|
 |
dimarts, 27 / febrer / 2007 |
|
|
 L'Snoopstick es comercialitza a la seva pàgina web com «the ultimate tool for monitoring Internet activity», però en realitat és un programa espia que s'instal·la automàticament a les màquines Windows tan sols inserint aquesta memòria USB en un port USB (sempre que tingueu activada l'execució automàtica de l'AUTORUN.INF).
I no només espia... també permet controlar l'activitat, evitant l'accés a determinades webs.
Simply plug the SnoopStick into the computer you want to monitor. Then run the setup program to install the SnoopStick monitoring components on the computer. The whole process takes less than 60 seconds.
The SnoopStick monitoring components are completely hidden, and there are no telltale signs that the computer is being monitored.
(...)
- Monitor all web site access.
- Works with all browsers and web enabled programs.
- Monitor both sides of all "instant messenger" communications.
- Works with all popular IM programs.
- Monitor all email access (SMTP, POP3, IMAP) to see who and when emails were received from and sent to.
- Monitor activities in real time, or retrieve activity logs from recent activity. SnoopStick records everything, whether you are monitoring in real time or not.
- Store up to 12 months of activity logs directly on your SnoopStick.
- All program modules are updated completely automatically so you always have the latest version.
- Send the user a pop up message alert. A good way to tell them they're busted!
- Turn off/on Internet access with the SnoopStick locally or remotely.
- Set allowable times for Internet access.
- Prevent users from using certain types of Internet programs.
- Block access to specified ports.
- Block access to web sites.
- One click "Block Social Networking" option instantly blocks access to sites like MySpace.com.
- Completely secure. Only your SnoopStick can access your computer or change the settings you have chosen.
- Works with Windows 2000, XP, 2003, and is Vista ready.
|
  | 19:02 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 La Pew Internet & American Life Project, una organització sense afany de lucre que analitza l'impacte d'Internet a la societat nord-americana, ha publicat l'informe Wireless Internet Access sobre l'ús de les xarxes sense fils als Estats Units. Algunes de les dades interessants:
- Some 34% of internet users have logged onto the internet using a wireless connection either around the house, at their workplace, or some place else.
- 72% of wireless users check email on the typical day, compared to 63% of home broadband users and 54% of all internet users.
- 27% of adult internet users have logged onto the internet using a wireless device at some place other than their home or place of employment.
- 20% of internet users have gone online at home using a wireless network.
- 88% of laptop users have at one time logged on using a home wireless network.
- 57% have used a wireless network someplace other than home or work to connect to the internet.
- One quarter (25%) of internet users say they have a cell phone that connects to the internet with a wireless connection. Among internet users with this capability on their cell phone, half (54%) have used it to get on the internet either at home, work, or someplace other than home or work. Among those with cell phones that can connect to the internet:
- 47% have done this someplace other than home or work.
- 28% have done this at work.
- 27% have done this while at home.
- Users of the wireless internet tend to be younger than internet users in general. For internet users under the age of 30:
- 37% have logged on wirelessly from anywhere.
- 32% have logged on wirelessly from someplace other than home or work.
- 25% log on wirelessly at home.
- 16% have gotten online by wireless means at work.
- As to devices for accessing the internet wirelessly, among internet users under 30:
- 40% have laptop computers, of which 88% are wireless-enabled.
- 26% have wireless networks at home.
- 40% have cell phones that can access the internet
- 17% have PDAs that can connect to the internet.
|
| 11:51 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 Defensa trabaja en un sistema que entienda el significado de textos y conversaciones
Que un ordenador localice palabras en un documento es un juego de niños. Pero que entienda el significado de una frase en un correo electrónico o una conversación telefónica es un reto. El Ministerio de Defensa español, junto con Italia y Francia, trabaja en ello desde el proyecto "Infraestructura de Inteligencia Semántica Operacional" (OSEMINTI), que acaba de ponerse en marcha.
(...)
Arturo Quirantes, profesor de la Universidad de Granada y estudioso del espionaje gubernamental, refiriéndose a OSEMINTI: "Es un tipo de reconocimiento semántico, es decir, no sólo de palabras sino de ideas, para que conversaciones del tipo "esto va a ser un bombazo" se puedan clasificar y saber si se trata o no de un proyecto de atentado".
Para Quirantes, OSEMINTI es un claro avance respecto a las tradicionales listas de palabras que se dan a un ordenador, para que las localice en una comunicación. Pero asegura: "Tiene sus limitaciones porque los terroristas no son tontos y pueden usar un lenguaje convenido, por ejemplo decir que "las camisas ya están planchadas" para referirse a mochilas-bomba".
|
| 07:58 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[PCWorld] Phishing Sites Explode on the Web. Els llocs dedicats al phishing s'adapten a l'existència de filtres als navegadors.
According to RSA, a security vendor, hackers in January started selling a phishing kit that lets criminals set up very convincing fake Web sites with little effort. The fake site pulls images and layouts from the real site, usually a bank or other financial institution, and passes the user's information back to the real site to mimic a regular log-in--while keeping a copy of the account data for the criminals.
(...)
According to security experts, Rock Phish has pioneered many of the techniques that have contributed to the recent jump in phishing sites. And the image spam that hides its pitch from filters by embedding it in a picture was a Rock Phish invention, these experts say. On some days this one group, which specializes in spoofing U.S. and European financial institutions, may account for as many as one-half of all the phishing sites in operation, according to researchers
També són interessants de conèixer les dades sobre els afectats pel phishing:
Research firm Gartner estimates that 3.5 million Americans gave up sensitive information to phishers in 2006, an 84 percent jump from the previous year--for a total loss of $2.8 billion. One single phishing gang, called Rock Phish, is estimated to have taken in more than $100 million.
|
| 07:53 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[TechRepublic] Avoid these five common IDS implementation errors. Jo sempre he estat molt escèptic sobre els sistemes de detecció d'intrusions. Sempre els he vist com sistemes que tenen aquest cicle d'implementació:
- Primer dia: s'instal·la en configuració per defecte.
- Segon dia: Inundat davant les alertes, comences a fer neteja de les regles
- Tercer dia: Continues inundat, encara elimines més regles
- Quart dia: situació mig controlada, treus les últimes regles que havies deixat i que fan referència a tràfic que no es veu mai a la xarxa
- Cinquè i últim dia: et quedes amb un sistema que té unes regles tan pobres que no serveix absolutament per a red
A veure si aques article em fa canviar d'idea.
There are several common blunders, or implementation errors, that administrators make when setting up their IDS/IPS. These can prevent you from getting the level of protection that you need and expect from your IDS software or device.
- Ignoring frequent false positives
You should not ignore false positives or become complacent about them
- Avoiding IPSec to support NIDS
- Monitoring only inbound connections
The ideal situation is that a NIDS is connected to a spanning port on all network switches. However, if that is cost prohibitive, you should at least place NIDS at the chokepoints on the corporate network. This enables you to monitor outbound and inter-host communications on your network.
- Using Shared Network Resources to gather NIDS data
- Trusting IDS analysis to non-expert analystsThe IDS analyst must be expert in TCP/IP networking, analysis of networking logs and packet traces, and also extremely well informed about the network services and applications running on the HIDS enabled devices. This level of knowledge is required to correctly interpret the IDS alerts to confirm their validity and then execute the correct intrusion response.
|
| 07:49 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 1996-2007 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
 |
 |
 |
 |
Contingut actualitzat
Categories
Darrers comentaris
Arxiu
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
|
 |
 |
 |
 |
|
