- Threat – An action or event that might prejudice security. A threat is a potential violation of security.
- Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.
- Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation.
- Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security.
- Exploit – A defined way to breach the security of an IT system through vulnerability.
Wednesday, May 31, 2006
Essential Terminology
Thursday, May 25, 2006
Email Evolution
- Business email will grow by 25–30%through 2009
- Over 60%of email is spam
- 80%of viruses enter through the email gateway
- 75%of a company’s Intellectual Property is now contained in email
- 79%of companies accept email as written confirmation of approvals, orders and other transactions
- Email is now the de facto document of record for corporate communications
Saturday, May 13, 2006
Is your server blacklisted?? Know here...
This would be a good sign that your server is being used as a relay.
| ORDB | http://www.ordb.org | Open Relays |
| SBL | http://www.spamhaus.org | Spam Sources |
| XBL | http://www.spamhaus.org | Compromised Hosts |
| Sorbs DUHL | http://www.sorbs.net | Dynamic IPs |
| DSBL | http://www.dsbl.org | Insecure Servers |
Friday, May 12, 2006
E-Crime and Hacking
US hacker gets five years in the slammer
A US man has been sentenced to nearly five years in prison after he was found guilty of illegally controlling around 400,000 third party PCs for the purposes of launching malware attacks.
Jeanson James Ancheta, 21, from California, rented out space on this zombie network of compromised machines for the sending of spam and malware, and also for launching denial of service attacks.
Among the machines infected by Ancheta were computers at the US military test base at China Lake in the Mojave Desert. Ancheta was ordered to pay the US Navy $15,000 in damages as well as surrendering $60,000 in proceeds from his crimes.Ancheta advertised his zombie network - or botnet - on his own website called botz4sale.
Thursday, May 04, 2006
XSS Attacks
There are two ways for users to become infected by XSS attacks.
1) . Users may be either tricked into clicking on a specially crafted link (called a Non-Persistent
Attack) or,
2). User unknowingly visiting a web page embedded with malicious code (also called as a
Persistent Attack). It’s also important to note that a user’s web browser or computer does
not have to be susceptible to any well-known vulnerability.
This means that no amount of patching will help users, and we become solely dependent on a website’s security procedures for online safety.
1) . Users may be either tricked into clicking on a specially crafted link (called a Non-Persistent
Attack) or,
2). User unknowingly visiting a web page embedded with malicious code (also called as a
Persistent Attack). It’s also important to note that a user’s web browser or computer does
not have to be susceptible to any well-known vulnerability.
This means that no amount of patching will help users, and we become solely dependent on a website’s security procedures for online safety.
Subscribe to:
Posts (Atom)