Skip to main content

Posts

Showing posts from May, 2010

Telephone Systems a Hackable Backdoor?

I have been talking to a company that provides telephone exchanges and services to companies this week on behalf of a client and it has highlighted a worrying backdoor. It turns out that many of these companies have a way to remotely connect to their exchange for support purposes - they can remotely control, configure and troubleshoot your system to get you back up and running. Exchanges often have additional modems in them to allow for remote connections. This is all very well and good from a managed service point of view, but what about the rest of your network? Can this be exploited to gain entry to your network? Quite possibly in some cases - it certainly needs to be included in your security audit and perimeter testing. Talking about a specific company now, they supply the software to monitor and bill phone calls through the exchange. They remotely install, monitor and manage this software. How do they do that? Well, it turns out that they install LogMeIn on your machine. Now t...

CQC Using Email to Verify Care Workers

The Care Quality Commission ( CQC ) has decided to put registration of Care Providers online to make everything faster and easier for the providers. At least that's what they said. In practice, care providers had to fill in the online forms addressing standards that won't be published for another 5 months after the registration deadline. Ignoring all the problems, ridiculous re-branding to avoid inconsistencies and money wasted, there was a serious problem/lack of understanding that has lead to this blog post. All care providers and managers have to register online individually and have to agree to particular terms in order to be registered and, therefore, trade. I have no problem with this as these care providers are looking after vulnerable people. However, it became obvious that there are serious problems with their system. First off, it isn't possible to change the owner's name if you make a mistake (they can't change it either apparently). Therefore, if you ...

Series of Demo Videos of Trusteer's Rapport

I am currently producing a series of videos demonstrating the anti-spyware capabilities of Trusteer's Rapport . So far I have looked at keylogging software and screen capture. Specifically, I have demonstrated it with Zemana ScreenLogger, Zemana KeyLogger and SpyShelter. I will be adding more videos over the next few days. The first two videos are embedded below. (Edit: 17/05/10 - I have now added three more videos covering Zemana SSL Logger, AKLT and Snadboy's Revelation V2.) Links to the YouTube videos are below: Trusteer's Rapport Demo 1 - Zemana ScreenLogger Trusteer's Rapport Demo 2 - Zemana KeyLogger Trusteer's Rapport Demo 3 - SpyShelter Trusteer's Rapport Demo 4 - AKLT Trusteer's Rapport Demo 5 - Zemana SSL Logger Trusteer's Rapport Demo 6 - Snadboy's Revelation V2 Trusteer's Rapport Demo 7 - Pharming Attack Trusteer's Rapport Demo 8 - Amecisco Invisible Keylogger Stealth Trusteer's Rapport Demo 9 - Anti-Phishing P...