blog.ucci.it
Andrea Pasquinucci | A blog covering ICT, Security and Technology | Page 2
https://blog.ucci.it/page/2
A blog covering ICT, Security and Technology. Newer posts →. On a Kernel Backdoor and IT Security. It just became public that a custom built Linux kernel for embedded devices has been shipped and installed in production with a root debug backdoor open to anyone, see here. For the announcement and for example here. For some more details. Monitoring Outgoing Traffic to Detect Intrusions. IT security defences cannot guarantee us against every possibile attack, so we must be prepared to the event of an intru...
blog.ucci.it
Malware | Andrea Pasquinucci
https://blog.ucci.it/tag/malware
A blog covering ICT, Security and Technology. Since at least the ’70s, the time of Multics (see eg. this old. Document on the vulnerability analysis of Multics security), the Orange Books, Military IT security etc., the role of hardware in IT security has been discussed, evaluated and implemented. A few days ago at the 2016 IEEE Symposium on Security and Privacy has been presented this. Paper (see eg. also here. How can be verified that similar gates are not present on a chip? PS 10 years ago I gave a co...
blog.ucci.it
Andrea Pasquinucci | Andrea Pasquinucci
https://blog.ucci.it/author/apasquinucci
A blog covering ICT, Security and Technology. Author Archives: Andrea Pasquinucci. On Denial of Service attacks and Hardware vulnerabilities. Denial of Service attacks are growning and getting the attention of the news: some of the latest incidents are krebonsecurity. How did we get in this mess? This trend is not good at all, these attacks could threaten Internet itself, even if this would not be in the interest of the attackers (not considering State sponsored ones). And Adroid phones ( DRAMMER. Can op...
blog.ucci.it
Fraud | Andrea Pasquinucci
https://blog.ucci.it/tag/fraud
A blog covering ICT, Security and Technology. Record High Number of Phishing Attacks in Q1 2016. From the APWG press release. 8220;The Anti-Phishing Working Group (APWG) observed more phishing attacks in the first quarter of 2016 than at any other time in history” ( here. Is the full report). This is hardly surprising, but it quantifies with numbers the latest news about online frauds, like the “CEO Fraud”, the “Business Email Compromise” (eg. see this. A new Ransomware kind of attack. Media, like dvd, b...
blog.ucci.it
cryptography | Andrea Pasquinucci
https://blog.ucci.it/tag/cryptography
A blog covering ICT, Security and Technology. On the Security of Modern Cryptography. The security of modern cryptography is based on number-theoretic computations so hard that the problems are practically impossible for attackers to solve. In practice this means that approaches and algorithms to crack the cryptographic algorithms are known but with the current best technologies it would take too many years to complete an attack. But what if a shortcut is found at least in some particular cases? Is crypt...
blog.ucci.it
Italiano | Andrea Pasquinucci
https://blog.ucci.it/category/italiano
A blog covering ICT, Security and Technology. Banking Summit 2013 Milano. Il 26 settembre presento un intervento dal titolo “Fraud Management: affrontare la sfida dell’online banking attraverso la gestione in tempo reale dei Big Data” in collaborazione con HP, al Banking Summit 2013, a Milano. Venerdì 4 e sabato 5 ottobre sono impegnato come docente per il corso 2013 per la certificazione CISA (Certified Information Systems Auditor) di ISACA,. per AIEA. Honeypot per Sistemi ICS/SCADA. C’è un breve ...
blog.ucci.it
English | Andrea Pasquinucci
https://blog.ucci.it/category/english
A blog covering ICT, Security and Technology. On Denial of Service attacks and Hardware vulnerabilities. Denial of Service attacks are growning and getting the attention of the news: some of the latest incidents are krebonsecurity. How did we get in this mess? This trend is not good at all, these attacks could threaten Internet itself, even if this would not be in the interest of the attackers (not considering State sponsored ones). The Rowhammer bug and its recent implementations in Virtual machines.
blog.ucci.it
Maintenance | Andrea Pasquinucci
https://blog.ucci.it/tag/maintenance
A blog covering ICT, Security and Technology. More Thougths on Maintenance, Updates and Fixing. The issue of maintenance, updates and software fixing actually deserves a few more considerations. To know “immediately” that the patch has been released. To obtain and apply “immediately” the patch to the systems. Obviously to do this one needs to have some established emergency security procedure. It seems easy, but it is not yet easy to put in practice. Why the Bash ShellShock bug is so threatening? I will ...
blog.ucci.it
Security | Andrea Pasquinucci
https://blog.ucci.it/category/security
A blog covering ICT, Security and Technology. On Denial of Service attacks and Hardware vulnerabilities. Denial of Service attacks are growning and getting the attention of the news: some of the latest incidents are krebonsecurity. How did we get in this mess? This trend is not good at all, these attacks could threaten Internet itself, even if this would not be in the interest of the attackers (not considering State sponsored ones). The Rowhammer bug and its recent implementations in Virtual machines.
blog.ucci.it
Business Continuity | Andrea Pasquinucci
https://blog.ucci.it/tag/business-continuity
A blog covering ICT, Security and Technology. Tag Archives: Business Continuity. I have just written a short article on electromagnetic attacks seen from the point of view of ICT security. Should we worry about them? Should we do something about them? At the minimum I should say we should know what they are and what they can do to us. You can download the pdf paper here. On Denial of Service attacks and Hardware vulnerabilities. On the Security of Modern Cryptography. Yahoo Breach and GDPR.