Educational

Educational July 4, 2016

Web Services: SOAP vs REST

There is a permanent discussion going on and I have seen quite a lot of answers. SOAP (Simple Object Access Protocol) vs. REST (Representational State Transfer) Which one to use and when? Let’s see first the main characteristics of both: S.No SOAP REST 1. SOAP stands for Simple Object Access Protocol. REST stands for Representational State Transfer. 2. SOAP is a protocol. It defines some standards that should be followed strictly. REST is an architectural style. It doesn’t define so many standards like SOAP. 3. SOAP is highly secure as it defines its own security. REST inherits security measures from the underlying transport(SSL, TLS). 4. SOAP message request is processed slower as compared to REST. REST message request is processed faster as compared to SOAP. 5. SOAP supports only XML data format. REST supports data formats like plain text, XML, HTML, JSON, etc. 6. SOAP is not very easy to implement. You need to call methods in an API. REST is easier to implement. You need to call paths on a server (usually). 7. SOAP requires more bandwidth and resources. REST requires less bandwidth and resources. 8. In java SOAP web services are implemented using JAX-WS API. In java RESTful web…

antivirus, automotive, Educational, General, security June 16, 2016

Do you actually need a security product in your car? Part 3 : Intrusion Prevention and Detection Systems

I ended part 2 with the promise that we will discuss about : 2) Intrusion detection and prevention systems (IDS/IPS or IDPS) From Wikipedia: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.   IDPS for cars? Once inside, an attacker can utilize the vehicle’s internal communication bus and take control of additional modules inside the vehicle, including safety critical systems like the ABS and Engine Electronic Control Units (ECUs). Therefore, there is no “trusted device” anymore. Everything has to be assumed to be compromised. The…

Educational, General March 21, 2016

Cybersecurity vs. Information Security (infosec)

Somebody asked me why do I have in my LinkedIn profile “IT Security Expert” and in my company website www.mustaca.com “Sorin Mustaca Cybersecurity”. In order to answer that, I need to clarify the difference between Cybersecurity and Information Security (infosec). I googled a bit because I don’t have too much time and I did find something which is closest to my opinion. See Sources for a list.   Information security (or “InfoSec”) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical). The CIA triad of confidentiality, integrity, and availability is at the heart of information security. The members of the classic InfoSec triad — confidentiality, integrity and availability — are interchangeably referred to in the literature as security attributes, properties, security goals, fundamental aspects, information criteria, critical information characteristics and basic building blocks. There is continuous debate about extending this classic trio. Other principles such as Accountability have sometimes been proposed for addition and it has been pointed out in various sources that issues such as Non-Repudiation do not fit well within the three core concepts. Well, no…

Educational, security March 18, 2016

What is Pentesting, Vulnerability Scanning, which one do you need?

I get very often asked about these two concepts and I noticed that there is a lot of unclarity around these topics. At the end, I will tell you my own opinion and give you some advices.   Vulnerability scan Also known as Vulnerability Assessment, looks for known vulnerabilities in your systems and reports potential exposures. Vulnerability assessments are performed by using an off-the-shelf software package, such as Nessus or OpenVas to scan an IP address or range of IP addresses for known vulnerabilities. For example, the software has signatures for the Heartbleed bug or missing Apache web server patches and will alert if found. The software then produces a report that lists out found vulnerabilities and (depending on the software and options selected) will give an indication of the severity of the vulnerability and basic remediation steps. It’s important to keep in mind that these scanners use a list of known vulnerabilities, meaning they are already known to the security community, hackers and the software vendors. There are vulnerabilities that are unknown to the public at large and these scanners will not find them.   Penetration test (aka “pentest”) Designed to actually exploit weaknesses in the architecture of your…

Educational, General March 8, 2016

“Cyber Security” or “Cybersecurity” ?

“Cybersecurity” and “cyber security” are getting more and more mixed usage lately, so much that they are becoming almost as ambiguous as the term “cloud” was a few years back. The challenge information security executives and professionals are faced with is knowing  ̶  as the title implies  ̶  when and why the term should be used and how it should be presented, as a single word or two. While there isn’t any recognized authority on the subject per se, there are at least some credible sources providing guidance that can help those of us in the industry to decide on “when, why and how” to use the term. Read more here   Conclusion: Cybersecurity is the right term!    

Educational, Spam & Phishing February 23, 2016

Is eBay actually supporting phishing?

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”. The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”. “Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure that they are up to date. Please ignore this message if you have updated your data recently.”   Same as 99.99% of the phishing emails. I couldn’t believe my eyes either, so I checked the headers of the email:   Useless to say, this is against their own policies mentioned here in German http://pages.ebay.de/help/account/recognizing-spoof.html and in English here http://pages.ebay.com/help/account/recognizing-spoof.html This is the link behind the button: http://rover.ebay.com/rover/0/e13217.m.l7678/7?euid=&loc=https%3A%2F%2Freg.ebay.de%2Freg%2FUpdateContactInfo%3Fflow%3DEMAIL It is true that their email is: addressing me personally, using my eBay account is not urgent, is not threatening it doesn’t have attachments, but it has pictures but, there are some elements that make…

antivirus, Educational, General, security September 9, 2015

What is Strategic Product Management and why do we need it in the security industry

“Strategic Product Management” is, first of all, a buzz word. A hype, if you want. But that doesn’t mean that you don’t need it. Most technology companies have a product management department that should act as the “voice of the customer” on one side and translating their finding into requirements on the other side. I won’t go into the debate if this makes sense or not. Read here about Product Manager, Product Marketing Manager and Technical Product Manager. PMs typically generate an extensive roadmap of new products and enhancements which almost always never get implemented. But is product management really being used strategically? For example, what is the product strategy that is driving roadmap priorities? And how is the product strategy linked to the company’s overall strategy? Aha, you see where I am going, right? So, in order to make a Product Manager do a good job, he needs to follow a strategy. What is a “good job”, you may ask. A PM’s job is any or all (depending what you understand that the job description of a PM is) of: identify problems identify target customers and markets define solutions for the the problems by talking to the customers check if the solution…

Educational, News July 8, 2015

Phishing created for Apple’s mobile devices

I received last night an email pretending to come from Apple’s support. But, it is badly made if you see it in an email client. Dear Customer AppleID14028364ca Due to recent updates we are asking many of our customers to confirm their information this is nothing to worry about. We are making sure we have the correct information on file and that you are the rightful account holder. Failure to comply with this may result in your account being suspended. Once completed you may resume to use your account as normal and we would like to thank you for taking time out of your day to confirm your information. Verify Now > Wondering why you got this email? This email was sent automatically during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted. For more information, see our frequently asked questions. Thanks, Apple Customer Support TM and Copyright © 2015 Apple Inc. 31-33, rue Sainte Zithe, L-2763 Canada. All rights reserved / Keep Informed / Privacy Policy / My Apple ID   However, the email looks pretty different if you see it on a…

No Image

Educational, General, German June 24, 2015

FritzBox users: protect your network for free!

If you are living in Germany, Austria or Switzerland, there is a high chance that you are using one of the AVM’s FritzBox for your broadband connection. The FritzBox is a very small device which runs a PowerPC processor and between 16 and 32 MB RAM. This is almost nothing! So, you can’t install antivirus or some security solution to filter the URLs you visit via this device. There is, however, a very easy and good way to protect your network. All new models of FritzBox have the possibility to set a special DNS server which can be used for various other purposes, other than simple DNS. For example, using OpenDNS you can filter the DNS requests which point to malware, phishing and other potentially unwanted websites (a basic parental control). The good part is that it is very, very simple to configure this great feature. Here is how in English/German: Login on your fritz.box/ Go to Internet->Connection data / Internet->Zugangsdaten Click on DNS Server / Klick auf DNS-Server Choose Alternative DNS Server / Wähle “Andere DNSv4-Server Write the IPs: / Schreibe diese IP Adressen: 208.67.222.222 8.8.8.8 Click on Apply / Klick auf Übernehmen The 8.8.8.8 is the Google DNS server which has also a…

No Image

Educational, News June 16, 2015

How much is a blog instance worth?

I wrote in the post  Do you really know who’s visiting your website? about how often hackers probe my websites. IT Security News has of today this: 5,914 blocked malicious login attempts / was 2092 on May 8th 2,182 spam comments blocked by Akismet. / was 2115 on May 8th The login attempts more than doubled in just 5 weeks. Of course, they are all automated attacks, so we can’t really speak of an effort from anyone’s site.   Why ? If a hacker “owns” a website he is able to do a few things:  Change content and possible deliver malware to your readers Host individual “sub-pages” or “sub-websites” in your blog and reference them from email campaigns or post spams. Send mail from your blog to just anyone, but the worst is when it sends to your subscribers. All are very bad things as they ruin your website’s reputation and drives your visitors away. And they can happen all together or just any combination of them.   What can you do? It turns out that you can do quite a lot of things: don’t user the default admin account  (WordPress: admin) set a hard to guess password keep your blog and its extensions/plugins up to date don’t install…

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close