Monthly Archives: March 2013

Pen-testing with small networked devices

Pen testing has always been viewed by IT security and data governance professionals as something of an audit exercise, with the pen tester undertaking a series of proscribed and planned tests, then reporting back to the IT security manager – or client management professional – in a report format, complete with recommendations. Dr. Philip A. Polstra, Sr, a Professor in… Read more »

ContraRisk Security Podcast 0008: Old and new threats

» Listen or download now from the podcast page » In all the excitement and hype that inevitably surrounds the identification of new threats, it’s important not to lose sight of the menace posed by previous security vulnerabilities and malicious actors – most of whom aren’t going away any time soon. The danger they present hasn’t diminished just because new ones have… Read more »

ContraRisk Security Podcast 0007: #BlackHatEU – iOS pen-testing and attacking SSL

» Listen or download now on the podcasts page » Vivek Ramachandran is perhaps best-known for his work on wifi security: he is, after all, the author of BackTrack 5 Wireless Penetration Testing. He’s also the founder and CEO of SecurityTube, which provides online security training. At Black Hat Europe 2013, however, his focus was elsewhere. Vivek presented a workshop on pen-testing… Read more »

ContraRisk Security Podcast 0006: #BlackHatEU – Kali Linux

» Listen now or download on the podcasts page » Offensive Security used Black Hat Europe in Amsterdam to launch the next incarnation of its popular pen-testing Linux distribution. BackTrack has now become Kali – a name derived from a warlike god or an African word meaning ‘hot’ or ‘fierce’ – take your pick. It represents a somewhat surprising change in direction…. Read more »

#BlackHatEU : When security appliances become your security problem

It’s a depressing fact that, sometimes, the very defences you put in place to protect your organisation can become the weakest point. In a presentation at Black Hat Europe, Ben Williams, a pen-tester with NCC Group, showed that many security products have flaws that can be exploited by attackers. It’s actually the second such presentation he’s given. The first was… Read more »

ContraRisk Security Podcast 0005: #BlackHatEU – SQLi

The ContraRisk crew is in chilly Amsterdam for Black Hat Europe 2013. And to get our coverage of the event rolling, we start with an old favourite – SQL injection (SQLi). » Listen or download now on the podcast page » Sumit ‘sid’ Siddharth, head of penetration testing for 7Safe (now part of PA Consulting), is a regular at security conferences, running… Read more »

The eyes have it

      No Comments on The eyes have it

“Don’t shoot until you see the whites of their eyes” might well become the mantra for CISOs addressing mobile device and BYOD security nightmares. For a person on the move, using their biometric characteristics, which they always carry with them, to access their mobile device – and access services via their device – is a no-brainer. Voice recognition might seem… Read more »

ContraRisk Security Podcast 0004: biometric identity in the developing world

» Listen now on the podcast page » In this episode, Tracey Caldwell talks to Alan Gelb, a senior fellow at the Center for Global Development. He is the co-author, with Julia Clark, of the report ‘Identification for Development: The Biometrics Revolution‘ which looks at how biometric-based identity programmes are being used in developing countries. In contrast to rich countries, where biometric ID… Read more »