When a company’s password policy is too complex, employees tend to write their passwords on a piece of paper and put it under their keyboard — similar to hiding a house key under the doormat — which is the first place an intruder looks.  This gives a false sense of security in the sense that if no one knows where to find the key, then no one can get in your house. This is an example of Security Through Obscurity (STO) or a “security theater,” which creates an illusion of security. I...

Continue reading ...

Imagine a world free of criminals where every single soul would obey the "law" and never resort to manipulate or break it. If there were no criminals, there would be no crime and hence the world would never think of having the need of security. But unfortunately, that is not the case in the real world as we know it. We all need security, right from having a password on our cell phones to building the most sophisticated defense system through Air force, the Navy or the Marines to protect the n...

Continue reading ...

War...Huh! What is it good for? Absolutely SOMETHING! The question on everybody's mind "When will it end?" is now slowly changing to "How will it end?". A security professional lives more like a life of a soldier fighting at the border, only difference is, the enemies shoot syn packets at our computers which bleeds from their open ports. Once bled, they keep shooting all kinds of probes untill its hacked or all bled out (DoS).

An evident fact in our cyber society is that the "Bad" is always ...

Continue reading ...

I thought this is a very interesting title for discussion but the whole idea is to debate on whether "you can" or "you can't hide". Now that the hackers around the globe have more sophisticated Hack tools under their belt, spoofing your identity has become even more easier than ever.

Mature hackers, unlike script kiddies, will always think twice before trying to break in a target system. They only fear what could happen if at all they get caught. “Law enforcement relies on the corporate s...

Continue reading ...

As per the data collected by CERT-In, a government agency of the Indian Community for responding to computer security incidents as and when they occur, reported that a total of 1981 websites were defaced in the first three months of 2010.

Website defacement in general is a kind of an attack by hackers that changes the visual apperance of a web page or replaces the real webpage of a website with their own.
Comparing the results with past trends, I am not really surprised at these statistics...

Continue reading ...

Recently, My gmail account was hacked by some botnet which sent out e-mails to all my contact asking them to check out a website. I only realized this when I checked my gmail "Sent Mail" folder and had to immediately send a warning message to all my contacts telling them that my account was hacked and not to click on any links from my previous mails.

I changed the password which solved the issue, but who knows, some other botnet might just be able to bruteforce My password and get me in trou...

Continue reading ...

Promising consequences if Google flouts China's censorship laws, Chinese authorities also chide the U.S. for its human rights record
By Thomas Claburn, InformationWeek USA

A top official of the Chinese Ministry of Industry and Information Technology (MIIT) recently warned Google that it will face consequences if it fails to obey Chinese laws.

According to an Associate Press report, Li Yizhong, head of the MIIT, said, "If you want to do something that disobeys Chinese law and regulations, you ...

Continue reading ...

IT security and control firm Sophos is warning that hackers are exploiting interest in last night's Oscar film awards ceremony to infect the computers of unsuspecting computer users.

According to the report "movie-loving Internet users are searching the web for information and gossip about the Academy Award winners, making phrases like "Oscars Winners" one of the most commonly searched for phrases on the Internet.  However, using SEO (search engine optimisation) techniques, hackers have create...

Continue reading ...

Over the next couple weeks you're gonna be getting a 2010 census letter in your mailbox and then a follow up call or visitor from a census worker. But beware, there are con artists out there that are looking this year as the census year and thinking as a gold mine opportunity to steal your private information. Apparently this happens every ten years. Now the big question is that what level of authorization do these Bureaucrats have to access our private/confidential information.

QUESTIONS THAT...

Continue reading ...

Continue reading ...

Under half of organisations rate security as their top issue, while three quarters experienced cyber attacks in the last 12 months.

According to Symantec's 2010 State of Enterprise Security study, 75 per cent of enterprises experienced cyber attacks in the last 12 months and 36 per cent rated the attacks somewhat/highly effective. Also, there was a 29 per cent rise in reported attacks in the last 12 months.

       

It also found that 100 per cent of enterprises surveyed experienced cyber lo...

Continue reading ...

IT security firm, Sophos, has warned Twitter users on a new attack that has led to thousands of accounts being compromised by hackers using a Web 2.0 botnet. The hijacked accounts are later used to spread money-making spam campaigns.

The security firm found out that fellow members of the micro-blogging network had posted messages disguised as humorous inks, but were actually aimed to phish passwords credentials from unsuspecting users.
 
These messages were accompanied with clickable links which...

Continue reading ...

Imagine that a widely downloaded, malicious smart phone application has triggered a national security crisis and brought the country’s telecommunications and electronic infrastructure to a standstill. This scenario was only make-believe: the East Coast still has power and Midwestern factories are functioning. But the threats from cyber exploits against the national and economic security of the United States is very real, according to former senior government officials who participated in a ...

Continue reading ...

Western governments are facing a potent and ill-understood new threat from terrorists and hostile powers in the shape of cyber warfare, military and security experts have warned.

Network attacks, a British government report says, are "growing in seriousness and frequency". And in a timely reminder of the emphasis that states and corporations alike are placing on the problem, Google and the National Security Agency were yesterday said to be finalising the details of a co-operative deal aimed ...

Continue reading ...

What is believed to be the country's biggest hacker training site has been shut down by police in Central China's Hubei province.

Three people were also arrested, local media reported yesterday. The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in assets were also frozen.

According to the provincial public security department of Hubei, the closu...

Continue reading ...

“Carry out all my demands or the entire country’s electricity will be cut off.” Is this another line from a suspense film, or is it a palpable threat made possible with a computer keyboard? “Today, there is a growing trend amongst hackers around the world to threaten national infrastructures for ransom,” says Dr. Yaniv Levyatan, an expert in information war at the University of Haifa.

If someone still thinks that this is science fiction, Dr. Levyatan notes how just recently, in Nov...

Continue reading ...

China to US: shut up about "so-called Internet freedom"

In the wake of Secretary of State Hillary Clinton's major speech yesterday on Internet freedom, a speech in which she called out countries like Egypt, Uzbekistan, Vietnam, Iran, and China, most governments have yet to respond. China, however, was quick to reply after dealing with the Google issue for a week already. 

Here's what has happened in 24 turbulent hours.

Wide open. It didn't take China long to respond to Clinton's call to te...

Continue reading ...

GPS

A couple of weeks ago a friend told me that someone she knew had their car broken into while they were at a football game. Their car was parked on the green which was adjacent to the football stadium and specially allotted to football fans. Things stolen from the car included a garage door remote control, some money and a GPS which had been prominently mounted on the dashboard.  

When the victims got home, they found that their house had been ransacked and just about everything worth any...

Continue reading ...

Just last week, Websense Security Labs released it's State Of Internet Security report. This report is released twice a year and it covers all changes in website and internet security in the past 6 months. While we can generally expect that internet vulnerabilities, spam and other attacks will rise, this report was especially grim.

According to the report, the number of malicious sites on the web has grown over 230% in the last six months. This number reaches over 670% in the last year.

While t...
Continue reading ...

Cyberterrorism is a new terrorist tactic that makes use of information systems or digital technology, especially the Internet, as either an instrument or a target. As the Internet becomes more a way of life with us,it is becoming easier for its users to become targets of the cyberterrorists. The number of areas in which cyberterrorists could strike is frightening, to say the least.

The difference between the conventional approaches of terrorism and new methods is primarily that it is possib...

Continue reading ...

The "Tide of the century" may hit Mumbai on 24th July 2009

Mumbai could be facing a re-enactment of the catastrophe that devastated life and property four years ago--perhaps on the very same dates.

While the severity of the flooding would probably be unabated, better prepardness and closer co-ordination among government bodies, corporate & general public can help in minimizing its impact.

What caused floods in 2005

Mumbai is at an average elevation of 10-15 meters above sea level and receive...

Continue reading ...

According to the March 2009 report, The Forrester Wave™: Information Security And IT Risk Consulting, Q1 2009, "Deloitte stands as the leader in information security consulting as well (as a leader in information technology risk consulting) thanks to 'its depth and breadth of services.' " The groundbreaking comparative evaluation looked at the 15 leading global information security and risk consulting service providers.

In the report, Forrester Research, a respected independent analyst firm...

Continue reading ...

Facebook plans to announce at a developer event Monday that it will open up user-contributed information to third-party developers, according to a report Sunday in The Wall Street Journal.

The move would allow developers to build applications and services that--with users' permission--access user videos, photos, notes, and comments. The move would be a significant change for the social-networking site, which had previously retained tight control over the site and how developers interact with...

Continue reading ...

The UK Information Commissioner's Office says that the British Council's loss of an unencrypted disk containing personally identifiable information constitutes a breach of the Data Protection Act. The disk holds sensitive data belonging to more than 2,000 staff members. The breach was reported to the ICO promptly; the ICO has required the British Council to officially agree to a number of security measures to guard against future data loss. Among those measures are ensuring that all portable ...
Continue reading ...

Cyber spies have stolen tens of terabytes of design data on the US's most expensive costliest weapons system -- the $300 billion Joint Strike Fighter project. Similar breaches have been found in the Air Force's Air Traffic Control System. The attacks began as far back as 2007 and continued into 2008. The spies encrypted the data that they stole, making it difficult for investigators to know exactly what data was taken. The fact that fighter data was lost to cyber spies was first disclosed by ...
Continue reading ...

Microsoft technet has an article listing ten immutable laws of security according to Microsoft. I personally agree with these laws which are:

• Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
• Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
• Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
• Law #4: If you allow a bad guy to upload p...

Continue reading ...

I was going through my yahoo inbox and found Viagra spam with a link to http://doc.google.com/View?id=dfpqm7ft_0tt6xhdd2.

Its nothing new that spammers have been taking advantage of Google. Its just kind of annoying to me that this message was sent on October 30th, today is November 23th and the linked Viagra Google doc is still up ("consult a physician if the link stays up longer than 4 weeks"). Am I to believe that no one has reported this link to Google?

The paranoid part of me wonders if...

Continue reading ...

Hi, welcome to my blog. It started out as a place to be able to post links and news so I could find them again. I began adding my own commentary. Thanks for stopping by. Dont forget to use the search if Google dropped you off at this page and you dont see what you're looking for.

Continue reading ...