Wolf's Lair

Building High Performance Teams (3 X 3 Framework)

2021-08-30T22:04:00.005+08:00

When we talk about building a high performance teams, it will always be revolving around these five key characteristics. Trust, Clear Communication, Defined Roles and Responsibilities, Engaged Leadership and Collective Goals.

Trust
This is the key factor that differentiate between the high performing team over the average one. With Trust, they will be more comfortable in taking risks and working through challenges and conflicts positively

Clear Communication

High performing teams find ways to streamline and optimise communication. They know when to call, when to IM, when to email or even pop by your desk. They may also use technology to stay organised and track progresses.

Defined Rules and Responsibilities
Clearly defined roles and responsibilities eliminates confusion. when team members knows their roles and responsibilities well, this prevent conflicts, which will maximize productivity.

Engaged Leadership
Being Engaged is not micro-managed. It is about providing direction and full support to help the team to succeed. An engaged leader provide positive working environment thru regular communication and building trust and respect among the team.

Collective Goals
Even though each team member has their own responsibilities, but they all are collectively working towards one main goal and contributes to the overall success. High performing teams will step in to help each other to ensure all goals are met.

3 X 3 Framework

Recently, I came across a interesting idea on building high performing team. it changes my understanding on how goals and roles should be defined and how a high performing team should be.

It uses a 3 x 3 framework.There are three foundations that team needs have in place - Goals, Roles and Norms. Then the three elements of ongoing reflection and change - Commit, Check and Close, to maintain peak performance.

Goals
This is main direction for the team. Getting agreement on where the project goes and what to accomplish. Importantly, each team member should have a personal "what's in it for me" connection to the goal.

Roles
Being clear about who is doing what specific activities and how these tasks overlap. In a real team, there should be overlap of tasks. If there are only parallel activities, we only get a "co-acting group" not a team.

Norms
Norms are ground rules in areas such as information-sharing, decision-making, and conflict-resolution. Others common norms such as respecting each others, avoid hidden agendas are also important.

The ongoing 3 steps function:
Commit - Have good conversation with the team. Getting the team to commit to the explicit goals, roles and norms.

Check - As our day to day working in multiple teams and/or projects, there are too many distraction, we tend to lose focus and slowly drift from the goals, roles and norms. Check in from time to time. Revisit the committed goals, roles and norms.

Close - As we revisit the goals and commitment, we may find misalignment among the team. We will work to close the gap. Taking small steps on targeted and specific changes.

Some advice for the high performing team,
- Have good conversations among the team.
- Focus on a few things rather than a lot of things. Teams get overwhelm.
- Paying attention on whats going on in the team.

Common problems
- Relying too much on one person.
- Focus too much on a plan but not thinking about the execution and organising people around that plan.
- Not paying too much attention on individual role.

Finally , leader of high performing team should create a "Psychological Safety" environment, which member will feel "safe" to share their thoughts, able to be creative. To create this environment, you need to build trust in the team, having good one on one conversations, be a good listener and by showing empathy, showing that you care.

How to be a CISO?

2021-08-21T23:42:00.002+08:00

Being a Certified Information Systems Security Professional (CISSP) and Certified Infirmation Security Manager (CISM) for more than 10 over years. I have been wondering recently, on the quality of being a Chief Information Security Officer (CISO).

There are many aspects and view on how to be a CISO. EC-Council, one of the leading IT Security training and certification organisation, provide a training and certification program called the Certified Chief Information Security Officer - C|CISO. It is based on the EC-Council CCISO Body of Knowledge, which covers five Information Security Management Domains:

Governance and Risk Management
Information Security Controls, Compliance and Audit Management
Security Program Management and Operations
Information Security Core Competencies
Strategic Planning, Finance, Procurement and Vendor Management

Whereas (ISC)2 seems to have a more interesting view. They have the idea of CISO Mind Map, which contains seven phases.

It start off with the Architecture, the Framework, the Risk Assessments and the Governance. Then the Threat Intelligence and Vulnerability Assessments fits into the Security Operations and finally to have continuing Education.

Architecture

It is the foundation for the CISO. He got to make sure he understand the enterprise information architecture. How is the network been designed (e.g. where is the DMZ. Are the firewall and control place correctly?). He have to make sure all the part in the architecture fits well and defensible.

Framework

Framework is useful to help in designing the architecture. There are many different types of framework, from ISO to NIST. Each framework helps to serve a specific purpose, which guide and protect your infrastructure. CISO need to find the right frameworks that fits the architecture in place.

Risk Assessments and Governance

CISO going to be identifying risks, eliminating or mitigating them, together with the Governance Committee. CISO need to based on the architecture, the frameworks, the control objectives and the use of risk assessments to present a clear picture on how secure they are, to the Governance Committee.

Threat Intelligence and Vulnerability Assessments

Threat intelligence constantly feeding from multiple sources. Vulnerability assessments are using those threats and make determinations if there are really a problem. CISO need to work on the taken threat intelligence, the vulnerability assessments to risk assessed and come to conclusion.

Security Operations

CISO needs to have great business impact analysis. The foundation of that is to make sure business continuity and disaster recovery are well taken care of. Security Operation also includes the managing of critical systems based on their threat intelligence and vulnerability assessments.

Education

CISO needs to present education budget. He need to show that education is not optional, highlight why his team needs to have certain courses, why these certifications are important and why constant training is required.

What is Attack Surface Management?

2020-11-08T18:05:00.005+08:00

Attack surface is about all possible security risk exposures, especially all internet-accessible external assets that adversary could discover and gain foothold into your environment.

Attack Surface Management (ASM) is an emerging category of solutions that use an external attacker’s perspective to help organizations better manage these type of risk exposures.

These include:

Continuous discovery and Inventory of unknown assets (Cloud and shadow IT)
Classification and Prioritization of risk and vulnerabilities
Continuous monitoring of assets and Threat Intelligence

Is ASM a Asset Management? or is it Vulnerability Management?
It is actually more of a Risk Management with the following Use Cases.

Identifying and visualizing external gaps
Discovering of unknown assets
Attack Surface risk management
Risk-based vulnerability prioritization
Assessing Mergers and Acquisitions (M&A), and subsidiary risk

Evaluating of Attack Surface Management

SANS recently released a guide on evaluating ASM solution. the guide discuss about 2 major requirements: Product and Operational requirements

Product requirement

Automated Discovery - An advanced algorithm capable of building a map of assets with minimal input and limited false positives.
Continuous Monitoring - Ability to detect change by frequently scanning the attack surface. When an asset is removed, the ASM solution should maintain the information in the database for historical purposes.
Risk Based Management - Create and maintain a risk score for each asset that combines the ASM provider’s external threat assessment with user provided information on relative business value, impact and remediation status.

Operational requirement

Alerting - Ability to monitor and alert on changes.
Enterprise Management - ASM solutions should include basic enterprise management capabilities that enable large teams and organizations to operationalize the solution.
Interoperability & Integrations - Supports third party integrations and custom development using a provided API.

Hacking of Facebook Messenger

2016-06-07T23:00:00.000+08:00

Recently Check Point disclosed a vulnerability found in Facebook Messenger, it allows an attacker to change conversation thread in the Facebook messenger.

Hacker can manipulate message history of a conversation to claim he had reached a falsified agreement with the victim, or simply change its terms.

Hackers can tamper, alter or hide important information in Facebook chat communications which can have legal repercussions. These chats can be admitted as evidence in legal investigations and this vulnerability opened the door for an attacker to hide evidence of a crime or even incriminate an innocent person.

This vulnerability can also be used as a malware distribution. An attacker can change a legitimate link or file into a malicious one, and easily persuade the user to open it. The attacker can use this method later on to update the link to contain the latest C&C address.

Below is the demo of the hack

Hijack and Impersonate Whatsapp account

2016-06-06T22:12:00.000+08:00

Attacker are able to hijack a Whatsapp account and impersonate as the legitimate user.
How they do it? There is actually a vulnerability in Signaling System 7 (SS7), a global network of carriers that acts as a central hub to connect the world. The attack is done by tricking the telecom network into believing the attacker’s phone has the same number as the target’s.

The attacker would now create a new WhatsApp account and receive the secret code that authenticates their phone as the legitimate account holder.Once complete, the attacker now controls the account, including the ability to send and receive messages.

Below is a demo of the attack.

You can find my previous post on extracting messages from Whatsapp in "Can you extract message and photo from Whatsapp?"

Hacking of LG handphone

2016-06-04T15:00:00.000+08:00

Check Point disclosed today two vulnerabilities (CVE-2016-3117, CVE-2016-2035) which can be used to elevate privileges on LG mobile devices to attack them remotely at the LayerOne 2016 conference in Los Angeles.

The first vulnerability allows a malicious app installed on an LG device to abuse the lack of bind permissions in an LG service and to elevate its privileges, allowing additional control of the device.
The second vulnerability allows a remote attacker to delete or modify SMS messages received on a device. Attacker could use it to conduct credential theft or to fool a user into installing a malicious app. The attacker could modify a user’s unread SMS messages and add a malicious URL to redirect the user to download a malicious app or to a fake overlay to steal credentials.

Steps to mitigate the risk of this attack:
- Verify any app installation request before accepting it to make sure it is legitimate.
- Use a personal mobile security solution that monitors your device for any malicious behavior.

- Lookout for LG latest update on these vulnerabilities and patch it immediately

Below is the video demo of the remote attack.

For more details of these vulnerabilities, visit "OEMs Have Flaws Too: Exposing Two New LG Vulnerabilities"
http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/

Misfortune Cookies Vulnerability

2014-12-20T16:32:00.000+08:00

As everybody was focusing on the Sony hacking incident, there was a vulnerability that is affecting over 12 million Internet routers located in 189 countries across the globe been announced. At least over 200 different models of the devices are vulnerable. These lists of vulnerable devices consist of companies such as ASUS, D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.

This vulnerability, which is discovered by the researchers from Check Point’s Malware and Vulnerability Research Group, called it "Misfortune Cookie vulnerability". It is exploitable due to an error within the HTTP cookie management mechanism in the affected software. It allows an attacker to determine the ‘fortune’ (critical information) of a request by manipulating cookies. Attackers can then send specially crafted HTTP cookies that exploit the vulnerability to corrupt memory and alter the application state, which will trick the device’s web server to treat the current session with administrative privileges.

The actual vulnerability lies on the software that is the embedded web server RomPager from AllegroSoft. Devices running RomPager services with versions before 4.34 are vulnerable.

So what can you do with the exploit of this vulnerability? With administrative access to your device, an attacker could take control over your wired and/or wireless network infrastructure. Depending on your gateway device, there may be risk of Man-in-The-Middle attacks, provide a possible attack vector for LAN-side vulnerabilities, and also gave the attacker the ability to extract useful information from the network connections from your devices.

With information extracted from your network, it also provide the stage for further attacks, such as installing malware on devices and making permanent configuration changes the bypassing gateway protection just as firewall or network isolation of your local network.

Since this is one of the most widespread vulnerabilities revealed in recent years, how can we mitigate it? There is actually a patch to the vulnerable software. AllegroSoft issued a fixed version to address this “Misfortune Cookie vulnerability” in 2005. It is advice to check with the device vendor if the patched firmware is already available.

But there is always this common issue of device vendors taking too long to patch up their firmware. Even if the patch of the vulnerable software available, they need to integrate this patch into their device firmware, test to make sure nothing breaks and then make it available which normally takes a long time.

Other mitigation that can be considered will be to deploy Intrusion Prevention Systems (IPS) in front of your device. There are IPS signatures available for this vulnerability (CVE-2014-9222 and CVE-2014-9223).

Reference:
Misfortune Cookie

Information Leakage and Improper Error Handling

2013-10-19T15:00:00.000+08:00

Information leakage and improper error handling used to be in the OWASP Top 10 2004 and 2007. But they have rename to "Security Misconfiguration" since 2010 and with a wider scope.

While doing my online shopping today, I accidentally triggered an SQL query timeout error. The error page review quite a number of information, which can be useful for the programmer to carry out troubleshooting. But best of all, it also provide the hacker with information to carry out the next level of "attack" to the server.

The error page provides table information, file paths that helps in launching SQL injections and XSS attacks.

The error page also shows the application that the server is using and its version number. Based on the information, the Microsoft .NET framework version is not the latest. It may contains critical vulnerability that allows elevation of privileges and remote code execution.

Planning to inform the Site administrator on this issues and nobody hacked it yet.

IPv6 InSecurity. Is your company ready for IPv6?

2012-10-25T01:00:00.000+08:00

Everybody is announcing that IPv4 addresses are running out. Countries and major IT companies (such as Google) are encouraging others to move into IPv6. IPv6 have always been portrayed to be more secured than IPv4.

Image from Google

But in the recent talk by van Hauser on "IPv6 Insecurity" in HITB, he share that there are huge grow in the number of vulnerabilities found related to IPv6 in recent years. Several times more than IPv4.

So is IPv6 mature/stable enough? Do you think companies are ready for the change to IPv6? Should we be encouraging our companies to make the change now? These are the questions that I think we need to ask ourselves as a security professional.

Beside worrying about the readiness of IPv6, van Hauser also highlighted the importance for companies (even those in pure IPv4 environment) to be aware and understand the threats from IPv6. Desktop and network devices these days may already support IPv6 and may enabled by default. Attackers may use these "channel" to target companies in IPv4 environment and bypass their network protection (e.g IPS), which is not IPv6 aware.

Related articles:
- HITB slides: Marc Heuse - IPv6 Insecurity Revolutions.pdf

HITB playing AC/DC concert

2012-10-16T22:28:00.002+08:00

While waiting for the next speaker during the HITB (Hack In The Box) Conference in Kuala Lumpur, the screen in the conference hall starts to play the song "ThunderStruck" by AC/DC (shown in the video below).

The music video is actually part of the introduction for the presentation titled "Behind Enemy Lines" by Mikko Hypponen of F-Secure. His speech talks about the various cyber "enemy" (Types of hackers) and their motives. He also share with us some of the ways to defend against this "enemy" and avoid being the target.

You can download the slides from HITB website here

USB hacking obsolete?

2012-09-23T11:51:00.000+08:00

With Windows autorun feature disabled by default, USB hacking method such as Pod slurping and tronjanized flash drive no longer possible?

I have recently wrote an article "Pentesting with Teensy" for PenTest Magazine that describes how you can emulate a device as a HID (Human Interface Device) and inject attack codes and execute commands in the system.

For those who have not read the article, I have make a short video to demostrate how you can still carry out the USB hacking using Teensy.

Besides using teensy as a pentesting or hacking tool, it can also be useful for auditors to verify system hardening and configuration with system commands pre-set into the device.

More information about my article, refer to my previous post "Pentesting with Teensy".

Command Your Windows

2012-09-04T22:46:00.001+08:00

System these days does not really require users to use command line. Windows, Mac, Linux and even traditionally command-based UNIX also come with GUI (Graphical User Interface) such as KDE. Command line may seem to be obsolete for many. But it is still very useful to hackers and pen-testers when GUI is not available such as using remote shell.

I have wrote an article titled "Command your Windows", which is published in this month PenTest magazine (September). In this article, I will be sharing on some of the useful windows commands that a hacker or pen-tester can use when obtaining a remote shell to the system.

This magazine can be purchase on-line from PenTest Magazine website.

Please post your comments regarding this article here.
If you are interested in this article, I will happy to share it with you. Just drop me an email.

Pentesting with Teensy

2012-08-03T23:24:00.001+08:00

Windows autorun feature is disabled by default these days. Is it still possible to launch code automatically from a USB drive? What if there is a USB drive that could execute code automatically when plugged in and yet not able to be identify as USB drive by the system?

Teensy, USB-based micro-controller development board, which can be programmed to emulate as any device and store programming code. I have wrote an article that describes how you can emulate the device as a HID (Human Interface Device) and inject attack codes and execute commands in the system.

This article titled "Pentesting with Teensy" can be found in the July issue of PenTest (Web App) Magazine.

WhatsApp InSecurity

2012-08-02T22:16:00.000+08:00

The ownership of smartphones and tablets has grown enormously over the past few years. WhatsApp has gained popularity as the cross-platform application to replace traditional messaging services such as Instant Messaging and SMS. How safe is it to use for personal communication?

I have written an article that talks about how you can extract the message and photo that were send via WhatsApp.

This magazine can be purchase on-line from Hakin9 Magazine website.

Please post your comments regarding this article here.
If you are interested in this article, I will happy to share it with you. Just drop me an email.

There is a video on the related demonstration, which I previously posted in "Can you extract message and photo from WhatsApp"

Security Guideline for Mobile Devices in Enterprise

2012-07-13T14:57:00.000+08:00

This week, NIST (National Institute of Standards and Technology) has release the guidelines for managing and securing of mobile devices in the enterprise (Guidelines for Managing and Securing Mobile Devices in the Enterprise - SP 800-124 Revision 1). The purpose of this publication is to provide recommendation to help organizations centrally manage and secure their mobile devices against various threats.

This document is intended for technical staffs such as security engineers and those who are responsible in planning, implementing and maintaining the security of the mobile devices.

It covers the type of mobile devices that are applicable such as smart phone and tablets. Basic cell phones and laptops are out of scope as their threat level and security control options are different.

It also talks about the different high-level threats and vulnerabilities related to these devices, as they are generally higher risk exposure that other client devices such as desktop and laptop. These threats are,

Lack of physical security controls
Use of untrusted mobile devices
Use of untrusted networks
Use of applications created by unknown parties
Interaction with other systems
Use of untrusted content
Use of location services

The next section of the document provides an overview of the current state of the MDM (Mobile Device Management) technologies, which mainly comprise of the components, the architectures and the capabilities. For components, it talks about the type of MDM solution between the solution from same vendor of the mobile device and using third party product that can manage one or more types of mobile devices. The architectures deal with the different consideration and the use of other enterprise services based on business requirement. As for the capabilities of the MDM, it should provide the following security services,

General policy that can enforce enterprise security policies on the mobile device.
Data communication and storage that provide strong data encryption during communication and on storage. It should also have the ability to remotely wipe the device.
User and device authentication, which includes account and device lockout and remotely locking of the device.
Application. It should be able to restrict the installing and removal of applications. Prevent access to enterprise resources based on devices OS (Operating System) version and status (rooted or jailbroken).

Lastly, it talks about the security for the life cycle of the enterprise mobile device solution, which covers from policy down to operations. This life cycle consist of 5 main phases.

Phase 1: Initiation. This phase include identifying needs for mobile devices, creating a high-level strategy for implementing mobile device solutions, developing a mobile device security policy, and specifying business and functional requirements for the solution.
Phase 2: Development. In this phase, it covers technical characteristics of the mobile device solution and related components. These include the type of authentication methods, cryptographic mechanisms and the type of mobile device clients to be used.
Phase 3: Implementation. This phase involve equipment configuration to meet operational and security requirements. Ensuring the integration with other security controls such as security event logging and authentication servers.
Phase 4: Operations and Maintenance. This phase will cover security related tasks that should be performed on an on-going basis such as log review and attack detection.
Phase 5: Disposal. This phase will cover the tasks for retiring of components and the mobile device solutions, including preserving of information to meet legal requirements, sanitizing and disposing of equipment properly.

For more details on this NIST publication, visit the following link:

This post is also available in Seczine, an online Security magazine.

Seczine.com: NIST Guidelines for Mobile Devices

Can you extract message and photo from Whatsapp?

2012-05-01T23:34:00.002+08:00

One day while messaging to my friend using Whatsapp, he ask me if the traffic is secure? I did a bit of read up and found out that Whatsapp message was actually not encrypted unlike iMessage.

So I decided to do a simple video to show how you can extract message and photo that were send via Whatsapp.

Update!
New post on hijacking and impersonate Whatsapp account in "Hijack and Impersonate Whatsapp account"

HP ProCurve Switch comes with FREE malware

2012-04-11T11:38:00.007+08:00

HP had announced in their Security bulletin yesterday (10 Apr) that they have shipped malware-infected compact flash card with their HP ProCurve switches.

In their official bulletin, "A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity."

They have not disclosed how those malware managed to infected the Flash cards but it is likely that it had infected the systems of the third-party manufacturer that supply those flash cards.

It is not the first time that renown companies are shipping malware in their products. Seagate and Apple also have reported cases. (See my previous blog "Battery not included ... but Malware is...)

Related Reports:
- HP SUPPORT COMMUNICATION - SECURITY BULLETIN

Android vs iOS security

2011-10-24T15:00:00.000+08:00

A interesting video on well-known security researcher Dr Charlie Miller, which discuss the security postures of Android and iOS

My Million dollar ATM is ready for delivery??

2011-10-23T12:49:00.007+08:00

I have just received an interesting Scam mail. Think it will be useful to share with all my readers.

The email claims to be from FedEx. They are ready to deliver "my" million dollar ATM card in GHANA.

-Below are the extract-

Dear Valued Customer.

The office of the FedEx Managements in the capital city of ACCRA GHANA do hereby wish to inform you that your ATM card package is ready for delivery.

The issuing bank of this ATM card has instructed us to inform you that your card has been credited with the total sum of US$4,750,000.00 (Four Million-Seven Hundred & Fifty Thousand Dollars) which is now accessible and you can make your withdrawal from any ATM machine worldwide.

This ATM card with the PIN code and other vital documents has peen packaged into an Envelop which has been assigned for immediately delivery but unfortunately, the issuing bank has cleared (PAID) the delivery fee, insurance fee, custom duty fee, delivery permit fee but they were not allowed to pay the security bonded keeping fee because we have not been told when you will be coming for your claim not until the bank instructed us to contact you and inform you of the security bonded keeping fee which is only the sum of US$98 dollars, this is the only fee that you has to pay.

We further request you to kindly clear security bonded keeping fee of US$98 Dollars to enable us effect the delivery of your ATM card to you as soon as possible. At the meantime, you have to get back to us with your address where your package would be delivered to you within the nest 48hrs.

Your complete Name:…………………………
Your Complete Address:………………………
Your Mobile Number:…………………………..

Upon your swift response, we shall instruct you on how you will make the payment to the security office before we would be allowed to move your package. Our delivery duration is only 48hrs starting from the time when your package was picked up and dispatched out from our office here in Ghana.

We anticipate your response.

Thank you.

Mr. Mac Moses
FedEx Delivery Officer
Tel: 233- 247630112

-End of email-

From the email header, you will able to see some useful information:
1> Source email address.
2> Source mail server
3> Source IP address connected to mail server
4> Reply to address

From the "1> Source email address", you know that the email is coming from "chinkyeyes@rogers.com". Rogers.com is exactly a Canadian ISP, which uses Yahoo mail gateway (as shown below). So it has verified the "2> Source mail server" in the mail header.

From the "3> Source IP Address" (41.218.192.255), it was from Ghana. So it is likely that the user "chinkyeyes" account was compromised by the scammer.

Scam mail tends to show tell-tale sign such as spelling error.

I won $10,000 worth of shopping voucher??

2011-09-30T18:06:00.006+08:00

I received an email informing me that i have won $10,000 worth of shopping voucher coming from HardwareZone's newsletter.

The email format really give me the impression that i am the lucky winner, with two other "winners" listed in the email.

But after reading through the emails, it start to show tell-tale sign that it is just an advertisment and i did not really won a prize. They skillfully claims that "you may be a possible winner" as not to be accused as fraud later.

After clicking the link "www.greatsingaporevoucher.com.sg" to "verify" your details, it was obvious that the email is actually a legal "spam".

By "verifying" your details, you are actually joining the lucky draw instead. It also allow them to collect your information so to legally "spam" you further via Handphone, email, and mailing address.

w01f advise: If anyone still interested to join this lucky draw (or any similar online contest) and to be "spam" further, make sure you read and understand their "Terms and Conditions" and "Privacy Policy" before releasing your personal information to them.

Default again?

2011-09-29T20:44:00.001+08:00

Another device found to be using default password. This time is a home router in Korea. It is a DAVOLINK DVW-2000N router.

w01f advise: Home router console should not be accessible from the Internet. The account should also be properly secured with strong password.

"Easy" access to exam questions?

2011-09-27T22:18:00.002+08:00

While doing my "googling" and security analysis, i happen to come across a Shanghai school portal and manage to easily "gain access" into the "admin" account.

With the admin access, i am able to access to all the documents in the portal. Wondering if there are any exam questions in there?

I can do a listing of all the user account, which i can edit or delete.

w01f advise: Web portal should be proper secured, especially the administrative account. Strong password should also be used by all users.

Disclaimer: Only access to the "main" and "user account" page, no modification to the portal and no download of any files from this portal. It is purely for security awareness purpose with no malicious intent.

Should print server be secured?

2011-09-25T20:28:00.006+08:00

Recently, there are many news on data lost of customer information, product designs and algorithms from big corporation. WikiLeaks that exposed sensitive communication. Printers can be one of the good source of data leakage.

When surfing and "googling" around the Internet, we still see many print servers accessible from Internet. Some of these print servers were even configured with default login credential.

Beside data leakage, you can also create some disruptions to their business by making unauthorized changes.

Below are some examples, which i manage to gain access.

From the Admin console, we can access the "System Tools".

We can also make changes in "Advanced Setting".

w01f advise: Print server should not be accessible from the Internet. If access from the Internet is required, make sure it is properly secured and change all default login.

Test Drive OmniPeek 6.6

2011-07-01T14:04:00.001+08:00

Last week, WildPackets released OmniPeek 6.6, the first network analyzer with 802.11n 3-stream wireless support. You can test it out but downloading the Wireless Essentials Pack. The pack includes the OmniPeek Enterprise 6.6 demo software as well as three popular wireless add-ons: Wireless Signal Stats, Wireless Channel Aggregator, and Roaming Latency Analyzer.

The video below with Jay Botelho, Director, Product Management, and Chris Bloom, developer and evangelist of WildPackets will tell you all about OmniPeek's wireless capabilities.