hakin9_2011_04_40.pdf

PRACTICAL PROTECTION IT SECURITY MAGAZINE

04/2011 (40)

team

Dear Readers,

The incredible technology progress allows us to use our

mobile devices for almost every aspect of our lifes. We

use cell phones to buy tickets, to make wire transfers, visit

facebook and much more. Practically speaking, our devices

are full of personal information that can be accessed by a

hacker with little effort.

How to defend against emerging threats that target mobile

devices, mobile services, and mobile content? Should we be

concerned with the security of cell phones, smartphones, and

other mobile devices?

In this issue we are exploring the field of mobile

security. Our experts share their knowledge on cell phone /

smartphone threats and security.

Our ID fraud expert talks about mobile malware trends

and analyses the threats it brings. Rebecca Wynn prepared

a great article on smartphones security and privacy in

terms of being a part of Personal Area Network. Our regular

contributor, Gary Miliefsky give us an overview on defending

cell phones and PDA’s ans explains why it is risky to allow

mobile devices access corporate networks with sensitive

information.

I am sure this issue will make you to take a closer look at

your mobile device security.

As always, we look forward to hear from you!

Editor in Chief: Karolina Lesińska

karolina.lesinska@hakin9.org

Editorial Advisory Board: Matt Jonkman, Rebecca Wynn,

Steve Lape, Shyaam Sundhar, Donald Iverson, Michael Munt

DTP: Ireneusz Pogroszewski

Art Director: Ireneusz Pogroszewski

ireneusz.pogroszewski@software.com.pl

Proofreaders: Justin Farmer, Michael Munt

Top Betatesters: Rebecca Wynn, Bob Folden, Shayne Cardwell,

Simon Carollo, Graham Hili.

Special Thanks to the Beta testers and Proofreaders who helped

us with this issue. Without their assistance there would not be a

Hakin9 magazine.

Senior Consultant/Publisher: Paweł Marciniak

CEO: Ewa Dudzic

ewa.dudzic@software.com.pl

Production Director: Andrzej Kuca

andrzej.kuca@hakin9.org

Marketing Director: Karolina Lesińska

karolina.lesinska@hakin9.org

Enjoy your reading

Karolina Lesińska

Subscription: Iwona Brzezik

Email: iwona.brzezik@software.com.pl

Publisher: Software Press Sp. z o.o. SK

02-682 Warszawa, ul. Bokserska 1

Phone: 1 917 338 3631

www.hakin9.org/en

REGULARS

6 in Brief

Latest News From the IT Security World

Armando Romeo, eLearnSecurity

ID Theft Protect

Whilst every effort has been made to ensure the high quality of

the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only for

informative purposes.

All rights to trade marks presented in the magazine are

reserved by the companies which own them.

To create graphs and diagrams we used program

8 Tools

Passware Forensic Kit 10.3

by Michael Munt

The editors use automatic system

Mathematical formulas created by Design Science MathType™

Spyshelter

by David Knife

DISCLAIMER!

The techniques described in our articles may only

be used in private, local networks. The editors

hold no responsibility for misuse of the presented

techniques or consequent data loss.

42 ID fraud expert says...

Mobile Malware Trends and Analysis

by Julian Evans

46 Emerging Threats

Why are Zero-Days Such a Big Deal?

by Matthew Jonkman

04/2011

CONTENTS

BASICS

10 How to use Netcat

by Mohsen Mostafa Jokar

Netcat is a network utillity for reading and writing network connections that

support TCP and UDP protocol. Netcat is a Trojan that opens TCP or UDP

ports on a target system and hackers use it with telnet to gain shell access

to the target system.

14 Security – Objectives, Process and Tips

by Rahul Kumar Gupta

In a world where business is moving towards e-commerce and happening

over the Internet, B2B, B2C, and C2C applications have always been an

area of major security concern due to the pitfalls of HTTP security and the

number of integration points.

ATTACK

22 The Backroom Message That’s Stolen Your Deal

by Yury Chemerkin

Do you want to learn more about bigwig? Is someone keeping secrets from

you? Need to silently record text messages, GPS locations and call info

of your child or employee? Catch everybody at whatever you like with our

unique service.

DEFENSE

28 Smart phones Security and Privacy

by Rebecca Wynn

All the threats that attack your enterprise computer centers and personal

computer systems are quickly encompassing mobile devices. Smart

phones are part of your Personal Area Network (PAN) and the user needs

to remember that everything that is done on them, data saved in them,

communications that touch them in anyway (voice, SMS, email) should be

viewed as public and not private.

32 Defending Cell Phones and PDA’s

by Gary S. Miliefsky

We’re at the very early stages of Cell Phone and PDA exploitation through

‘trusted’ application downloads, Bluetooth attacks and social engineering.

With so many corporations allowing these devices on their networks or not

knowing how to block their gaining access to corporate and government

network resources, it’s a very high risk situation.

SPECIAL REPORT

36 My RSA Conference 2011 Trip Report

by Gary S. Miliefsky

Annual Trek to the Greatest INFOSEC Show on Earth. What’s New and

Exciting Under the Big Top of Network Security.

www.hakin9.org/en

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: