Monday, December 19, 2005

Google to buy Opera?

Google may soon announce its acquisition of browser firm Opera, if rumour is to be believed.

Pierre Chappaz, founder of Kelkoo and ex-Yahoo! Europe president, has revealed in his personal blog, Kelblog, that a "usually well informed source" has told him the buy is on the cards.

Such a move could come in response to Microsoft's latest iteration of its Internet Explorer, IE 7. Should Microsoft, for example, make a better fist of integrating its own search technology into its browser, Google could see itself losing market share.

Saturday, December 17, 2005

Database Threats

• Password Compromised – same as brute force, or username/password hard-coded in code

• SQL Injection - attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands.Access with Elevated Privileges – incorrect configuration leads to access with higher-than-expected privileges

Authentication Threats

  • Brute Force – attacker iterates through multiple combinations in the hope of finding a valid username/password combination
  • Man in the Middle – attacker sniffs packets from the network, modifies them, and inserts them back into the network
  • Session Hijacking - attacker uses authentication tokens to seize control of a legitimate user’s session while that user is logged into the application
  • Session Replay - attacker captures authentication tokens (e.g. session ID, cookies) to bypass normal authentication without the legitimate user having to be logged into the application.


Tuesday, December 06, 2005

Will the concept of 'office' fade out?

Technology which might expedite the arrival of the next generation workplace is Personal Internet Communicator (PIC), which is an affordable consumer device designed to provide managed internet access for people in global, high-growth markets to enhance communications, entertainment and education opportunities.

The emergence of collaborative technology and tools will further reduce the need to go to office and be at your desk per se. You might be able to sit on India gate lawns and write that important mail, or might be able to present an important presentation over video conferencing while your kids enjoy their favorite ride at Appu Ghar. If this sounds like a sci-fi then wake up to reality. All this and more is likely to happen in the coming three-to-four years. In fact, IT-majors Microsoft and IBM are working hard to make this vision a reality


Monday, December 05, 2005

More Windows exploits posted online

Two new pieces of computer code that could be used in cyber attacks on Windows users were posted on the web on Wednesday and Thursday.

The exploit posted on Thursday is another that could allow a remote attacker to gain complete control over a vulnerable computer. The code takes advantage of a flaw in a Windows component for transaction processing, called the Microsoft Distributed Transaction Coordinator. Microsoft addressed the flaw in security bulletin MS05-051 in October.

Tuesday, November 29, 2005

What is Blogging ?


Well many people asked me of what is this blogging all about...
And this is how I can define for you all...
Comments are always welcome..!!

A blog is essentially a web application which contains periodic posts on a common webpage.
Blogging combines a personal web page with tools to allow comments to be left and to make linking to other pages and blogs and ‘trackbacks’ – a system that allows a blogger to see who has seen the original post and has written another entry concerning it.

Monday, November 28, 2005

Failure to comply W3C...


The vast majority of public service websites in Europe are failing to meet international e-accessibility standards.

That's according to a report released by the UK EU presidency, which shows that a mere three per cent of public service websites are fully meeting the terms of the minimum accessibility requirements as stated by World Wide Web Consortium (W3C) guidelines.

Most of the websites fell down in the area of providing suitable text alternatives for images on their sites, with a large number of websites also failing to fully explain the relationship between frames on a website.

Seems, there is a trade-off somewhere ...


ISSAF Draft o.2 to be released soon...

HI All folks,

As a part of ISSAF, it's nice to tell you all that the ISSAF (Information System Security Assessment Framework) Draft 0.2 will be available to you soon.

Watch out at

My contribution includes the Web Application Security Assessments....:)



Friday, November 25, 2005

Free Software Foundation to take Gates to task...

The Free Software Foundation Europe (FSFE) has filed a request with the European Union asking to get involved in an EU antitrust suit against Microsoft.

The Linux and Samba developer group has filed its request for leave to intervene in the case saying Microsoft's fiscal might is skewing the fight unfairly.

Georg Greve, president of FSFE, said in a statement: "The more Microsoft is able to purchase its opponents' solidarity, the more important FSFE's commitment to freedom and interoperability is."

Conversely, Microsoft has also been lobbying for new supporters in the case, asking big business to intervene on its side. Several opponents of Redmond, including the Computer and Communications Industry Association and Novell, dropped their objections following payouts from Microsoft.

Saturday, November 19, 2005

Friday, November 18, 2005

New Sober Virus

There are at least three new variants of the Sober worm spreading across the internet via email messages. The viruses are activated once a user clicks on an infected attachment.

Sober can hijack a Windows-based computer and force it to send spam emails. The continuous emailing can lead to overloaded servers and reduced network performance.

Wednesday, November 16, 2005

Free desktop apps from Microsoft

Microsoft is planning to to offer free, ad-supported versions of some of its desktop products.

Does it it make sense to release ad-supported versions of products such as Works, Money, or even the Windows operating system itself ?

Tuesday, November 15, 2005

Google Analytics

To track user behaviour to determine which features keep visitors on the site and which ones make them click away

Google Inc. plans to give away a set of analytic tools allowing Web developers, administrators and advertisers to fine-tune their sites including advertising.

The tools are intended to address a key aspect of successful Web sites, which is the ability to track user behaviour to determine which features keep visitors on the site and which ones make them click away.

Monday, November 14, 2005

Apple versus Microsoft

Running Microsoft Vista Beta 2, if I launch the QuickTime player, all applications running on the system lost their glass effect until I quit QuickTime.

Guess would be spite on the part of Steve Jobs...


ASP.NET's extremely popular __VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" (including form fields, database views, etc), so that user-entered data auto-magically persists and is populated across newly rendered HTML, and so that current selections of displayed database records are cached and do not need to be looked up again after every operation.

The data is by "typically" stored on client side as base64-encoded, hidden POST form field. By default, the field is protected from tampering by being "signed" using SHA1 with machine-specific key and - although not discussed by Microsoft - presumably either target .aspx filename or other file ID parameter.

The ASP.NET's __VIEWSTATE field has been found to be prone to replay attacks as well as denial of service vulnerabilities.

internet Usage in India ??

Looking at the figures in other countries like UK where the tech-savvy people (most of students and shoppers) have crossed the European countries in internet usage, I was wondering where would India rank in terms of people using internet.

Just over 60 per cent of Britons are now making use of the internet. While the UK beat the European average for internet usage, which stands at 47 per cent, it is far behind the Nordic digital leaders – both Iceland and Sweden boast an 82 per cent average.

Any idea what percentage of Indians use internet ?

Friday, November 11, 2005

Information Systems Security Assessment Framework (ISSAF)

I was looking for Security Assessment on Web and came across another Open Community called OISSG (Open Information Systems Security Group).

The ISSAF is OISSG's flagship project. It is an effort to develop an end-to-end framework for security assessment. The ISSAF aims to provide a single point of reference for professionals involved in security assessment; it reflects and addresses the practical issues of security assessment.

Being a member of OWASP Mumbai, I decided to participate in OISSG also. And I am looking forward to contribute at my best.


Thursday, November 10, 2005

Password hash lookup

Came across this site:

Rainbow Crack provide access to a huge db of hashes to common encryption and protocol functions (e.g. MD5, LANMAN etc) allowing the quicker retrival of plain text from hash values.

Im not too sure of its viability as a business model but what it does illustrate is the importance of salting hash values and considering 2 factor authentication.

Wednesday, November 09, 2005

Alas !! The Creation of Smart Security Blog

Finally, the creation of my new blog called "smartsecurity".
Hope to get it up soon...