Posted June 3rd, 2010 by K K Mookhey
Over the past few years, we have completed a number of social engineering tests as part of advanced penetration testing at various organizations. Coincidentally, I recently read an excellent book called “Influence – the Psychology of Persuasion” by Dr. Robert Cialdini.and realized that it has some excellent lessons for anyone wanting to guard themselves from social engineering attacks.
Dr. Cialdini’s book is an excellent coverage of what he calls “compliance professionals” – people engaged in hard-core door-to-door selling such as second-hand car salesman, multi-level marketing (read Amway) professionals, etc. He talks about the following 6 techniques adopted by these professionals to convince people to buy things they were never going to buy in the first place. The same techniques can also afford the social engineer easy access to information, and it is worthwhile for information security professionals to examine what the other breed of “compliance professionals” is up to!
Read the rest of this entry »
Posted February 9th, 2010 by Khushbu Jithra
A recent dive into challenges faced from privacy compliance requirements unearthed an interesting patent. The unearthing of this new patent on the block came from the need of anonymizing data for several reasons including compliance (PCI DSS, German Data Privacy Law [BDSG], UK Data Privacy Act). Read the rest of this entry »
Posted January 6th, 2010 by Nikhil Wagholikar
Introduction
Log analysis, is one of the very basic but crucial exercise of any Forensics Analyst. It includes many aspects for analysis; some of the important ones being:
- Determine actions/requests performed by User/Host/IP Address
- The application’s or Server’s reactions towards user’s requests
- Finding more information about a particular User/Host/IP Address who may be performing some extra-ordinary transactions with the application/server
- Application/Server performance
- Application/Server traffic monitoring to calculate business growth etc
However from forensics point of view, investigating “which user did what on the application/server that lead to its compromise” is of the most importance. Similar scenario applies to Email investigation. It’s quite simple now to find out the IP Address of the person who is sending out fishy or threatening emails to the victim(s).
Here we are discussing a post investigation aspect of above and similar scenarios i.e. what after once the source IP Address (of the attacker) is identified? In this article we are going to discuss about a simple tool/script, which helps forensic analyst to get the exact location of the source IP Address on this very beautiful earth.
Read the rest of this entry »
Posted December 8th, 2009 by Taufiq Ali
This post is a complete switch over from my previous post on phishing modus operandi. A little background on the hack. I was doing an assessment of a financial application; the objective was to evaluate the security of the complete infrastructure on which the application will be hosted once it goes live. As oppose to the routine list of findings this particular hack took the limelight. It was system compromise with Administrator access to the system. Yeah!
Read the rest of this entry »
Posted November 5th, 2009 by Taufiq Ali
Phishing sounds similar to fishing. Fishes are to the volume of internet users today much like fishermen are to phishers. Zillions of fishes falling prey the nets is nothing less compared to internet users being phished through their own in boxes and messengers. Phishers tend to have some personal favorites – personal information, credit cards numbers, debit cards numbers with ATM pins, etc. Though phishing has been around for a long time, it became more prominent back in 2003. You can read more here on the big scams here.
How does it all work?
Read the rest of this entry »
Posted October 1st, 2009 by Wasim Halani
Some days back I was greeted by a Google Safe browsing warning when I tried visiting a ‘known’ site. As I was sure it was supposed to be clean and harmless site, I thought it would be good to dig further into this problem. The trail led to interesting amounts of codes, concepts and techniques.
Malware writers are very smart nowadays (haven’t they always been ?). They know that once their code is understood it most likely to be detected by anti-malware applications. To delay detection by such applications, they resort to a wide range of techniques. In this blog post I’ll be discussing the most potent and easily created malware.
Javascript has become the boon and bane of the Internet. It provides greater interactivity with the user but can also be used by malware writers to infect innocent users. Javascript is a client-side scripting technology which means the processing of the script is handled by the user’s browser.
Obfuscation is the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret.
Read the rest of this entry »
Posted September 30th, 2009 by Dhiraj Ranka
Following is the small example of creating a stored procedure.
====================================================================
CREATE PROC sp_login (@loginid nvarchar(25),@password nvarchar(25))
AS
DECLARE @SQLString VARCHAR(500)
DECLARE @loginid VARCHAR(64)
DECLARE @password VARCHAR(64)
/* Build the SQL string once.*/
SET @SQLString = ‘SELECT * from cust_users WHERE login_id = ‘+ ””+@loginid+”” + ‘AND password = ‘+ ””+@password+””
EXECUTE sp_executesql @SQLString
Read the rest of this entry »
Posted March 26th, 2009 by admin
by Toufiq Ali, NII Consulting
Before you read further make sure you back up all the original settings of the registry or set create a restore point of your system. I assume reader know what a windows remote terminal service is. If not please refer to http://en.wikipedia.org/wiki/Terminal_Services
In Windows XP when a remote user tries to connect using the Remote Desktop Connection (RDC) client in Windows XP, the local user is disconnected from his current session forcefully. RDC, unlike Terminal Server Services in Windows 2000, Server 2003 and Server 2008, is designed for only one session at a time.. This excerpt aims at making terminal services functionality of multiple user login from Windows server 2000, windows server 2003 etc in Windows XP. This would be very useful in environment where the network admin often troubleshoots problem on the network using RDC.
Keep reading as the hack unfolds to enable concurrent remote desktop connection sessions support in Windows XP using the following patched files. Read the rest of this entry »
Posted January 1st, 2009 by admin
1. Business continuity to get focus over disaster recovery
BCM is a process issue related to building the framework to increase business resiliency and restoration capability, while DR is about building redundancy through infrastructure investments. It is quite likely that new DR site investments might happen fewer than they did in 2008. But I would not advise cutting down on building your BCM capability – even if you are an SME. Each one of your people does need to know what needs to be done when things begin to fail. This does not require huge amounts of investment, but does require common sense, risk assessment, and regular training and awareness.
Counter: Focus on an effective Business Continuity Plan that takes into account at least the following – fire, ISP failure, transportation link failure, and yes a terrorist attack as well.
2. Capital expenditure on security technologies likely to be hit
This is one area that has seen the biggest hit and is likely to continue feeling the impact with new investments simply not happening. So fewer firewall upgrades, fewer adoptions of recently introduced solutions such as Data Leakage Prevention (DLP), Network Access Control (NAC), and others.
Counter: Really look for ROI on your capital expenditure on security technologies. Read the rest of this entry »
Posted December 31st, 2008 by admin
I was recently attending a conference on Business Continuity Management, and happened to attend an enlightening talk given by Mr. Vijay Sethi, CIO of Hero Honda – the world’s single-largest two wheeler company. The focus of the talk was on “Reasons for BCP Failure”, and I believe the points given below are highly applicable to a lot of organizations. With his permission, I am presenting the key ideas presented:
1. Faulty drivers for implementing BCP
A lot of organizations implement BCP because customers demand it, or they need it for ISO 27001 certification, or because their auditors have repeatedly stated so.
2. Not business-centric
A lot of BCPs end up becoming focused purely on IT infrastructure, and are more like Disaster Recovery Plans, rather than comprehensive Business Continuity Plans.
3. No clear owner of the BCM process
The success or failure of the BCM depends on who is the internal driver or champion of the process. Thus the owner of the BCM should be clearly defined. While, the CIO or CTO could be the owner, he must ensure he has a larger business perspective, and more importantly the rest of the organization should not see it as an technology-focused initiative, rather as something that affects all of them. Read the rest of this entry »