Archive for October, 2007 Page 2 of 4

« Older Entries
Newer Entries »
Oct 26

Metasploit now have a full Iphone exploitation framework

in Handheld Devices, In Internet, Security and System. Comments Printable version Printable version

The metasploit has a new plateform : the iphone. It is now possible to peforms full exploit against the iphone through the metasploit framework. Even an exploit thatg made the iphone ring is available. Every version up to the 1.1.1 are supported. A very interessting problem is how to remount the iphone filesystem root. By default it is read only. The solution added to metasploit is very clever. If your are interessted in exploiting device just checkout the three posts on the subject: part 1, part 2, part 3

Oct 22

Security Maturity Levels

in Analysis and production, In Internet, Network and Security. Comments Printable version Printable version

 The NIST
offers a standard procedure to review the security policy quality PRISMA which is based on the guide 800-53. The evaluation use 5 “maturity levels” :

  1. Policies
  2. Procedures
  3. Implementation
  4. Test
  5. Integration

Full details here. It can be used as a replacement of the minimalist Planning Protection Reaction scheme to evaluate the efficiency of your security policy.

« Older Entries
Newer Entries »