Cyberwar&Cybercrime PenTest Regular 06_12 | Issues | Penetration testing, ethical hacking: tools, methodologies and tutorials

Cyberwar & Cybercrime Regular

Jun 4 2012 in Issues by Redaction |

This text is available for purchase but you need to login or register first.
You can buy this for 30 USD
Please register for free account or subscribe and get access to all issues on this website!

Lost password?

Important:
Active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button
Single issue buyers – after paying for this issue click “Cyberwar & Cybercrime Regular” (which will show just above that text)to download your copy of the magazine

Cyberwar&Cybercrime

Digital Apocalypse: The Artillery of Cyber War
by Cecilia McGuire
Cyberspace is now the digital frontier of choice for executing many combat operations, by extending the medium in which greater levels of power can now be accessed by Machiavelli agents, militants and nation-states. Squads of cyber militants going under the banner of Anonymous and LulzSecare, motivated by the ease in which they can now execute high impact operations whilst avoiding detection, are just a few of the much publicized names synonymous with cyber terrorism. The multi-dimensional characteristics of cyber space have dissolved the boundaries between digital landscape and physical security, facilitating cyber-attacks that produce devastating impacts to critical infrastructure, as well as Corporate and Government assets.

There Is No Cyberwar
by Johan Snyman
With the growth in cyber-attacks and the large amounts quoted when estimating the costs of these attacks, it has become the norm for mainstream news agencies to carry news on security matters, data breaches and attacks. Often this has led to info-sec professionals being quoted (and misquoted) and interviewed voicing their opinions and commenting on these issues. Unfortunately, what is reported in the media is rarely the full story and the image painted is often the one of imminent disaster, destruction and lawlessness.

Uncertain Law Leaves Penetration Testers in Limbo
by David Cook
A question that I am often asked is, “How can a penetration tester or ethical hacker be sure that his activities remain lawful?” The easy response is that the terms of engagement should be defined in advance. The law is concerned with unauthorised access to computer systems, so an IT security consultant should be well aware of what they are actually authorised to do. The reality, however, is that the law regarding cyber crime is fairly ambiguous and I do have sympathy with penetration testers and ethical hackers, given the potential minefield that surrounds them.

How Cyber Attackers and Criminals Use Defense in Depth Against Us
by Jon Ringler
The concept of Defense in Depth has actually been reverse engineered and used against the IT Professionals and is now utilized by attackers using this concept to provide them the attack vector they require to facilitate a successful attack. Cyber attackers are forcing IT Professionals and organizations into an unsustainable stance, exhausting available resources, and adapting advanced techniques to walk right in the front door and strut past the people, process, and technology utilized by Defense in Depth. Cyber attackers are provoking organizations to implement a layered defensive stance that is complex, far-reaching, unmanageable, extremely costly, and requires a team of subject matter experts to run.

Penetration Testing Can Save Lives
by John Strand
There are a number of ways that a cyber attack can destroy lives. Careers can end, finances can get
ruined and companies can cease to be relevant. What is sad is when these tragic side effects of a
cyber attack occur and a simple penetration test would have discovered some basic flaws in an
organization’s defenses.

The State of Information Security
by Billy Stanley
Malware authors have figured out how to evade AV by continually tweaking their binaries. They can circumvent content filtering systems by hacking legitimate sites (banner ads, etc.) that users are allowed to access. They flow right by IDPS and Malware Detection Systems through the same type of techniques. Firewalls offer good protection for inbound connection attempts, though the threat vector now consists of an attacker riding back in on legitimate outbound connections.

2nd International Conference on Cybercrime, Security and Digital Forensics
by Aby Rao
The threat from cybercrime and other security breaches continues unabated and the financial toll is mounting. This is an issue of global importance as new technology has provided a world of opportunity for criminals. Therefore, reducing the opportunities for cybercrime is not a simple task but requires co-operation between many players, computer security specialists, legal professionals, academia, public citizens, and law enforcement agencies, and fundamental changes in common attitudes and practices.

Looking for a Job – Interview with James Foster from Acumin
by PenTest Team
PenTest Team received many questions concerning situation on the job market. Many of our readers is in the process of looking for, changing jobs or starts their own businesses. Since our main aim is to respond to needs of our readers, PenTest features an interview with James Foster from a recruitment company with 14 years of experience. From this conversation you will learn, among others, about demand for penetration testers, expectations of employers but also employees and pros and cons of being a freelancer.

„You must create a plan…” - Interview with Debbie Christofferson, International Board Director at ISSA
by Aby Rao
You must comprehend the core business and be able to understand and communicate security risk in terms of its impact to that business. While technology competence is key, it is not the deciding factor in success—an ability to create and execute to a longer term strategy determines your fate. Communication skills are critical, orally and in writing, and an ability to build relationships and influence others across business units, and possibly across the globe if that’s where you operate. You must stay engaged in the business, and keep current on your skills in IT, and risks within your own structure.

Pen Testing Scope Drift: Everyone gets excited; No one is getting paid by Dean Bushmiller
You do love your job, right? You do want to pound a buffer overflow for hours or even days until the system yields. You do want to find that way in, right? How long are you willing to spend? Last week I had someone ask me to “join their team.” That is a euphemism for taking a pay cut so they can make money off me. The question is out there: Would I do more work for less money? Would you? Would you do it if there was no pay? Would you do it for less pay?

Save the Database, Save the World – Chapter 4
by John B. Ottman
“Virus-Like Attack Hits Web Traffic,” was the BBC News World Edition headline. The article declared “An attack by fast-spreading malicious code targeting computer servers has dramatically slowed Internet traffic…In South Korea Internet services were shut down nationwide for hours on Saturday… The nationwide Internet shutdown was triggered by ‘apparent cyber terror committed by hackers,’ the country’s Yonhap news agency reported.”

Cyberwar&Cybercrime PT Regular 06_12 - PenTest Magazine

Cyberwar&Cybercrime PT Regular 06_12 - PenTest Teaser

Follow the steps below to download the magazine:

Register, accept the Disclaimer and choose subscription option.
Attention!
By choosing the Free Account option you will only be able to download the teaser of each issue.
Verify your account using the verification link sent to your email address.
Check the password sent on your email address and use it to log in.
Click the download button to get the issue.

IMPORTANT: the registration on the website includes subscription to our newsletter.