There was an error in this gadget

Thursday, August 9, 2012

Near Field Communication (NFC) Attack


The NFC Forum's N-Mark logo for NFC-enabled devices
Most attacks to user systems (laptops or mobiles) are usually a result of some user action like opening an email attachment, surfing to malicious websites, downloading malicious files or accepting bluetooth messages. But now a user can be attacked WITHOUT DOING ANYTHING. This is with the help of the new technology "Near Field Communication" (NFC) that an attacker can use to instruct someone's mobile device to open the web browser and go to an attacker specified web link. Unlike other attacks where the attacker may be sitting miles away or even a few meters away in case of bluetooth, here in the case of NFC the attacking device has to be in very close proximity (a few centimeters) probably touching each other.

If you are hearing about NFC for the first time, it is a new standard for radio communication between mobile devices touching each other or being at a very close proximity. It is available today in many handsets from major vendors like Nokia, Blackberry, Samsung, Motorola, LG etc. NFC can be used to make payments by swiping mobile device at stores, buying train / bus tickets or just sharing information with friends by bumping phones.

A well known security researcher Charlie Miller has figured out a way to break into some devices like Google/Samsung Nexus S and Nokia N9 by means of NFC, this was demonstrated at a recent Black Hat Conference. According to NFC Forum there is no inherent flaw with NFC, however implementation issues need to be addressed as attackers can exploit operating systems and applications that implement NFC like the Android Beam and Nokia's content sharing and Bluetooth pairing.

We need to wait and watch for more security vulnerabilities related to this new technology.


For more reading on this topic:
http://www.networkworld.com/news/2012/072612-researcher-wows-black-hat-with-261162.html
http://www.informationweek.com/byte/news/personal-tech/wireless/240004386
http://www.nfcworld.com/2012/08/01/317100/forum-responds-to-black-hat-presentation-on-nfc-vulnerabilities/

Nitin Gaur scores 95% in CCSA R75


We are proud to announce that Mr. Nitin Gaur, a participant of our recent CCSA batch CCSA R70has scored 95% in the CCSA R75 certification exam. Congratulations Nitin!

Nitin wins a 50% discount on CCSE R75 training fees for any batch at K-Secure Mumbai in 2012

Some tips from Nitin
1. Always attend training from Authorized training center 
2. Read study material thoroughly, if any doubt refer Check Point websites and discuss with training Instructor ( Mr. Kishin sir) 
3.Should have clear understanding and difference between of various backups methods 
4. Day-3 session during training is very important to know VPN concepts 
5. Refer Check Point firewall administration Guide for more details 
6.Attempt sample of question/Quiz available in Check Point website 
7.Should have clear concept various NAT methods 
8.Refer check Point product guides to know more about identity awareness     

Saturday, March 31, 2012

Check Point CCSA R75 exams

The CCSA R75 exam was released on Pearson VUE just one month back and we at K-Secure are glad to announce that some of our students have already attempted this exam and passed with high scores. The topper is Mr. Anand Singh (picture on right) who has scored 96% in CCSA R75 and has won a 50% discount voucher for the next CCSE R75 training program at K-Secure.

Congratulations Anand and all others who have passed the exam

Quick Tips on passing CCSA R75 exam

Based on the feedback we received from our students who passed this exam, here are some tips to be noted.
  1. Take a proper training
  2. Study from the official course material thoroughly
  3. Use the practice tests available from Check Point and other sources
  4. Additionally read about Identity Awareness from product manuals
  5. Also ensure that you make proper notes on the VPN fundamentals which is covered at K-Secure trainings. If trained elsewhere, refer to some white papers on IPSec VPN standards
  6. Before registering for the exam, take the K-Secure's online practice test to find out where you stand