1. What is an E-mail Retention Policy?
Simply put, an e-mail retention policy/ERP is the process of keeping emails for compliance or business reasons. It differs from archiving (although these terms can be used interchangeably) in the fact that a retention policy decides when to dispose of redundant electronic messages, […]
DNS sinkhole or black hole DNS is used to spoof DNS servers to prevent resolving host names of specified URLs. This can be achieved by configuring the DNS forwarder to return a false IP address to a specific URL. DNS sinkholing can be used to prevent access of malicious […]
Microsoft provides an inbuilt API for debugging Windows executables. With the power of Win32 Debugging API, you can create a custom debugger according to your needs. You can handle breakpoints, create breakpoints, handle Dll loads and unloads, and more.
Windows Debugging API works in the basics of debugging events. On […]
In this article I am going to illustrate how NTP is vulnerable to attacks like replay-delay attacks, MITM, and a very recent attack termed as NTP DdoS (which is a kind of amplification attack used to flood the intended target with a response from the NTP server that can […]
We all know there have been (and still is) a lot of malware lurking around the Internet. It’s quite usual today that once the victims get infected, they call back to the command and control (C&C) server, which is controlled by the attacker. The attacker can then contact the […]
In this article, I’ll present whether it’s possible to get access to passwords lying around in memory by using a fully patched Linux x64 operating system. First, it’s not superfluous to emphasize that the distribution of the Linux operating system doesn’t matter, since the system is managing memory similarly […]
DMZ or DeMilitarized Zone is primarily used to separate the network into multiple blocks to enhance security. The name is derived from the same term used to define an area between two nations where military actions are prohibited.
When managing a network, we usually want to have some services or […]
During the last Christmas season, a phishing email with an executable named as greetings.exe was broadly sent, and when the email was executed, an image named ‘xmas’ was drawn on the screen. This has captured the eyes of many security analysts, as the firewall and other prevention measures were […]
The Current Situation
The fighting in Ukraine has escalated sharply since the elections on May 25th. President-elect Petro Poroshenko, backed by the European Union and US, ordered the national army to strengthen its eastern border with Russia and stop an influx of fighters.
The Ukraine offensive came after pro-Russian rebels had […]
So far, we have discussed techniques used in manipulation, the characteristics that social engineers possess, the cycle of social engineering, and the four main qualities that are abused in such attacks. Below, we will present an interesting classification of social engineering, present some more techniques, discuss why social engineering […]
In the first part of this article, we are going to discuss the psychology surrounding social engineering, and in particular, the four qualities that social engineers abuse and the manners in which they abuse them, the techniques that attackers use to manipulate their victims, the cycle of social […]
Every organization should follow a proactive rather than a reactive approach to protect against threats, risks, and vulnerabilities to which if their IT infrastructure is exposed can lead to data loss, regulatory penalties, lawsuits, and damaged reputation. Moving on the same lines, to reduce credit card fraud via its […]
Businesses in all industries often need to provide their employees with a way to access their internal networks when they’re away from the office. Such functionality is especially important when employees travel for business, and to assure continuity if a disaster strikes a work site. Remote access is also […]
ActiveX is a framework created by Microsoft to extend the functionality of the Component Object Model (COM) and Object Linking Embedding (OLE) and apply it to content downloaded from networks.
It was first created in 1996 and is predominantly used in Windows Based Operating systems; ActiveX clients must run on […]
As chief information security officer, you’re constantly being pressed to communicate how you’re enabling the business, balancing security risk with business demands, and continuously improving security—not to mention reducing costs, becoming more efficient, and demonstrating return on investments.
If you delve into complex security topics and use jargon foreign to […]
1. Definition & Intro
Information Security Policy /ISP/ is a set or rules enacted by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its […]
HeartBleed … the Internet encryption earthquake
The first serious earthquake in the encryption world is the disclosure of the Heartbleed vulnerability (CVE-2014-0160), a serious flaw in the popular OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server.
One month later, security […]
I remember the eager anticipation that led to the turn of century. All throughout 1999, all I ever saw or heard in the media was millenium this, millenium that. Sure, the Gregorian calendar is a completely human invention. But it has a strong social impact on our lives. Many […]
Unmanned Aerial Vehicles (UAVs) are one of the most flexible and useful solutions adopted by the military and private industries. Drones could be used in commercial contexts as in high critical environments, and the production of even more sophisticated models is expanding their possibilities of use. UAVs are considered […]
Email retention policies are no longer just about conserving space on your Exchange server. Today you must take into account how your email retention controls increase or decrease risk to your company.
Pros and Cons of Short and Long Email Retention Policies
Generally speaking, longer email retention policies increase the risk […]