Virus hits Computer Systems on Airplanes. The US Airforce has reported that a computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions. Continue reading “How secure are we using embedded systems?”
Death worm phones home over DNS
A worm has been found attempting to hijack computers via the Remote Desktop Protocol (RDP) which is used commonly for technical support.
The new Common Weakness Scoring System – CWSS
When a security analysis of a software application is performed, such as when using an automated code auditing tool, developers often face hundreds or thousands of individual bug reports for weaknesses that are discovered in their code. In certain circumstances, a software weakness can lead to an exploitable vulnerability. For example, a buffer overflow vulnerability might arise from a weakness in which the programmer does not properly validate the length of an input buffer. This weakness only contributes to a vulnerability if the input can be influenced by a malicious party, and if that malicious input can copied to an output buffer that is smaller than the input.
Continue reading “The new Common Weakness Scoring System – CWSS”
How to Recover Lost Data
Everyone has at some point of time or the other deleted an important file and have been through bouts of panic!!
Here are some tips on how to recover lost data.
Continue reading “How to Recover Lost Data”
Operation Shady RAT
McAfee revealed a 5 year cyber-espionage campaign it called “Shady Rat” which it claims have affected upto 72 organisations in 14 countries. Organisations affected by the Shady Rat are said to have lost emails, design plans, strategy documents etc. McAfee reports that this is a hack of unprecedented propotions and that advanced persistent threats are to blame.
How Did That Towel End Up in My Suitcase?
Hotel guests may want to think twice now before walking off with that bathrobe. Linen Technology Tracking, a company in Miami, has patented a washable RFID chip that can be sewn into towels, robes and bed sheets, allowing hotels to keep track of their linens.
So far, three hotels — in Honolulu, Miami and Manhattan — are using the chip, said Linen Technology Tracking’s executive vice president, William Serbin. He said the hotels did not want their names used.
Mr. Serbin added that rising cotton prices were a motivation: “A bath towel that might have cost $5 last year could cost $8 or $9 now. High-end hotels want to watch those assets.”
The Honolulu property, which introduced the technology last summer, has reduced theft of its pool towels from 4,000 a month to just 750, saving more than $16,000 a month, Mr. Serbin said.
But the technology isn’t just about foiling thieves. The tags let properties monitor their linens in real time, so that at any given moment they know when they need to order more. With inconsistent room occupancy, some hotels have been buying new linens less frequently, Mr. Serbin said.
Controls and Governance for Cloud Computing
Of late, cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Companies have recognised that by simply tapping into the cloud they can gain fast access to best-of-breed business applications or drastically boost their infrastructure resources, all at negligible cost. But as more and more information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. However, Cloud Computing is fraught with security risks and more and more concerns are being raised on the risks involved.
Continue reading “Controls and Governance for Cloud Computing”
Hackers trick goods out of online shopping sites
A TEAM of computer security researchers have gone on an online shopping spree, after discovering a series of flaws in payment software. Continue reading “Hackers trick goods out of online shopping sites”
Understanding PCI DSS compliance requirements
Payment Card Industry Security Standards Council (PCI SSC) has prescribed PCI Data Security Standards (PCI DSS) for keeping payment cardholder data secure. PCI DSS applies to any business that stores, processes, or transmits cardholder data. In practice, this means PCI applies to all merchants that accept card payments, as well as to the member financial institutions and service providers that process the associated transactions. Matrix of the compliance requirements prescribed by PCI SSC is given in the table below. Before studying the table, it would be helpful to understand the terms cardholder data, merchant, service provider, acquirer, application scanning vendor and qualified security assessor. Continue reading “Understanding PCI DSS compliance requirements”
Qadit in Sri Lanka
Qadit has expanded its operations to Sri Lanka under the banner ‘Qadit Information Security Solutions Lanka (P) Ltd’. The office is located in Grandpass Road in Colombo. Qadit, which has been providing world-class end-to-end information security solutions to clients since 2001 from India, will be providing its full range of services of including information security audits, information security consulting, SAP audits and business process reviews to Sri Lankan organisations from its Colombo office. Qadit Information Security Solutions Lanka (P) Ltd. is also a member of the SLASSCOM (Sri Lanka Association of Software and Service Companies).