For those of us in the information technology field, there are two reasons why we should understand operating system fingerprinting.
The first reason is to better design and implement security controls in networks and local machines.
The second reason is that effective OS fingerprinting is a vital penetration testing skill.
If an […]
DMZ or DeMilitarized Zone is primarily used to separate the network into multiple blocks to enhance security. The name is derived from the same term used to define an area between two nations where military actions are prohibited.
When managing a network, we usually want to have some services or […]
During the last Christmas season, a phishing email with an executable named as greetings.exe was broadly sent, and when the email was executed, an image named ‘xmas’ was drawn on the screen. This has captured the eyes of many security analysts, as the firewall and other prevention measures were […]
The Current Situation
The fighting in Ukraine has escalated sharply since the elections on May 25th. President-elect Petro Poroshenko, backed by the European Union and US, ordered the national army to strengthen its eastern border with Russia and stop an influx of fighters.
The Ukraine offensive came after pro-Russian rebels had […]
So far, we have discussed techniques used in manipulation, the characteristics that social engineers possess, the cycle of social engineering, and the four main qualities that are abused in such attacks. Below, we will present an interesting classification of social engineering, present some more techniques, discuss why social engineering […]
In the first part of this article, we are going to discuss the psychology surrounding social engineering, and in particular, the four qualities that social engineers abuse and the manners in which they abuse them, the techniques that attackers use to manipulate their victims, the cycle of social […]
Every organization should follow a proactive rather than a reactive approach to protect against threats, risks, and vulnerabilities to which if their IT infrastructure is exposed can lead to data loss, regulatory penalties, lawsuits, and damaged reputation. Moving on the same lines, to reduce credit card fraud via its […]
Businesses in all industries often need to provide their employees with a way to access their internal networks when they’re away from the office. Such functionality is especially important when employees travel for business, and to assure continuity if a disaster strikes a work site. Remote access is also […]
OWASP Practice is a virtual environment to help people who want to begin their journey into web application security. Lots of material including videos are available on the Internet, both for free and for a fee, that teach web application security in a good manner. But this project has […]
ActiveX is a framework created by Microsoft to extend the functionality of the Component Object Model (COM) and Object Linking Embedding (OLE) and apply it to content downloaded from networks.
It was first created in 1996 and is predominantly used in Windows Based Operating systems; ActiveX clients must run on […]
As chief information security officer, you’re constantly being pressed to communicate how you’re enabling the business, balancing security risk with business demands, and continuously improving security—not to mention reducing costs, becoming more efficient, and demonstrating return on investments.
If you delve into complex security topics and use jargon foreign to […]
Data recovery has been needed since man started to write things down. Why? Because what ever medium they tried to store the data on, it has always been susceptible to destruction. From earthquakes versus wall paintings to fire versus the library of Alexandria to head crashes versus your corporate […]
1. Definition & Intro
Information Security Policy /ISP/ is a set or rules enacted by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its […]
HeartBleed … the Internet encryption earthquake
The first serious earthquake in the encryption world is the disclosure of the Heartbleed vulnerability (CVE-2014-0160), a serious flaw in the popular OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server.
One month later, security […]
I remember the eager anticipation that led to the turn of century. All throughout 1999, all I ever saw or heard in the media was millenium this, millenium that. Sure, the Gregorian calendar is a completely human invention. But it has a strong social impact on our lives. Many […]
Unmanned Aerial Vehicles (UAVs) are one of the most flexible and useful solutions adopted by the military and private industries. Drones could be used in commercial contexts as in high critical environments, and the production of even more sophisticated models is expanding their possibilities of use. UAVs are considered […]
Email retention policies are no longer just about conserving space on your Exchange server. Today you must take into account how your email retention controls increase or decrease risk to your company.
Pros and Cons of Short and Long Email Retention Policies
Generally speaking, longer email retention policies increase the risk […]
In my previous article, I explained what happened to the evolution of malware when microcomputers started to become a major presence in small offices and households. That coincided with the exploding popularity of Microsoft’s MS-DOS and Windows 3.1. The file systems they were based on, FAT16 and later on, […]
In this series of articles so far, we have discussed various techniques to identify and exploit vulnerabilities in Android applications. In the previous article, we have seen how to exploit debuggable Android applications. In this article, let’s discuss the vulnerabilities associated with Android WebViews.
Introduction to Android WebViews
Implementing WebViews […]
The security community is observing a sensible increase of botnet activities, in particular of cloud-hosted botnets that are mainly based on the Amazon cloud architecture.
Amazon isn’t the only provider that’s been abused by cybercrime. “Cheap hosting” providers represent a privileged choice for bad actors because they usually implement a […]