Companies often end up investing huge amounts in creating logical and network security perimeters and at times physical security is relegated to the background. According to New York Post, A civilian official of the NYPD’s pension fund has been charged with taking computer data that could be used to steal the identities of 80,000 current and retired cops. According to news reports, Bonelli bypassed the security guard on duty by flashing an expired ID card. His name was also not on a list of authorized personnel. Continue reading “Physical Security – Welcome The weakest link in IT-security”
Is full system virus scan required when real time virus scan is enabled?
“I have a real time virus scan enabled. A full system virus scan consumes lot of my computer resources and time. So why should I run a full system virus scan regularly?”. This is a query which we come across frequently. This article tries to bring more clarity about full system virus scan and a real time virus scan. Continue reading “Is full system virus scan required when real time virus scan is enabled?”
Information Leaves when Employees Leave
More than half – 59 per cent – of US workers made redundant or who left their job in 2008 admitted swiping confidential corporate data, such as customer list, before they left, a new study claims. Continue reading “Information Leaves when Employees Leave”
Bots create Microsoft Live Hotmail Accounts by breaking CAPTCHAs
Microsoft’s periodically revamped CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) has been broken, yet again in spite of it’s continued efforts towards protecting it. This is the latest in a series of ‘break-ins’ which started in early 2008 and has affected major service providers including Google & Yahoo. Continue reading “Bots create Microsoft Live Hotmail Accounts by breaking CAPTCHAs”
Tech Terminology Demystified – Buffer Overflow
A buffer overflow, or buffer overrun, occurs when a program or processattempts to store data beyond the boundaries of a fixed-length buffer (which is a temporary data storage area). Continue reading “Tech Terminology Demystified – Buffer Overflow”
Top 25 Software Programming Errors
MITRE Corp. and The SANS Institute, participants in what’s called the Common Weakness Enumeration (CWE) project organized by the U.S. Department of Homeland Security’s National Cybersecurity Division, have come out with a list of Top 25 Programming Errors in Software. Continue reading “Top 25 Software Programming Errors”
Compliance is illusory- Security is real
While there have been scores of IT related security incidents and this is definitely not going to be the last, the Heartland Payment Systems incident is noteworthy for the fact that the company in question was PCI compliant. While we have been seeing security certifications such as ISO27001, PCI being introduced and implemented across industry, a key question that rarely gets addressed is the absorption of IT Security initiatives within the organization. No compliance can help when importance of IT Security is not understood. At the end of the day compliance to all security standards is only illusory, reality may be far behind. Continue reading “Compliance is illusory- Security is real”
Audit of OS Security
The audit of OS Security involves different phases from logging into the system and seeing the values on the system to running a few commands / tools to find these values. In this blog article, we will be looking at how to go about an audit of OS Security. Continue reading “Audit of OS Security”