Many times we receive SMS’s on our cell phones displaying messages like the one shown below: Typically a phone number to call or a website link is given which asks the user to provide his/her personal identifiable information – bank account number, PIN, or credit card number – to claim the prize money.  When an […]

When we heard Khushbu Pratap’s name cropping up in Gartner’s explanation on its Magic Quadrants, we thought we would ask her about how her experience working at NII had been. Below is the unadulterated heart-taking-a-leap-of-joy response! My time at NII has been the most rewarding experience in my short professional history. I am talking from the time NII […]

Below are the steps of how to fix the banner (version information) in IIS 7.5 Install the latest version of URLScan 3.1 (http://learn.iis.net/page.aspx/726/urlscan-overview/). Select the correct version as per your OS (64-bit or 32-bit) The reference article to setup URLScan is http://learn.iis.net/page.aspx/475/urlscan-setup/ Enable ‘ISAPI Filters’ for your webserver. This is necessary for URLScan to be […]

For my research, I chose to analyze a popular Android application for malwares. But why select a Russian version? Well, it made a compelling case study from analysis perspective that I later found out during my research. The application I selected was popular game called FruitNinja downloaded from Russian Fake Android Store (Figure 1). Figure […]

Scope: This article demonstrates logging techniques in MySQL to uncover and analyze any mischief attempts done by (outside or inside) user focusing on specific areas in database. Getting Started: Following are the types of logs available in MySQL[1]. Log Type Information Written to Log Error log Problems encountered starting, running, or stopping mysqld General query […]

With the boundary-less work culture of the 21st century, organizations have started to wake up to the fact that they cannot withhold information within the confines of their heavily guarded data-centers. Clients, employees and vendors need the information on the servers, on their laptops, and on their handheld devices in order to continue smooth functioning […]

Overview I had to do the risk analysis of the Android 2.2 – Froyo based appliance and check for any security flaws exist in it before the XYZ Ltd. (just the example) company could launch that product in the market. Background How I get connected to appliance At start of my task I first assign […]

IIS Application pools are used to separate sets of IIS worker processes that share the same configuration and application boundaries. Application pools used to isolate our web application for better security, reliability, and availability and performance and keep running with out impacting each other . The worker process serves as the process boundary that separates […]

Hi all, This month’s reading list. Make sure to check out the tools sections. Traditional Pen-testing is Dead: A frank look at the state of affairs of our daily job http://www.secmaniac.com/october-2010/traditional-penetration-testing-is-dead-bsides-atlanta/

Hi all, We are starting with a monthly reading-list for people who are unable to keep up with the latest in the field of IT Security. A few articles (like the ones below) may be informational to the non-technical readers as well to improve their tech know-how and security posture 🙂