Tuesday, November 29, 2005

What is Blogging ?


Well many people asked me of what is this blogging all about...
And this is how I can define for you all...
Comments are always welcome..!!

A blog is essentially a web application which contains periodic posts on a common webpage.
Blogging combines a personal web page with tools to allow comments to be left and to make linking to other pages and blogs and ‘trackbacks’ – a system that allows a blogger to see who has seen the original post and has written another entry concerning it.

Monday, November 28, 2005

Failure to comply W3C...


The vast majority of public service websites in Europe are failing to meet international e-accessibility standards.

That's according to a report released by the UK EU presidency, which shows that a mere three per cent of public service websites are fully meeting the terms of the minimum accessibility requirements as stated by World Wide Web Consortium (W3C) guidelines.

Most of the websites fell down in the area of providing suitable text alternatives for images on their sites, with a large number of websites also failing to fully explain the relationship between frames on a website.

Seems, there is a trade-off somewhere ...


ISSAF Draft o.2 to be released soon...

HI All folks,

As a part of ISSAF, it's nice to tell you all that the ISSAF (Information System Security Assessment Framework) Draft 0.2 will be available to you soon.

Watch out at http://www.oissg.org

My contribution includes the Web Application Security Assessments....:)



Friday, November 25, 2005

Free Software Foundation to take Gates to task...

The Free Software Foundation Europe (FSFE) has filed a request with the European Union asking to get involved in an EU antitrust suit against Microsoft.

The Linux and Samba developer group has filed its request for leave to intervene in the case saying Microsoft's fiscal might is skewing the fight unfairly.

Georg Greve, president of FSFE, said in a statement: "The more Microsoft is able to purchase its opponents' solidarity, the more important FSFE's commitment to freedom and interoperability is."

Conversely, Microsoft has also been lobbying for new supporters in the case, asking big business to intervene on its side. Several opponents of Redmond, including the Computer and Communications Industry Association and Novell, dropped their objections following payouts from Microsoft.

Saturday, November 19, 2005

Friday, November 18, 2005

New Sober Virus

There are at least three new variants of the Sober worm spreading across the internet via email messages. The viruses are activated once a user clicks on an infected attachment.

Sober can hijack a Windows-based computer and force it to send spam emails. The continuous emailing can lead to overloaded servers and reduced network performance.

Wednesday, November 16, 2005

Free desktop apps from Microsoft

Microsoft is planning to to offer free, ad-supported versions of some of its desktop products.

Does it it make sense to release ad-supported versions of products such as Works, Money, or even the Windows operating system itself ?

Tuesday, November 15, 2005

Google Analytics

To track user behaviour to determine which features keep visitors on the site and which ones make them click away

Google Inc. plans to give away a set of analytic tools allowing Web developers, administrators and advertisers to fine-tune their sites including advertising.

The tools are intended to address a key aspect of successful Web sites, which is the ability to track user behaviour to determine which features keep visitors on the site and which ones make them click away.

Monday, November 14, 2005

Apple versus Microsoft

Running Microsoft Vista Beta 2, if I launch the QuickTime player, all applications running on the system lost their glass effect until I quit QuickTime.

Guess would be spite on the part of Steve Jobs...


ASP.NET's extremely popular __VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" (including form fields, database views, etc), so that user-entered data auto-magically persists and is populated across newly rendered HTML, and so that current selections of displayed database records are cached and do not need to be looked up again after every operation.

The data is by "typically" stored on client side as base64-encoded, hidden POST form field. By default, the field is protected from tampering by being "signed" using SHA1 with machine-specific key and - although not discussed by Microsoft - presumably either target .aspx filename or other file ID parameter.

The ASP.NET's __VIEWSTATE field has been found to be prone to replay attacks as well as denial of service vulnerabilities.

internet Usage in India ??

Looking at the figures in other countries like UK where the tech-savvy people (most of students and shoppers) have crossed the European countries in internet usage, I was wondering where would India rank in terms of people using internet.

Just over 60 per cent of Britons are now making use of the internet. While the UK beat the European average for internet usage, which stands at 47 per cent, it is far behind the Nordic digital leaders – both Iceland and Sweden boast an 82 per cent average.

Any idea what percentage of Indians use internet ?

Friday, November 11, 2005

Information Systems Security Assessment Framework (ISSAF)

I was looking for Security Assessment on Web and came across another Open Community called OISSG (Open Information Systems Security Group).

The ISSAF is OISSG's flagship project. It is an effort to develop an end-to-end framework for security assessment. The ISSAF aims to provide a single point of reference for professionals involved in security assessment; it reflects and addresses the practical issues of security assessment.

Being a member of OWASP Mumbai, I decided to participate in OISSG also. And I am looking forward to contribute at my best.


Thursday, November 10, 2005

Password hash lookup

Came across this site: http://www.rainbowcrack-online.com

Rainbow Crack provide access to a huge db of hashes to common encryption and protocol functions (e.g. MD5, LANMAN etc) allowing the quicker retrival of plain text from hash values.

Im not too sure of its viability as a business model but what it does illustrate is the importance of salting hash values and considering 2 factor authentication.

Wednesday, November 09, 2005

Alas !! The Creation of Smart Security Blog

Finally, the creation of my new blog called "smartsecurity".
Hope to get it up soon...