2013-05-31

Google gives 7 days to vendors to patch 0-days!

Google gives 7 days to vendors to patch 0-days! Sounds like a tight deadline from Google.


Update 07-Jun-13:
Google increases the bounty for the bugs found on their own systems!

Apple's 2FA Incompetent

Looks like the process around it (not the algo itself) is weak.

2013-05-27

Sky news apps defaced!

Update 27-May-2013
Hackers break into Android apps of a Sky News??!!! Looking for some more details here.

Update 28-May-2013
This explains the matter better.

2013-05-22

Skype (for)gets end-to-end encryption

There used to be a time when a new (but only) player on the web, had the capability of providing end-to-end (peer-to-peer) encryption. Since Microsoft took it over, looks like privacy is going down the drain.

2013-05-14

Pen Testing Tutorials

PenTesterLab.com:  Looks like a place for interesting, hands-on tutorials. Not too many exercises available for now, but got a few good ones like - Linux Server Hardening, Website Vulnerability review, etc.

2013-05-12

What do employees think about security?


-  half of sales-focused employees say their job is hindered because they aren’t getting access to all the information they need
-  an alarming 46% avoided the possibility of losing a sales opportunity by bypassing security controls to access necessary sensitive information to get the job done

Full Article

2013-05-11

Card Industry's $45M Fraud

We have a new case where the thieves walked away with $45 million!
It's a known fact that the so-called PCI standard is poor and outdated. The question is when will the industry wake up and either create a new baseline standard?
Or maybe this is a good opportunity to fill this gap today and roll out a new standard.
Here's a high level summary of the heist!

Name.com Breached

domain registrar breached, and then forces customers to reset their passwords. Such attacks are always critical, and almost out of the hands of the poor owners of the websites.

India's Cyber Policy

India (finally) works on a cyber security policy/framework. Much needed, but I'm still waiting to see the actual document.

Update 17-Sep-13:
A very good article around India's position for IT Sec and the challenges.

2013-05-07

AutoIt Malwares

AutoIt, which is a Windows scrpting language is now popularly being used to create malwares. In fact there is some really good code on Pastebin up for grabs!

IE 8 0-day!!

A new zero day attack, which has already led to an attack on the Department of Labor

OpUSA

Update 07-May:
Anonymous' threat to attack a huge number of American banks today (7th)

Update 13-May:
Looks like the event wasn't a big success. A few low profile hacks is all they got.

2013-05-02

Myths of Access Rights Management

A good read

Elements of a successful security awareness program

The 7 elements to make your organization's program a success.

Google Glass Bug!

Okay, we now have a cutting edge tool, to keep humans always 'connected', making sc-fi cyborgs a reality. Anyway, this Google brainchild is now available to a limited set of developers, and one of them has a detailed analysis of it.

The concerns with this new technology are probably more than the benefits for now. Here's one article on it.