tag:blogger.com,1999:blog-7104872518647520802009-11-11T14:32:30.713+05:30Information Security BlogAnish Shaikhnoreply@blogger.comBlogger336125tag:blogger.com,1999:blog-710487251864752080.post-91590873296657292472009-11-10T15:11:00.000+05:302009-11-10T15:11:47.458+05:302009-11-10T15:11:47.458+05:30

I came across this interesting article that talks about how is Linux being used at Google. There is not much specific information how the tasks are scheduled and all. This was a talk between Google Folks and the Kernel Developers. Google has ported some old code to run on the kernel version that they use. It also tells us that Google uses an old kernel like 2.6 etc Well you can read the whole

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/11/how-google-uses-linux-os.htmltag:blogger.com,1999:blog-710487251864752080.post-21923862785042695722009-11-10T13:52:00.001+05:302009-11-10T13:54:04.413+05:302009-11-10T13:54:04.413+05:30

I had earlier written about Microsoft's COFEE. COFEE utilities are a set of computer forensics and auditing tools that Microsoft had put on a USB drive and provides it to law enforcement for use in trying to extract info from a computer. There was some fear that it was a "back door," but people insisted it was no such thing, but just a collection of basic tools. Still, the fact that the system

Anish Shaikhnoreply@blogger.com1http://www.anishshaikh.com/2009/11/microsoft-cofee-leaked-download-toolkit.htmltag:blogger.com,1999:blog-710487251864752080.post-20620578669721195222009-11-03T15:54:00.000+05:302009-11-03T15:54:23.806+05:302009-11-03T15:54:23.806+05:30

Microsoft has released their latest Security Intelligence Report (SIR). Some of the Top Highlights of the report are : Large increase in Worm Infection. Vista was less compromised than Windows XP machines. Phishing and Automated SQL Injection Attempts are on rise. Browser Based Exploits are increasing. You can get the report @ MS Threat Center

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/11/microsoft-report-says-more-worms-vista.htmltag:blogger.com,1999:blog-710487251864752080.post-86238338338420604392009-11-03T15:45:00.000+05:302009-11-03T15:45:13.242+05:302009-11-03T15:45:13.242+05:30

If you are interested in reading a book about source code analysis to plug in your security loop holes, I recommend this paper. It is a good read, it discusses benefits of source code analysis and puts lights on many issues like compile time issues, linking and non-linking code. etc. You can get this book @ checkmarx

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/11/good-paper-on-source-code-analysis.htmltag:blogger.com,1999:blog-710487251864752080.post-69564375264392337842009-10-17T12:35:00.000+05:302009-10-17T12:35:05.081+05:302009-10-17T12:35:05.081+05:30

The Web Application Security Consortium (WASC) has announced the WASC Web Application Security Statistics Project 2008. The statistics includes data from about 12186 web applications with 97554 detected vulnerabilities of different risk levels. The analysis shows that more than 13% of all reviewed sites can be compromised completely automatically. About 49% of web applications contain

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/10/top-web-app-vulnerabilities-in-2008.htmltag:blogger.com,1999:blog-710487251864752080.post-28267588518870083462009-10-13T15:52:00.000+05:302009-10-13T15:52:20.660+05:302009-10-13T15:52:20.660+05:30

All companies use DNS and it is a very critical part of the network, if DNS is down virtually everything is down. Cache poisoning is the most famous attack against a DNS server. There are many ways to save your DNS servers from Cache Poisoning. Below you will find a quick list to ensure you don't become a victim of DNS Cache Poisoning. 1) Restrict DNS recursion to only authorized queriers, or

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/10/guarding-your-dns-against-cache.htmltag:blogger.com,1999:blog-710487251864752080.post-29015160779504669512009-10-09T15:15:00.000+05:302009-10-09T15:15:32.399+05:302009-10-09T15:15:32.399+05:30

I came across this utility NATProbe, this tool will try to sends ICMP packets out to the LAN, and will detect all the hosts that allow NAT. Now with this tool you can find bugs in your corporate network or even find hosts that allow outgoing internet connections. This reminds me of one of my Penetration Testing assignment where we found out there was a Squid based proxy server, it was fully

Anish Shaikhnoreply@blogger.com1http://www.anishshaikh.com/2009/10/detect-hosts-with-enabled-nat-to-use.htmltag:blogger.com,1999:blog-710487251864752080.post-16990495646151033332009-10-07T20:31:00.000+05:302009-10-07T20:31:19.709+05:302009-10-07T20:31:19.709+05:30

Visa has announced new global best practices for data field encryption, also known as end-to-end encryption - a much-discussed solution in the wake of the Heartland Payment Systems breach. These best practices are designed to further the payment industry's efforts to develop a common, open standard while providing guidance to encryption vendors and early adopters. Data field encryption protects

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/10/best-practices-document-for-end-to-end.htmltag:blogger.com,1999:blog-710487251864752080.post-41990147083510885272009-10-07T16:34:00.000+05:302009-10-07T16:34:28.440+05:302009-10-07T16:34:28.440+05:30

A list of 10,000 users was posted online from a phishing scam to pastebin.com website. Initally it was thought that only microsoft's hotmail was compromised but later more details emerged and the results are more shocking there was a lot more than hotmail accounts, the compromised accounts in the second list were from various email providers including Yahoo, Gmail, Comcast and AOL. One thing is

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/10/latest-email-phishing-scam-and-pattern.htmltag:blogger.com,1999:blog-710487251864752080.post-32827328987907515682009-10-06T00:15:00.000+05:302009-10-06T00:15:46.630+05:302009-10-06T00:15:46.630+05:30

There are many reasons why IT projects fail. Be it an IT consulting Project or IT implementation project. The most important reason why projects get screwed up is first due to People and then Technology. You need right people, right skillset and people with good mindframe. Second factor is Technology you need to decide on a technology by looking at the requirements and how efficient the

Anish Shaikhnoreply@blogger.com1http://www.anishshaikh.com/2009/10/top-reasons-why-it-projects-fail-and.htmltag:blogger.com,1999:blog-710487251864752080.post-2605281137469438452009-10-06T00:01:00.026+05:302009-10-06T00:54:47.868+05:302009-10-06T00:54:47.868+05:30

If you are using a fast internet connection and your internet explorer is loading pages slow so you are surely on this webpage to speed up your Internet explorer and make the most of your internet connection. IE by default has connection limited to 2 per server which is quite slow as we know, since the release of IE8 microsoft has increased the limit of max connections to 6. But still if you

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/10/speed-up-your-internet-explorer-aka-ie8.htmltag:blogger.com,1999:blog-710487251864752080.post-83982731994911801542009-10-01T19:44:00.002+05:302009-10-01T19:46:11.639+05:302009-10-01T19:46:11.639+05:30

With the rise in publicity of data breaches, companies are looking at security more seriously than ever, which means they're looking to hire qualified and, often, certified IT security pros. A recent report from Gartner Research Inc. entitled, "How to Choose the Right Professional Information Security Certification," examines which IT security certifications are most common and valuable in

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/10/is-your.htmltag:blogger.com,1999:blog-710487251864752080.post-1450450456304813732009-09-20T13:49:00.001+05:302009-09-23T18:12:29.052+05:302009-09-23T18:12:29.052+05:30

There have been many instances where your data is at risk but one of the worst way to leak your data is  giving your laptops to service center people. I have myself had a horrible experience with Authorized Acer service center where the bastard was supposed to replace the motherboard and in return he did gave me a new motherboard but replaced my cdwriter with a very old and used cdrom, stole my

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/laptop-service-center-leads-to-leakage.htmltag:blogger.com,1999:blog-710487251864752080.post-73756897448970801752009-09-19T21:45:00.000+05:302009-09-19T21:45:08.480+05:302009-09-19T21:45:08.480+05:30

Malware developers are going open source in an effort to make their malicious software more useful to fraudsters. By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans. According to Candid W?est, threat researcher with security firm Symantec, around 10 percent of the

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/virus-writers-using-opensource-code.htmltag:blogger.com,1999:blog-710487251864752080.post-85605182403940768722009-09-19T21:10:00.000+05:302009-09-19T21:10:56.979+05:302009-09-19T21:10:56.979+05:30

An appeals court has ruled that a former employee who took company data with him for his own business did not violate the Computer Fraud and Abuse Act, despite his unethical actions. This outcome pits the court against itself as to whether disloyal computer use counts as unauthorized access. This surely gives some relief to people who are planning insider attacks on an organization. The "

Anish Shaikhnoreply@blogger.com2http://www.anishshaikh.com/2009/09/disloyal-employees-are-not-hackers-says.htmltag:blogger.com,1999:blog-710487251864752080.post-26366225958669931322009-09-19T20:57:00.000+05:302009-09-19T20:57:41.644+05:302009-09-19T20:57:41.644+05:30

Puppy Linux 4.3 is a massive upgrade from the 4.2 series, with almost all the components updated or replaced. Also, the whole system through which this Linux distribution is being built has been replaced with a completely new one, called Woof. The switch imposed the creation of a new package management system, called Puppy Package Manager, which supports the use of packages from any distribution

Anish Shaikhnoreply@blogger.com2http://www.anishshaikh.com/2009/09/puppy-linux-43-is-out-with-complete.htmltag:blogger.com,1999:blog-710487251864752080.post-47387261381669824182009-09-16T18:01:00.000+05:302009-09-16T18:01:30.373+05:302009-09-16T18:01:30.373+05:30

Traditional total cost of ownership analysis does not consider the unique costs and benefits of free software and services, particularly if delivered through the Internet. “Understanding the costs as well as benefits of ‘free’ software will avoid creating the expectation that there is such a thing as a ‘free lunch’ in IT - a benchmark that no IT Business model can meet.” As per the report both

Anish Shaikhnoreply@blogger.com1http://www.anishshaikh.com/2009/09/security-privacy-and-sustainability.htmltag:blogger.com,1999:blog-710487251864752080.post-5562877360393516942009-09-16T14:29:00.000+05:302009-09-16T14:29:25.503+05:302009-09-16T14:29:25.503+05:30

ArcSight has some really cool products, We had implemented a SOC for a big client using ArcSight ESM, The new product fraudview might be targetted to a certain business but as far as i feel, the same pattern recognition and rules can be used with ArcSight ESM if you already own it. There is no real need to buy it. But the for targeted business the product looks good. "The new product, FraudView

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/fraudview-from-arcsight.htmltag:blogger.com,1999:blog-710487251864752080.post-23599870843948613592009-09-16T14:06:00.000+05:302009-09-16T14:06:11.501+05:302009-09-16T14:06:11.501+05:30

India’s Intelligence Bureau (IB) has reportedly called on the Ministry of Communications and Information Technology to block all internet telephony services in and out of the country until the Department of Telecommunications (DoT) is able to track such calls, the Economic Times reports. The IB claims that India currently lacks the necessary technology to track VoIP calls, and argues that this

Anish Shaikhnoreply@blogger.com1http://www.anishshaikh.com/2009/09/intelligence-bureau-wants-to-block-all.htmltag:blogger.com,1999:blog-710487251864752080.post-58213293608339233662009-09-14T16:06:00.000+05:302009-09-14T16:06:19.249+05:302009-09-14T16:06:19.249+05:30

Very good article written by Paul on Forensics Evidence collection, You can read it at SANS.

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/best-practices-for-collecting-forensics.htmltag:blogger.com,1999:blog-710487251864752080.post-75816830448275296192009-09-08T20:03:00.000+05:302009-09-08T20:03:58.088+05:302009-09-08T20:03:58.088+05:30

A vulnerability in Microsoft's implementation of the SMB2 protocol can be exploited via the net to crash or reboot Windows Vista and Windows 7 systems. The root of the problem is an error in how the srv2.sys driver handles client requests when the header of the "Process Id High" field contains an ampersand. The attack does not require authentication; port 445 of the target system merely has to be

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/windows-vista-7-smb-protocol-reboot.htmltag:blogger.com,1999:blog-710487251864752080.post-78724277222000780142009-09-08T15:48:00.000+05:302009-09-08T15:48:26.687+05:302009-09-08T15:48:26.687+05:30

Wifi Scanning is a very good exercise and should be carried out regularly, it helps not only to secure yourself from troubles caused by some malacious person but even to keep bandwidth suckers from using your wifi internet for free and you pay the bills. In a city like Bangalore, India's Silicon Valley, the Internet has become indispensable with millions of e-mails sent daily, electronic

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/open-wifi-connections-still-at-large-in.htmltag:blogger.com,1999:blog-710487251864752080.post-8221442719993589802009-09-07T15:03:00.001+05:302009-09-07T15:04:45.544+05:302009-09-07T15:04:45.544+05:30

This edition of the X-Force Threat Insight Report provides an exhaustive list of security alerts, breaches and the most commonly seen threats in Q2 2009. It also delivers two new and insightful articles by IBM ISS researchers. The first article assesses one of the more serious threats of 2009, Conficker. The Conficker worm family has evolved into a massive sophisticated malicious botnet arsenal

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/x-force-threat-insight-report-q2-2009.htmltag:blogger.com,1999:blog-710487251864752080.post-61085189168151867212009-09-07T14:20:00.014+05:302009-09-07T15:26:12.740+05:302009-09-07T15:26:12.740+05:30

Comparison to Computer Viruses How many bits does it take to kill a human? The H1N1 virus has been comprehensively disassembled (sequenced) and logged into the NCBI Influenza Virus Resource database. For example, an instance of influenza known as A/Italy/49/2009(H1N1) isolated from the nose of a 26-year old female homo sapiens returning from the USA to Italy (I love the specificity of these

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/swineflu-virus-disassembly-good-reading.htmltag:blogger.com,1999:blog-710487251864752080.post-46729227472938700582009-09-04T16:41:00.003+05:302009-09-04T17:22:17.160+05:302009-09-04T17:22:17.160+05:30

A big problem for major corporations is compliance, If they would have been compliant to the security standards laid by the FFIE Council, the breach of this couple's bank account would have been avoided and even this lawsuit, infact this might open more lawsuits for them. Noone why so many banks are expected to fall in US this year.A judge of the District Court for the Northern District of

Anish Shaikhnoreply@blogger.com0http://www.anishshaikh.com/2009/09/compliance-failure-by-bank-leads-to.html