United Arab Emirate's site for security news, latest security blog posts, security podcasts, hardware hacks and security related links.

Monday, December 31, 2007

CCCure CISSP Boot Camp in Dubai -- From the 11th to the 15th of February 2008

The course will be taught by Clement Dupuis who is the maintainer of the famous cccure.org website. The venue will be the Ramada Inn, Dubai. The class will be delivered using the latest revision of the Shon Harris Courseware 2008 edition. Seating is limited. Click HERE to see our full brochure with all of the details

For more information or registration, contact the OISSG at:
OPEN INFORMATION SYSTEMS SECURITY GROUP (OISSG)
Level 41 Emirates Towers,
Sheik Zayed Road
Dubai, 31303 UAE
Telephone: +97143197776
Fax: +97143197775
Email: info@oissg.org
http://www.oissg.org/

Monday, December 24, 2007

Sniffing GSM Data, 007 Style!

We've all watched a lot of James Bond and other geeky movies, where they are able to sniff GSM data and intercept calls using a van! Does that exist in the real world?

Well I have been doing a bit of research on GSM sniffing tools and techniques that can allow penetrating GSM Networks. During this I came across a device that is basically used to intercept/record/jam GSM cellular communications. These devices are sold commercially, however can be only obtained by Low Enforcement and Govt. Agencies :). The price of these units is upwards to $500,000 USD. So they do exist, and in van styles ;).


More information about these devices can be found on:

Homeland Security Strategies

CryptoPhone

Also check out this Open Source GSM Scanner project, looks interesting:

The Hacker Choice (THC, GSM)


UPDATE:
see our new post:
GSM Hacking on the Cheap! which includes a Black Hat Presentation.

Also see a youtuve video demonstration of how it is done and how you can protect agains it with software:


Update October 2008:

See our youtube video post with full hacking details for building a gsm sniffer for under 1000 USD:
http://www.uaehackers.com/2008/10/layerone-2008-david-hulton-intercepting.html

Sunday, December 23, 2007

Inguma 0.0.6 Python-Based Free Pen Testing Framework



Inguma 0.0.6 Released for Download: "In this new version various things have been added like new modules for Oracle. The best way to evaluate it is to test it :)

Wednesday, December 12, 2007

Stop Arabic Chain Emails: The Mars Email

I never pass emails containing any advice without checking them first. Today I received an email containing advice to avoid Mars products. Something similar to these articles:
http://www.google.com.au/search?sourceid=navclient&ie=UTF-8&rls=GGLJ,GGLJ:2006-50,GGLJ:en&q=arago+focusonline+3%2d16

After following the links, you can clearly see two points:
  • The news article on BBC states that Masterfoods plans the change in Mars products for the UK. The plans to use animal enzymes were stopped by Masterfoods as stated in this BBC Article: http://news.bbc.co.uk/2/hi/business/6954900.stm
  • The other pictures are not even related! They belong to a Dutch website about an experiment with candy bars and liquid nitrogen!

Here is a Google translation of the article containing the pictures:
http://translate.google.com/translate?hl=en&sl=nl&u=http://www.arago.utwente.nl/focusonline/artikel.php%3Fid%3D339&sa=X&oi=translate&resnum=10&ct=result&prev=/search%3Fq%3Darago%2Bfocusonline%2Bcandybar%2Bstikstof%26hl%3Den%26rls%3DGGLJ,GGLJ:2006-50,GGLJ:en

Before passing along an email to your mates, make sure to take 5 minutes of your time to inspect the contents and be critical of it.

Monday, December 10, 2007

World first: 27Mhz based wireless security insecurities - "We know what you typed last summer"!

Wireless keyboards and mice are becoming an increasingly common sight on desks. However, wireless hardware carries large hidden risks. Dreamlab Technologies and remote-exploit.com has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily eavesdropped.

Great ha! Want more?! Check out the whitepaper and watch the video demonstration.

Thursday, December 6, 2007

The 20GB+ Eee PC mod - Engadget



Here is the Math:
4gb existing memory + 16gb flash drive + usb port plug from a USB hub + some wires = 20gb Eee pc
Add in a bluetooth dongle and you got yourself a serious mod!
http://www.engadget.com/2007/12/04/the-20gb-eee-pc-mod/

Sharjah Police plan new unit to fight cybercrime

Sharjah Police plan new unit to fight cybercrime. "The new unit will be used for emergency cases so that they can immediately visit the crime scene and gather all traces of evidence, whether in banks or in government buildings," said Colonel Sami Harib Al Munthari, Sharjah Police.

For more information, visit:
Gulfnews: Sharjah Police plan new unit to fight cybercrime

Saumil Shah's Security Predictions for 2008

Wednesday, December 5, 2007

SANS Top 20 Security Risks 2007

Follow the link for the list:
SANS Top-20 Security Risks 2007

Also, read Bruce Schneier and others' comments on it:
http://www.schneier.com/blog/archives/2007/12/sans_top_20.html

Schneier on Security: How to Secure Your Computer, Disks, and Portable Drives

Bruce has a blog post on how to secure your information from various threats through encryption. It includes full disk encryption, file level encryption, social engineering and limiting information on laptops and portable devices. Check it out:

Schneier on Security: How to Secure Your Computer, Disks, and Portable Drives

High-Tech Cheating using a Coke Bottle and Photoshop!

So, after you get two for one cokes from last week's video , you can use one of them as a cheat sheet for your next exam :P here is how:

http://www.snotr.com/video/687

Saturday, December 1, 2007

Really Big Things Burj Dubai in UAE برج دبي Part 1

Businessinfo web security applications & experiments

Continuing our theme of XSS and CSRF I present you this:

Businessinfo web security applications & experiments: This site is the personal web security playground of Gareth Heyes were he shows the latest tips or applications in the security field.

Pretty cool stuff :)

Thursday, November 29, 2007

Great CSRF Presentation and Links

The three faces of CSRF is a great presentation by Martin Johns as featured in DeepSec2007 in Vienna. I liked the real-life examples and it was really easy to read and follow :) The links are here:

http://www.databasement.net/csrf.html

Thanks for sharing Martin :)

Tuesday, November 27, 2007

Al Gore's "An Inconvenient Truth Website" Hacked

Buy Viagra: Hackers Fox Al Gore by Hacking into An Inconvenient Truth Website. The hack is only visible in the source code though. So, no defacement this time... A very convenient hack :P But the site did contain links to a Viagra selling website as a part of the hack.

Tuesday, November 20, 2007

Arabic Version of Zone-h

Zone-h is starting a new mirror for its popular site that will cover the whole Arab world. Those who are interested in collaborating with Zone-H editorial staff can write to the worldwide mirror manager minor (minor@zone-h.org) , Arabic mirror managers Bassel Hamideh and Iyadh Houshi or Halfmoon (halfmoon@zone-h.org) , the coordinator of Zone-H international programs and business opportunities.

Link:
http://arab.zone-h.org/

Monday, November 19, 2007

Mash RSS Feeds with Yahoo Pipes and more RSS Hacks video

To watch the video go here:
http://blip.tv/file/478814

What's Next? Peer to Peer Botnets?

Darknet has a story about the World’s Biggest botnets. Apperently, there is already a P2P botnet that is starting to spread around.

OWASP Live CD V 2.1 and How to Run .iso in VMWare

Download and test the OWASP Live CD and burn the ISO image to CD. Alternatively, you can just run it in VMWare :) Here is how.

If you want to use it right away, I suggest this very basic XXS video if you haven't done this sort of stuff before.

Saturday, November 17, 2007

SlingBox Hunting Script :)

Click Here for a short and sweet way to look for SlingBox streaming boxes. Great idea. I don't know anyone that's running a SlingBox without a password though :P but, hey... it is worth a try :) good effort!

Monday, November 12, 2007

Volunteer Lecturers Wanted

The Emirates Internet Group in cooperation and coordination with a number of local and national government agencies and private businesses will provide technical lectures in the field of Internet communications.

The lectures will address needs of the UAE labor market when it comes to computer skills and will cover ways to upgrade the employee's performance to meet the needs.

Volunteer and participate with the Emirates Internet Group by allocating 2-3 hours of your time per month to provide a lecture or Seminar and make a difference.

For more information, please visit:

http://www.isoc.ae/pages.php?pages=1&id=38

Sunday, November 11, 2007

Cutting Edge Hacking and Defense Workshop and ISO 27001 Certification Workshop in Dubai

For dates, times and availability information on the workshops in Dubai and Qatar visit link below:
http://www.oissg.org/certification-training-new-/index.php

Download the official brochure for the Dubai workshops here:

These certification workshops fund the Open Information Systems Security Group (OISSG) research and development of the ISSAF.

You can also download ISSAF - The Open Source IT Security Framework for free! (9.59MB, 1264 pages):

http://www.oissg.org/component/option,com_docman/task,doc_download/gid,7/Itemid,134/

Friday, November 9, 2007

For Shame!....F3 Hacked!

http://www.f3.org.uk/ was hacked and defaced! Here is the mirror:
http://regmedia.co.uk/2007/11/08/f3_defacement.jpg

At the time of this post, it just says: "Site is currently down. Sorry for inconvenience. Ted". FYI F3 is the site for the First Forensic Forum.

For more information on this, visit the Register:
http://www.theregister.co.uk/2007/11/08/forensic_forum_hack/

UAE's PRIDC Program wins 'Information Security Award'



The UAE has won the Information Security Award for the Population Registry and Identity Card Programme (PRIDC) which has been implemented and developed under the supervision of Emirates Identity Authority since 2005.

Darwish Al Zarouni, General Director of the Emirates Identity Authority, said the award should be the joy and pride of all UAE people and was a result of huge efforts made by the UAE to adopt state of the art information technology systems.

More news links on the award can be found here:

HITB Dubai 2008 - Call for Papers Now Open!

The Call for Papers is now open for HITBSecConf2008 - Dubai is now open. Hack in The Box Security Conference - Dubai is the premier network security event for the Middle East region. The 2008 event is expected to attract over 300 attendees from around the EMEA region and will see 2 keynote speakers in addition to 20 deep-knowledge technical presentations over two-days.

Talks should discuss new and never before seen attack methods. Summaries should not exceed 250 words in plain text format and should be sent to cfp -at- hackinthebox.org for review and possible inclusion in the programme.

Early bird registration for attendees closes 1st January 2008. For more information, please visit the official website at:
http://conference.hackinthebox.org/hitbsecconf2008dubai/

Saturday, November 3, 2007

Botmaster! The Video


Kids, don't let the Botmasters BotPlug your PCs! Fancy more on Botmasters? Check out Botmaster News on Google.

Thursday, November 1, 2007

Gulfnews: UAE tops Gulf states in internet security threats!

I feel like I reported this 10 days ago didn't I? Maybe it's Deja Vu ;) Link here:
http://archive.gulfnews.com/technology/internet/10164185.html

Monday, October 29, 2007

[GUIDE] Installing Leopard on an Intel PC!

It easier than you think. All you need are the following:

- Leopard (9a581 GM DVD image)
- A PC
- This patch: http://rapidshare.com/files/65339534/BrazilMac-9a581-Patch.zip.html

For detailed directions and to download the patch file, visit this link:
http://forum.osx86scene.com/viewtopic.php?f=16&t=2008&start=0&st=0&sk=t&sd=a

Who said you can't have your cake and eat it too ;)

Sunday, October 21, 2007

WELCOME TO THE UAE, HACKERS!

The latest Internet Security Threat Report (ISTR), volume 12, released by Symantec Corp considers the UAE as a prime target for malicious online activity, ranking the country 40th for the number of bot-infected computers, 66th for phishing hosts, and 51st as a source of spam.

For more information visit link:

http://www.bi-me.com/main.php?id=13354&t=1&c=33&cg=4

NEWS FEEDS:

SecurityStreet:

PandaLabs Blog

Webroot Threat Blog

Daily Infosec News

HITBSecNews

Naked Security - Sophos

Taddong

Zone-H.org News

CGISecurity

ArsTechnica:

HACK A DAY

Help Net Sec

The Spanner

Middle East Technology News

CRIME

Selil Blog

HACKING IN THE NEWS

Special Defacements

The Certified Geek

DoS Files ≈ Packet Storm

E Hacking News

Banned in UAE:

The following websites are blocked by ISPs in UAE.

News ≈ Packet Storm

DARKNET

MySecured.com

Copyright © 2008-2009 UAE Hackers.com .
All rights reserved.