Jul 142016
 

If you are looking to navigate your way through the complexities of Big Data and its use in Security, here are some links to get you off the ground: Big Data Basics What is Big Data Which are the major technologies used for Big Data Hadoop (Apache’s open-source implementation of Google’s MapReduce algo) Elastic Search, Logstash, Kibana (ELK) Major implementations of Hadoop – Cloudera and Hortonworks How it started to become mainstream – Google publishes its Read More…

Jun 302016
 

INTRODUCTION WhatsApp Messenger is an application used across various Mobile Platforms for instant messaging. It uses the internet to send and receive audios, videos, documents, location details, messages etc. WhatsApp saves all the message of user onto a database file in crypt form, which means no one could read anyone’s private messages. WhatsApp uses crypt2, crypt5, crypt7, crypt8 to encrypt all the data so that no one could read the messages from the database file. Read More…

May 022016
 

So here it is, PCI SSC has officially released the final version of PCI DSS v3.2 standard document. PCI DSS v3.1 will retire after six months from now and organizations are required to use PCI DSS v3.2 for assessments during this period. The newly added requirements will be considered best practices till 31st January 2018. Post this date they will be effective as requirements. So, What’s New In PCI DSS V3.2? The major requirements are Read More…

Apr 192016
 

Spam-blasting malware infects thousands of Linux and FreeBSD servers. – Ars Technica, Apr 30, 2015. Mumblehard Malware: Linux-Based Spam Generator Went Unnoticed for Five Years. – Security Intelligence, May 5, 2015. One of the longest living email-spam botnets is dead.   – The daily dot, Apr 7, 2016. Why is this malware so hyped? What is Mumblehard? Mumblehard, is a sophisticated malware that affected a huge number of Linux and FreeBSD operating systems and is Read More…

Mar 222016
 

Introduction Device binding is commonly used in android application for tracking a user’s device and ensure accountability. Some android application developers use this device id binding technique to uniquely identify users. When an application offers the discount promo code for user’s benefits, application acquires device attribute to track users against that specific promo code. In some case, the developer uses IMEI number to validate the user’s applied promo code whether it is valid or not. Read More…

Mar 072016
 

Compliance to the PCI DSS standard is mandatory for all entities which store, process or transmit card-holder data associated with Visa, Mastercard, American Express, Discover and JCB. As part of this compliance the council requires organizations to undergo periodic assessments and evaluations. Vulnerability Assessments and Penetration Testing (VAPT) is a vital part of this requirement. Network Intelligence India provides VAPT services specially directed towards such requirements. Below is our summarized methodology, enumerating the list of activities Read More…

Mar 022016
 

Enabling Auditing in Oracle To enable auditing and direct audit records to the database audit trail, we need to do the following. Login as a sys user and execute the below mentioned SQL command and then restart the database. SQL> ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE; System altered. SQL> SHUTDOWN Database closed. Database dismounted. ORACLE instance shut down. SQL> STARTUP ORACLE instance started. Total System Global Area 289406976 bytes Fixed Size 1248600 bytes Variable Size 71303848 Read More…