NFR BackOfficer Friendly
NFR is currently offering BackOfficer Friendly as a FREE download for personal use only.
NFR Security® BackOfficer Friendly is a useful little burglar alarm - simple, unobtrusive, and easy to install - which rings when someone rattles your doorknob. It identifies attacks from Back Orifice, one of the nastier hacking applications, as well as other sorts of scans.
BackOfficer Friendly Features
BackOfficer Friendly is a spoofing server application that runs on your Windows system, and actively notifies you whenever someone attempts to remotely control your system using Back Orifice. Basically, it pretends to be a Back Orifice server. BackOfficer Friendly gives the attacker false answers that look like they came from Back Orifice, while logging the attacker's IP address and the operations they attempted to perform.
Not only can BackOfficer Friendly pretend to be a Back Orifice server, it contains routines that allow it to selectively emulate a variety of other services, such as FTP (file transfer protocol), HTTP (used on the Web), and SMTP (used in transferring e-mail). When someone runs an automated probe such as a Ballista scan, ISS scan, or SATAN scan against your desktop, BackOfficer Friendly produces a string of alerts, making it quite obvious to you what occurred.
BackOfficer Friendly can interact with the hackers, pretending to be a Back Orifice server or server for other types of requests. Instead of silently discarding their commands, it sends them responses
Thursday, May 09, 2002
Applied Cryptography for Magnetic Stripe cards
The intention of this document is to provide a basic understanding of cryptography and techniques applied to magnetic stripe cards in the financial industry.
This subject is normally approached with some trepidation by the uninitiated, however it is reasonably straightforward once the basic principles are explained.
Cryptography is complex, but its practical application is less so. It is not necessary to understand the mathematics involved in order to successfully use and manage cryptography in a financial environment.
Because of the security implications of card cryptography, it is extremely hard to find information in any form explaining this application, which adds to the somewhat unnecessary shroud of mystery surrounding the topic. In early implementations, a measure of additional security was provided by ensuring that few people knew exactly how these mechanisms worked and this method of operation has permeated into today's implementations.
However, none of the information provided in this document will compromise security in any way.
Although other, more secure card tokens are becoming available, the magnetic stripe card is significantly cheaper than alternatives, and is by far the most common card type in use. Security techniques for magnetic cards have slowly but steadily improved, and properly implemented can provide perfectly adequate security for financial transactions in a very cost-effective manner.
The intention of this document is to provide a basic understanding of cryptography and techniques applied to magnetic stripe cards in the financial industry.
This subject is normally approached with some trepidation by the uninitiated, however it is reasonably straightforward once the basic principles are explained.
Cryptography is complex, but its practical application is less so. It is not necessary to understand the mathematics involved in order to successfully use and manage cryptography in a financial environment.
Because of the security implications of card cryptography, it is extremely hard to find information in any form explaining this application, which adds to the somewhat unnecessary shroud of mystery surrounding the topic. In early implementations, a measure of additional security was provided by ensuring that few people knew exactly how these mechanisms worked and this method of operation has permeated into today's implementations.
However, none of the information provided in this document will compromise security in any way.
Although other, more secure card tokens are becoming available, the magnetic stripe card is significantly cheaper than alternatives, and is by far the most common card type in use. Security techniques for magnetic cards have slowly but steadily improved, and properly implemented can provide perfectly adequate security for financial transactions in a very cost-effective manner.
Tuesday, May 07, 2002
Paris Labs
Knowledge is an unending adventure at the edge of uncertainty -- JacobBronowski
"Imagine a school with children that can read and write, but with teachers who cannot, and you have a metaphor of the Information Age in which we live." — Peter Cochrane.
Knowledge is an unending adventure at the edge of uncertainty -- JacobBronowski
"Imagine a school with children that can read and write, but with teachers who cannot, and you have a metaphor of the Information Age in which we live." — Peter Cochrane.
Human Intelligence, or Lack Thereof? A Lesson in Social Engineering
It's been a while since I've written a decent article, mainly because there's a lot going on for me right now. But anywho, you've all heard about "social engineering" and how it can be done. Social engineering is my forte, most likely due to my curiosity in human beings. No matter the barrier, you'll always have a friend to get you what you want.
It's been a while since I've written a decent article, mainly because there's a lot going on for me right now. But anywho, you've all heard about "social engineering" and how it can be done. Social engineering is my forte, most likely due to my curiosity in human beings. No matter the barrier, you'll always have a friend to get you what you want.
Monday, May 06, 2002
Forensic Computing MSc/PgDip
Suitable for law enforcement officers, government staff, security consultants, corporate security personnel and members of associated agencies in the UK and elsewhere.
Takes you on to a new career or possible promotion. The majority of students are sponsored by their employers and will continue to work for them on completion of the MSc, perhaps at a more senior level. The course may also be used as a method of moving into these areas of work.
Course description
The student is helped to develop critical thinking and problem solving capabilities and material is included on criminal psychology and ethics. A business awareness is developed, providing accounting skills, exploring issues relating to corporate fraud and the preparation of evidence. Some training in courtroom skills is also provided.
The course is offered in part-time mode, with students attending a residential seven-day, full-time school, four times each year. Students have directed reading, research and coursework to complete between schools. Students must complete the equivalent of 12 modules and a dissertation in a relevant topic. Normally, students are required to take four modules each year for two years, and complete the individual dissertation during the third year.
Suitable for law enforcement officers, government staff, security consultants, corporate security personnel and members of associated agencies in the UK and elsewhere.
Takes you on to a new career or possible promotion. The majority of students are sponsored by their employers and will continue to work for them on completion of the MSc, perhaps at a more senior level. The course may also be used as a method of moving into these areas of work.
Course description
The student is helped to develop critical thinking and problem solving capabilities and material is included on criminal psychology and ethics. A business awareness is developed, providing accounting skills, exploring issues relating to corporate fraud and the preparation of evidence. Some training in courtroom skills is also provided.
The course is offered in part-time mode, with students attending a residential seven-day, full-time school, four times each year. Students have directed reading, research and coursework to complete between schools. Students must complete the equivalent of 12 modules and a dissertation in a relevant topic. Normally, students are required to take four modules each year for two years, and complete the individual dissertation during the third year.
Subscribe to:
Posts (Atom)