IceScrum and browsers troubles.

by Alberto González on Oct.25, 2011, under Tips & Tricks, Tools

Few months ago I realized that the iceScrum version I use for job stop working on modern browsers.
When I tried to “Connect” with my account the system threw the next screen:


After trying different options, logs reviewing and more I could find a solution for the problem. I haven’t had time to dig into the iceScrum code but If you want to log into the system with modern browsers you just need to force the browsers to make all the requests with a different User-Agent in their headers.
As a former web developer I use to have all popular browsers installed just in case. I found the easiest way to change the User-Agent header is using Safari as web browser and activate the “Develop menu bar” from the Advanced tab in the preferences menu.


After that you just need to change the User-Agent in the Develop menu and try, for example, Safari 5.0.6. If you can not view the whole Menu Bar just press the <Alt> key.


And then just try to Connect again in iceScrum. You’ll have no more troubles.

Well, that’s all for now.

Leave a Comment : more...

The Google Chrome Netbooks security

by Alberto González on Jun.02, 2011, under Cryptography, Information Security, New Releases


Recently Google announced its Google Chrome netbooks aka Chromebooks. They have great features like 3G support, boot time of seconds, automatic updates, review of core files integrity on every boot and more. With all these new functionalities on netbooks the security is extremely important because they have no experience with this set of technologies and they don’t know how people will take these changes and how “hackers” will take this new challenge.

Let’s review some of the security concepts and possible cons within the Chromebook.
(continue reading…)

Leave a Comment more...

Do you really know what a hacker is ?

by Alberto González on May.18, 2011, under General, Information Security


Personally I almost never use the word “Hacker”. Why’s that? Well, I don’t like how people use it nowadays. Newspapers, magazines, TV, even Internet use to name “hacker” to every person who breaks into a bank account, steals information, gets into an e-mail account, corrupts a program and, in general, any kind of criminal acts related to computing.

Personally I think being a “hacker” involves much more than that. People with some computing knowledge know that when you find a real hacker you will not want to loose the contact. Being a real hacker involves to know a lot of useful things about almost everything. You can ask them something about literature and they will know about the topic, you can ask them about politics and they will know, about administration, psychology and, really, almost every topic you can think of.

How do they obtain the information ? Well, it’s a simple question but the answer can be very complex.

Reading (also real books obviously), blogging, watching, listening and with almost every activity they do. After that the information is analyzed, is associated, linked and stored very very carefully for being able to find it in the future, when ? when they need it and just when they need it. Real hackers will never tell you all the stuff they know, will never presume their knowledge, even they will not tell you if you are wrong until you ask for their opinion. You must never underestimate a hacker, that is a terrible mistake and you must know that the way they think is extremely fast. Maybe you’re thinking that you will surprise them but trust me, they already thought in that situation.

All that information can only be acquired sacrificing part of their life. Usually the social part.

They know the power they have and they know exactly the things they can do. Even so… they know that they will never know everything.

7 Comments : more...

Authentication methods and stronger security in Google and Facebook

by Alberto González on May.09, 2011, under Information Security, Web security

Authentication is the process of identifying an individual, an artifact or something that needs to be identified. We “practice” authentication every time we log in to an account, for example, our computer operating system, hotmail or facebook accounts, a bank application and more.

When we talk about authentication we usually deal with one of the three general options available:

  • Something that you know: This is the most common method everywhere. We just have to know “something” and remember it each time we need to log in to an account. Usernames, passwords, NIPs, all of them are “things” we know and we type them when we want to access our accounts. The weak behind this method is that if someone else knows this information, that person could access our accounts in the same way as we do.

    • (continue reading…)

    Leave a Comment more...

    iPhone, Android, Win 7 y el almacenamiento de datos tan polémico

    by Alberto González on Apr.29, 2011, under Incidents, Information Security, Mobile, Tools, Wireless security

    Desde hace unas semanas se ha hablado mucho de que los móviles iPhone, el OS Android y el Windows 7 para móviles almacenan ciertos datos de los usuarios sin su consentimiento. El tipo de datos que almacena de esta forma son las ubicaciones de redes inalámbricas, antenas 3G,GSM y otros tipos de enlaces a los que el dispositivo se pudiera conectar de forma inalámbrica.

    Pueden ver un poco de cómo surgió la noticia en los siguientes enlaces:

  • http://www.infosecurity-magazine.com/view/17562/apple-and-android-smartphones-silently-track-their-users/
  • http://www.infosecurity-magazine.com/view/17658/apple-responds-to-user-location-controversy/
  • http://www.techradar.com/news/phone-and-communications/mobile-phones/jobs-responds-to-iphone-tracking-fears-we-don-t-track-anyone–947661
  • http://www.infosecurity-magazine.com/view/17609/now-windows-7-smartphones-collect-your-location-data/

    • Como pueden ver es una funcionalidad común entre estos dispositivos. Aparentemente el motivo de que almacenen estos datos es para poder reconectarse a estos puntos de acceso de forma más rápida.

    Si tienes un iPhone, existe una aplicación que te permite leer esa información almacenada en tu dispositivo y mostrarte, en forma gráfica y bastante conveniente, lo que realmente contiene esa base de datos.
    Una imagen de como te muestra esa información la aplicación y el link de descarga los puedes encontrar aquí: http://petewarden.github.com/iPhoneTracker/.

    Uno de los principales problemas del almacenamiento de esta información es que el archivo donde se encuentran los registros no se encuentra cifrado, es decir, cualquier persona podría leerlo facilmente. Pudiendo así extraer ese archivo sin que el usuario se pueda percatar de eso y poder rastrear su actividad. Si bien, como dice Apple, no lleva un “tracking” de los movimientos del usuario, pero sí lleva un registro de las conexiones que ha hecho o que el dispositivo ha detectado. Con lo cual uno fácilmente se puede dar una idea de los movimientos de dicha persona.

    Si quieren conocer más a detalle como funciona y los datos exactos que almacenan estas bases de datos pueden consultar el siguiente enlace: http://www.hispasec.com/unaaldia/4570.

    Leave a Comment more...

    Looking for something?

    Use the form below to search the site:

    Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

    Blogroll

    A few highly recommended websites...

    Archives

    All entries, chronologically...