Posted September 30th, 2009 by Dhiraj Ranka
Following is the small example of creating a stored procedure.
====================================================================
CREATE PROC sp_login (@loginid nvarchar(25),@password nvarchar(25))
AS
DECLARE @SQLString VARCHAR(500)
DECLARE @loginid VARCHAR(64)
DECLARE @password VARCHAR(64)
/* Build the SQL string once.*/
SET @SQLString = ‘SELECT * from cust_users WHERE login_id = ‘+ ””+@loginid+”” + ‘AND password = ‘+ ””+@password+””
EXECUTE sp_executesql @SQLString
Read the rest of this entry »
Posted March 26th, 2009 by admin
by Toufiq Ali, NII Consulting
Before you read further make sure you back up all the original settings of the registry or set create a restore point of your system. I assume reader know what a windows remote terminal service is. If not please refer to http://en.wikipedia.org/wiki/Terminal_Services
In Windows XP when a remote user tries to connect using the Remote Desktop Connection (RDC) client in Windows XP, the local user is disconnected from his current session forcefully. RDC, unlike Terminal Server Services in Windows 2000, Server 2003 and Server 2008, is designed for only one session at a time.. This excerpt aims at making terminal services functionality of multiple user login from Windows server 2000, windows server 2003 etc in Windows XP. This would be very useful in environment where the network admin often troubleshoots problem on the network using RDC.
Keep reading as the hack unfolds to enable concurrent remote desktop connection sessions support in Windows XP using the following patched files. Read the rest of this entry »
Posted January 1st, 2009 by admin
1. Business continuity to get focus over disaster recovery
BCM is a process issue related to building the framework to increase business resiliency and restoration capability, while DR is about building redundancy through infrastructure investments. It is quite likely that new DR site investments might happen fewer than they did in 2008. But I would not advise cutting down on building your BCM capability – even if you are an SME. Each one of your people does need to know what needs to be done when things begin to fail. This does not require huge amounts of investment, but does require common sense, risk assessment, and regular training and awareness.
Counter: Focus on an effective Business Continuity Plan that takes into account at least the following – fire, ISP failure, transportation link failure, and yes a terrorist attack as well.
2. Capital expenditure on security technologies likely to be hit
This is one area that has seen the biggest hit and is likely to continue feeling the impact with new investments simply not happening. So fewer firewall upgrades, fewer adoptions of recently introduced solutions such as Data Leakage Prevention (DLP), Network Access Control (NAC), and others.
Counter: Really look for ROI on your capital expenditure on security technologies. Read the rest of this entry »
Posted December 31st, 2008 by admin
I was recently attending a conference on Business Continuity Management, and happened to attend an enlightening talk given by Mr. Vijay Sethi, CIO of Hero Honda – the world’s single-largest two wheeler company. The focus of the talk was on “Reasons for BCP Failure”, and I believe the points given below are highly applicable to a lot of organizations. With his permission, I am presenting the key ideas presented:
1. Faulty drivers for implementing BCP
A lot of organizations implement BCP because customers demand it, or they need it for ISO 27001 certification, or because their auditors have repeatedly stated so.
2. Not business-centric
A lot of BCPs end up becoming focused purely on IT infrastructure, and are more like Disaster Recovery Plans, rather than comprehensive Business Continuity Plans.
3. No clear owner of the BCM process
The success or failure of the BCM depends on who is the internal driver or champion of the process. Thus the owner of the BCM should be clearly defined. While, the CIO or CTO could be the owner, he must ensure he has a larger business perspective, and more importantly the rest of the organization should not see it as an technology-focused initiative, rather as something that affects all of them. Read the rest of this entry »
Posted February 7th, 2008 by admin
Finally, we have our first conviction under the IT Act 2000 in India. After more than a 100 cases being lodged, and about half of them actually reaching the courts, we have our first conviction of an orthopaedic surgeon in Chennai being convicted of recording and uploading pornographic images. He and his brother in the US were found running a profitable pornographic website selling the videos and images.
Other notable cases nowhere near conviction include the hacking of the Mumbai cybercrime cell, the financial defrauding of Citibank customers by its BPO Mphasis, the creation of an Orkut group criticising Shivaji which got an IT engineer in Bangalore wrongly incarcerated due to a serious goof-up by Bharti (the ISP), and others.
Coming back to the original case, though, I wonder why the actions of the doc, warranted a life sentence? What is intriguing is the presence of machine gun bullets at his farmhouse – wonder where the machine gun correlating to the bullets might be? Maybe the doc was also a gun-runner in addition to being a pervert.
Posted January 9th, 2008 by admin
The Directorate of Forensic Science laboratory, Government of Maharashtra Mumbai is holding a forensics awareness week from 7th to 11th Jan 2008.
The Director — Dr.Mrs R.Krishnamurthy is pleased to invite persons from the corporate world especially those who are working in the area of Risk management, frauds detection and In house Investigations to their lab at Kalina (Santa Cruz) to get first hand knowledge of the techniques that the lab is using at present.
All those who are interested in visiting this lab, may contact;
Dr. Mrs. S. R. Krishnamurthy,
Director
Directorate of Forensic Science Laboratories
Maharshtra State
Tel: 022 2667 0760. (direct).
Tel : 022 2667 0758/65 (board).
Posted January 1st, 2008 by Kush
In this article we will learn on how to do the forensic of USB devices, how to correlate the USB device with the drive letter and how to see at what time the USB device was plugged in and plugged out. This article may be very useful for the military forces as they can easily note the time when the particular USB device was plugged in.
Whenever a forensic investigator does the forensic of a USB device, he should look into two important keys of the registry. These are: Read the rest of this entry »
Posted August 21st, 2007 by admin
from NII Consulting
The IT Act 2000 is a large repository of fine print fraught with judicial jargon and varying legal implications.
To quote from the preamble of the Act,
“An Act to provide legal recognition for the transactions carried our by means of electronic data interchange and other means of electronic communication, commonly referred to as “Electronic Commerce”, which involve the use of alternatives to paper based methods of communication and storage of information , to facilitate electronic filings of documents with the Government agencies and further to amend the Indian Penal Code, Indian Evidence Act, 1872,, The Bankers’ Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.”
The full Act is available online in a neatly organized HTML format at http://www.naavi.org/importantlaws/itbill2000/index.htm
To make it more comprehensible, our principal consultant, K. K. Mookhey, recently drew up a presentation to provide an overview and quick understanding of all the chapters of the IT Act.
This presentation is available for download at http://www.niiconsulting.com/services/IT_Act_2000_NIIConsulting.ppt
Posted July 30th, 2007 by admin
From NII Consulting
NII Consulting is glad to announce its fourth hands-on workshop for EC-Council’s “Certified Hacking Forensic Investigator (CHFI)” certificate course. As an Accredited Training Provider (ATP), NII is certified to teach the authorized curricula for security technologies.
The CHFI certification is awarded after successfully passing the EC0 312-49 exam. (The training fees include exam vouchers) Read the rest of this entry »
Posted June 22nd, 2007 by Kush
by Kush Wadhwa, NII Consulting
Are you working as a cyber crime investigator and looking for something which can prove in court of law that there was some pornographic content on the suspect’s machine? Let me help you out in this case.There is a file with a name “thumbs.db” which is automatically generated by Windows XP whenever user views the folder or image in thumbs view or in filmstrip view. Automatic generation of this file is ON by default. Thumbs.db contains a copy of each of the tiny preview images generated for image files in that folder so that they load up quickly the next time you browse that folder. If a user tries to view this file by any image viewer then it will be of no use. For extracting the juicy content from this file, forensic investigator has to understand the header of the thumbs file present in thumbs.db. Let me explain step by step on how to extract useful content from thumbs.db file. Read the rest of this entry »