CHEERS!!!

December 31, 2009 · Posted in Life Happens, Random Stuff · Comment 

Wishing you all a safe, happy and prosperous New Year…

It’s time for that cheesy classic… ;-)

Tags: no tags

Do People Still Fall For This?

December 30, 2009 · Posted in Information Security, Information Systems, The Internet · Comment 

I still regularly get communication like the one below from wives of presidents, sons of billionaires, daughters of a wealthy sheik, etc. and saying that with my help I can be an instant millionaire. The words in the message slightly vary, but the message is pretty much the same. This scam, commonly known as the “Nigerian Sam”, has been going on even before e-mail became widely widespread, but after all these years and after all the media exposure it has received, one would think folks would no longer fall for it and perhaps the scammers will change their tactics.

Well as illustrated in the e-mail below, and from the tons of similar e-mails I have received, it doesn’t look like the tactic have changed at all. I wonder if people still fall for them, since nothing changed on the bad guys side.

Read more

Tags: , , , , , , , , , , ,

Semi-hiatus

December 22, 2009 · Posted in Life Happens, Random Stuff · Comment 

The past 2 weeks has been interestingly hectic. So hectic I barely have time to sit and put in an entry. In any case, I’m hoping to still be able to put in an entry here and there and hopefully I should be fully back in the fold by Jan. 2 next year.

Whatever the case maybe, I hope you all are having a wonderful Holiday Season and I wish you all the best for 2010.

Tags: no tags

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Key Concepts and Other Definitions

December 22, 2009 · Posted in Information Security, Information Systems · Comment 

Rainbow Series

The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.

These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria. Read more

Tags: , , , , , , , , , , , , , , ,

Yeah Boy! Yah Suck! – David Pogue | Microsoft

December 11, 2009 · Posted in Information Security, Information Systems, Information Technology, The Internet, Yeah Boy! Yah Suck! · Comment 

This week’s, Yeah Boy!!!

I don’t know if you’ve heard of David Pogue, New Technology Columnist for NyTimes.Com. His website is aptly named: DavidPogue.com. I first got turned on to him (no he did not turn me on :-P ) when he did the keynote for a marketing conference I attended in Las Vegas about 2 years ago. The man has proven that he had the gift for writing, the gift of gab, he delivers his stuff in a very down-to-earth and funny fashion (both in text and in speech) and as he demonstrated in that keynote speech, he got musical skills, too. He explained that Music was actually his major in college and becoming one of the most recognized and respected tech reviewer in the web today is quite a feat indeed. Read more

Tags: , , , , , , , , , , , ,

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Session Hijacking

December 11, 2009 · Posted in Information Security, Information Systems · Comment 

In computer science, session hijacking refers to the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer (see HTTP cookie theft).

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine. Read more

Tags: , , , , , , , , ,

Does Microsoft Even Care? Technet willing host of Spammers…

December 10, 2009 · Posted in Information Security, Information Systems, Information Technology, The Internet, Web Design / Development · Comment 

I was out of commission for the past two days, not because I was sick, but is simply loaded with other commitments and barely had any chance to pee… ;-)

Anyway, an unavoidable facet of blogging or the Web 2.0 framework in general, wherein the web publisher allows their visitors to submit entries such as comments, is the fact that you will be dealing with a lot of spammers who will use every trick in the book to exploit your system. This blog is no exception. I do, however, care and try to monitor and try my best not to let spammers inundate this blog with useless crap.

It is a standard practice for all Web 2.0 systems developers to provide some form of spam protection in their system and it is wise for the users of these systems to utilize these protections in order for them to avoid getting their site inundated with junk and their mailbox with even more junk. Read more

Tags: , , , , , , , , ,

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Denial of Service Attack

December 10, 2009 · Posted in Information Security, Information Systems · Comment 

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. Read more

Tags: , , , , , , , , , , ,

Monday DeMondaynizer – An Interesting Quote

December 7, 2009 · Posted in Random Stuff, The Demondaynizer · Comment 

You say this is a computer for ordinary people? Why would an ordinary person want a computer? – Hewlett Packard executive to Steve Wozniak regarding Apple prototype

——

Cheers to Your Monday… :-D

Tags: , ,

CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Classes of Network Abuse

December 7, 2009 · Posted in Information Security, Information Systems · Comment 

Class A

  • Unauthorized access through circumvention of security access controls
  • Masquerading, logon abuse (primarily internal attacks)

Class B – non-business use of systems

Class C

  • Eavesdropping
  • Active: Tampering with a transmission to create a covert signaling channel or probing the network
  • Passive – Covertly monitoring or listening to transmissions that is unauthorized
  • Covert Channel – using a hidden unauthorized communication
  • Tapping – refers to the physical interception of transmission medium (like splicing of cable) Read more

Tags: , , , , , , , , , , , ,

Next Page »

Get Adobe Flash playerPlugin by wpburn.com wordpress themes