Phone Security Software | Mobile Secure Communications | Wireless Security Software » sniffer

Are your Keystrokes Safe?

Gold Lock Team — Fri, 26 Jun 2009 09:33:18 +0000

Security experts from remote-expoit.org have recently released an open-source wireless keyboard sniffer known as Keyleriki. This application is reportedly capable of intercepting and decoding keystrokes from Microsoft based wireless keyboards. The security group known as has finally released this software to the general public in the hopes of making manufacturers and the general public aware of this serious security concern.

The increased prevalence of wireless technology in business environments has lead to significant research by cyber criminals into ways to exploit our new found dependence on such equipment. This is just one example of countless many exploits that are currently ‘in the wild’. But this, is perhaps one of the more severe examples as there is no way to encrypt keystrokes other than relying on the obviously poor XOR protocols that are so weak they can be decrypted on the fly.

Whilst critics argue that the range of these attacks is minimal, they have been launched from as far away as 30 feet. What is the risk of an intruder talking their way into your office? Recent studies have shown that a great many corporations are still vulnerable to social engineering attacks. With potentially no way to secure these keystrokes, corporations really do need to consider their security policies in the wireless age, but how do you ensure your policies are adequate to protect against this sort of attack? Think about wired alternatives until a safe wireless solution comes along.

In conclusion, attacks like this are remarkably easy to avoid by simply having rugged staff training and regular hardware auditing. Encryption, firewalls and anti-virus only go so far. These days multi-layer security policies are essential in ensuring both data and now, even keystrokes are safe.

The Vulnerabilities of E-mail

Gold Lock Team — Tue, 19 May 2009 12:09:58 +0000

E-mail is a technology that is here to stay, and billions of e-mails are sent each day between people and organizations. Because of the increased popularity in e-mail, there have been widespread attempts to intercept and capture e-mail based communications.
One of the major flaws in e-mail is that it is it utilizes plain-text transmission of messages. This effectively means anyone that is listening in to your computer by way of network analyzer or even WIFI sniffer can read your e-mails.
It is as simple as hooking into the network, turning the sniffer / analyzer on and analyzing the packets, which are being sent. Given our trust and reliance on e-mail, this clearly creates a whole raft of issues for the security conscious individual and corporation.
Sadly, the adoption of cryptographic technologies in SMTP and POP protocols is extremely limited, so the only way in which one can achieve e-mail security is using third party programs, which can encrypt messages almost transparently and thus guaranteeing another level of security.
Another weak-link in the chain of e-mail security is that of webmail. Webmail is notorious for being easy to crack due to the fact many providers only use SSL to authenticate sessions, not to actually encrypt individual messages.
Once again, users face the problem of plaintext data, which in this case is exposed in the HTTP protocol. This means that any malicious parties on the network with access to packet sniffing software can see the plaintext web pages. As a direct result, the only solution available is to use third party encryption to encrypt the content of text sent via e-mail.
E-mail in some cases now rivals telephone communications and because of this, it is important to ensure that appropriate safeguards are in place when transmitting any sensitive information.