tag:blogger.com,1999:blog-298572002008-11-13T04:07:36.454+02:00Current issues, reading suggestion and a little bit of cheap philosophy regarding information security. <br> <br> By Andre FucsAndre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-29857200.post-19923540410675180472008-11-07T13:21:00.007+02:002008-11-13T04:07:36.474+02:00

Hey fellas, hope you still remember this blog exists. :-) Well... It still does and although I do not frequently write in here from time to time I feel an urge to do so. Earlier this week I was reading Security Balance, a friend's blog and noticed that his last post raised few concerns on the so called virtualization security. Also is his blog, Mike DiPetrillo criticizes Augusto for spreading

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-91745210419509239502008-07-25T07:53:00.006+03:002008-07-25T08:09:30.891+03:00

Ladies and Gentleman managing DNS servers. Please, remind to review your DNS and firewall configurations in order to ensure random source ports! I've seen several "patched" DNS servers going to the internet with fixed source ports, something that more or less nulls the patches released by the vendors. Why not to test your DNS today? (tip by Rubens Kuhl Jr.) https://www.dns-oarc.net/oarc/

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1162339003376400872006-11-01T01:54:00.000+02:002006-11-01T01:57:33.790+02:00

I could never imagine that I would ever hear the expression "two factor authentication" so many times. :-)

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1162338845555943822006-11-01T01:46:00.000+02:002006-11-01T01:54:05.556+02:00

In my article, Voice over IP: New Telephony and Security, I've made a quick comment regarding the IP Multimedia Subsystem however no details or explanations were provided. Recently Emmanuel Gadaix, a great person and amazing professional, made a introductory presentation regarding IMS Security. The PPT file can be found here. The picture get clearer every day: It's not only a convergence of

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1161991098745142382006-10-28T00:54:00.000+02:002006-10-28T01:21:01.940+02:00

Ross Anderson posted a comment regarding an idea that the British banking system is studying as a solution to eliminate phishing attacks. Anderson's comments are greatly precise but I got myself thinking: Is the search for an ideal strong authentication a quest for a new holy grail?

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1161955634811752272006-10-27T15:04:00.000+02:002006-10-27T15:31:37.360+02:00

Recently Pedro Dória, a journalist friend of mine posted some interesting results about this new toy, Google Trends. I was doing some tests when I got surprised by one of the query results. Bellow we can se the results for volume of search of three different queries: exploit, windows exploit and linux exploit. exploit linux exploit windows exploit Although I tend to agree that Google is

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1161774427901283132006-10-25T12:52:00.000+02:002006-10-25T13:10:23.916+02:00

Not a long time ago, Bruce Schneier posted on his blog a note regarding Laptop seizures by the Sudanese government and mentioned rumors about this practice in Israel. After few days he edited the post observing that currently this is a legal practice within USA borders. Let's say it was a quite funny repercussion. Now, circa one month after the International Herald Tribune published an article

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1159140629043830552006-09-25T01:16:00.000+03:002006-09-25T16:17:05.660+03:00

As some of you know, I was born in Brazil and I had been living in Israel since may 2006. This is my second time in the country. First time was last year when I came here to work. I liked the place so much that I decided to come back and enjoy the Mediterranean life. Life in this country is quite nice but a little bit peculiar. Firstly because of the fact that most people don't have a single

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1158717058160707272006-09-20T04:38:00.000+03:002006-09-20T04:55:40.100+03:00

The 1992 Nobel Prize in Economic Sciences, Gary Becker and his fellow Professor, Judge Richard Posner posted on Deterring Identity Theft. Becker & Posner As an information security professional and frequent reader of their posts all I can say is that I will keep reading their blog despite those weird posts. :-)

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1155948202145693512006-08-19T03:41:00.000+03:002006-08-19T03:44:31.143+03:00

Producers of Australian Broadcasting's (ABC) The Chaser's War on Everything satirical programme booked two tickets on a Wednesday flight to Melbourne with low-cost carrier Virgin Blue. The tickets were in the names of "Al Kyder" and "Mr Terry Wrist," New South Wales daily Sydney Morning Herald is reporting. Source: FlightGlobal.com I must confess that they had an amazing idea. :-)

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1152225878073368992006-07-07T01:37:00.000+03:002006-07-07T01:44:38.080+03:00

Recently I had been involved in a mail thread regarding the well-accepted application of the "defense in depth" doctrine withing information systems security. I maybe mistaken but it sounds like a mistake to defend such approach when even the modern armies are developing network/information centered warfare tactics. As the Wikipedia entry for the UK Network Enabled Capability states: NEC is

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1152091986397096862006-07-05T11:02:00.000+03:002006-07-05T12:33:06.420+03:00

Vono, a leading Brazilian VoIP service, informed their customers about a phishing attempt involving their services. As usual, users were lead by different ways to a clonned website for password recording purposes. Until here no lesson to be learned, Vono service is a prepaid VoIP service that can be paind either by invoice or a non displayed credit card, this last payment method also offers a

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com0tag:blogger.com,1999:blog-29857200.post-1150564192618104812006-06-17T20:09:00.000+03:002006-06-17T20:09:52.626+03:00

Brazilian songwriter Chico Science used to say that “one step forward and you’re not at the same place anymore”. Unfortunately, this new place is not always the ideal world we longed to be. This is the reality that many companies are delving into the Voice over IP land are facing. Problems with security are many and, once again are driven by the usual expectation for panaceas; companies are

Andre Fucshttp://www.blogger.com/profile/13598166732495572569noreply@blogger.com1