Tuesday, December 30, 2008
The State Bank of India, the country’s largest bank, has had to shut down its corporate website after overseas hackers tried to break in.
While the bank said that transactions took place through www.onlinesbi.com, a senior SBI source said that the transactions were slow as the entire system was under watch.
The country’s largest bank decided to shut down its corporate website www.sbi.co.in on Wednesday evening when hackers blocked some of the pages. The bank also noticed unusually high traffic on its website on Wednesday.
Monday, December 29, 2008
Saturday, December 27, 2008
Well, if you must know, 2008 was a year of tectonic shifts in IT security. The technologies changed, the economy changed, and the role of security changed. Even the people who make the laws about security changed. You could hardly swing a dead server without hitting some major security-shifting event, and most of those events will continue to have repercussions throughout the new year.
If you need somebody to spell it out for you, Darkreading can do it!!!. Let's look more closely at the six words and what they meant for security in the past year on below given link.
Tuesday, December 23, 2008
Thursday, December 18, 2008
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. OWASP team mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. Everyone is free to participate in OWASP and all of OWASP materials are available under a free and open software license.
To download the latest version (V 3.0) of OWASP testing guide click on the below link:-
Fix for my previous blog related to internet explorer has been released
The patch details & download information can be found at :
Wednesday, December 17, 2008
The exploit doesn't require users to click on links or download software from the Internet. Rather, it infects users when they open a Web page. The goal is to steal passwords, according to security experts, gain access to financial data and otherwise steal the victim's identity.
Wednesday, November 19, 2008
The Metasploit Project announced today the free, world-wide availability of version 3.2 of their exploit development and attack framework. The latest version is provided under a true open source software license (BSD) and isbacked by a community-based development team.
Metasploit runs on all modern operating systems, including Linux,Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the iPhone. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.
The latest version of the Metasploit Framework, as well as screen shots, video emonstrations, documentation and installation instructions for many platforms, can be found online at :-
Friday, November 14, 2008
Most articles I’ve read on the topic of social engineering begin with some sort of definition like “the art and science of getting people to comply to your wishes”, “an outside hacker’s use of psychological tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to the system”, or “getting needed information (for example, a password) from a person rather than breaking into a system”. In reality, social engineering can be any and all of these things, depending upon where you sit. The one thing that everyone seems to agree upon is that social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system.
Security is all about trust. Trust in protection and authenticity. Generally agreed upon as the weakest link in the security chain, the natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. Many experienced security experts emphasize this fact. No matter how many articles are published about network holes, patches, and firewalls, we can only reduce the threat so much... and then it’s up to Maggie in accounting or her friend, Will, dialing in from a remote site, to keep the corporate network secured.
I was searching for some information related to social engineering in the net. I found some good interesting social engineering tactics at networkworld.com (A very good site, normally I refer to update myself).Thought of sharing with you guys...
Click on the below link to get an idea of the most prevalent social engineering tricks used by phone, e-mail and Web.
Tuesday, November 11, 2008
Wednesday, November 5, 2008
The conversation, posted on the Internet, ranges from American politics to the perils of hunting with Vice President Dick Cheney, who accidentally shot and injured a hunting companion in 2006.
Comedian Marc-Antoine Audette, masquerading as Sarkozy, suggested he and Palin go hunting together, perhaps by helicopter. Palin said she would be ``a careful shot.''
The McCain campaign confirmed the telephone call. ``C'est la vie,'' said Palin spokeswoman Tracey Schmitt.
Palin was ``mildly amused to learn that she had joined the ranks of heads of state, including President Sarkozy, and other celebrities in being targeted by these pranksters,'' said Schmitt.
Audette asked Palin if Joe the Plumber was her husband, and she replied that, no, her husband was a ``normal American who works hard and doesn't want the government to take his money,'' according to the audio.
Wednesday, October 29, 2008