Cellebrite Systems Breeched

Cellebrite Systems Breeched

Cellebrite (https://cellebrite.com) is an Israeli company that specializes in mobile forensics.

They have created a well known product that is called Universal Forensic Extraction Device (UFED). This tool basically can extract data from most mobile devices. They are able to also unlock mobile devices with a passcode. I have used a much older version of this tool in the past. You may see the catch the details in my Research Project here –> https://www.stealthbay.com/hardening-mobile-phone-devices/

What was taken

Based off a popular website  called “Motherboard” who first posted about this breech. Cellebrite has lost over 900GB worth of data. Now, that is a lot of information and data that was taken. My assumption is that a lot of the data is related to tools and software made use of for forensic investigations. (more…)

Why No Padlock?

SSL Scanning Websites

So today, I came across a website that does a quick SSL test on your website.

Anyone with a website should really be running this tool. I actually did find a few minor issues and was able to gather some info about it.

Our Results

Here is what we got for our results:

whynopadlock

It’s looking good for us and especially since we have forced all our internal links to make use of HTTPS

I also wanted to list a bad result as shown below.

(more…)

Hardening Mobile Phone Devices – iOS/Android

Mobile Hardening

A question I often get asked by a lot of mobile users is regarding how they can secure “harden” their mobile devices. What can they do to add some layers of protection to secure their mobile devices?

There aren’t a whole lot of software tools that are out there which actually harden mobile devices. And, it’s a bit unfortunate that mobile security has a lower priority these days.

Kaspersky Threats 2015

Courtesy of (https://www.kaspersky.com)

For most Android and iOS devices there are a few steps and actions that you can take in order to harden your mobile device.

The following steps should give you some basic hardening techniques for personal use.
(more…)

Forcing HTTPS on Websites (.htaccess)

HTTPS Site Wide

So, I wanted to write up a quick tutorial on using HTTPS globally or on certain directories of a website.

I had a friend asking me about how they could force HTTPS throughout their whole website. So, I listed a tutorial below to do so and he was able to accomplish HTTPS site wide.

Now, there are multiple ways this can be achieved. In the case of my friend he was on a shared hosting web server. Therefore,  shared webhosting users normally will not have access to modify the apache config files.

So that leaves us with a simple solution (htaccess) that all users can make use of fairly easily. All it required is a file edit or creation of a file and the ability to FTP or upload it to your web root directory.

What is an htaccess file?

(more…)

TeamViewer Breach?

Teamviewer is a fairly popular application used to gain remote access to machines.

Many use it to help other users troubleshoot their computer issues.
I personally avoid these types of applications as there are added security risks and concerns.

Teamviewer went down about a month ago which impacted every Teamviewer user on a global scale.
Many people at that time thought Teamviewer had been breached or hacked.

I was alerted about the issue through a friend the same day.
The twitter feed for teamviewer was hit hard by angry users. And as I started to noticed right away many businesses rely heavily on TeamViewer to run their day to day operations. (more…)