Smart Security Shop

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 31 May 2006

Essential Terminology

Posted on 04:36 by Unknown
  • Threat – An action or event that might prejudice security. A threat is a potential violation of security.
  • Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.
  • Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation.
  • Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security.
  • Exploit – A defined way to breach the security of an IT system through vulnerability.
Read More
Posted in Security | No comments

Thursday, 25 May 2006

Email Evolution

Posted on 01:39 by Unknown
  • Business email will grow by 25–30%through 2009
  • Over 60%of email is spam
  • 80%of viruses enter through the email gateway
  • 75%of a company’s Intellectual Property is now contained in email
  • 79%of companies accept email as written confirmation of approvals, orders and other transactions
  • Email is now the de facto document of record for corporate communications
Read More
Posted in | No comments

Saturday, 13 May 2006

Is your server blacklisted?? Know here...

Posted on 03:05 by Unknown
This would be a good sign that your server is being used as a relay.



ORDBhttp://www.ordb.orgOpen Relays
SBLhttp://www.spamhaus.orgSpam Sources
XBLhttp://www.spamhaus.orgCompromised Hosts
Sorbs DUHLhttp://www.sorbs.netDynamic IPs
DSBLhttp://www.dsbl.orgInsecure Servers


Read More
Posted in Security | No comments

Thursday, 11 May 2006

E-Crime and Hacking

Posted on 20:50 by Unknown

US hacker gets five years in the slammer


A US man has been sentenced to nearly five years in prison after he was found guilty of illegally controlling around 400,000 third party PCs for the purposes of launching malware attacks.

Jeanson James Ancheta, 21, from California, rented out space on this zombie network of compromised machines for the sending of spam and malware, and also for launching denial of service attacks.

Among the machines infected by Ancheta were computers at the US military test base at China Lake in the Mojave Desert. Ancheta was ordered to pay the US Navy $15,000 in damages as well as surrendering $60,000 in proceeds from his crimes.

Ancheta advertised his zombie network - or botnet - on his own website called botz4sale.

Read More >>

Read More
Posted in Security | No comments

Wednesday, 3 May 2006

XSS Attacks

Posted on 22:55 by Unknown
There are two ways for users to become infected by XSS attacks.

1) . Users may be either tricked into clicking on a specially crafted link (called a Non-Persistent
Attack) or,

2). User unknowingly visiting a web page embedded with malicious code (also called as a
Persistent Attack). It’s also important to note that a user’s web browser or computer does
not have to be susceptible to any well-known vulnerability.

This means that no amount of patching will help users, and we become solely dependent on a website’s security procedures for online safety.
Read More
Posted in Security | No comments
Newer Posts Older Posts Home
Subscribe to: Posts (Atom)

Popular Posts

  • Registrations for OWASP Mumbai Meet [31st July 15:00hrs]
    Hi All, Everyone is welcome to join us at our next chapter meet to be held on Monday , 31 st of July. Registrations for the eve...
  • Free Web Proxy List
    A web proxy is becoming more and more important in todays internet. Schools and Companys tend to block sites pretty quickly nowadays, especi...
  • How do you use RSA for both authentication and secrecy?
    RSA is based upon public key/private key concept. For authentication one can encrypt the hash (MD5/SHA) of the data with a private key. This...
  • Does the code use MapPath?
    Review code for the use of MapPath. MapPath should be used to map the virtual path in the requested URL to a physical path on the server to ...
  • New Rogue Security Product: Smart Antivirus 2009
    Smart Antivirus 2009 is a new rogue security product and a near clone of AntiSpyware 2008 Smart Antivirus 2009 Home page Typical fake/Scare ...
  • Impersonation without Windows Authentication
    How to Impersonate the Original Caller without Windows Authentication When using non-windows authentication like Certificate Authentication ...
  • Firefox popups
    Firefox popups Like you, I love Firefox for many reasons, including popup blocking. So over the last few weeks I’ve been surprised to see oc...
  • Spam - It also impacts the environment
    McAfee has released The Carbon Footprint of Email Spam Report . The study looks at the global energy expended to create, store, view, and fi...
  • Botnet Attack Details from Kaspersky
    One of the good folks over at Kaspersky Lab, Yury Namestnikov, has written a great white paper about the worldwide botnet “industry.” The st...
  • Can Security be incorporated in the Computer Science & IT courses?
    Attacks on the web systems have become a common place and most of the issues have been attributed to software vulnerabilities. The IT softwa...

Categories

  • Account Lockout
  • Anti-XSS
  • Antivirus
  • Application Security
  • AppSec Conference
  • ASP.NET
  • Attacks
  • Authentication
  • Banks
  • Botnets
  • Break
  • Broadband
  • Browsers
  • Change Management
  • Citibank
  • Clear Text Secrets
  • Computer Performance
  • Computer Security
  • Credit Card
  • Cyber Security
  • Cyber Terrorism and Economy
  • Data Validation
  • Database Security
  • Defragmentation
  • Design
  • Developer Training
  • Development Tools
  • DSS
  • eCrime
  • Education
  • Encryption
  • Ettercap
  • Exchange 2007
  • facebook
  • Frauds
  • Google Hacking
  • Hacking
  • ICICI Bank
  • India Leaders
  • Internet
  • IRCTC
  • Java
  • Legal
  • Live Demo
  • Load Testing
  • Mail Security
  • Malware
  • Mastek
  • Message Security
  • Mobile Security
  • Money Laundering
  • News
  • one time password
  • Online
  • Oracle
  • OWASP
  • PC Errors
  • PCI
  • Performance Testing
  • Phishing
  • Popular Posts
  • Punishment
  • Requirement Engineering
  • Retail
  • Rouge
  • Routers
  • Rugged
  • Security
  • Security Industry
  • Security Management
  • Security Requirements
  • Security Tools
  • Sensitive Data
  • Sniffing
  • Social Networking
  • Software Industry
  • Solutions Community
  • Spams
  • SQL Injection
  • SSL
  • Sudhakar Ram
  • Summer of Code
  • SUN
  • Technology
  • Testing
  • Thick Client Security
  • Third Wave
  • Times of India
  • Typo Squatting
  • UI Security
  • University Programs
  • Virtual Keyboard
  • Virtualization
  • WCF 3.5
  • Web 2.0
  • Web Applications
  • Web Security
  • Web Services
  • WiFi
  • Windows
  • Workshops
  • X.509 Certificates
  • XSS

Blog Archive

  • ►  2011 (5)
    • ►  September (1)
    • ►  July (2)
    • ►  March (2)
  • ►  2010 (5)
    • ►  November (1)
    • ►  June (1)
    • ►  March (1)
    • ►  January (2)
  • ►  2009 (19)
    • ►  December (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (1)
    • ►  July (2)
    • ►  June (2)
    • ►  May (1)
    • ►  April (4)
    • ►  March (2)
    • ►  February (2)
    • ►  January (2)
  • ►  2008 (29)
    • ►  December (7)
    • ►  November (2)
    • ►  September (3)
    • ►  August (1)
    • ►  July (1)
    • ►  June (1)
    • ►  May (2)
    • ►  April (3)
    • ►  March (2)
    • ►  February (3)
    • ►  January (4)
  • ►  2007 (29)
    • ►  December (2)
    • ►  November (3)
    • ►  October (11)
    • ►  September (5)
    • ►  August (2)
    • ►  July (1)
    • ►  June (1)
    • ►  April (1)
    • ►  March (1)
    • ►  February (1)
    • ►  January (1)
  • ▼  2006 (36)
    • ►  December (1)
    • ►  November (3)
    • ►  October (6)
    • ►  September (3)
    • ►  August (4)
    • ►  July (3)
    • ►  June (1)
    • ▼  May (5)
      • Essential Terminology
      • Email Evolution
      • Is your server blacklisted?? Know here...
      • E-Crime and Hacking
      • XSS Attacks
    • ►  April (2)
    • ►  March (4)
    • ►  February (1)
    • ►  January (3)
  • ►  2005 (20)
    • ►  December (6)
    • ►  November (14)
Powered by Blogger.

About Me

Unknown
View my complete profile