The InfoSec Handbook

Computer scienc

Mitigating man-in-the-middle attacks on mobile devices by blocking insecure http traffic without using vpn

Mobile devices are constantly connected to the Internet, making countless connections with remote services. Unfortunately, many of these connections are in cleartext, visible to third-parties while in transit. This is insecure and opens up the possibility for man-in-the-middle attacks. While there is little control over what kind of connection running apps can make, this paper presents a solution in blocking insecure HTTP packets from leaving the device. Specifically, the proposed solution works on the device, without the need to tunnel packets to a remote VPN server, and without special privileges such as root access. Speed tests were performed to quantify how much network speed is being impacted while filtering. To investigate how blocking HTTP traffic can affect day-to-day usage, common tasks were put to the tests, tasks such as browsing, searching, emailing, instant messaging, social networking, consuming streaming content, and gaming. The results from the tests are interesting, websites that do not support HTTPS were exposed, apps that do not fully support HTTPS were also being uncovered. One surprisingly, and arguably pleasant, side effect was discovered – the filtering solution blocks out advertisements in all of the games being tested, hence contributing to an improved gaming experience

Android Forensics and It�s Existing Vulnerabilities Penetration Testing Framework

Smartphones are also portable computers as they provide many services needed in our day to day lives such as texts, calls, camera, Bluetooth, GPS and various other applications. Due to the attractive features of android smartphones, it�s use is increasing tremendously. With the growing popularity of Android and it being one of the best players in mobile industry, knowing the best practices for its security becomes very crucial. Android is known as a platform that lends itself to hacking. Smartphones are prone to data leakage as they can easily exchange data over the Internet. Applications are made of four components namely Activity, Service, Broadcast receivers, and Content provider. This paper proposes the various threats and security risks Activity, Broadcast Receivers and Content Providers pose and how they can be responsible for sensitive data leakage without the user�s knowledge. It also states the various attacks and the prevention mechanism and focuses on the prevention mechanism known as YASSE. This paper also states various other methods and technologies that are implemented for cloud based security that not only enhances the safety of the devices, but also reduces the system load of the devices

Towards A Comprehensive Cloud Decision Framework with Financial Viability Assessment

Most organizations moving their legacy systems to the cloud base their decisions on the naïve assumption that the public cloud provides cost savings. However, this is not always true. Sometimes the migration complexity of certain applications outweighs the benefits to be had from a public cloud. Moreover, the total cost of ownership does not necessarily decrease by moving to a public cloud. Therefore, there is a need for a disciplined approach for choosing the right cloud platform for application migration. In this paper, we propose a comprehensive cloud decision framework that includes an extensible decision criteria set, associated usage guidelines, a decision model for cloud platform recommendation, and a cost calculator to compute the total cost of ownership (TCO). The decision process works as follows. It begins with the ordering of relevant criteria, either according to industry best practice or the enterprise’s specific requirements and preferences. A technical recommendation is made on the basis of the criteria classification, which is then assessed for financial viability. By providing traceability of the cost items in the public/private TCO calculators to the decision criteria, the framework enables users to iterate through the decision process, determining and eliminating (if possible) the main cost drivers until a right balance is found between the desirable criteria and the available budget. We illustrate the need, benefits and value of our proposed framework through three different real-world use case scenarios

Social-Costs Perspective Impacts of Cybercrime in World-Economy, Country-Wise: Policy-Guidance under Piecemeal Approach

Today’s technology-driven human-society(s) country-wise are counted more than ever before where UAE-society is no exception. Tech-users here compete for comparative time-saving options for marginalizing operating costs. It has resulted in huge data usages, a high number of users & devices, which has attracted criminals for taking advantage, which is called cybercrime. Addressing cybercrime, the UAE, like many countries, is not out of control by-laws. However, laws like cybercrime for its society are not always for absolutely eliminating the crime. Thus, besides cybercrime law in place, UAE needs a piecemeal approach in practice where one department may vary from approaches of other-department. With awareness about risky online behaviors & options, tech-users as defenders are needed to invest their efforts. This study has laid out the foundation of the proposal, Akim’s Model-2021, using the Theory of Consumer Choice & Behaviors and Welfare Analysis. Tech-user’s actual utility-received is the sum of utility-received from awareness & own-effort and utility-received from cybercrime-law. Any changes to services received from joint efforts may risk tech-user, to be a victim. Welfare analysis shows tech user's actions - awareness & own-effort, besides cybercrime-law can create, Net Social-gain, which largely depends on tech user's actions. Tech-user’s economic surplus is greater than government expenses for implementation of cybercrime law in UAE. Net-loss to the UAE is the sum of deadweight loss and net-loss to tech producers for underutilized resources

The InfoSec Handbook

Computer scienc