Wednesday, May 31, 2006

Essential Terminology

  • Threat – An action or event that might prejudice security. A threat is a potential violation of security.
  • Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.
  • Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation.
  • Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security.
  • Exploit – A defined way to breach the security of an IT system through vulnerability.

Thursday, May 25, 2006

Email Evolution

  • Business email will grow by 25–30%through 2009
  • Over 60%of email is spam
  • 80%of viruses enter through the email gateway
  • 75%of a company’s Intellectual Property is now contained in email
  • 79%of companies accept email as written confirmation of approvals, orders and other transactions
  • Email is now the de facto document of record for corporate communications

Saturday, May 13, 2006

Is your server blacklisted?? Know here...

This would be a good sign that your server is being used as a relay.

ORDBhttp://www.ordb.orgOpen Relays
SBLhttp://www.spamhaus.orgSpam Sources
XBLhttp://www.spamhaus.orgCompromised Hosts
Sorbs DUHLhttp://www.sorbs.netDynamic IPs
DSBLhttp://www.dsbl.orgInsecure Servers

Friday, May 12, 2006

E-Crime and Hacking

US hacker gets five years in the slammer

A US man has been sentenced to nearly five years in prison after he was found guilty of illegally controlling around 400,000 third party PCs for the purposes of launching malware attacks.

Jeanson James Ancheta, 21, from California, rented out space on this zombie network of compromised machines for the sending of spam and malware, and also for launching denial of service attacks.

Among the machines infected by Ancheta were computers at the US military test base at China Lake in the Mojave Desert. Ancheta was ordered to pay the US Navy $15,000 in damages as well as surrendering $60,000 in proceeds from his crimes.

Ancheta advertised his zombie network - or botnet - on his own website called botz4sale.


Thursday, May 04, 2006

XSS Attacks

There are two ways for users to become infected by XSS attacks.

1) . Users may be either tricked into clicking on a specially crafted link (called a Non-Persistent
Attack) or,

2). User unknowingly visiting a web page embedded with malicious code (also called as a
Persistent Attack). It’s also important to note that a user’s web browser or computer does
not have to be susceptible to any well-known vulnerability.

This means that no amount of patching will help users, and we become solely dependent on a website’s security procedures for online safety.