I-BLOG

  It is no news about Gawker Hack and today I learn from NetworkWorld that, one of the security researchers (HD Moore) who (well, *the GUY who created metasploit framework), have a way to find out if your email address/information has been compromised; 2 Step Process actually:- ... Continue Reading

  Oh well, if you’re more used to IPTables than any normal firewall software, then of course you’re gonna need that for your Windows machine as well. Nothing wrong about that, the interesting stuff here is about the technology, really and not who made it – if it works ... Continue Reading

  As I mentioned before, my site was tagged for malware’s by Google and I had to put quite some effort to get it cleaned. I got a JavaScript injection attacks named ‘Yahoo! Counter Starts”, this seems relatively new and not much of authentic information is available at this ... Continue Reading

Now this is something not new and in today’s world, if it takes you to block a country itself to avoid issues in your network then you’d have to go down that path. I read an article lately on SecurityFocus on blocking based on Countries. The author basically blocked ... Continue Reading

So in the coming weeks, we can see WPA a joke too (just like its predecessor WEP)! To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount ... Continue Reading

  Does DHCP provide any kind of security? NOPE! It is an admin’s job to use supplemental devices/software's to prevent it. 2 attacks to look at; 1. DHCP Flooding :- Think about if someone keeps flooding the DHCP requests and the server keeps assigning until the pool ... Continue Reading

  When we speak about MAC flooding, almost everyone with Information Security insight knows about what it is. What do one achieve with MAC flooding? There are various ways of looking at it. Take an enterprise class switch, and see the spec’s as to how many mac addresses ... Continue Reading

  Google’s passive web security assessment tool is made available – open source. A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on ... Continue Reading

  The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year ... Continue Reading

  The other day I was talking to my colleague about how fast the wireless technologies have grown for data communications and almost every IT professional (at least) is having the power of WiFi at their homes, since it doesn't cost more than 50 dollars to buy a cheap ... Continue Reading