As chief information security officer, you’re constantly being pressed to communicate how you’re enabling the business, balancing security risk with business demands, and continuously improving security—not to mention reducing costs, becoming more efficient, and demonstrating return on investments.
If you delve into complex security topics and use jargon foreign to […]
Data recovery has been needed since man started to write things down. Why? Because what ever medium they tried to store the data on, it has always been susceptible to destruction. From earthquakes versus wall paintings to fire versus the library of Alexandria to head crashes versus your corporate […]
1. Definition & Intro
Information Security Policy /ISP/ is a set or rules enacted by an organization to ensure that all users or networks of the IT structure within the organization’s domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its […]
HeartBleed … the Internet encryption earthquake
The first serious earthquake in the encryption world is the disclosure of the Heartbleed vulnerability (CVE-2014-0160), a serious flaw in the popular OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server.
One month later, security […]
I remember the eager anticipation that led to the turn of century. All throughout 1999, all I ever saw or heard in the media was millenium this, millenium that. Sure, the Gregorian calendar is a completely human invention. But it has a strong social impact on our lives. Many […]
Unmanned Aerial Vehicles (UAVs) are one of the most flexible and useful solutions adopted by the military and private industries. Drones could be used in commercial contexts as in high critical environments, and the production of even more sophisticated models is expanding their possibilities of use. UAVs are considered […]
Email retention policies are no longer just about conserving space on your Exchange server. Today you must take into account how your email retention controls increase or decrease risk to your company.
Pros and Cons of Short and Long Email Retention Policies
Generally speaking, longer email retention policies increase the risk […]
In my previous article, I explained what happened to the evolution of malware when microcomputers started to become a major presence in small offices and households. That coincided with the exploding popularity of Microsoft’s MS-DOS and Windows 3.1. The file systems they were based on, FAT16 and later on, […]
In this series of articles so far, we have discussed various techniques to identify and exploit vulnerabilities in Android applications. In the previous article, we have seen how to exploit debuggable Android applications. In this article, let’s discuss the vulnerabilities associated with Android WebViews.
Introduction to Android WebViews
Implementing WebViews […]
The security community is observing a sensible increase of botnet activities, in particular of cloud-hosted botnets that are mainly based on the Amazon cloud architecture.
Amazon isn’t the only provider that’s been abused by cybercrime. “Cheap hosting” providers represent a privileged choice for bad actors because they usually implement a […]
DOS/DDOS stands for Denial of Service/Distributed Denial of Service. DOS or DDOS is a type of attack in which a machine or a network resource is unavailable to its intended users. This is one of the most commonly known and frequently encountered attacks these days due to the availability […]
Risk reduction is often associated with prevention only. Effective security, however, also needs detection and response. Those three (prevention, detection, response) are the fundamental pieces of the process oriented approach to IT security, which allows us to effectively reduce the risk and is the subject of this article.
Windows 7 is an Operating System developed and released by Microsoft in 2009. It was designed to be a successor to the Windows Vista range of operating systems. Windows 7 builds upon the features and design philosophies of Windows Vista and adds several enhancements along the way.
Windows 7 primarily […]
In the previous article, we have seen how to debug Java applications using a little tool called JDB. In this article, we will apply the same logic to exploit Android apps, if they are flagged as debuggable. If an application is flagged as debuggable, we can inject our own […]
1. Preface: Cyberbullying and Digital Natives
Dr. Sameer Hinduja and Dr. Justin Patchin at the Cyberbullying Research Center define cyberbullying as “wilful and repeated harm inflicted through the use of computers, cell phones and other electrical devices,” and it is especially popular among teenagers. Cyberstalking and cyberharassment are forms of […]
In the last couple of years there has been a boom in cloud computing, but mainly just the term is new, as we’ve been using cloud services for years without even realizing it. Almost every cloud, whereas it’s Saas, PaaS or IaaS, implements some kind of API (Application Programming […]
This article introduces two types of risk analysis (quantitative, qualitative) and presents how to perform qualitative risk analysis with the DREAD model .
2. Quantitative vs. Qualitative Risk Analysis
Quantitative risk analysis is […]
According to recent research, the amount of mobile phone users is larger than PC users. At the same time, the number of people who own Android phones is increasing rapidly. Android phones bring people a lot of convenience, in that it helps people do as much work as they […]
In my previous article, I told the story of the very first worms and viruses. Interestingly, a groundbreaking mathemetician, John von Neumann, and a science fiction novelist, John Brunner, conceptualized them before anyone ever coded them.
We often see this sort of thing in the world of science and technology. […]
Nmap Cheat Sheet: From Discovery to Exploits, Part 2: Advance Port Scanning with Nmap And Custom Idle Scan
This is our second installment of Nmap cheat sheet. Basically, we will discuss some advanced techniques for Nmap scanning and we will conduct a Man In The Middle Attack (MITM). Let’s start our game now.
TCP SYN Scan
SYN scan is the default and most popular scan option, for good reasons. […]