is a bit misleading since I stopped development of this software back in late 2006. Recent reports indicate that version still runs on the latest OS X and all versions of Windows, so due to an overwhelming number of requests from potential users for me to hurry up and setup a Sourceforge site and pull the registration encryption, we are now offering the software for download (both Mac and Windows) with a free version registration key. Workpapers was designed to be a personal audit software for teams in small to medium sized practices. All of the data calls … Continue reading WorkPapers – Latest Version Now Freeware

Cybersecurity, hackingLeave a comment

German Researcher Cracks GSM Codes – Offensive Security Research Illegal?

SysRisk

This is big news, and falls in line with mobile security research to be executed during the first part of 2010. A German researcher has made eavesdropping on GSM phone conversations post-facto (not real time) as easy as a beefy computer and $3,000 of radio equipment. The key to all of this, however, is the code book that this German researcher has access to. Karsten Nohl, the German scientist, made his presentation available here. The beefy computer is to crack the GSM codes and create the lookup table. The radio equipment is for tracking the spread spectrum signal.The most interesting … Continue reading German Researcher Cracks GSM Codes – Offensive Security Research Illegal?

hackingLeave a comment

The Last 10 Years In Mobile Phones

SysRisk

This is a neat write-up of a timeline of the mobile phone over the past ten years. I wrote a similar timeline for the RSA security conference here is Japan last May, but went much further back to the original mobile phones. Wikipedia also has a great timeline in the history section of the mobile phone category. This is something we take for such granted these days, and was a rich man’s novelty just 20 years ago; but even then it was limited to gadgets installed in vehicles for the most part. My claims to this historical bit are – … Continue reading The Last 10 Years In Mobile Phones

CybersecurityLeave a comment

Again? Digital Photo Frames Infected For 2009 Christmas… Too!

SysRisk

Japan IT press is reporting that digital photo frames shipped for Christmas are infected this year too. Does this ring a bell? Dejavu? Well, because it happened last year too; as chronicled at SANS, here, and here. Now, if you click on any one of the three previous links, please pay attention to the date – exactly one year ago. Not many security news items break in Japanese before the English publications, but here is the report paraphrased.The original report comes from the SANS Internet Storm Center that states digital photo frames made by Smartparts introduces various questionable malware files … Continue reading Again? Digital Photo Frames Infected For 2009 Christmas… Too!

Cybersecurity, hackingLeave a comment

Security Through Obscurity – Word Processor Redaction

SysRisk

A couple weeks ago I had a small rant about the HSBC bankruptcy leak, where I found the bank’s reaction to the issue rather surprising. Then this morning as I go through my reading list (it’s Monday), this article from Network World shows that TSA fell into the same problem. However, this most recent article goes into the problem much deeper, especially on the second page of the article. The problem lies in developers, users, and security managers alike not knowing the process of document redaction, and what will and will not properly redact a document. Many people think that … Continue reading Security Through Obscurity – Word Processor Redaction

Cybersecurity, hackingLeave a comment

Cool Serial Logging Device – Logomatic v2 Serial SD Datalogger

SysRisk

This cool little electronics device from Sparkfun Electronics allows you to log anything you can connect via a serial connection. A friend of mine handed this to me for Christmas, which is a good surprise that fits quite well with all the logging electronics applications that I have been prototyping lately, including some future ideas that I have for enhanced GPS/APRS/Wx logging, hiker emergency communications, and others. Enjoy! Comment – rants, comments, anything except spam. Continue reading Cool Serial Logging Device – Logomatic v2 Serial SD Datalogger

Governance, Risk, and ComplianceLeave a comment

Dissecting Japanese IT Organizations

SysRisk

This posting is a culmination of information about IT organizations in Japanese corporations gathered over the past nine years that I have been working in IT audit, security, and consulting in Japan. Before we start a project at a Japanese company, I always remind myself of the challenges, then we engage the work and I remind myself to write such a blog posting. The details outlined here do not apply to certain globalized Japan firms, but they generally apply to most; including many that are globalized. The only exception are those globalized firms that have recruited foreign talent at the … Continue reading Dissecting Japanese IT Organizations

hackingLeave a comment

Windows 7 Critique By An OSX User

SysRisk

Since the last blog posting I have done quite a bit – so much that I have not had time to blog about the activity. However, for the first catch-up blog, I decided to say a word or two about Windows 7. I joined Deloitte back in May of 2008 and our laptops were upgraded to Vista in November 2008. When the IT Center upgraded our laptops to Vista, they also upgraded RAM from two gigabytes to four gigabytes, which is always a welcome upgrade. Now, after about twelve months of using Vista and enduring 20 minute boot-up times, inexplicable … Continue reading Windows 7 Critique By An OSX User