InfoSec Philippines

Information Security, Technology News and Opinions

Archive for November, 2009

“El Sibakero”, #3

Posted by Daniel Tumalad on November 22, 2009


#3: “NOT-4-HIRE”

[got something you’d like to share with us? email danieltumalad  atyahoodotcom]
facebook_button

Advertisements

Posted in El Sibakero | Tagged: | Leave a Comment »

Quick Tips: Securing Your AP

Posted by Daniel Tumalad on November 15, 2009

jeepney_cover

"El Sibakero", Rollin' Down the Street...

A few years ago, a German hacker visited the Philippines and went wardriving on the streets of Ayala. He observed the lack of security in most of the wireless networks he discovered, prompting people to address the situation.

Today, many are still ignoring the importance of protecting their wireless networks. There are plenty of APs in condominiums, corporate buildings and commercial establishments that still use insecure WEP or don’t use any form of encryption at all. [results=car+laptop+airodump, office->home]

With a lot of information and software pertaining to hacking wireless networks freely available on the Internet, almost anyone can obtain illegal access to insecure wireless networks.

Protect your AP:

1. Enable Encryption
With both WEP and WPA-TKIP having security flaws, your best bet is WPA2-CCMP. Make sure you choose a difficult-to-guess passphrase (alpha-numeric+special characters) and “try hard” to change your key every 3 months.

2. Configure AP Administration
Change the default AP admin password, disable remote administration and restrict AP management to local encrypted access (SSL) only. If you are feeling the need to overkill then also disable the wireless LAN access, make the administration console accessible only through the wire.

3. Security through Obscurity
Replace the default SSID and disable SSID broadcast.

4. White-list the MAC-Addresses of your Users
If all else fails, this can possibly make it hard for attackers to join the wireless network.


Internal Links:
Wireless Hacking
Using Nmap to Detect Rogue APs
Password Tips

 

Posted in El Sibakero, Wireless | Tagged: , | 2 Comments »

“El Sibakero”, #2

Posted by Daniel Tumalad on November 10, 2009

el_sibakero_01-03

Material by jim.facebook_button

Posted in El Sibakero | Tagged: , | Leave a Comment »

Turn your Netbook into a Security Cam

Posted by Daniel Tumalad on November 9, 2009

“Pugad Lawin” (Hawk’s Nest) is a simple application that turns your winxp netbook (or any box with a webcam) into a security camera. You can watch your home or your office while you’re not there.

Click here to download (source included)

[Note: the executable file is only 25 kilobytes because it was coded in masm32 and it opens a port (80-HTTP) for its web interface. It does not contain any trojan or malware]

screenshot

screenshot

Quick setup:
1. Run PL.EXE
2. Choose a password
3. Choose unblock when prompted by your firewall
4. Access your webcam by opening a browser->http://your.ip.adress.here/ (It would be easier if you have DDNS)

*Requires a little config if you are behind a router/fw.

You can do plenty of “fun” stuff with this (e.g., wireless cctv, baby monitor+iphone). It’s up to the limits of your imagination, but do remember to behave. 😀

Thanks to alex, x.solis and the stare (blackberry test) for their feedbacks. This is my first time to code again in a very long time, please report if you find any bugs. 😀

[Alpha 0.2: Fixed auth-bypass bug found by sujiru]

Posted in Home Grown Apps | Tagged: , | 4 Comments »

“El Sibakero”, #1

Posted by Daniel Tumalad on November 4, 2009

Introducing infosec.ph’s weekly cartoon strip, “El Sibakero”.

el_sibakero_01-01http://www.facebook.com/pages/The-El-Sibakero-Project/151004647367

Posted in El Sibakero | Tagged: , | 1 Comment »

More InfoSec Glossary: Freely Available ISO 27000 PDF

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 2, 2009

The ISO 27000 (Information security management systems — Overview and vocabulary) document is part of ISO’s Publicly Available Standards. Because of this, you may download it, store it on your PC, and print out one copy of the file, but aren’t allowed to transfer or place it on a network without the authorization of the copyright owner. You can read the whole License Agreement, and download the ISO 27000 document here.


Another place to check out for InfoSec definitions is at the Software and Systems Engineering Vocabulary (SE VOCAB) Site. This is a project of the IEEE Computer Society, and ISO/IEC JTC 1/SC7.


SITE NEWS
It has been a very busy couple of months for the Admins of Infosec.ph. In behalf of the other Admins, thank you for all your comments and support. Some of the comments have specific questions which we choose not to publish. For these kinds of more specific questions and comments, you may e-mail us at infosecphils@gmail.com.

For news updates, kindly check out our Facebook Page, and our Twitter page.

Posted in Free, Glossary, ISMS | Tagged: , , , | 5 Comments »