Category Archives: Information Security

The ePickpocketer

The great EMV migration has been here with us for a while and everybody is excited with the new innovations of cashless payment (especially matatu industry) which brought a lot of excitement even though still trying to trace its tracks to be adopted industry-wide. This is because no other industry Kenyans detest like the matatu industry. Most Kenyans detest matatu drivers (because of careless driving) and conductor due to their crooked and dishonest behavior. No-wonder we use disgraced names like “Makanga”,”Concordi / Konkodi (Local Swahili slang for pickpocket-er)” etc to refer to conductors since there aim is to con us the meager shillings by increasing the fares or refusing to handover change. 

As the saying goes, “The more things cange, the more they remain the same”  ~Jean-Baptiste Alphonse Karr. Contactless / radio-frequency identification chips (RFID) / Near Field Communication (NFC) chips bring in new paradigm of IT risk profile revolutionizing ‘ Concordi (Konkodi)’ to ePickpocketer. Continue reading The ePickpocketer

PENETRATION TESTING OF ANDROID-BASED TABLET

ABSTRACT
“If you know the enemy and know yourself you need not fear the results of a hundred
battles.” – Sun Tzu, Ancient Chinese Strategist and Philosopher
The purpose of this a study is to conduct a pen test in android-based tablet. The pen test
was implemented in a manner that simulated a malicious attacker engaging in a targeted
attack against the tablet with the goal of pinpointing how an attacker could penetrate
android-based tablet security features. The assessment was conducted in accordance with
the recommendations outlined in NIST SP 800-115 penetration testing guidelines.
The results of this assessment will be used by Network administrators, Information security
managers and Information system auditors on how to make decisions on securing tablets
and Bring Your Own Device (BYOD) accessing the organization network. All tests and
actions were conducted under controlled conditions and a report written with detailed
explanation of the activities involved and the objective of the test.

Get a copy  here

Can you track a ‘Turned off’ Cellphone?

cyber crime has been hitting the headlines of late. Michaels snowden, the run away NSA agent holed up in Russia has given us a glimpse of the whole new world that we never imagined.  For sure i can now conclude that;

“If you did not invent the technology, you never know the devil inside it”, by Kimson Kimathi.

Why do i say this? Well, it is true ” the National Security Agency has had the ability to track cell phones, even when they’re turned off” (informationweek.com,Mathew J. Schwartz | July 25, 2013 09:06 AM).

“This tracking ability was revealed on July 20 by The Washington Post, in an article chronicling the evolution of the NSA’s signals intelligence work in the wake of the Sept. 11 attacks, when intelligence agencies, the military and the FBI created an “insatiable demand for its work product.” Continue reading Can you track a ‘Turned off’ Cellphone?

The ‘Big Brother’ is here! …….

https://i2.wp.com/www.redorbit.com/media/uploads/2013/02/shutterstock_1629978-617x416.jpgIs Big Brother watching from the Raytheon headquarters? The security firm has reportedly developed software that can track people’s online habits and predict future behavior based on data from social-networking websites.

The “extreme-scale analytics” system, named Riot (Rapid Information Overlay Continue reading The ‘Big Brother’ is here! …….

LEGAL ARGUMENTS FOR AND AGAINST THE USE OF OPEN SOURCE FORENSICS TOOLKITS IN COURT PROCEEDINGS IN KENYA

Abstract

Purpose – The purpose of this paper is to explore legal arguments for and against the use of open source forensics toolkits in court proceedings in Kenya

Design/methodology/approach– The methodology used is literature review from scientific research papers and laws of Kenya.

Findings–There is no relevant laws in Kenya about the support of usage or against usage of digital forensics tools either open source or licensed. The laws currently in place does not clearly state on which methods should be used to verify the accuracy and reliability of the tools used and how to determine the best tools to conduct open source digital forensics.

Paper type – Research paper

Keywords—Computer, Forensics, digital, email

Get a copy here!

Microsoft Malware Protection Center October 2012 update

The Internet is a great place to share; we share information, ideas, experiences, software, and media through many different services over the Internet. The Internet is also a great place to do business and to shop for great deals on software, movies, and music as well as other goods and services. Unfortunately, malware distributors take advantage of people’s desire to share and find the best deals by using social engineering in attempt to infect computer systems. Continue reading Microsoft Malware Protection Center October 2012 update

How to Protect Against the Threat of Spearphishing Attacks

SS Labs’ researchers have identified spearphishing as the most common targeted method sophisticated attackers use to compromise high-value targets. Where classic phishing takes a net-casting approach in its use of email — not unlike a low-end spam campaign — spearphishing uses social engineering techniques to create a more targeted invitation to click on a link or an attachment contained in a message. A recipient who follows the link may be invited to provide a user name and password or other personal information, or malware may be silently installed on the target’s computer.
Phishing and spearphishing attacks both begin with an email and rely on end-user cooperation — obtained via social engineering — to advance the attack. The protections used to repel untargeted phishing attacks will repel the overwhelming majority of spearphishing attacks.
The most effective defenses are user education and training that help end users avoid behaviors that enable successful phishing attacks. Technologies like antivirus tools and endpoint protection platforms (EPPs) have shown only mixed results in defending against exploits, and it is clear that a reliance on purely technological solutions is likely to be ineffective.

Download this analysis brief to learn about our findings and recommendations.