United Arab Emirate's site for security news, latest security blog posts, security podcasts, hardware hacks and security related links.

Monday, December 31, 2007

CCCure CISSP Boot Camp in Dubai -- From the 11th to the 15th of February 2008

The course will be taught by Clement Dupuis who is the maintainer of the famous cccure.org website. The venue will be the Ramada Inn, Dubai. The class will be delivered using the latest revision of the Shon Harris Courseware 2008 edition. Seating is limited. Click HERE to see our full brochure with all of the details

For more information or registration, contact the OISSG at:
OPEN INFORMATION SYSTEMS SECURITY GROUP (OISSG)
Level 41 Emirates Towers,
Sheik Zayed Road
Dubai, 31303 UAE
Telephone: +97143197776
Fax: +97143197775
Email: info@oissg.org
http://www.oissg.org/

Monday, December 24, 2007

Sniffing GSM Data, 007 Style!

We've all watched a lot of James Bond and other geeky movies, where they are able to sniff GSM data and intercept calls using a van! Does that exist in the real world?

Well I have been doing a bit of research on GSM sniffing tools and techniques that can allow penetrating GSM Networks. During this I came across a device that is basically used to intercept/record/jam GSM cellular communications. These devices are sold commercially, however can be only obtained by Low Enforcement and Govt. Agencies :). The price of these units is upwards to $500,000 USD. So they do exist, and in van styles ;).


More information about these devices can be found on:

Homeland Security Strategies

CryptoPhone

Also check out this Open Source GSM Scanner project, looks interesting:

The Hacker Choice (THC, GSM)


UPDATE:
see our new post:
GSM Hacking on the Cheap! which includes a Black Hat Presentation.

Also see a youtuve video demonstration of how it is done and how you can protect agains it with software:


Update October 2008:

See our youtube video post with full hacking details for building a gsm sniffer for under 1000 USD:
http://www.uaehackers.com/2008/10/layerone-2008-david-hulton-intercepting.html

Sunday, December 23, 2007

Inguma 0.0.6 Python-Based Free Pen Testing Framework



Inguma 0.0.6 Released for Download: "In this new version various things have been added like new modules for Oracle. The best way to evaluate it is to test it :)

Wednesday, December 12, 2007

Stop Arabic Chain Emails: The Mars Email

I never pass emails containing any advice without checking them first. Today I received an email containing advice to avoid Mars products. Something similar to these articles:
http://www.google.com.au/search?sourceid=navclient&ie=UTF-8&rls=GGLJ,GGLJ:2006-50,GGLJ:en&q=arago+focusonline+3%2d16

After following the links, you can clearly see two points:
  • The news article on BBC states that Masterfoods plans the change in Mars products for the UK. The plans to use animal enzymes were stopped by Masterfoods as stated in this BBC Article: http://news.bbc.co.uk/2/hi/business/6954900.stm
  • The other pictures are not even related! They belong to a Dutch website about an experiment with candy bars and liquid nitrogen!

Here is a Google translation of the article containing the pictures:
http://translate.google.com/translate?hl=en&sl=nl&u=http://www.arago.utwente.nl/focusonline/artikel.php%3Fid%3D339&sa=X&oi=translate&resnum=10&ct=result&prev=/search%3Fq%3Darago%2Bfocusonline%2Bcandybar%2Bstikstof%26hl%3Den%26rls%3DGGLJ,GGLJ:2006-50,GGLJ:en

Before passing along an email to your mates, make sure to take 5 minutes of your time to inspect the contents and be critical of it.

Monday, December 10, 2007

World first: 27Mhz based wireless security insecurities - "We know what you typed last summer"!

Wireless keyboards and mice are becoming an increasingly common sight on desks. However, wireless hardware carries large hidden risks. Dreamlab Technologies and remote-exploit.com has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily eavesdropped.

Great ha! Want more?! Check out the whitepaper and watch the video demonstration.

Thursday, December 6, 2007

The 20GB+ Eee PC mod - Engadget



Here is the Math:
4gb existing memory + 16gb flash drive + usb port plug from a USB hub + some wires = 20gb Eee pc
Add in a bluetooth dongle and you got yourself a serious mod!
http://www.engadget.com/2007/12/04/the-20gb-eee-pc-mod/

Sharjah Police plan new unit to fight cybercrime

Sharjah Police plan new unit to fight cybercrime. "The new unit will be used for emergency cases so that they can immediately visit the crime scene and gather all traces of evidence, whether in banks or in government buildings," said Colonel Sami Harib Al Munthari, Sharjah Police.

For more information, visit:
Gulfnews: Sharjah Police plan new unit to fight cybercrime

Saumil Shah's Security Predictions for 2008

Wednesday, December 5, 2007

SANS Top 20 Security Risks 2007

Follow the link for the list:
SANS Top-20 Security Risks 2007

Also, read Bruce Schneier and others' comments on it:
http://www.schneier.com/blog/archives/2007/12/sans_top_20.html

Schneier on Security: How to Secure Your Computer, Disks, and Portable Drives

Bruce has a blog post on how to secure your information from various threats through encryption. It includes full disk encryption, file level encryption, social engineering and limiting information on laptops and portable devices. Check it out:

Schneier on Security: How to Secure Your Computer, Disks, and Portable Drives

High-Tech Cheating using a Coke Bottle and Photoshop!

So, after you get two for one cokes from last week's video , you can use one of them as a cheat sheet for your next exam :P here is how:

http://www.snotr.com/video/687

Saturday, December 1, 2007

Really Big Things Burj Dubai in UAE برج دبي Part 1

Businessinfo web security applications & experiments

Continuing our theme of XSS and CSRF I present you this:

Businessinfo web security applications & experiments: This site is the personal web security playground of Gareth Heyes were he shows the latest tips or applications in the security field.

Pretty cool stuff :)

NEWS FEEDS:

SecurityStreet:

PandaLabs Blog

Webroot Threat Blog

Daily Infosec News

HITBSecNews

Naked Security - Sophos

Taddong

Zone-H.org News

CGISecurity

ArsTechnica:

HACK A DAY

Help Net Sec

The Spanner

Middle East Technology News

Selil Blog

HACKING IN THE NEWS

Special Defacements

The Certified Geek

DoS Files ≈ Packet Storm

E Hacking News

Banned in UAE:

The following websites are blocked by ISPs in UAE.

News ≈ Packet Storm

DARKNET

MySecured.com

Copyright © 2008-2009 UAE Hackers.com .
All rights reserved.