tag:blogger.com,1999:blog-7436862332086008947.comments2018-12-20T20:37:03.589-08:00InfoSecNirvanaInfoSecNirvanahttp://www.blogger.com/profile/11256155118335356025noreply@blogger.comBlogger38125tag:blogger.com,1999:blog-7436862332086008947.post-54785793061853584742018-12-20T20:37:03.589-08:002018-12-20T20:37:03.589-08:00the information is nice and got more ideas from th...<br />the information is nice and got more ideas from this.im really happy to read this.<br /><a href="https://www.fitaacademy.com/courses/ethical-hacking-course-chennai/" rel="nofollow">hacking classes in chennai</a> <br /><a href="https://www.fita.in/ethical-hacking-course-in-coimbatore/" rel="nofollow">ethical hacking course in coimbatore</a> <br /><a href="https://www.fita.in/ethical-hacking-course-in-bangalore/" rel="nofollow">hacking classes in bangalore</a> velrajhttps://www.blogger.com/profile/10314021258868841067noreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-79689994382327778172015-01-27T07:46:03.939-08:002015-01-27T07:46:03.939-08:00An interesting collection for pentest labs resourc...An interesting collection for pentest labs resources,<br /><br />http://www.amanhardikar.com/mindmaps/Practice.html<br />Sourabhnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-38989290489887350482013-08-31T18:55:05.495-07:002013-08-31T18:55:05.495-07:00PowerShell seems to be invaluable.PowerShell seems to be invaluable.Franknoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-79413293032181030622013-08-30T22:34:21.020-07:002013-08-30T22:34:21.020-07:00Great paper. Looking forward to learning more this...Great paper. Looking forward to learning more this powerful tool.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-87239724404702854632013-07-30T09:38:05.000-07:002013-07-30T09:38:05.000-07:00Good to see you back and look forward to future po...Good to see you back and look forward to future posts on PowerShellRaghavnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-69791156301867870522011-09-01T17:03:13.397-07:002011-09-01T17:03:13.397-07:00Thanks for posting this, what other vulnerable app...Thanks for posting this, what other vulnerable apps do you recommend for vulnerability testing?Vishalnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-88882880287455969312010-11-06T08:01:06.275-07:002010-11-06T08:01:06.275-07:00Read the below article
http://www.storefrontbackt...Read the below article<br /><br />http://www.storefrontbacktalk.com/securityfraud/pci-2-0-or-1-2the-choice-is-yours-for-now/ - Dates on PCI implementationAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-43511351584797201062010-11-05T00:07:33.204-07:002010-11-05T00:07:33.204-07:00Thanks for the heads up, when does this go active?...Thanks for the heads up, when does this go active?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-53996962766018307102010-10-12T06:37:27.307-07:002010-10-12T06:37:27.307-07:00BitDefender has a free tool that removes the Stuxn...BitDefender has a free tool that removes the Stuxnet malware. It can be downloaded from <br />http://www.malwarecity.com/blog/bitdefender-offers-free-removal-tool-for-stuxnet-902.htmlAnandnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-31465415432167893432010-10-07T01:33:51.879-07:002010-10-07T01:33:51.879-07:00Your recommendations are on the money. One of the ...Your recommendations are on the money. One of the most important aspect organizations don't do is "identify where the data is". If you don't do that rest of the controls are useless.Stevennoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-38700962252504564672010-07-04T18:43:30.124-07:002010-07-04T18:43:30.124-07:00Thanks for sharing this, your analysis is spot on....Thanks for sharing this, your analysis is spot on. <br /><br />I used this as awareness material and sent it to our senior management.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-49364761362027006262010-06-28T21:07:39.618-07:002010-06-28T21:07:39.618-07:00Nice analysis. Many organizations are still in the...Nice analysis. Many organizations are still in the infancy period, such sanctions will give the program a boost.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-80908266556431025172010-06-13T03:31:47.782-07:002010-06-13T03:31:47.782-07:00My company is looking to move some of the applicat...My company is looking to move some of the applications to the cloud, your checklist was very useful and helped remove some of the bad vendors.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-83253656795199400102010-06-07T20:31:49.352-07:002010-06-07T20:31:49.352-07:00Your essay was excellent, I look forward to more o...Your essay was excellent, I look forward to more on this area.Deepannoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-383265018949718392010-06-07T00:23:50.575-07:002010-06-07T00:23:50.575-07:00I did not see the "three part series" ea...I did not see the "three part series" earlier. It provided excellent information on what to check. Many organizations select providers without asking these questions and they end up suffering later on.Ashishnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-46259950108265647072010-05-02T21:23:27.290-07:002010-05-02T21:23:27.290-07:00I agree with you. Regulation is the only way to cl...I agree with you. Regulation is the only way to clean-up this mess. Just like SOX, it is time to come up with good legislations to protect the privacy of individuals.Rajeshnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-86501218905670485412010-04-25T19:45:32.640-07:002010-04-25T19:45:32.640-07:00Hi - you left a comment on my blog that you wanted...Hi - you left a comment on my blog that you wanted my slides and to get more info - but you didn't leave any contact info!<br /><br />Email me directly at RafalQHPXcom please. (Q = @, X = .)<br /><br />Please don't publish...Rafal Loshttps://www.blogger.com/profile/18106347834259269413noreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-37055920448562515652010-03-30T21:26:48.756-07:002010-03-30T21:26:48.756-07:00Nice work, gave us lot of insight into these new a...Nice work, gave us lot of insight into these new attacks, looks like there is nothing much we can do.Arunnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-72169954266710370512010-03-04T19:47:29.702-08:002010-03-04T19:47:29.702-08:00@Jason, Yes, you are correct. Even though this is ...@Jason, Yes, you are correct. Even though this is a big deal for SMEs, most larger financial institutions have these requirements in place for a while no, so it should not really affect themInfoSecNirvanahttps://www.blogger.com/profile/11256155118335356025noreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-62491229312510777272010-03-04T19:43:41.499-08:002010-03-04T19:43:41.499-08:00@Anon - There are many regulatory requirements spe...@Anon - There are many regulatory requirements specific to states, for a detailed listing check the below link.<br /><br />State breach laws http://www.privacyguidance.com/files/USStateandTerritoriesBreachNotificationLaws032209.pdfInfoSecNirvanahttps://www.blogger.com/profile/11256155118335356025noreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-60621149092633784242010-03-04T17:21:11.617-08:002010-03-04T17:21:11.617-08:00Good post… there is another take on the Mass 201 l...Good post… there is another take on the Mass 201 law here: http://blog.maas360.com/massLaw<br /><br />… wondering if this will become a trend?Jasonhttp://www.maas360.comnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-91024621913277452532010-02-28T03:30:33.421-08:002010-02-28T03:30:33.421-08:00Thanks for the insight, what are some of the recen...Thanks for the insight, what are some of the recent changes that businesses that operate in US should worry aboutAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-54433766319696051752010-01-26T00:25:12.923-08:002010-01-26T00:25:12.923-08:00Virtualization is a whole different topic, even th...Virtualization is a whole different topic, even though cloud computing usually involved virtualization. I will cover that topic in the futureInfoSecNirvanahttps://www.blogger.com/profile/11256155118335356025noreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-30823876164994156892010-01-23T01:12:03.122-08:002010-01-23T01:12:03.122-08:00@Anoop,
There are multiple things organizations c...@Anoop,<br /><br />There are multiple things organizations can do.<br /><br />Actionable intelligence gathering <br />User awareness and education<br />Traffic monitoring and anomaly detection and prevention<br />Check my earlier post http://infosecnirvana.blogspot.com/2009/05/mcafee-threat-report.html, if your organization can afford to completely block IP ranges from a specific country, do it.<br />In the Microsoft advisory, they have mentioned the following<br /><br />"an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site" -- Reason for strong filtering and spam control<br /><br />"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights" -- Reason for enforcing least privilegeInfoSecNirvanahttps://www.blogger.com/profile/11256155118335356025noreply@blogger.comtag:blogger.com,1999:blog-7436862332086008947.post-69611580675601149242010-01-17T05:57:03.520-08:002010-01-17T05:57:03.520-08:00According to you what specific actions can be take...According to you what specific actions can be taken to avoid this type of attacksAnoopnoreply@blogger.com