When a company’s password policy is too complex, employees tend to write their passwords on a piece of paper and put it under their keyboard — similar to hiding a house key under the doormat — which is the first place an intruder looks.  This gives a false sense of security in the sense that if no one knows where to find the key, then no one can get in your house. This is an example of Security Through Obscurity (STO) or a “security theater,” which creates an illusion of security. I...

Continue reading ...

Imagine a world free of criminals where every single soul would obey the "law" and never resort to manipulate or break it. If there were no criminals, there would be no crime and hence the world would never think of having the need of security. But unfortunately, that is not the case in the real world as we know it. We all need security, right from having a password on our cell phones to building the most sophisticated defense system through Air force, the Navy or the Marines to protect the n...

Continue reading ...

War...Huh! What is it good for? Absolutely SOMETHING! The question on everybody's mind "When will it end?" is now slowly changing to "How will it end?". A security professional lives more like a life of a soldier fighting at the border, only difference is, the enemies shoot syn packets at our computers which bleeds from their open ports. Once bled, they keep shooting all kinds of probes untill its hacked or all bled out (DoS).

An evident fact in our cyber society is that the "Bad" is always ...

Continue reading ...

I thought this is a very interesting title for discussion but the whole idea is to debate on whether "you can" or "you can't hide". Now that the hackers around the globe have more sophisticated Hack tools under their belt, spoofing your identity has become even more easier than ever.

Mature hackers, unlike script kiddies, will always think twice before trying to break in a target system. They only fear what could happen if at all they get caught. “Law enforcement relies on the corporate s...

Continue reading ...

As per the data collected by CERT-In, a government agency of the Indian Community for responding to computer security incidents as and when they occur, reported that a total of 1981 websites were defaced in the first three months of 2010.

Website defacement in general is a kind of an attack by hackers that changes the visual apperance of a web page or replaces the real webpage of a website with their own.
Comparing the results with past trends, I am not really surprised at these statistics...

Continue reading ...

Recently, My gmail account was hacked by some botnet which sent out e-mails to all my contact asking them to check out a website. I only realized this when I checked my gmail "Sent Mail" folder and had to immediately send a warning message to all my contacts telling them that my account was hacked and not to click on any links from my previous mails.

I changed the password which solved the issue, but who knows, some other botnet might just be able to bruteforce My password and get me in trou...

Continue reading ...

IT security and control firm Sophos is warning that hackers are exploiting interest in last night's Oscar film awards ceremony to infect the computers of unsuspecting computer users.

According to the report "movie-loving Internet users are searching the web for information and gossip about the Academy Award winners, making phrases like "Oscars Winners" one of the most commonly searched for phrases on the Internet.  However, using SEO (search engine optimisation) techniques, hackers have create...

Continue reading ...

IT security firm, Sophos, has warned Twitter users on a new attack that has led to thousands of accounts being compromised by hackers using a Web 2.0 botnet. The hijacked accounts are later used to spread money-making spam campaigns.

The security firm found out that fellow members of the micro-blogging network had posted messages disguised as humorous inks, but were actually aimed to phish passwords credentials from unsuspecting users.
 
These messages were accompanied with clickable links which...

Continue reading ...

What is believed to be the country's biggest hacker training site has been shut down by police in Central China's Hubei province.

Three people were also arrested, local media reported yesterday. The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in assets were also frozen.

According to the provincial public security department of Hubei, the closu...

Continue reading ...

GPS

A couple of weeks ago a friend told me that someone she knew had their car broken into while they were at a football game. Their car was parked on the green which was adjacent to the football stadium and specially allotted to football fans. Things stolen from the car included a garage door remote control, some money and a GPS which had been prominently mounted on the dashboard.  

When the victims got home, they found that their house had been ransacked and just about everything worth any...

Continue reading ...

According to the March 2009 report, The Forrester Wave™: Information Security And IT Risk Consulting, Q1 2009, "Deloitte stands as the leader in information security consulting as well (as a leader in information technology risk consulting) thanks to 'its depth and breadth of services.' " The groundbreaking comparative evaluation looked at the 15 leading global information security and risk consulting service providers.

In the report, Forrester Research, a respected independent analyst firm...

Continue reading ...

The UK Information Commissioner's Office says that the British Council's loss of an unencrypted disk containing personally identifiable information constitutes a breach of the Data Protection Act. The disk holds sensitive data belonging to more than 2,000 staff members. The breach was reported to the ICO promptly; the ICO has required the British Council to officially agree to a number of security measures to guard against future data loss. Among those measures are ensuring that all portable ...
Continue reading ...

Cyber spies have stolen tens of terabytes of design data on the US's most expensive costliest weapons system -- the $300 billion Joint Strike Fighter project. Similar breaches have been found in the Air Force's Air Traffic Control System. The attacks began as far back as 2007 and continued into 2008. The spies encrypted the data that they stole, making it difficult for investigators to know exactly what data was taken. The fact that fighter data was lost to cyber spies was first disclosed by ...
Continue reading ...

Microsoft technet has an article listing ten immutable laws of security according to Microsoft. I personally agree with these laws which are:

• Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
• Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
• Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
• Law #4: If you allow a bad guy to upload p...

Continue reading ...

I was going through my yahoo inbox and found Viagra spam with a link to http://doc.google.com/View?id=dfpqm7ft_0tt6xhdd2.

Its nothing new that spammers have been taking advantage of Google. Its just kind of annoying to me that this message was sent on October 30th, today is November 23th and the linked Viagra Google doc is still up ("consult a physician if the link stays up longer than 4 weeks"). Am I to believe that no one has reported this link to Google?

The paranoid part of me wonders if...

Continue reading ...

Hi, welcome to my blog. It started out as a place to be able to post links and news so I could find them again. I began adding my own commentary. Thanks for stopping by. Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking for.

Continue reading ...