Kategori surveillance

Difference between a vulnerability assessment and a penetration testing!

Vulnerability Assessments

A vulnerability assessment is the process of running automated tools against defined IP addresses or IP ranges to identify known vulnerabilities in the environment. Vulnerabilities typically include unpatched or mis-configured systems. 

The purpose of a vulnerability scan is to identify known vulnerabilities so they can be fixed, typically through the application of vendor-supplied patches. Vulnerability scans are critical to an organisations’ vulnerability management programme. The scans are typically run at least quarterly, though many experts would recommend monthly scans.

Penetration Tests

One of the initial phases performed by a penetration tester is to perform a vulnerability scan to learn the IP addresses, device type, operating systems and vulnerabilities present on the systems. The next phase of a penetration test is exploitation which takes advantage of the vulnerabilities identified in the system to escalate privileges to gain control of the network or to steal sensitive data from the system.

Both should be performed

Although vulnerability assessments and penetration testing have different goals, both should be performed to improve the overall security of the information system by a skilled information security professional. The vulnerability assessment should be performed regularly to identify and fix known vulnerabilities on an on-going basis. The penetration test should be performed by a skilled and experienced penetration tester at least once a year and definitely after significant changes in the information systems environment to identify exploitable vulnerabilities in the environment that may give a hacker unauthorized access to the system.

Difference between a vulnerability assessment and a penetration testing by Arthur Soghomonyan

How to Use Plus Addressing in Gmail

A great way to filter incoming messages is to use plus addressing in Gmail, eg JoeSmith+Facebook@gmail.com. You can also use this method if you are required to enter your email on a site you are afraid might sell your email to other companies: if they send you spam emails, you’ll know which site gave them your email.

Läs mer

Facial recognition: It’s time for action

 |   Brad Smith – President

In July, we shared our views about the need for government regulation and responsible industry measures to address advancing facial recognition technology. As we discussed, this technology brings important and even exciting societal benefits but also the potential for abuse.<…>

In particular, we don’t believe that the world will be best served by a commercial race to the bottom, with tech companies forced to choose between social responsibility and market success

Läs mer

Google’s Earth: how the tech giant is helping the state spy on us

We knew that being connected had a price – our data. But we didn’t care. Then it turned out that Google’s main clients included the military and intelligence agencies. <…>

Where we go, what we do, what we talk about, who we talk to, and who we see – everything is recorded and, at some point, leveraged for value. Google, Apple and Facebook know when a woman visits an abortion clinic, even if she tells no one else: the GPS coordinates on the phone don’t lie. One-night stands and extramarital affairs are a cinch to figure out: two smartphones that never met before suddenly cross paths in a bar and then make their way to an apartment across town, stay together overnight, and part in the morning. Läs mer

Säpo kräver datalagring och trojaner

Säpo borde vara angeläget om att öka IT-säkerheten, inte medvetet försvaga den!”

Säpo vill att datalagringen – som EU-domstolen upphävt på grund av att den strider mot grundläggande mänskliga rättigheter – skall återupptas. -/-

Säpo ogillar kryptering, eftersom den gör det svårare för dem att övervaka folk. Samtidigt är kryptering ett viktigt, ofta nödvändigt verktyg för företag, organisationer och individer.

Att skapa bakdörrar till kryptering vore att underminera säkerheten för alla, inklusive för centrala samhällsfunktioner. Det skulle öppna dörren för allehanda cyberbrottslingar och främmande stater.-/-

Återigen handlar detta om ett verktyg som – när det hamnar i orätta händer, vilket det förr eller senare kommer att göra – försämrar säkerheten för alla. Det är rena drömmen för brottslingar, spioner och trollfabriker.

https://femtejuli.se/2018/12/07/sapo-vill-ha-kraver-datalagring-och-trojaner/

Australia passes controversial anti-encryption law that could weaken privacy globally

The Australian government has passed new legislation that would allow law enforcement authorities to force tech companies to hand over user information, even if it’s protected by end-to-end encryption (via BBC). The Assistance and Access Bill 2018 has been criticized by Apple as well as other technology companies and academics who argue that the legislation will weaken the data security of all Australians, with a reach that could jeopardize the data of companies, citizens, and societies around the world. Läs mer

“Utan kontanter går vi rakt in i en digital diktatur” – tidigare rikspolischef varnar för naivitet

Kontanterna spelar fortfarande en stor roll inom den gråa och naturligtvis också svarta ekonomin, men de elektroniska betalningssystemen föder nya former av brottslighet som belastar polisen. Nätbedrägerierna växer lavinartat och drivs ofta av internationella ligor.

– Det blir både lättare och svårare att tackla den här typen av ekonomisk brottslighet, berättar kriminalkommissarie Hannu Kortelainen vid Helsingforspolisen. Läs mer

Den frihet vi ger upp är svår att vinna tillbaka

Regeringens årliga sammanfattning av hur röstboskapet har buggats och avlyssnats är ingen munter läsning.

Lagar som stiftades i kampen mot terrorism används numera till att klara upp stölder i badhus. -/-

Den som tycker att utvecklingen inte är mycket att tjafsa om bör betänka att det finns mycket goda skäl till att våra grundläggande rättigheter har skyddats i lag och i internationella konventioner.

https://www.aftonbladet.se/a/9mw5aE/den-frihet-vi-ger-upp-ar-svar-att-vinna-tillbaka

Can DuckDuckGo Become the Anti-Google?

”Recently, a privacy-oriented search engine called DuckDuckGo raised $10 million from a Canadian pension fund,” reports Marketplace.org, saying the privacy-focused search engine is ”trying to establish itself as the anti-Google.” An anonymous reader quotes their report:

”So it’s like Google, except when you search on it, you’re completely anonymous,” said Gabriel Weinberg, CEO of the company. The searches are encrypted. The site knows where you are, but only while you’re searching, and it doesn’t store your personal information. ”We serve you the search results and we throw away your personal information…so your IP address and things like that. And we don’t actually store any cookies by default. And so when you search on DuckDuckGo, it’s like every time you’re a new user and we know nothing about you…” Weinberg said about a quarter of Americans have taken some action to protect their privacy, and DuckDuckGo searches have been growing about 50 percent a year. Läs mer