Study of Implementing Available Security Controls of Wireless Computer Networks

This article will present an analysis of security levels of wireless home networks based on IEEE 802.11 standard. The analysis of security implementation will be done on the basis of activated security checks available to end users in order to protect their own wireless system to the full. The analysis will encompass average users as regards to their knowledge of network communication systems and implemented security checks. The end result, i.e. a realistic picture of the way end users think about wireless computer network security, which in turn will have an impact on science and society in general, will enhance the awareness of possible ways wireless networks can be abused.

My Google Reader RSS subscriptions

I love RSS. I love Google Reader. I love my RSS collection!
I’ve been collecting this for some time now. This collection is not just a bunch of links but it’s a collection of carefully selected RSS channels. It contains almost 300 hundred RSS channels for web desing, UX and security. Most of the RSS channels are security related which include forensic analysis, exploits, malware analysis and PEN testinging.
Feel free to download this OPML and use it as you like it :)

The Framework of e-Forensics in the Republic of Croatia

With the development of information communication systems and the services they provide, the complexity of the organization of information within information systems is growing. The complexity itself contributes to the increase in the number of electronic incidents and affects the high demands of forensic procedure implementation. It is estimated that in the near future the number of electronic incidents will outgrow the number of classical criminal incidents both financially and quantitatively. Due to the things mentioned above, early identification, discovering and taking legal proceedings against the perpetrator of an electronic incident are necessary. It is necessary to investigate all electronic incidents adequately and promptly and adapt the legal framework and laws related to e-Forensics. e-Forensics is a relatively new discipline within which there is a low level of standardization and consistency. With the purpose of increasing the quality of performing e-Forensics and presenting the evidence in a possible judicial proceeding one has to define the legal framework of e-Forensics. The analysis of current legal standards and methods used to perform e-Forensics is presented in the paper as well as the proposal of performing e-Forensics with defined procedures and methods.

Hacking websites: The Series

This is the beginning of the “Hacking websites” series which will try to explain why sites are hacked, how they are hacked and how to protect your website(s) from being hacked and broken. Motivated with rather discouraging results form Breach and WhiteHat security statistics reports I decided to start these series which will, hopefully, educate readers enough to protect their websites from top 10 vulnerability classes.

Classification of Information System Hacking Tools

In a process of hacking information system the attacker will be using one or more hacking tools to accomplish his objective. The hacking tools can be divided into two main categories: procedural classification and functional classification. Procedural classification describes which tools are use during seven steps of hacking attacker is going through. Functional classification is describing the main four categories based on the tools functionalities.

Hacking Information Systems: Tools of the trade

For every step of the hacking process one or more tools could be required for the attacker to complete his objective. Although there are thousand of hacking tools variations all of them can be categorized to 14 basic categories.

Although, when talking about “tools” many will think about software solutions. But in a broader sense, hackers toolkit is much more than just software and it can be anything from piece of paper and a pen to human activities for collection of sensitive information and the penetration into the target system.

Hacking Information Systems: The Seven Steps

Hacking an information system which can be a computer network, server or a web site collection can be, and it is, very complex procedure and different procedure for every information system. But in it’s essence follows the basic seven steps of hacking into some kind of information system. From basic scouting to full takeover these seven steps […]

Security Audit and Mechanism of Protecting e-Learning System at the Faculty of Traffic and Transport Sciences

LMS (Learning Management System) of the Faculty of Transport and Traffic Sciences, called e-Student, was experimentally introduced at the end of 2004 for one subject at the Faculty and was used to carry out a part of the teaching and practical work for about a hundred students. Today the system is used by more than 4800 students. In the period from 2004 to the beginning of March 2007, the system was used more than 145, 000 times. With the fact that e-Student system is a publicly accessible web application has given rise to questions regarding the security of the users interface and the database safety. Although, from the very beginning the system was planned and designed so as to provide security against then known methods of attacks, there are almost daily new failures in the operating systems and database management systems and the methods of attacks and usage of the web application drawbacks. Consequently, the system has to be regularly tested and adequately protected.