Category Archives: News

Vermischte Neuigkeiten – miscellaneous news

Tool turns unsuspecting surfers into hacking help [CNET]

Jikto, a new tool created by a Web security researcher, uses JavaScript to turn unsuspecting PCs into bug hunters, CNET reports
. Bottom line: While vulnerability scanners aren’t new, Jikto runs in a Web browser –thus no installation needed like with other trojans– and distributes the bug-hunting task across multiple PCs. Still, some security watchers say traditional vulnerability-scanning tools probably are more efficient.

It’s People, Stupid…

Finally companies seem to wake up and get their act together in response to IT security. ‘People and processes are more important than technology in securing the enterprise’ is the essence of the 3rd global survey of 4,000 information security professionals, carried out by (ISC)2.

It had been obvious for a long time, that very often people are the weakest link in IT security. Finally, IT professionals (and their bosses) seem to wake up.

Swiss Police: Meticulous — and Over the Top

Stop Swiss Police Using Trojans for VoIP Tapping!

Schneier on Security reports that the so polite and clean and neutral Swiss are thinking about it: to break the law and hack into your systems to make YOU a criminal.

Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.

VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.

This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force — not easy during a three-minute phone call. What’s more, many VoIP services are not based in Switzerland, so the authorities don’t have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.

The only alternative is to find a means of listening in at a point before the data is encrypted.


In order to install the application on the target computer, the Swiss authorities
envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.

The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.