Source: http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
free cloud computing articles free information security free iso 27001:2005 free security articles hypnos infosecurity
Sunday, 8 May 2011
Saturday, 7 May 2011
Intel Israel To Produce Ivy Bridge Processors
Intel Israel Ltd. will be the one producing the corporation?s new Ivy Bridge processor, even though Intel Israel did not develop the technology. The company's Fab 28 in Kiryat Gat will be one of Intel's two Fabs to produce the processor. Intel spent $2.7 billion to upgrade Fab 28 to 22-nanometer production technology.
Source: http://article-a-day.com/business/74-intel-israel-to-produce-ivy-bridge-processors.html
free cloud computing free cloud computing articles free information security free iso 27001:2005 free security articles
Introduction To ISMS (ISO 27001:2005)
According to ISO 27002:2005 ?information is an asset which like any other important business assets has value to an organization and consequently needs to be suitably protected?. Information is volatile and because of this information can be published, destroyed, lost, blogged or posted on websites, stored or archived, transmitted electronically or physically or verbally.
Information security can be defined as the quality or state of information to be secure and free from danger. In other words information security is a means of protecting information and information systems from ?unauthorized? recording, access, modification, inspection, perusal, use, destruction or disclosure.
Information security can be defined as the quality or state of information to be secure and free from danger. In other words information security is a means of protecting information and information systems from ?unauthorized? recording, access, modification, inspection, perusal, use, destruction or disclosure.
Source: http://article-a-day.com/security/65-introduction-to-isms-iso-270012005.html
hypnos infosecurity isit-audits information security services free cloud computing free cloud computing articles
Friday, 6 May 2011
Thursday, 5 May 2011
http://www.viewfinity.com/Resources/Discover_Desktops.aspx
Tool for finding local admin accounts on boxes
Source: http://www.viewfinity.com/Resources/Discover_Desktops.aspx
isit-audits information security services free cloud computing free cloud computing articles free information security
Wednesday, 4 May 2011
BookmarksList - pentest-bookmarks - Bookmarks List - Open Penetration Testing Bookmarks Collection - Google Project Hosting
Tuesday, 3 May 2011
Google's South Korean Offices Raided Over Data Collection - NYTimes.com
Perhaps Marketing Department should've considered a different business model... these outfits are built on the premise that users will be accepting of tracking every one of our movements for the sake of receiving a couple of discounts per week.
Source: http://www.nytimes.com/2011/05/04/technology/04google.html?hpw
free iso 27001:2005 free security articles hypnos infosecurity isit-audits information security services
Monday, 2 May 2011
Thursday, 28 April 2011
Wednesday, 27 April 2011
How to Lower Your Insurance with Better Home Security
Following are a few tips on how to lower your insurance payments by putting in better home security.
Source: http://www.alarmcompanies.net/how-to-lower-your-insurance-with-better-home-security.html
information security services free cloud computing free cloud computing articles free information security free iso 27001:2005
TCHunt: Detect Encrypted TrueCrypt Volumes! ? PenTestIT
TCHunt allows you to search for file with the following attributes:
* The suspect file size modulo 512 must equal zero.
* The suspect file size is at least 19 KB in size (although in practice this is set to 5 MB).
* The suspect file contents pass a chi-square distribution test.
* The suspect file must not contain a common file header.
* The suspect file size modulo 512 must equal zero.
* The suspect file size is at least 19 KB in size (although in practice this is set to 5 MB).
* The suspect file contents pass a chi-square distribution test.
* The suspect file must not contain a common file header.
Source: http://www.pentestit.com/2011/04/27/tchunt-detect-encrypted-truecrypt-volumes/
hypnos infosecurity isit-audits information security services free cloud computing free cloud computing articles
Tuesday, 26 April 2011
Monday, 25 April 2011
cool hacking tricks
learn hacking, iphone hacking ,mobile hacking, facebook account hacking and many more cool hacking tricks
for cool hacking tricks log on to http://hackingcooltricks.blogspot.com/here you can learn cool hacking tricks, computer hacking, mobile hacking, iphone hacking tricks, facebook and gmail account hacking and much more.....If you want to learn hacking or want to become an professional in hacking or an ethical hacker just log on to.....http://hackingcooltricks.blogspot.com/
for cool hacking tricks log on to http://hackingcooltricks.blogspot.com/here you can learn cool hacking tricks, computer hacking, mobile hacking, iphone hacking tricks, facebook and gmail account hacking and much more.....If you want to learn hacking or want to become an professional in hacking or an ethical hacker just log on to.....http://hackingcooltricks.blogspot.com/
Source: http://hackingcooltricks.blogspot.com/
information security services free cloud computing free cloud computing articles free information security free iso 27001:2005
Sunday, 24 April 2011
IT & Internet Security, Hacking and Vulnerability Research, Penetration Testing, Ethical Hacking, Blackhat, Securityfocus, CERT, OSVDB, Secunia
looks like a nice vulnerability management tool - looks like a nice add on reporting and summerization tool to your nessus scans
Source: http://www.hackerstorm.com/
free iso 27001:2005 free security articles hypnos infosecurity isit-audits information security services
Saturday, 23 April 2011
Friday, 22 April 2011
Wednesday, 13 April 2011
Tuesday, 12 April 2011
Monday, 11 April 2011
HackMyCF - ColdFusion Server Security Scanning Service
Coldfusion CF consulting and online scan tool
Source: https://foundeo.com/hack-my-cf/
free security articles hypnos infosecurity isit-audits information security services free cloud computing
WhatWeb
Identify what websites are running.
Source: http://www.morningstarsecurity.com/research/whatweb
free information security free iso 27001:2005 free security articles hypnos infosecurity isit-audits
Sunday, 10 April 2011
Eye on: PCI DSS compliance
SearchSecurity.com's new "Eye on" series examines a security topic each month. In March, the series explores the role PCI DSS has played in shaping the security industry.
Source: http://www.pheedcontent.com/click.phdo?i=eb47562fd320d155746f22bc523a3c9c
careers at hypnos infosecurity hypnos infosecurity downloads cyber crime news malware news exploits and vulnerability news
McAfee strikes first deal under Intel for database monitoring software
The security giant is expanding into the database security market, announcing its intention to acquire Sentrigo. The terms of the deal were not released.
Source: http://www.pheedcontent.com/click.phdo?i=fa9d3619d2c105aa1cb7ad24272ef4e2
trainings we at hypnos corporate trainings academic trainings security awareness trainings
Saturday, 9 April 2011
Wrap Firefox in a Cocoon of privacy
Web browsers are ground zero for Internet security threats, and the debate over responsibility for preventing those threats has resulted in a Gordian knot. The people behind the new add-on for Firefox called Cocoon (download) want to cut through debate by serving the entire Web to you via proxy. (Cocoon is also available at GetCocoon.com.)
Made by Santa Barbara, Calif., start-up Virtual World Computing, Cocoon's goal is to put the Internet on a server to prevent individual users from having to touch it, Cocoon Chief Executive Officer and co-founder Jeff Bermant said in an interview today at CNET's San Francisco offices. The add-on, which has about 4,000 users since it entered into private beta 18 months ago, creates a safe state in which the user can browse the Internet by forcing all interactions between the computer in front of you and the Internet to occur over protected SSL connections to Cocoon's servers. Those servers, in turn, are guarded by Security-Enhanced Linux, which was developed by the United States' National Security Agency.
Cocoon opened its beta to the public in January of this year. Cocoon installs as a toolbar just below the location bar in Firefox 4, although the add-on supports the browser back to Firefox 3.6. You can turn it on or off using the universal power button icon on the left of the toolbar, or "pause" Cocoon lock/unlock button that's next to it. Settings are available from a hard-to-see drop-down arrow just next to the lock button.
Made by Santa Barbara, Calif., start-up Virtual World Computing, Cocoon's goal is to put the Internet on a server to prevent individual users from having to touch it, Cocoon Chief Executive Officer and co-founder Jeff Bermant said in an interview today at CNET's San Francisco offices. The add-on, which has about 4,000 users since it entered into private beta 18 months ago, creates a safe state in which the user can browse the Internet by forcing all interactions between the computer in front of you and the Internet to occur over protected SSL connections to Cocoon's servers. Those servers, in turn, are guarded by Security-Enhanced Linux, which was developed by the United States' National Security Agency.
Cocoon opened its beta to the public in January of this year. Cocoon installs as a toolbar just below the location bar in Firefox 4, although the add-on supports the browser back to Firefox 3.6. You can turn it on or off using the universal power button icon on the left of the toolbar, or "pause" Cocoon lock/unlock button that's next to it. Settings are available from a hard-to-see drop-down arrow just next to the lock button.
Source: http://www.hackinthebox.org/index.php?name=News&file=article&sid=40823
vulnerability assessments network analysis code review trainings corporate trainings
First Line of Defense for Web Applications ? Part 5
First of all folks, my apologies for this delayed post. I have been traveling and busy doing a very interesting Threat Modeling exercise. But i am back & Lets cover some other validation bloopers -
SQL injection
| Weak Validation Examples | Code Snippets |
| a) Replacing single Quotes to double quotes | Sample.aspx.cs catergoryID=Request.QueryString(id); SqlCommand myCommand = new SqlCommand("SELECT * FROM Products WHERE CategoryID = " + SanitizeSQL(categoryID) +", myConnection); public static string SanitizeSQL(string strSQL) { Return ( strSQL.Replace("'","''") ); } |
| Exploit code to bypass this validation | Validation function is assuming that the user will only enter single quote to SQL inject. But this is not the case. For example: Unexpected : 21; Delete from Products where ProductID = 102-- |
| Recommendation |
e.g int id; try { id = int.Parse(Request.Form(?userinput?)); } catch (Exception ex) { return; } 2. Use parameterized SQL. |
| Weak Validation in Active X | Explanation |
| Safe for scripting | A control that is marked safe for scripting can be scripted not only by the Web page author who uses it, but by other Web sites on the Internet as well. It gives ability to other Web page authors to reuse the control for malicious purposes. |
| Exploit code to bypass | ActiveX controls can be hosted by scripting environments and driven by script. In some hosts, such as Microsoft� Internet Explorer, the script can come from an unknown and possibly untrusted source. A control can be initialized by data from an arbitrary interface. This interface could come from either a local or a remote Uniform Resource Locator (URL). This is a potential security hazard because the data could come from an untrusted source. |
| Recommendation | The SiteLock template enables you to restrict access so that the control is only deemed safe in a predetermined list of domains. SiteLock automatically queries for the URL where the control is hosted, extracts the Uniform Resource Identifier (URI) type and domain name from that URL, and compares the URI to a list to see if the site should be trusted. The developer creates the list at build time. e.g : const CYourObject::SiteList CYourObject::rgslTrustedSites[2] = {{ SiteList::Deny, L?http?, L?users.microsoft.com? }, { SiteList::Allow, L?http?, L?microsoft.com? }, Again, it is recommended to use the white list approach here, not the black list approach; Define all sites that are allowed to initiate the control rather than listing out sites which should be denied. |
Implementing Client side validation
Implementing client side validation is good as long as you have server side validation controls in place as well. If you only reply on client side validation, your application is wide open for attacks.
To bypass client side validations, an attacker can:
o Switch off Java script in browsers. Since the browser does not execute any scripts, all script based validations on client end will fail.
o Use HTTP debugging proxy software?s to fiddle with the incoming responses and outgoing requests. Tools like Fiddler can do this seamlessly.
o Use SOAPTool like tools to bypass the thick /smart client?s altogether and send malicious data to the back end web services. All thick client based validations will no longer be in effect.
However, there is no technological restriction enforced to limit which client can communicate with a server, or vice versa; such restrictions are either unrealistic or not possible. Tools like Fiddler, TamperIE, etc make it possible to edit requests and responses between a client and server or to play back a client request or server response. These proxy tools can even alter packets and send data that the vendor?s software would never send.
Keep it Secure.
Anmol Malhotra
Senior Security Consultant
ACE Services
hypnos infosecurity mission hypnos infosecurity team careers at hypnos infosecurity hypnos infosecurity downloads cyber crime news
Tuesday, 5 April 2011
Friday, 1 April 2011
Is Google Being Anal about Android OS?
Is Google becoming more Apple-like as it asks for prior approval for Android software tweaks?
Source: http://feeds.pcworld.com/click.phdo?i=72f6a49429407696cfefeca25e9f380f
google circles pen-testing ahmedabad security security awareness training information systems
MLB Releases IPhone, IPad App Updates
Major League Baseball Advanced Media released updates to its mobile apps late Wednesday, adding some major features to its iPad and iPhone editions and also...
Source: http://feeds.pcworld.com/click.phdo?i=60a1a535fc2f690600ea8b2bcf65c37b
Thursday, 31 March 2011
Google Building Fiber Network in Sprint's Backyard
Sprint and Google are apparently going to working more closely together in more ways than one.
Source: http://feeds.pcworld.com/click.phdo?i=305629abfea37c2b43cc1cbb32d6fae2
Mobile Battles Take PC Founding Father Back to Early Wars
One of the founding fathers of the original IBM PC, Mark Dean, says competition in the smartphone and tablet markets today is as wild as the early microcomputer...
Source: http://feeds.pcworld.com/click.phdo?i=eea08c4b808adfda4c1ab49a01b47b8a
web application security network analysis web site testing web application testing about hypnos infosecurity
Wednesday, 30 March 2011
Telcos Advise EU Regulators on Fiber Networks Rollout
European regulators should focus on making the economics work for fiber roll-out and avoid political deals with dominant firms, say telecommunications companies...
Source: http://feeds.pcworld.com/click.phdo?i=8a8a78e2fe538a819ef645d99ab1ff4b
protocol analysis packet analysis network design network security training web site security
Subscribe to:
Posts (Atom)