Tuesday, October 13, 2009

METASPLOIT UNLEASHED - MASTERING THE FRAMEWORK

A free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals.

Source: http://www.offensive-security.com/metasploit-unleashed/

Need of Social Engineering Tests

Social engineering is an art by which trick the working class or an organization and getting comply with your wishes. The basic goals of social engineering are to get unauthorised access to systems or information in order to commit fraud, industrial espionage, identity theft, or simply to interrupt the system or network.
Social engineering is in essence the practice of obtaining confidential information or coercing people into performing a particular action from users of your network. Social engineering techniques are also used to gain access to premises and other company assets.
'Social Engineering' is a threat, often overlooked but regularly exploited; to take advantage of what has long been considered the 'weakest link' in the security chain of an organization – the 'human factor'.
Everyone should want to be security conscious because not only does the company benefit from being aware, but that mentality will carry over into their personal lives as well, which will help prevent them becoming a victim of identity theft and a number of other crimes.

A company can spend billions of dollars on all kinds of security equipment, but it only takes one person for a company’s security to be compromised.

It is important to be familiar with Social Engineering techniques to reduce the likelihood of success. By having this knowledge, one can ensure appropriate (preventative, detective and corrective) measures are implemented to protect the staff and assets of an organization.

Information Gathering, observing human behavior, Shoulder surfing, Checking the rubbish (Dumpster diving), By acting like an helpless user or by acting like an user from technical support or by acting like an important user, By sending fake mails to get important information like credit card details, phishing, Telephone etc.

A company will obviously have to have a social engineering training plan made to fit the Company’s needs. A great social engineering strategy plan may be short lived if it is not reinforced with occasional mock social engineering attempts or short little tips emailed or posted regularly in a bulletin that everyone receives. Procedures and guidelines should be in place specific to your companies function to minimize the threat of social engineering.
Everyone should want to be security conscious because not only does the company benefit from being aware, but that mentality will carry over into their personal lives as well, which will help prevent them becoming a victim of identity theft and a number of other crimes.
                                                                   - Ratheesh Kannan

Tuesday, October 6, 2009

No Emergency Patch For Latest Windows Exploit

Another reason for Windows users to hate the Microsoft Patch Tuesday policy,

The exploit isn’t 100% reliable but it’s still fairly significant, as it is a critical vulnerability and can be used for code execution.

To read more, click on the link below:

Microsoft Confirms Hotmail Data Posted on Web Site

Thousands of usernames and passwords from hotmail.com, msn.com and live.com accounts were posted on a third-party site (http://pastebin.com), Microsoft has confirmed. The Windows Live Hotmail data leak was not due to a phishing scheme and not a data breach, Microsoft said. The Hotmail users affected appeared to be mostly based in Europe.