Two Reports on Information Security

2008 Data Breach Investigations Report - Verizon Business
http://www.verizonbusiness.com/resources/security/databreachreport.pdf

2007 Global Security Survey - Deloitte
http://www.deloitte.com/dtt/cda/doc/content/ca_en_Global_Security_Survey.final.en.pdf

RDP Encrption - MITM Vulnerability

Just doing regular vulnerability scan and found "Microsoft Windows Remote Desktop Protocol Server Private Key Disclosure Vulnerability" on one of my home servers.

It is a repeatable vulnerability and proven it had problem.

Massimiliano Montoro had written a detailed paper on this and it can be found at http://www.oxid.it/downloads/rdp-gbu.pdf

Will try to do an exercise soon to test using Cain & Abel.

Blackjacking?!

Do you know what is Blackjacking? Playing Blackjack? Nope.

It is a new term refering "BlackBerry Hijacking". Cool... it refers to hacking and hijacking to handheld devices. Yes, enterprises tend to have more mobility by using these tiny devices for mobile communications. However, the security on these new technologies are often missed.

Have you evaluate the risk associate with these wireless technologies together with handheld devices (not limited to BlackBerry, but also other handhelds like iPhone, cell phones, PDAs, etc.)? It is an interesting topic for research.

Welcome to White Hat - Information Security Blog

Wow... welcome to my infosec blog.

I wish this becomes a platform for people around the world to share information security related issues.

Write, write and write... I believe writing can make knowledge sharable.