http://itriskspace.com/categories/riskmanagement/ From Reverse Engineer to CIO, we want to enlighten you all! en Daria, Igor and Andreas Sat, 09 Jan 2010 11:39:00 GMT Pebble (http://pebble.sourceforge.net) http://backend.userland.com/rss http://itriskspace.com/2010/01/09/1263037140000.html <link rel="File-List" href="file://localhost/Users/andreaswuchner/Library/Caches/TemporaryItems/msoclip/0/clip_filelist.xml" /> <!--[if gte mso 9]><![endif]--><!--[if gte mso 9]><xml> 0 false 18 pt 18 pt 0 0 false false false </xml><![endif]--><!--[if gte mso 9]><![endif]--> <style type="text/css"> <!-- /* Font Definitions */ @font-face { panose-1:2 15 5 2 2 2 4 3 2 4;} @font-face { panose-1:2 4 5 3 5 4 6 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; font-size:12.0pt;"Times New Roman"; mso-bidi-"Times New Roman";} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-style-parent:""; font-size:12.0pt;"Times New Roman"; mso-fareast-"Times New Roman";} </style> <![endif]--> <!--StartFragment--> <p><span style="color: black;">As all of you most probably have heard of, on 28th of December 2009 a German computer engineer announced at the CCC in Berlin that he had cracked the A5/1 cipher used in GSM communication. This would mean that someone could eavesdrop on confidential information exchanged via a cell phone. <br /> <br /> I have asked my Cryptography Competence Center around Prof. B. Esslinger to analyzed the risk and to provide a security report with further details and recommendations, which you can find below.&nbsp; More information about the work of Prof. Esslinger and the open source crypto community can be found on the project page at <a href="http://www.cryptool.org/index.php/en.html">http://www.cryptool.org/index.php/en.html</a><br /> &nbsp;<br /> Currently, we see the risk still as acceptable and from a technical point of view, the situation is under control. However, this might change very soon and therefore this risk area must be continuously monitored.<br /> &nbsp;<br /> NOTE: In general, phones, especially cell phones and cordless phones, shall not be considered as secure communication devices. For business areas with high confidentiality requirements, the usage of encrypted mobile phones is strongly recommended. <br /> <br /> I really like the report and therefore I wanted to share with all of you as you may have the same questions or requirements in your area of responsibility.<br /> <br /> Cheers<br /> -Andreas</span></p> <!--EndFragment--><p><a href="http://itriskspace.com/2010/01/09/1263037140000.html">Read full article</a></p> Risk Management Newsflash http://itriskspace.com/2010/01/09/1263037140000.html#comments http://itriskspace.com/2010/01/09/1263037140000.html Sat, 09 Jan 2010 11:39:00 GMT http://itriskspace.com/2009/09/25/1253891160000.html In August 2009 Karsten Nohl introduced his GSM Open-Source project @ HAR 2009 (Hacking at Random http://har2009.org) in the Netherlands. In his speech &ldquo;Subverting the security base of GSM&rdquo; he and Sascha Krissler explained the weaknesses of the standard encryption method A5/1 used globally around the world within the GSM networks. More details can be found within the full story.<br /> <br /> Enjoy<br /> -Andreas<p><a href="http://itriskspace.com/2009/09/25/1253891160000.html">Read full article</a></p> Risk Management Software Malware http://itriskspace.com/2009/09/25/1253891160000.html#comments http://itriskspace.com/2009/09/25/1253891160000.html Fri, 25 Sep 2009 15:06:00 GMT http://itriskspace.com/2009/08/17/1250538120000.html During economic crisis we would like to provide you with some awareness information around information operations.<br /> <br /> The following article has been written by Martin Rutishauser, MAS Information Security and Security Engineer at Ispin AG.<br /> <br /> Martin and I have studied together at the University of Applied Sciences in Lucerne and are good friends since, both being IT-Security enthusiastics.<br /> <br /> Martin is mainly working around the subjects penetration testing, forensics and information operations.<br /> <br /> At this point I would like to thank Martin for taking time to write this article, which might be an eye opener to some.<p><a href="http://itriskspace.com/2009/08/17/1250538120000.html">Read full article</a></p> Risk Management Privacy http://itriskspace.com/2009/08/17/1250538120000.html#comments http://itriskspace.com/2009/08/17/1250538120000.html Mon, 17 Aug 2009 19:42:00 GMT