EssentialPIM, Tool for Personal Information Management

Posted on 16 November 2012 by Admin

EssentialPIM is a good alternative for Personal Information Manager tool.

Good:

  • Combined set of tools:
    • appointments, tasks, notes, contacts, password entries and email messages
  • password protected tool
  • possible to import contacts etc.
  • possible to synchronize with android via own application

Bad:

  • Slow’ish operation sometimes (database)

The figure below shows Calendar view. In the free edition, repetitive tasks (todo) are not enabled, but one can use calendar for the same purpose. In this case a reminder for the “Lotto”.

EssentialPIM2

The above mentioned tools are available even in the free edition. By surpise, it seems that tree structure is supported in the Notes. In the figure below some text and figure is copied from wikipedia.

EssentialPIM1

Tips

With free edition one cannot synchronize with outlook (pro version is needed). There are 2 alternatives to transfer Contacts from Outlook into EssentialPIM

  • Alternative 1:
    • Export contacts in outlook as individual vcf files, in Actions menu: Forward as vCard
    • Import, in EssentialPIM, use File:Import:Contacts:vCard
  • Alternative 2:
    • Export contacts and other data in outlook inside pst file
      • File->New->Outlook Data File
        • for example test.pst
      • Select this pst file inside Outlook, and Create new folder with type Contact
        • for example name “PersonalContacts”
      • Select “Contacts” menu in Outlook, and now the “PersonalContacts in test” is visbile under “My Contacts”
      • Copy your contacts into this new contact list (“PersonalContacts”)
      • Close test.pst
    • Import, in EssentialPIM, use File:Import:Outlook

Note!

I have categorized this in the Advanced Tools, because at the same time as it can facilitate the tasks, at the same time it can be more risky, if backups are not taken regularly. And care is need in order not to blowup the tool with information. For example, for notes one could use another instance, or another tool like keynote NF. And for passwords, one could use Keepass. But all in all, use with care since a lot of information in one place…

Posted in Anvanced Tools, Recommended Free Tools | Comments Off on EssentialPIM, Tool for Personal Information Management

Trend and Risk Reports, by IBM X-Force

Posted on 14 November 2012 by Admin

IBM X-Force is regularly publishing Trend and Risk Report.

According to their own definition:

The IBM X-Force Trend and Risk Report is produced twice per year: once at mid-year and once at year-end. This report provides statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. They are intended to help customers, fellow researchers, and the public at large understand the changing nature of the threat landscape and what might be done to mitigate it.

The figure below is from their report. (Figures are separately downloadable).

fig40 True Exploit Disclosures - 2006-2012 H1 (projected)

Posted in Security Management, Security Training, Awareness and Reports | Comments Off on Trend and Risk Reports, by IBM X-Force

Unfortunate and Commonly used Passwords

Posted on 13 November 2012 by Admin

Studies reveal that people can be careless and lazy (?) when selecting their passwords.

Scary Logins: Worst Passwords of 2012

1 password
2 123456
3 12345678
4 abc123
5 qwerty
6 monkey
7 letmein
8 dragon
9 111111
10 baseball
11 iloveyou
12 trustno1
13 1234567
14 sunshine
15 master
16 123123
17 welcome
18 shadow
19 ashley
20 football
21 jesus
22 michael
23 ninja
24 mustang
25 password1

Password Popularity – Top 20 by Imperva

1 123456
2 12345
3 123456789
4 Password
5 iloveyou
6 princess
7 rockyou
8 1234567
9 12345678
10 abc123
11 Nicole
12 Daniel
13 babygirl
14 monkey
15 Jessica
16 Lovely
17 michael
18 Ashley
19 654321
20 Qwerty

 

Report: Analysis of the Stratfor Password List

Stratfor

Links

  • A collection of wordlists is available at Openwall.
  • Another (link) collection of password dictionaries is available at Skull Security.
Posted in Security Training, Awareness and Reports | Comments Off on Unfortunate and Commonly used Passwords

Hurricane Sandy, views from GOES-13 and Suomi NPP satellites

Posted on 4 November 2012 by Admin

There has been several videos by NASA showing Hurricane Sandy from the wheather satellite.

sandy

The video animation is taken from GEOS-13 satellite.

GEOS

The Geostationary Operational Environmental Satellite (GOES)/ Polar Operational Environmental Satellite (POES) program is a key element in National Weather Service (NWS) operations. “Geostationary” means “it doesn’t move with respect to the earth”.

The GOES/POES mission is composed of two geostationary satellites and two polar orbiting satellites. These satellites operate in pairs.

The geostationary satellites, GOES-East covering the East Coast and GOES-West covering the West Coast, provide real-time weather data for use in short-term weather forecasting (warnings of severe weather) and space environment monitoring, as well as research and development.

The polar orbiting satellites primarily provide long-range weather forecasting, ensuring that non-visible data, for any region of the Earth, are no more than six hours old.

The polar satellite that was used for monitoring Hurricane Sandy was Suomi NPP.

Suomi NPP

The Suomi National Polar-orbiting Partnership collects and distributes remotely-sensed land, ocean, and atmospheric data to the meteorological and global climate change communities

It will provide atmospheric and sea surface temperatures, humidity sounding, land and ocean biological productivity, and cloud and aerosol properties.

NPP2

NASA renamed NPP in honor of the late Verner E. Suomi, a meteorologist at the University of Wisconsin who is recognized widely as “the father of satellite meteorology.

NPP1

link to wikipedia

Posted in Science | Comments Off on Hurricane Sandy, views from GOES-13 and Suomi NPP satellites

General Documents and Guidance on Security, by US-CERT

Posted on 28 October 2012 by Admin

US-CERT’s Security Publications site contains good introduction and guidance material around computer security for any user.

  • General Documents
    • Securing Your Computer
    • Recovering from an Attack
    • General Internet Security
  • Technical Documents

The site also provides links to their other pages, worth to look at:

Posted in Security Training, Awareness and Reports | Comments Off on General Documents and Guidance on Security, by US-CERT

OpenSC, Tool for Smart Cards

Posted on 21 October 2012 by Admin

At OpenSC page:

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.

OpenSC implements the PKCS#11 API.

On the card OpenSC implements the PKCS#15 standard (file structure).

Good:

  • Support many smart cards
    • National ID Cards
    • Generic smart cards
      • Cryptoflex, MyEID, STARCOS
    • USB Tokens

To improve:

  • Man pages are out of date
    • Use build-in help pages

OpenSC

Opensc command examples

C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool --list-readers
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Generic Smart Card Reader Interface 0

C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool --reader 0 --atr
3b:f5:18:00:00:81:31:fe:45:4d:79:45:49:44:9a

Logging is available via -v parameter

C:\Program Files\OpenSC Project\OpenSC\tools>opensc-tool --reader 0 --name -v
Connecting to card in reader Generic Smart Card Reader Interface 0...
Using c         ard driver MyEID cards with PKCS#15 applet.
Card name: MyEID cards with PKCS#15 applet

PKCS11 examples

Retrieving information

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs11-tool --module "C:\Program Files\Fujitsu Services\ActiveSecurity MyClient\Crypt
oki.dll" --show-info
Cryptoki version 2.11
Manufacturer     Fujitsu Services Oy
Library          mPollux DigiSign Client (ver 0.1)
Using slot 0 with a present token (0x2021880)


C:\Program Files\OpenSC Project\OpenSC\tools>pkcs11-tool --module "C:\Program Files\Fujitsu Services\ActiveSecurity MyClient\Crypt
oki.dll" --list-mechanisms
Using slot 0 with a present token (0x1fdfa70)
Supported mechanisms:
  MD5, digest
  SHA-1, digest
  RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify
  MD5-RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify
  RSA-PKCS-KEY-PAIR-GEN, keySize={1024,4096}, hw, generate_key_pair


C:\Program Files\OpenSC Project\OpenSC\tools>pkcs11-tool --module "C:\Program Files\Fujitsu Services\ActiveSecurity MyClient\Crypt
oki.dll" --list-objects
Using slot 0 with a present token (0x20afab0)
Private Key Object; RSA
  label:      Encryption key [kx00]
  ID:         45
  Usage:      decrypt, sign, unwrap
Public Key Object; RSA 1024 bits
  label:      Encryption key [kx00]
  ID:         45
  Usage:      none
Certificate Object, type = X.509 cert
  label:      Encryption certificate for key (69) [kxc00]
  ID:         45

PKCS15 examples

Erasing the MyEID card

C:\Program Files\OpenSC Project\OpenSC\tools>pkcs15-init -E -T
Using reader with a card: Generic Smart Card Reader Interface 0
PIN [Security Officer PIN] required.
Please enter PIN [Security Officer PIN]:

To browse PKCS15 file structure, after card was initiated with vendor tool (MyEID)

C:\Program Files\OpenSC Project\OpenSC\tools>opensc-explorer
OpenSC Explorer version 0.12.2-rc1
Using reader with a card: Generic Smart Card Reader Interface 0
OpenSC [3F00]> ls
FileID  Type  Size
[5015]    DF 32767      Name: \xA0\x00\x00\x00cPKCS-15
OpenSC [3F00]> info 5015

Dedicated File  ID 5015

File path:     3F00/5015
File size:     32767 bytes
DF name:       \xA0\x00\x00\x00cPKCS-15
ACL for SELECT:       N/A
ACL for LOCK:         N/A
ACL for DELETE:       NEVR
ACL for CREATE:       CHV3
ACL for REHABILITATE: N/A
ACL for INVALIDATE:   N/A
ACL for LIST FILES:   N/A
ACL for CRYPTO:       N/A
ACL for DELETE SELF:  N/A
Proprietary attributes:  00 02
Security attributes:     33 FF FF

OpenSC [3F00]> cd ..
unable to go up, already in MF.
OpenSC [3F00]> cd 5015
OpenSC [3F00/5015]> ls
FileID  Type  Size
OpenSC [3F00/5015]>

Other commands

opensc-tool –reader 0 –list-drivers
opensc-tool –reader 0 –serial
opensc-tool –list-algorithms
pkcs15-tool –list-keys
pkcs15-tool –list-certificates
pkcs15-tool –list-pins
pkcs15-tool –dump

Frequently asked questions

  • PKCS#11 is a software API for accessing cryptographic hardware like smart cards or HSMs
  • PKCS#15 is a format of on-card structures that defines a “filesystem layout” for smart cards.

Links

Posted in Anvanced Tools, Recommended Free Tools | Comments Off on OpenSC, Tool for Smart Cards

XCA, Tool for managing certificates and private/public keys

Posted on 21 October 2012 by Admin

In XCA home page:

X Certificate and Key management: This application is intended for creating and managing X.509 certificates, certificate requests, RSA, DSA and EC private keys, Smartcards and CRLs. Everything that is needed for a CA is implemented. It uses the OpenSSL library for the cryptographic operations.

Good:

  • Smart-Cards via PKCS#11 interface

In the figure below, the root private key of CA has been created and used for CA self signed root. The keys and certificates are stored in “test.xdb” database file.

XCA-1

In the figure below, the root private key of CA has been created on the Smart Card and used for CA self signed root. The root key on Smart Card is protected by PIN. The other keys and certificates are stored in “XCA-aventra.xdb” database file.

XCA-2

Tips

  • Protect your xdb file
  • XCA is using OpenSC to access smart card via PKCS11. In menu File->Options, one can add vendor specific PKCS11 Provider. In case of Aventra MyEID smart card, one can use “C:\Program Files\Fujitsu Services\ActiveSecurity MyClient\Cryptoki.dll”.

Links

Posted in Anvanced Tools, Recommended Free Tools | Comments Off on XCA, Tool for managing certificates and private/public keys