Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels

Channel Catalog

Channel Description:

Hackers for hire
    0 0

    Last month, Telspace Systems made a very important trip to the UK. On the one hand, we went to showcase the company among the other 350+ exhibitors at Infosecurity Europe, but just as importantly, we officially launched our EU-based office in central London.

    Infosecurity Europe, considered to be Europe’s number one Information Security event, took place between 23-25 April, at Earl’s Court, London this year.

    Although this event has been successfully running for 18 consecutive years, this was Telspace’s first time exhibiting there, and it proved to be the perfect opportunity to coincide with our local office opening.

    With over 17 000 registered attendees, we were kept very busy interacting with all the delegates at our stand. We gained a lot of international exposure and met a lot of key industry players, including many competitors. Overall it increased our market presence and also provided us with the opportunity to service new clients.

    We managed to collect many great leads, of which we had a large amount of callbacks. Some of the top most contacted clients from the exhibition include UK, Italy, USA, Germany, and Spain. The event also proved to be a great platform for us to present our highly-talented EU-based security engineers to potential international clients.

    We were very impressed with how professionally the event was organised and executed. During the whole time we were there, we never ran into any problems. We were amazed by the massive networking opportunities the event offered and we enjoyed the chance to compete in the EU market. The interest and knowledge presented about our industry was huge and it was very exciting to see where we are heading.

    Overall, it was a great experience and everyone was very welcoming. We were proud to represent South Africa at an international level and hope to attract even more customers in 2014. We've already booked a stand for next year in the main exhibitor zone!

    Check out these links for more information about our EU office launch:

    0 0

    Following its defacement to the Massachusetts Institute of Technology (MIT) website ( in January earlier this year, hacker group Hack the Planet (HTP) have once again done damage to the organisation.

    Earlier this year, the group not only performed an anti-Anonymous troll defacement on the MIT homepage, but they managed to intercept and gain full control of the Institute’s incoming and outgoing e-mail by compromising its domain. Although this claim was initially denied by MIT spokespeople, a later statement proved it to be accurate.   
    Since then, the hacktivists have managed to maintain access to MIT’s EDUCAUSE domain and have, according to one of their previous newsletters (HTP Zine 5), “entrusted the login credentials of nearly every EDU domain to hackers worldwide”. Links to downloadable ZIP files of the login credentials were also made available in the newsletter.
    As it stands, HTP claims to still have active access to MIT’s information, although they have not disclosed any details as to the techniques they used to do so.
    The above incident is one of many examples attributable to a steady rise in hacktivism. Up until a few years ago, hacking existed very much as means to procure illicit funds as part of a growing “underground economy”. Almost all cybercriminal incidences were centred around monetary gain.
    However, nowadays with the likes of LulzSec, Anonymous and as illustrated above HTP, hacktivist groups are cropping up in growing numbers, their sole purpose being to cause damage via targetted attacks. Much of the time, these attacks are in accordance with some political agenda, but in many cases, these groups are gaining access to high profile organisations for their own enjoyment or, as many of them claim, to teach the target “a lesson in security”.
    On the one hand, the rise in popularity of these types of attacks have had a positive influence in the industry, as they have forced many organisations to increase their corporate information security tenfold, something that security companies have been urging them to do for years.
    On the other hand, damages to some organisations’ reputations have been irreversible and members of the public are increasingly showing distrust towards the companies that handle their online transactions and information.
    To safeguard yourself and your company from damage caused by hacktivist groups such as HTP, we believe it is extremely important to take proactive steps in protecting all facets of your network on a continual basis. This will ensure peace of mind that your organisation is protected from even obscure attacks such as this one.

    0 0
  • 05/28/13--01:22: MML Injections

  • In a recent penetration test we came across a Huawei device that used a Tomcat frontend to send certain parameters to a separate interface or to the command line. At the time we were not sure where the parameters were being sent, but it did seem to give strange returns when playing around with it. Upon further inspection we noticed an error code commented within the page when an error was generated.

    After a bit of googlin’ we discovered it was Man-Machine language (MML). According to the wikipedia page:

    A man-machine language or MML is a specification language. MML typically are defined to standardize the interfaces for managing a telecommunications or network device from a console.”


    “Man-Machine Language (MML) is the industry standard command line language used to manage telecommunications network elements.”

    We won’t be getting into the technical stuff on MML and TL1, there is already a lot of information out there on it. We will just be focusing on web portals that use parameters to feed into a query. Essentially our attack was an injection attack. We had a predefined command with our supplied value inserted into one of the properties and the command was run. This may be common on quite a few telecom devices with a web frontend.

    A simple query may look like: 

    Function{ PARAM1=”Value”, PARAM2=”$user_supplied_value”, PARAM3=”predefinedValue” }

    Let’s say we are able to specify the value for ‘value2’ and the other values are already set and we want to redefine the value for ‘PARAM3’ our input may look like:

    Anything”, PARAM3=”our new value”};

    This will overwrite the PARAM3 value with ours, the semicolon acts as a comment to comment out the remaining part of the query containing the initial value for PARAM3. 

    Unfortunately it is not currently possible to redefine a value if it is declared before our input. This will generate an error stating duplicate values exist. 

    Another trick that can be used is to escape prefixes to our supplied value is to use a colon(:) this can be used to specify multiple values for an input.

    Let’s say the following query has a prefix on our value:

    Function{ PARAM1=”Value”, PARAM2=”PREFIX_$user_supplied_value”, PARAM3=”predefinedValue” }

    We could supply the following to escape the prefix:

    Anything” : “noPrefix

    This will supply the extra value without a prefix.

    So that’s it for now, hopefully this helps someone out there, please feel free to add extra info or other attack methods in the discussion.

    Cheers, Charlton

    0 0

    Telspace Systems is very excited to announce we will soon be moving to our new offices in Hyde Park. The new offices are custom decorated by Luca Designs ( and come complete with stylish décor in a hacker-type setting.
    The decision to move comes largely after an unfortunate break-in we had last year at our previous workplace, but with the new arrangement offering our growing local and international staff a better working environment, we like to see it as a blessing in disguise :)
    We would also like to welcome our newest employee, Adam Hollins. Adam came to us with a lot of customer-facing experience and an understanding of client relationship building. At Telspace, Adam will mostly be acting as liaison between our security analysts and our clients during penetration testing projects and web application assessments to ensure everyone remains on the same page. He will also be involved in and head many of our current and upcoming training sessions.
    So by welcoming Adam to our growing team and with moving to funky new offices, June 2013 marks a very exciting month for Telspace Systems!
    Once we’re well settled into our new space in a few weeks time, we’ll take some cool pics to post on our blog. So watch this space...

    0 0
  • 07/23/13--05:00: Telspace talks steganography
  • Last week, our very own Technical Director, Charlton Smith, gave a presentation on Steganography among a panel of experts at Webber Wentzel in Illovo.

    The event was sponsored by Camargue Underwriting Managers and Webber Wentzel in alliance with Linklaters and took place on the 18th of July between 10:30 and 12:00. Telspace Systems was invited to attend the panel of experts as Camargue’s preferred penetration testing partners.

    The panel was asked to discuss the realities of cybercrime in South Africa in the context of the upcoming POPI Act. Specifically, the discussion included cyber risk management and risk transfer strategies.

    The informative and very funny presentation was delivered to around 20 attendees, both technical and non-technical, who all seemed impressed with both Charlie’s knowledge on the topic and his ability to add humour to the subject.

    According to Charlie, he chose to talk about steganography because it is relatively low-level and he wanted to include the non-technical audience as well as the techies. He also believes, in the context of the POPI Act, steganography is very relevant as it allows for new techniques of transferring information, without setting off any alarms.

    In brief, here are some of the highlights of Charlie’s presentation, entitled Steganography 101:

    - The word steganography is of Greek origin and means "concealed writing".

    - Steganography is not the same as cryptography, although they supplement each other.

    - Early uses of this technique include hidden messages within wax tablets and there was even a story told by Herodotus of a message tattooed on the shaved head of a slave.

    - Modern technology allows for a number of new techniques to be used in steganography, including injection techniques, bit substitution, spam, PGP, and even the game of Sudoku.

    - Common carrier objects include images (.PNG .JPG .JPEG etc.), audio (Any sound clips .mp3 etc.), emails, and PDFs.

    - Injection involves embedding the secret message directly into the carrier object and almost all programs today (web browsers, Microsoft Office programs, etc) have methods of placing data in a file that will be ignored or not displayed to the user.

    New Junior Marketing Manager needed!

    As an aside, Telspace Systems is currently looking for a Junior Marketing Manager to join our exciting team. If you think you have what it takes, please email adam[@] for more information. Good luck!

    0 0

    Earlier this month, American President Barack Obama gave a press conference regarding issues surrounding the PRISM spying controversy.
    Back in May, he defended a revelation by Edward Snowden that the National Security Agency (NSA) has been intercepting and collecting phone and electronic communications since the reign of former president George W. Bush.

    Since then, news sources have reported that the NSA had obtained a court order to collect phone records from Verizon Wireless customers, and discussed the existence of PRISM, a program launched in 2007,which tracks information from well-known US-based Internet companies including Microsoft, Yahoo, Google, Facebook, AOL, YouTube, Apple, PalTalk and Skype.

    In response to this, Obama stated that the programs are essential to combating terrorist threats claiming, "They may identify potential leads with respect to folks who might engage in terrorism.”

    He also argued that the impact of the programs has been overstated. "Some of the hype we've been hearing over the past day or so - nobody has listened to the content of people's phone calls," he explained.

    At his most recent press conference, Obama once again addressed the issue of privacy in this regard explaining, “As I said at the National Defense University back in May, in meeting those threats we have to strike the right balance between protecting our security and preserving our freedoms. And as part of this rebalancing, I called for a review of our surveillance programs.”

    The decision to initiate a review came after various security breach incidents. As Obama stated, “Unfortunately, rather than an orderly and lawful process to debate these issues and come up with appropriate reforms, repeated leaks of classified information have initiated the debate in a very passionate, but not always fully informed way.”

    To conclude his speech, Obama listed a series of four steps that will be taken shortly to ensure the security issues are dealt with. In brief, these are:

    1. Pursuing appropriate reforms to the program that collects telephone records.

    2. Working to improve the public’s confidence in the oversight conducted by the Foreign Intelligence Surveillance Court, known as the FISC.

    3. Be more transparent.

    4. Forming a high-level group of outside experts to review America’s entire intelligence and communications technologies.

    After reading news articles, forum posts, twitter feeds and blogs debating Obama’s above ‘solution’, it becomes clear that nobody in the security industry really thinks the US president dealt with this situation properly.

    We at Telspace Systems firmly believe in the importance of being proactive, rather than reactive, when it comes to security in general. The US presidency should’ve been much more transparent with America’s citizens even before the monitoring started. Because they chose to conceal their spying tactics, they now sit with a country full of very angry, suspicious and sceptical people.

    It is important to remember that US citizens are not being affected by this alone. Even us, in as far away as South Africa, have had our phone records collected and electronic communications monitored as the above affects all international traffic flowing through any US pipes... and this includes Gmail and Facebook.

    Even on a local front, we are not safe from government spying operations. Currently, we are seriously lacking from a legislative standpoint and we are far behind other countries when it comes to our state security.

    We are hoping in the next few years, the implementation of the Protection of Personal Information (POPI) Act raises enough awareness within companies and government departments regarding certain issues such as information monitoring and establishes practical ethical rules for them to follow and live by.

    However, in the meantime, the best rule of thumb is just to assume everything is being monitored - and work backwards from there.

    0 0
  • 08/22/13--01:55: We are hiring!
  • Telspace Systems is looking to hire security analysts in South Africa, preferably Gauteng as the office is based in JHB. The analyst should be competent in a combination of the following skills:

    Web application security, attack and penetration testing, network security, source code reviews, mobile security. Along with these tests and assessments, you'll be conducting regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint.

    If you are interested in the below, apply via , email us your cv or get in touch via !

    Tasks include:

    · Performing application penetration testing and application source code review against software applications
    · Conduct vulnerability assessments and penetration testing on Internet-facing and internal client systems
    · Exploit known and unknown vulnerabilities and discover logic flaws.
    · Document technical issues identified during security assessments.
    · Assist with building recommendations for hardening, and maintaining systems used for penetration testing
    · Research cutting edge security topics and new attack vectors

    Desired Skills & Experience:

    · At least 3 years experience as a security analyst or relevant experience as a penetration tester.
    · Good technical, analytical, interpersonal, communication and writing skills.
    · Good understanding of attack and defence techniques
    · Excellent self management skills
    · Ability to work both independently and as team lead on individual assessments.

    0 0

    Telspace Systems’ newly launched Health Check service combines various security tools and hands-on analysis to identify web application or network vulnerabilities - at more affordable rates.

    According to the company’s CEO Dino Covotsos, this service is aimed at companies that may not have an extensive budget for a full-scale assessment.

    “Our health checks are perfect for organisations that would like to improve the security of their websites or networks against potential threats, but are affected by budgetary constraints,” he says.

    Telspace Systems offers two different types of assessments as part of its health check service, namely web application health checks and network infrastructure health checks.

    The web application health checks cater for companies with smaller budgets, and are ideal for companies in need of security assessments, but without a full blackbox or whitebox application evaluation. The pricing structure is set and is the same irrespective of the size of the application.

    This service reports vulnerabilities such as Sql injection, cross-site scripting, command injection, blind command injection, local file inclusions and arbitrary file reading, remote file inclusions, remote code injection / evaluation, CRLF / HTTP header injection / response splitting, open redirection, frame Injection, and many more.

    Network infrastructure

    The network infrastructure health check is an automated vulnerability assessment tool that is priced on a per-IP basis.

    “This service is for companies that require managed vulnerability scanning to identify common vulnerabilities on their infrastructure on a month-to-month basis. It can, however, be done on a once off basis as well,” explains Covotsos.

    The company’s automated software is a combination of toolsets to provide the best possible overview of a network from a vulnerability perspective.

    Assessment deliverables include executive reports, technical reports, remediation reports, and network overview reports. PCI compliance reports can also be completed upon request.

    “Although these health checks can assist companies with some peace of mind, it is important to note that they do not act as a replacement for a full-scale web application or network infrastructure assessment,” concludes Covotsos.

    More information can be found at .

    0 0

    After a successful training material revamp throughout 2013 we are happy to announce 2 new training sessions during November 2013.

    Telspace Systems will be presenting Ethical Hacking 101& Wireless Hacking 101. Both courses are intensive 2 day training courses and offer a highly practical approach to learning about the techniques and tactics used by hackers to attack your networks.

    More information can be found at

     We look forward to seeing you there!

    0 0
  • 10/03/13--01:18: Learn about hacking!
  • Telspace Systems is offering two introductory training courses later this month, namely Ethical Hacking 101 and Wireless Hacking 101 (which includes Bluetooth) for all hacking enthusiasts.

    Each comprehensive course will run over two days at the FNB Conference Centre in Sandton, Johannesburg, South Africa.


    Telspace’s popular Wireless Hacking 101 course will take place on the 12th and 13th of November 2013. This two-day course aims to demystify wireless network security and teach attendees how to improve wireless LAN and Bluetooth security.

    The course is divided up into theoretical and practical sections. Attendees will first obtain detailed theoretical analysis of different wireless security schemas, and then receive hands-on experience on how the attacks are performed.

    The topics to be covered in these sessions include: wireless and its use in technology, wireless protocols and architecture, network mapping and methodology for securing wireless networks, discovery of wireless networks, introduction to Bluetooth, and introduction to Bluetooth security.


    Telspace’s introductory Ethical Hacking course will take place between the 14th and 15th of November 2013. This comprehensive course will be taught from both a defense and attack perspective, and will address both the ethical and Black Hat viewpoints.

    The topics to be covered include: what ethical hacking is, penetration testing methodologies, information gathering, mapping vulnerabilities, social engineering, exploiting mapped vulnerabilities, privilege escalation, and maintaining access and pivoting.


    Each two-day course is offered at R14 000.00 excl VAT per student. Currently, we have a special offer running which includes an iPad with retina display for each student.

    For further info and bookings please visit our website ( or contact us:

    Tel: +27 11 517 1419
    Twitter: @telspacesystems

    0 0

    Last week, hacktivist groups were seen holding worldwide protests to mark what has now become a tradition on Guy Fawkes Day.

    On November 5th, members and fans of Anonymous, WikiLeaks, The Pirate Party, Occupy Wall Street and other hacktivist movements marched on political landmarks and institutions around the world. For example, in US capitol Washington, DC, demonstrators partook in what they called the “Million Mask March” outside the White House. In the UK, actor Russell Brand became the face of the Anonymous protest, acting as leader for the revolt.

    Guy Fawkes Day commemorates the failed attempt to blow up British Parliament in 1605 - although Fawkes was not the mastermind behind the attack, he was the one holding the explosives. Anonymous begun using the Guy Fawkes mask as a symbol, which was made famous in Alan Moore's ‘V for Vendetta’ comic published in the early 1980s and subsequently made into a 2005 film adaptation.

    Anonymous has a history of conducting operations and protests on 5 November, including a threat to “kill Facebook” in 2011, and has come to use the day as a rallying call.

    On the day, Anonymous tweeted the popular Guy Fawkes commemoration rhyme, “Remember, remember the 5th of November”.

    Understandably, many political and other organisations spent the day on edge, expecting to become targets of hacktivist attacks. This was especially true for the Singapore government who had been threatened with a Nov 5 attack by Anonymous in the event that they failed to roll back regulations imposed on media publications earlier this year.

    Luckily for all, Nov 5 came and went with very little happening on the hacker front. It seems for all involved the day was more focused on peaceful protest rallies than actual damage.

    This year, it is said a total of 400 cities around the world, including Johannesburg, took part in the demonstration.

    0 0

    Wow - can you believe another year is almost over? And what a great year it has been! We at Telspace Systems saw a great many turning points this year - both for our business and for the security industry at large.

    In April, we had the successful opening of our EU offices, which took place alongside InfoSec Europe. In May, we were back on local shores in time for ITWeb’s Security Summit. In June, we moved to stylishly decorated new SA offices, personalised to our business vision and personality by Luca Designs. 

    In July, our own Charlton Smith presented a very interesting talk on steganography, which was so well-received it even appeared in Cover magazine.

    In September, we launched our first-ever Healthchecks service, catered towards smaller companies, or those with budgetary constraints. Finally, just last month, Telspace Systems introduced its Wireless Hacking 101 training course material revamp and began offering a brand new course, Ethical Hacking 101.

    Furthermore, this year saw the addition of four new employees to the Telspace team, namely Adam Hollins as Project Manager, Rhys Mossom as Security Analyst, Dimitri Fousekis as Team Leader – Security Analysts as well as a new Senior Security Analyst & Business Development Manager. 

    A huge thanks goes to the entire Telspace Systems Team for making this a year to remember. Without each of you working so hard as a family, we would not be where we are today. 
    Looking back, 2013 was definitely a very successful and exciting year for the company and we thank all of our loyal customers and friends who shared it with us. From the whole team at Telspace Systems, happy holidays and all the best for the New Year!
    To roundup the year, we have put together a list of the top 5 most prolific threats for 2013. Enjoy and stay safe.

    1.  Botnets and DDOS
    We saw many companies and government departments falling victim to DDOS attacks over the duration of 2013.

    2.   BYOD Nightmares
    Because of the explosion of “always-on” laptops, tablets and smartphones, sensitive and classified information on these devices are targets for exploitation.

    3.   Web application security issues continue
    Throughout 2013 we saw extensive issues in Web application security and attacks such as SQL injection are still very common. More complex, sophisticated attacks via Web applications are utilised to obtain confidential information such as company databases.

    4.   Zero day browser attacks, Java zero-day attacks and other client side attacks
    These types of attacks were a huge problem during 2013. Zero-day attacks have always been a massive risk to organisations, this year being a significantly bad year for many large organisations.

    5.   Ransomware
    Although ransomware is not a new attack vector, we saw a significant spike in the amount of ransomware this year. Today’s ransomware is usually conducted via poisoned Webpages, social engineering and various other methods.

    0 0

    Happy New Year everyone! To welcome in the new year, Telspace asked two of its Security Analysts what they think the top security predictions for this year are. Here are their responses:

    Dimitri Fousekis, Security Analyst / Team Lead

    1. Increase in financial security breaches

    For a while, things seemed relatively quiet on the credit card and financial data breach front. However, 2013 ended with a bang when Target was hacked and over 150 million of its clients’ credit card details were stolen. 

    I believe this trend will continue into 2014, but will take on a new approach as focus is shifted to electronic currencies such as Bitcoin. With the opening of new and more secure Bitcoin repositories (as well as insurance policies for Bitcoin), there will be increased attention from attackers. However, credit cards will definitely not escape attackers’ attention and payment gateways (such as Paypal) will come under fire as well.

    2. Backdoors and spying – let the games begin!

    With so much recent focus on the NSA and its rather questionable tactics for obtaining data, ascertaining just how far and how deep their reach goes will be highlighted in the coming year. The increased probing will no doubt reveal other spying entities and more backdoors we did not know existed, which will further pressure governments and corporates to take measures in protecting users and their data.

    Additionally, it will be the year where corporates will either begin aligning themselves with government agencies by defending them – or drawing very clear lines to distinguish themselves from them. Both strategies will yield interesting and varied results.

    3. Malware anyone?

    Malware saw its fair share of growth in 2013, but 2014 will be the year we see an increase of malware into embedded systems and consumer hardware. 

    There are already reports of malware on USB devices, SD cards, etc. and this will continue to grow this year – expanding the realm of where and how malware operates. This will be influenced by both government agency backdoors as well as by increased consumer data and credit card theft as malware moves into the retail/point-of-sale arena.

    4. The year of encryption

    Again, being driven by the global focus on government spying and countries prying into user data, 2014 will see definite changes in encryption technology, as well as where (and how) encryption is used. It will now become necessary to encrypt data that did not previously require encryption. The introduction of new methods and algorithms into the encryption realm will bode well for the security industry, but this phase will not be free of initial hiccups, resulting in the odd breach, as less mature solutions are implemented initially. Either way, 2014 will see a significant increase in how people protect their data, what data they choose to protect, and who they trust to handle it.

    5. Cloud computing – bitter, sweet, and maybe salty

    Cloud computing uptake will no doubt increase exponentially this year. The buzzword still has much life in it with regards to what it can offer and companies will drive hard to deliver cloud computing methods in 2014. However, adopting cloud systems comes with its share of obstacles - the new technology will be plagued by new privacy rules, general users will experience a lack of faith due to data being hosted in other countries and territories, and there will be a plethora of new targeted attacks as cybercriminals fight to gain access to these large repositories of profitable, centrally-stored data. 

    Rhys Mossom, Security Analyst

    1. Malware/Ransomware

    According to the McAfee Q3 Malware report 2013 there was a staggering 50 million newly identified virus signatures added to their databases. Specifically, there has been an increase in so-called Ransomware, a further rise in botnets, and a higher number of malware targeting Bitcoin wallets. 2014 will see a continued rise in malware development and detection.

    Some notable examples are:
    • Pony Botnet - Botnet and bitcoin thief
    • Prison Locker - Ransomware

    2. Mobile devices

    With the new culture of Bring Your Own Device (BYOD) comes a myriad of security concerns that are currently being faced and addressed. The RSA Europe conference last year postulated that there would be a dramatic rise in Ransomware infecting mobile phones, and a more recent announcement by McAfee reiterated this claim. 

    Additionally, companies are now faced with the problem of company personnel bringing in personal cellular access points, often bypassing company security policies and transmitting sensitive data over an unsecured, out-of-band channel. This adds to the list of vectors an attacker could pursue. 

    3. Cloud storage 

    There has been a great rise in companies opting for the use of cloud storage solutions, as they require less maintenance and generally give the impression of being more secure. However, one of the consequences of businesses moving away from centralised data storage is often that less energy is spent ensuring the client side is secure. For this reason I believe we will be seeing more attacks on both cloud storage centres, and an escalation of man-in-the-middle attacks on the client side.

    4. Irresponsible disclosure

    Within the last four years we have had some pretty notable irresponsible disclosures of vulnerabilities. Within the industry of ethical hacking and cyber security in general there is a lack of public understanding as to what ‘responsible’ disclosure should entail. To name some of the recent debacles that have resulted due to the act of irresponsible disclosure in chronological order:

    • Julian Assange – WikiLeaks
    • Edward Snowden – NSA
    • Moe1 - E-Toll System
    • A recent disclosure by a reputable firm of ethically suspect hacking ‘how-tos’ that relate directly to financial and government institutions.

    5.Greater migration of users to decentralised web content

    Even with the recent bust of Ross William Ulbricht from the infamous Silk Road (an online store where a customer would be able to trade illicit drugs globally or even hire the use of professional hitmen), the idea of a decentralised anonymous internet certainly appeals to many people and shall continue to attract illicit and depraved activity.

    Well thats it from our 2 analysts, on behalf of everyone at Telspace Systems we hope you have a great 2014 year!

    0 0

    Security cameras have been the first step of defense for many organizations, governments, school & colleges. When it comes to defending against crime. This trend has been around for many years and using a security camera is still at the top of the list.  According to research carried out by the urban institute, it shows that indeed there is a drop in the crime rates when such cameras are installed and used in the “Right way”. Now let us emphasize the words “Right Way”. Nowadays the traditional close circuit TV’s (CCTV) have been replaced by IP based security cameras and these give the great functionality of anytime anywhere viewing to its customers. While many customers may think that it is an advantage to them, it is actually of just as much benefit to those committing crime.

    Now you may wonder why we say so.

    In the case of CCTV, all the data, images etc. would remain ”secured”. Whilst on the other hand in the case of IP based cameras all the data is transmitted and available on the World Wide Web.

    Figure -1 Funny camera sticker

    It is quite easy to forget the threats that these IP based cameras could pose. A simple google search would answer all the queries regarding the threat scenario of implementing an unsecured IP based camera.

    IP based security cameras will have all the vulnerabilities that any other data networks possess. The issue arises when anyone is able to install the camera, but not everyone is aware of the vulnerabilities associated with this installation.  As these are easily available over the internet a lot of privacy issues arise and sensitive information can be accessed. Apart from these vulnerabilities, the important thing to look at is that many of these cameras run internal webservers on unsecured channels rather than a secure channel i.e. https. This enables credentials to be transmitted in clear text over the network.

    Another such issue is that these cameras also run unsecure file transfer protocol sessions instead of more secure sessions i.e. SSH. Running a secure session would enable image transfer between the client and the server in an encrypted format. However, in most cases the data is not encrypted and is sent over LAN, MAN or WAN, where unauthorized users can gain access to sensitive information pertaining to the organization. This information that is collected can then be used to attack more networks in the organization.

    This unauthorized access to cameras is useful for people who are interested in cam spying. The manufactures of cameras use a consistent URL string to access the camera, therefore, allowing anyone with capabilities of using google the ability to access them. If you Google “inurl :/view/index.shtml” you will find thousands of such insecure IP based camera. If you are unaware of the search terms to use there are several websites available that already have a list of terms that can be used.

    The criminals can watch all these while sitting in a coffee shop or sitting in their living room. They would have ample time to plan their attack and take notes regarding the layout, dimensions, etc. What is even scarier is that most of these cameras have features such as pan and tilt which aid the criminal in pointing towards a specific location and gathering more detailed information regarding the location. These can also be used to divert the camera view to another location when an attack is being performed.

    Figure-2 Camera in office.

     Figure-3 Camera in a zoo.

    As this information is available from a simple google search. Business entities have a legal and ethical responsibility of not exposing access to such data to the public. Thus, the entities should take measures on implementing a security procedure. These procedures should focus on areas such as: only authorized personnel are allowed to have access to the data that is on the server.

    Also as pointed out earlier one of the problems is the level of knowledge of the person installing the surveillance equipment. All such equipment has built in password functionality and some of the more advanced equipment have facilities such as data encryption. It is the responsibility of the entities to research and select the equipment which is best suited to the organization according to their needs. Selecting the equipment is only half the job, as the organization / installation company with proper installation knowledge is the other half of the job that needs to be verified.

    The installer who generally has limited knowledge will install a system with all the default settings or will leave a weak password i.e. less than 8 characters and not having upper, lower and special characters. Again by this we return to the point originally raised i.e. “Right way” of installation. The installation of such devices has to be combined with network security in order to truly secure the business.

    That’s it for the first part of this blog spot in the second part we would be diving into detailed as to how network intrusion is to be prevented from such devices.                                                               

    0 0

    A newly-developed encryption system by independent researcher Ari Juels and Thomas Ristenpart of the University of Wisconsin, has shown that trickery is an underexploited, but very effective tool in data protection.

    Dubbed ‘Honey Encryption’, this security method adds an extra layer of protection to encrypted data by returning fake data every time an incorrect password or encryption key is made. If the attacker does at some stage guess the correct combination, the sensitive data will be lost among spools of false data.

    Later this year, Juels and Ristenpart will present their Honey Encryption method and findings at the Eurocrypt cryptography conference.

    Since cybercriminals have been using decoys since the very beginning, it makes sense for use the same techniques to our advantage. Using deception as a defense mechanism against cyber attacks is not only delightfully ironic, but very effective.

    SA needs to shape up

    Despite ground-breaking security developments taking place internationally, SA is said to still lack the security awareness and understanding to ensure adequate data protection.

    A recent statement by Beza Belayneh, CEO of the SA Centre for Information Security (SACIS), suggests local organisations (outside the financial sector) often view cyber security awareness as sensationalism, resulting in what Belayneh terms "cyber security fatigue".

    "Organisations will process and store large amounts of personally identified information and most of their business processes such as HR, finance and legal, are fully computerised and digital. Institutions don't realise that cyber attacks constitute data theft and can interrupt business functions."

    According to the SACIS, local organisations are spending resources on cyber attack prevention, but throwing money at the problems will not help people understand the nature of threats and how to counter them effectively – a task which Belayneh says is never-ending. Instead,Belayneh believes the focus should shift to building resilient security frameworks.

    "Institutions must develop a holistic approach that responds effectively to attack since they are impossible to avoid," he says.

    Telspace is hiring!

    And on that note, Telspace Systems is looking to hire a security analyst in South Africa, preferably Gauteng. The ideal candidate should be should be competent in a combination of Web application security, attack and penetration testing, network security,source code reviews, and mobile security.

    For a more detailed description, please visit our job listing on LinkedIn or e-mail your CV to admin[at] 

    0 0

    BetTech Gaming, the global provider of turnkey gaming solutions to market-dominating clients, has partnered with Telspace Systems to significantly boost its security operations.

    Telspace Systems has been awarded a multi-year contract to conduct round-the-clock attack and penetration testing and analysis. They will also run vulnerability assessments and source code reviews, handle large, complex transactional systems and provide training.

    The preventative measure will benefit all of BetTech’s betting and gaming operator customers, ensuring their players receive industry-leading protection against cyber crime.

    “Telspace Systems has an impeccable reputation,”said BetTech Gaming chief technology officer Ian Barnes.They make organisations as unattractive to online criminals as possible and keep all sensitive financial and client data safe.We have partnered with them to give the highest possible level of security to BetTech as well as our customers and their organisations.”

    Telspace Systems was established in 2002 and is based in Johannesburg, South Africa, with a presence in United Kingdom, Botswana, United Arab Emirates, and Brazil. It services high-profile casinos and banks, and telecommunications, petroleum, and insurance companies around the world.

    Chief executive officer Dino Covotsos commented: “There is no room for complacency when it comes to online security. New software vulnerabilities are found daily and attacks can immobilise a business – the potential financial costs are huge so it is always best to take the strongest possible precautions.”

    0 0
  • 04/01/14--04:01: The iPhone on trial
  • Recent local events have dramatically highlighted security issues among users of the iPhone. There have been reports of high-tech equipment used to recover data and crack phone encryption – as well as obtaining login details of websites used to manage the phone – and these have raised concerns that personal data is simply not safe.

    So how much can someone who has your phone and / or the right tools learn about you?

    A common question among Apple users is whether the phone manufacturer pre-installs ‘backdoors’ or some kind of ‘hidden access’ into the handset to be used to gather information for law enforcement.

    To answer that, we need to consider what security the iPhone has, and why it has it. When Apple designed the phone’s built-in security (locking, securing data etc.), they did so under the premise that the user requires his/her data protected in the event of loss or theft. Apple would not operate under the impression that its users would need to hide something from law enforcement, or not have their phone used as evidence in a court of law. Regardless, Apple has used high levels of encryption on the iPhone, improving it with each new version of its operating system (iOS).

    Various experts in the industry (such as Charlie Miller) have often reiterated that they do not believe Apple actually keeps your passcode on their servers. Apple themselves states the same thing.

    Whether or not this is true, we don’t know for sure. But it appears, given the time and effort required by law enforcement officials (even in other countries) to crack encryption on an iPhone, that they are not working with a passcode simply handed to them by Apple.

    The fancy tools available to extract data from iPhones rely on well-known exploits, default configurations or other entry points into the phone. Some can try to brute-force passwords on the phone using methods that do not trigger the built-in protection, or that simply cater for such. Law enforcement officials also rely on simple user mistakes or inexperience to gain access. How many people use their birthday as their iPhone pin? Or use 1234 or 1111 because its easy to type in?


    With regards to data encryption on the iPhone, keep in mind that not all data is encrypted. Due in part to the access required by certain applications, it can be deduced that some photos, for instance, are not encrypted. Chat programs such as WhatsApp can also implement their own encryption – in which case Apple may have no insight into how this data is protected, nor who has the keys used for decryption.

    Could Touch ID, a fingerprint recognition feature devised by Apple, solve these issues? Probably not. Touch ID adds convenience but not necessarily extra strength in cryptography. Remember you still need to enter a PIN code to enable Touch ID, and therefore its highly likely the iPhone is still using the PIN code as part of the key generation for encryption – much like iPhones without Touch ID.

    Apple would not have relied solely only on a fingerprint to generate encryption keys because if the print stops working, access to data is lost. Besides, users can simply enter their PIN to bypass the Touch ID requirement. Keep in mind, this is not a failure on Apple’s part since they do not sell Touch ID as an upgrade to your phone’s encryption capabilities.


    Should we be worried then? Yes and no. Apple has put a lot of work and research into iOS and the iPhone itself. Compared to other operating systems, iOS also maintains a relatively good stance on security and lack of critical security flaws.

    However, there will always be a way around something, and given enough time and resources someone will find vulnerabilities, a flaw, or an “undocumented feature”.

    Switching to Android, BlackberryOS or Windows will not make you any more secure against law enforcement officials, or highly skilled malicious users.

    There are, however, some steps you can take to make it more difficult to do so:

    1. Set a random, and strong PIN. Avoid duplicate digits and sequences and definitely avoid anything personal such as your postal code, birthday etc.
    2. Set your iPhone to auto-lock after a reasonably short time. If it is stolen or lands up in unwanted hands you want it to be locked before it can be accessed.
    3. Activate the find-my-iPhone feature on the device. Not only is this useful to know where  it is if you lose it, but you can also request the device to wipe itself remotely as well.  Remember however, the phone keeps a track of where you’ve been, and this info can be  retrieved from the device via the right tools.
    4. If your phone is lost/stolen or in the hands of a malicious person, immediately change  any e-mail, Facebook, and other passwords on the applicable websites. That way, no  further updates can make their way to the phone.
    5. Finally, as a general rule, if you don’t want something to ever be used against you –  don’t say it via text or e-mail. That not only applies to anything related to the law but  even in general life circumstances. Remember, you can’t take back what you typed.

    By Dimitri Fousekis, Security Analyst / Team Lead, Telspace Systems

    0 0

    Every so often, vulnerabilities are found which turn the information security industry upside down, both from a positive and negative sense. The recent OpenSSL vulnerability is no exception. Having surfaced a short time back, it sent social media into a spin, websites and toolsets having being updated to explain, dissect and help exploit the vulnerability have popped-up everywhere. As have the theories that governments may have been using this vulnerability since as early as 2011.

    Heartbleed, so aptly named because it is the Heartbeat functionality in OpenSSL that “bleeds” sensitive information, has launched itself into the limelight. Raising concerns amongst professionals, business persons and the general public alike.

    One avenue that has not however been focused on too greatly (although mentioned before) is how many “embedded” and/or “appliance” devices are running the vulnerable version of OpenSSL? These usually have much longer and more fragmented patch updates than commercial web-servers and operating systems, especially when firmware is only obtainable from the manufacturer.

    We conducted research into an avenue that is not often mentioned as a risk for the Heartbleed vulnerability –ADSL/DSL users. Using legitimate and non-intrusive means of identifying hosts with the Heartbleed vulnerability, we ascertained that there are many such devices, falling into the following categories:

    Network-Attached Storage Devices (multiple brands)

    Routers/UTM Devices (multiple brands)

    CCTV Camera NVRs (multiple brands)

    Small-Business Firewalls (multiple brands)

    Voice-Over-IP (VOICE) Devices (multiple brands)

    (it was not in the scope of this article to name the manufacturers of these devices)

    The devices above are not estimated to be available and vulnerable – they are online, and are vulnerable. This raises much concern around the data that is exposed to would-be attackers trying to compromise these systems.

    Keep in mind that the Heartbleed vulnerability allows one to obtain pieces of memory from the SSL process that may contain usernames, passwords and authentication cookies. In our internal lab experiments, we found this to be easily obtainable in almost 90% of the tests done.

    It’s a disquieting thought, not only that so many devices with sensitive data (even hard disks!) are exposed to the Internet, but also it becomes even more important when we consider that these devices are now vulnerable – most without even new firmware on their manufacturers websites.

    Embedded and appliance-like devices may be the answer for out-of-the-box and affordable solutions for many services, but in the case of this article one has to ask – Is your internet-connected appliance bleeding your confidential data?

    0 0

    The ITWeb Security Summit is just around the corner, and speakers, exhibitors and visitors alike are finalising their plans.

    We expect this year to be filled with excellent talks, presentations and exhibits to help South Africans in all industries and environments benefit from what has been learnt the past year, as well as what we need to do going forward to ensure the security of our people and systems.

    This year Telspace will host a security challenge at the summit. The goal of the challenge is to test the skills of information security enthusiasts at the summit. Contestants are required to attempt to hack into a test environment, hosted on a Wi-Fi network, and obtain a flag from the competition server. The first two contestants that are able to explain how they obtained the flag, as well as present it, will be awarded with a Pebble watch.

    The challenge aims for contestants to think out of the box, to think logically about how the system is put together, and how it can be exploited. 
Automated tools and exploits will be of little help and what seems to be secure may turn out not to be. The challenge is designed to be both fun and challenging at the same time. Do you have what it takes?

    Try out your skills and techniques on the Telspace challenge while you are at the summit – you might walk away with a prize. Be sure to visit our stand often as we might drop a clue or two as the summit progresses.

    Details on how to gain access to the system will be provided at the Telspace Systems stand in the exhibition hall, as well as on the coupon in the ITWeb Security Summit booklet. We look forward to seeing you there!

    Please note that the challenge is not open to staff of companies exhibiting at the summit, or their immediate families.

    0 0
  • 05/20/14--09:03: We are hiring! Again!
  • Telspace Systems is expanding rapidly and looking to hire an additional security analyst in South Africa, preferably Gauteng as the office is based in JHB. The analyst should be competent in a combination of the following skills:

    - Web application security,
    - Attack and penetration testing,
    - Network security,
    - Source code reviews,
    - Mobile security.

    Along with these penetration tests and security assessments, you'll be conducting regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint.

    If you are interested applying, email us your cv(admin[at] or get in touch via ! 

    Tasks include:

    · Performing application penetration testing and application source code review against software applications

    · Conduct vulnerability assessments and penetration testing on Internet-facing and internal client systems
    · Exploit known and unknown vulnerabilities and discover logic flaws.
    · Document technical issues identified during security assessments.
    · Assist with building recommendations for hardening, and maintaining systems used for penetration testing
    · Research cutting edge security topics and new attack vectors

    Desired Skills & Experience:

    · At least 1-2 years experience as a security analyst or relevant experience as a penetration tester.
    - Bsc, Bcom or B degree, preferably MSC.
    · Good technical, analytical, interpersonal, communication and writing skills.
    · Good understanding of attack and defence techniques
    · Excellent self management skills
    · Ability to work both independently and as team lead on individual assessments.
    - Additional information security certifications beneficial (CREST/CISSP/ETC).

    0 0
  • 07/10/14--05:36: CTF - SkyTower 1

  • During the ITWeb Security Summit 2014 and BSides Cape Town 2014 we decided to host a CTF competition whereby the winner could win a pebble watch if they grabbed the correct flag.

    It was a popular challenge during the conferences with many groups of people collaborating to try solve the CTF. At the end of the ITWeb Security Summit we had no winners of the CTF and we therefore rolled it over to BSides in Cape Town. We were lucky enough to have a winner of the CTF in Cape Town (Todor). 

    We were then asked to upload it to VulnHub, so that attendees could look at it at a later date and gain something from the CTF long term.

    Therefore we have released SkyTower 1, you can download it and give it a try at:,96/

    If you need some assistance or help getting through the CTF, there are multiple walkthroughs available by the community already - they are in great detail and we are grateful that everyone is enjoying the challenge and interacting with one another to solve problems.

    Please enjoy the CTF and happy hacking!

    You can view walkthroughs by various people at:

    0 0

    This year, Telspace Systems will be speaking at PasswordsCon 14 in Las Vegas, USA.

    PasswordsCon is a place where people from all backgrounds including researchers, specialists, password crackers and security experts gather to discuss and learn about all things Password related. A simple term; “Password” carries a very large impact to humans in today’s world. We use a password to access a wide variety of systems, communication, documents, email and more. With so much advancement in technology and user education one would think that the humble “Password” is now a perfected art amongst people. However it is not as can be seen repeatedly by the breaches occurring throughout the world. When password crackers obtain the plain text to the hashed passwords leaked from websites, it becomes apparent that passwords like “12345”, “Password”, “Password123” and others like it are still very much in use. Raising the questions; Why is it like that? How can we get more secure passwords? Why do people choose insecure passwords? 

    Telspace Systems’s talk at PasswordsCon will answer those questions in the context of one of the most critical areas of impact – The Enterprise. How do large corporates ensure their passwords are secure? How do they ensure their staff choose strong passwords? What about SOA Architecture and Cloud Computing? A large enterprise and corporate IT environment is not only critical but highly complex. We will show you what challenges are faced, how to overcome them and how some companies have both succeeded and failed to do so. We will additionally also cover technical aspects such as what algorithms should corporates use for their systems, and why choosing certain ones can be highly secure but also a pitfall of note. 

    The presentation outline is as follows:

    1. Introduction to Presentation, Speaker BIO and Purpose of the
    2. Why is an Enterprise an entirely different scenario to other
    entities that use Passwords? 
    3. Top 5 points of failure - Where do Enterprises make the biggest
    mistakes with their Password usage? 
    4. SOA (Server Oriented Architecture) - When good ideas get bad
    passwords. Discussion into why and what happens? 
    5. Server Administrators in the Enterprise - Friend or Foe? 
    6. Doing it the right way - Simple points to make Passwords in your
    Enterprise a positive security aspect. Is your password policy
    7. Q&A & Concluding Comments. 

    Don’t miss this talk on a critical aspect of your company’s security. Presented by our in-house password specialist Dimitri Fousekis. Stick around for the Q&A to ask your questions to both Dimitri and other industry password experts. Additionally look out for us at the Vegas 2.0 gathering where you will have more time to engage in high-level, technical and specific information about passwords and security. 

    0 0

    Telspace Systems’ will offer Wireless Hacking 101 as a certification class to teach information security professionals how to ensure their wireless infrastructures are secure. Hacker Halted will be taking place during October 2014 in Atlanta, USA.

    Due to the explosion of “always-connected” devices, sensitive and classified information have become lucrative targets for exploitation. Wherever you look, people are using laptops, tablets and smartphones, both for personal and business reasons. This opens up massive opportunities for wireless hackers and other types of cybercrime.

    Among these threats, is a rise in ransomware infecting mobile phones, as a recent claim by McAfee reiterates. The interception of data between a wireless device and the website or application the user is using is also lucrative for farming usernames and passwords or attempting to hijack user sessions. Additionally, simply “grabbing” whatever comes through the air to look for interesting files, photos and data is increasingly common.

    Telspace Systems’ Wireless Hacking 101 will be offered as a certification class to teach information security professionals how to ensure their wireless infrastructures are secure. The course will run from 14th-15th October 2014, and will be taking place at the Georgia World Congress Center.  Telspace Systems will be running a two-day course addressing wireless hacking issues ahead of, and in conjunction with, the Hacker Halted IT Security conference.

    The new culture of Bring Your Own Device (BYOD) brings additional security issues to the fore, as businesses have to protect their critical company information on user-controlled devices. Companies are now faced with the problem of personnel bringing in personal cellular access points, often bypassing company security policies and transmitting sensitive data over an unsecured, out-of-band channels. This adds to the list of vectors an attacker could pursue. Since BYOD hardware often contains company sensitive information, it is too a target for attackers either directly or via Wi-Fi attacks.

    This course covers one of the most widely used forms of data transmission available to mankind today – wireless. Wireless Hacking 101 will provide real world, hands-on instruction on not only how to attach wireless, but also how to defend against attacks.

    Students will leave equipped with the knowledge of how to analyze wireless networks, enumerate them, and then attack them. The course is not all theory. After covering the basics and fundamentals of how Wi-Fi works, how encryption works and how clients associate with wireless access points, the course will then examine how to attack them. With in-depth and hands-on instruction, the students will learn to competently hack their way through a wireless network. Challenging assessments, and a “capture-the-flag” examination will ensure students are immersed in this highly technical, but highly rewarding course. Subjects covered will include; Wi-Fi enumeration, WEP and WPA1/2 hacking, obtaining passwords, spoofing and attacking wireless clients and defending against wireless attacks.

    0 0

    Telspace Systems is happy to announce that we will be presenting at the 5th edition of Alligator Security Conference [1] on the 19th and 20th of September 2014. 

    AlligatorCon is an independent and "invite only" Information Security Conference held in Recife, Brazil [2]. 

    Our analyst Marcos Álvares (Head Of Research) will be talking about relations between Source Code Complexity and historical vulnerability data. Marcos will be performing a live demonstration of the proposed technique over the whole Linux Device Drivers source code database! 

    Not much more can be disclosed about the talk as it is a invite only conference, so you'll have to be invited to see the full talk.

    Good luck Marcos!

    0 0
  • 09/23/14--02:37: August tops attack list
  • The number of hacks, breaches and threats worldwide last month was record-breaking - and a clear indication that businesses are still not doing enough to safeguard themselves against cybercriminals. published a list of attacks on their website and claimed August’s list of cyberattacks to be the most lengthy it has seen in a long time.

    According to Dimitri Fousekis, Security Analyst and Team Lead at Telspace Systems, “We at Telspace are not surprised at the surge of cyberattacks in August. Cybercrime is increasing exponentially, and even though a large majority of the attacks culminated overseas, South Africa is far from immune.”

    Fousekis says the escalating number of cyberthreats will only start to decrease once there is enough awareness. “Sure, people know what cybercrime is, and have read about the devastating effects it may have on a company. But it is only after business decision-makers understand how cybercrime can cripple the very foundation of their own operations, and realise that security is a business enabler, will they start to see the urgency of having a strong security framework in place.” 

    According to the website, some of the more prominent cyberattacks for August, included:

    Data Breaches:

    Payment Information:

    Social Media:



    From the above list it is evident that cybercrime is a reality and only set to increase - if businesses let it. It is the responsibility of every organisation to ensure that they are well protected from threats and cybercriminal activity. Practicing ignorance and maintaining a “it won’t happen to me” attitude is no longer acceptable in today’s ever-increasing threat landscape.