Over the past few years, we have completed a number of social engineering tests as part of advanced penetration testing at various organizations. Coincidentally, I recently read an excellent book called “Influence – the Psychology of Persuasion” by Dr. Robert Cialdini.and realized that it has some excellent lessons for anyone wanting to guard themselves from […]
A recent dive into challenges faced from privacy compliance requirements unearthed an interesting patent. The unearthing of this new patent on the block came from the need of anonymizing data for several reasons including compliance (PCI DSS, German Data Privacy Law [BDSG], UK Data Privacy Act).
From forensics point of view, investigating “which user did what on the application/server that lead to its compromise” is of the most importance. Similar scenario applies to Email investigation. It’s quite simple now to find out the IP Address of the person who is sending out fishy or threatening emails to the victim(s).
This post is a complete switch over from my previous post on phishing modus operandi. A little background on the hack. I was doing an assessment of a financial application; the objective was to evaluate the security of the complete infrastructure on which the application will be hosted once it goes live. As oppose to […]
Phishing sounds similar to fishing. Fishes are to the volume of internet users today much like fishermen are to phishers. Zillions of fishes falling prey the nets is nothing less compared to internet users being phished through their own in boxes and messengers. Phishers tend to have some personal favorites – personal information, credit cards […]
Some days back I was greeted by a Google Safe browsing warning when I tried visiting a ‘known’ site. As I was sure it was supposed to be clean and harmless site, I thought it would be good to dig further into this problem. The trail led to interesting amounts of codes, concepts and techniques. […]
Following is the small example of creating a stored procedure. ==================================================================== CREATE PROC sp_login (@loginid nvarchar(25),@password nvarchar(25)) AS DECLARE @SQLString VARCHAR(500) DECLARE @loginid VARCHAR(64) DECLARE @password VARCHAR(64) /* Build the SQL string once.*/ SET @SQLString = ‘SELECT * from cust_users WHERE login_id = ‘+ ””+@loginid+”” + ‘AND password = ‘+ ””+@password+”” EXECUTE sp_executesql @SQLString
by Toufiq Ali, NII Consulting Before you read further make sure you back up all the original settings of the registry or set create a restore point of your system. I assume reader know what a windows remote terminal service is. If not please refer to http://en.wikipedia.org/wiki/Terminal_Services In Windows XP when a remote user tries […]
1. Business continuity to get focus over disaster recovery BCM is a process issue related to building the framework to increase business resiliency and restoration capability, while DR is about building redundancy through infrastructure investments. It is quite likely that new DR site investments might happen fewer than they did in 2008. But I would […]
I was recently attending a conference on Business Continuity Management, and happened to attend an enlightening talk given by Mr. Vijay Sethi, CIO of Hero Honda – the world’s single-largest two wheeler company. The focus of the talk was on “Reasons for BCP Failure”, and I believe the points given below are highly applicable to […]
