CHEERS!!!

December 31, 2009 · Posted in Life Happens, Random Stuff · Comment 

Wishing you all a safe, happy and prosperous New Year…

It’s time for that cheesy classic… ;-)

Tags: no tags

Do People Still Fall For This?

December 30, 2009 · Posted in Information Security, Information Systems, The Internet · Comment 

I still regularly get communication like the one below from wives of presidents, sons of billionaires, daughters of a wealthy sheik, etc. and saying that with my help I can be an instant millionaire. The words in the message slightly vary, but the message is pretty much the same. This scam, commonly known as the “Nigerian Sam”, has been going on even before e-mail became widely widespread, but after all these years and after all the media exposure it has received, one would think folks would no longer fall for it and perhaps the scammers will change their tactics.

Well as illustrated in the e-mail below, and from the tons of similar e-mails I have received, it doesn’t look like the tactic have changed at all. I wonder if people still fall for them, since nothing changed on the bad guys side.

Read more

Tags: , , , , , , , , , , ,

Semi-hiatus

December 22, 2009 · Posted in Life Happens, Random Stuff · Comment 

The past 2 weeks has been interestingly hectic. So hectic I barely have time to sit and put in an entry. In any case, I’m hoping to still be able to put in an entry here and there and hopefully I should be fully back in the fold by Jan. 2 next year.

Whatever the case maybe, I hope you all are having a wonderful Holiday Season and I wish you all the best for 2010.

Tags: no tags

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Key Concepts and Other Definitions

December 22, 2009 · Posted in Information Security, Information Systems · Comment 

Rainbow Series

The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.

These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria. Read more

Tags: , , , , , , , , , , , , , , ,

Yeah Boy! Yah Suck! – David Pogue | Microsoft

December 11, 2009 · Posted in Information Security, Information Systems, Information Technology, The Internet, Yeah Boy! Yah Suck! · Comment 

This week’s, Yeah Boy!!!

I don’t know if you’ve heard of David Pogue, New Technology Columnist for NyTimes.Com. His website is aptly named: DavidPogue.com. I first got turned on to him (no he did not turn me on :-P ) when he did the keynote for a marketing conference I attended in Las Vegas about 2 years ago. The man has proven that he had the gift for writing, the gift of gab, he delivers his stuff in a very down-to-earth and funny fashion (both in text and in speech) and as he demonstrated in that keynote speech, he got musical skills, too. He explained that Music was actually his major in college and becoming one of the most recognized and respected tech reviewer in the web today is quite a feat indeed. Read more

Tags: , , , , , , , , , , , ,

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Session Hijacking

December 11, 2009 · Posted in Information Security, Information Systems · Comment 

In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer (see HTTP cookie theft).

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. Read more

Tags: , , , , , , , , ,

Does Microsoft Even Care? Technet willing host of Spammers…

December 10, 2009 · Posted in Information Security, Information Systems, Information Technology, The Internet, Web Design / Development · Comment 

I was out of commission for the past two days, not because I was sick, but is simply loaded with other commitments and barely had any chance to pee… ;-)

Anyway, an unavoidable facet of blogging or the Web 2.0 framework in general, wherein the web publisher allows their visitors to submit entries such as comments, is the fact that you will be dealing with a lot of spammers who will use every trick in the book to exploit your system. This blog is no exception. I do, however, care and try to monitor and try my best not to let spammers inundate this blog with useless crap.

It is a standard practice for all Web 2.0 systems developers to provide some form of spam protection in their system and it is wise for the users of these systems to utilize these protections in order for them to avoid getting their site inundated with junk and their mailbox with even more junk. Read more

Tags: , , , , , , , , ,

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Denial of Service Attack

December 10, 2009 · Posted in Information Security, Information Systems · Comment 

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Read more

Tags: , , , , , , , , , , ,

Monday DeMondaynizer – An Interesting Quote

December 7, 2009 · Posted in Random Stuff, The Demondaynizer · Comment 

You say this is a computer for ordinary people? Why would an ordinary person want a computer? – Hewlett Packard executive to Steve Wozniak regarding Apple prototype

——

Cheers to Your Monday… :-D

Tags: , ,

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Classes of Network Abuse

December 7, 2009 · Posted in Information Security, Information Systems · Comment 

Class A

  • Unauthorized access through circumvention of security access controls
  • Masquerading, logon abuse (primarily internal attacks)

Class B – non-business use of systems

Class C

  • Eavesdropping
  • Active: Tampering with a transmission to create a covert signaling channel or probing the network
  • Passive – Covertly monitoring or listening to transmissions that is unauthorized
  • Covert Channel – using a hidden unauthorized communication
  • Tapping – refers to the physical interception of transmission medium (like splicing of cable) Read more

Tags: , , , , , , , , , , , ,

Next Page »

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    December 2009
    M T W T F S S
    « Nov   Jan »
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  

  • RSS e-Business News from eCommerceTimes

    • HP's Wallet-Busting Win
      The insane tug-of-war between Dell and HP for enterprise storage company 3Par has finally drawn to a close. We have a winner, if you want to call it that -- the final sale price is more than double the figure Dell initially put forward when it announced its intentions to buy 3Par a couple weeks ago, so who knows how much of that is real value and how much is […]
    • Making Change Happen Every Day: Q&A With GSA's David McClure
      The U.S. government spends $80 billion annually on information technology. The U.S. General Services Administration is directly involved in nearly 25 percent of federal IT procurement activities through its Schedule 70 acquisition program, including nearly $9 billion directly for information technology investments. GSA has emerged as a leader in guiding fede […]
    • Marketers, Let's Get Personal
      On Aug. 13, IBM and Unica Corporation announced they had entered into a definitive agreement for IBM to acquire Unica, a leading provider of marketing software solutions that focuses on streamlining marketing program development, execution and management to achieve improved marketing effectiveness. […]
    • 3Par Sale Frenzy Ends With HP the Presumed Winner
      HP has won the bidding war it waged with Dell for data-storage company 3Par, whose shares were trading at $9.65 when Dell first tried to acquire it in mid-August. Dell decided not to match HP's $2.4 billion ($33 per share) offer, which topped Dell's bid of $32 per share. Dell first tried to acquire 3Par with an $18 per share offer on August 16, whi […]
    • Intel, Infineon and the Winds of Change
      Intel has focused solely on the computer business for so long, we forget it can pursue other avenues of growth as well. Tomorrow, all our devices will be connected and talk to each other and share information. In that new world, Intel has been looking around for another business to acquire to help expand its reach, and it chose Infineon. […]
    • In iTunes, All App Reviews Are Not Created Equal
      I like walled gardens. They are safe and, for the most part, keep out the predators. However, when one sneaks over the wall, the results can be ugly, to say the least. With the iTunes App Store, one of the key supposed advantages for end-users is that it is a walled garden, and Apple is providing a safe, secure environment you can trust in. […]
    • How to Build a Better Business Blog
      About the easiest way for companies to dip their toes into the social media waters is the blog. There are few technical burdens to setting them up, the time needed to create posts can flex with the workloads of the assigned writers, and they can become a conduit for customer conversations through the comments section. So every business is leaping eagerly int […]
    • Do E-Readers Spell the End of Print Media?
      Recently, library chief Helen Josephine of Stanford University's Engineering Library said that the students' search through volumes of books to get to a formula that they want is basically at an end because "with books being digitized and available through full text search capabilities, they can find that formula quite easily." […]
    • Sony's New Touchscreen Readers Unlikely to Shake Up Market
      Sony has updated its e-reader family of devices: the Reader Pocket, Reader Touch and Reader Daily. The new Readers offer touchscreen functionality based on infrared sensors that read taps made by a finger or a stylus. They are smaller and lighter, and have redesigned user interfaces. […]
    • Will Wednesday's Big Show Put More Spring in AAPL's Step?
      Shares of Apple closed up 60 cents on Tuesday to hit $243.10. However, Cupertino is still smarting from the downward spiral of the past few weeks, when its stocks took a beating along with the rest of the market. The Dow on Tuesday recovered a fraction of what it lost after a Monday drubbing, and the Nasdaq fell nearly six points. […]

  • RSS From the National Vulnerability Database

    • CVE-2010-2364 (moobbs) August 30, 2010
      Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2010-3188 (bugtracker.net) August 30, 2010
      SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page. […]
      nvd@nist.gov
    • CVE-2010-3196 (db2) August 30, 2010
      IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. […]
      nvd@nist.gov
    • CVE-2010-3190 (visual_studio) August 30, 2010
      Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file. […]
      nvd@nist.gov
    • CVE-2010-3195 (db2) August 30, 2010
      Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." […]
      nvd@nist.gov
    • CVE-2010-2365 (moobbs2) August 30, 2010
      Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2010-3194 (db2) August 30, 2010
      The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. […]
      nvd@nist.gov
    • CVE-2010-3191 (captivate) August 30, 2010
      Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file. NOTE: the provenance of this information is unknown; the details are ob […]
      nvd@nist.gov
    • CVE-2010-3193 (db2) August 30, 2010
      Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. […]
      nvd@nist.gov
    • CVE-2010-3189 (internet_security) August 30, 2010
      The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes
My Highlights powered by RoohIt (for WordPress)