A recent ruling by consumer court in Mumbai, India has held the bank responsible if it has not complied with regulations and the account holders money is fraudently transferred. Continue reading “Banks responsible for hacked customer accounts”
Recent Phishing Scams
Recent Phishing Scams
Over the last few months, financial institutions have seen a varying profile of phishing attacks. Two interesting instances are reproduced below Continue reading “Recent Phishing Scams”
Smart Phones – Convenience or Threat?
The use of smart phones to access sensitive corporate information away from the office is creating huge security gaps for enterprises. Smart phones are being used to access company mails and applications. Atleast one major breach involving theft of application code has been attributed to malware from smart phones. So how do we benefit from the technology while addressing the risks Continue reading “Smart Phones – Convenience or Threat?”
A list of major security breaches of 2009
As we begin a new year, I thought it would be a good time to reflect upon some major information security breaches of 2009. The list of the organizations involved makes this list very interesting. What makes this list even more interesting is the analysis of the breach- which indicates that the incidents could have been averted by adopting some fundamental security best practices.
Continue reading “A list of major security breaches of 2009”
Cloud Security
Cloud Security
(This is an extract from the original article appearing in Information Week)
The benefits of cloud computing make it hard to resist for both big and small businesses. However security in the cloud is still a stumbling block for most organisation in considering the adoption of cloud computing.
What is a Cold Boot Attack?
In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely “off” state. The attack relies on the data retention property of DRAM and SRAM to retrieve memory contents which remain readable in the seconds to minutes after power has been removed.
PCI Compliance-Code Review or Web Application Firewall
Payment Card Industry (PCI) – Data Security Standard is standard set based on a consensus based process led by 5 major credit card companies. It is not a government enforced standard and compliance is enforced by the credit companies.
Non-compliance results in higher fees and severe fines in the event of breach. All merchants and service providers collecting and processing credit card transactions are required to comply with the PCI-DSS. Version 1.2 of the standard was released in October 2008.
Section 6.6 of the PCI-DSS requires that for all public-facing applications, new threats and vulnerabilities should be addressed on an on-going basis and ensure that the applications are protected against know attacks.
Continue reading “PCI Compliance-Code Review or Web Application Firewall”
Botnets – What you need to know
Botnets are suddenly in the news for all the wrong reasons. What are botnets and why are they in the news?
What is Cloud Computing
Cloud computing is getting tons of press these days. Big names such as IBM , Amazon are already in the market with service offerings.So what exactly is cloud computing and how does it work.
Employee IT Security behavior turns worse
A new study released by the Ponemon Institute reveals that there is a general lack of awareness and enforcement of computer security policies at many companies. The rate of non-compliant employee behavior appears to be getting worse over time. Continue reading “Employee IT Security behavior turns worse”