WiFi Protected Setup PIN brute force vulnerability

December 30th, 2011 < by Thangam Prakash > IT Security | No Comments »

US-Cert has put out a vulnerability note during December 2011 regarding a brute force attack against wireless routers. The vulnerability was first discovered by Stefan Viehböck and was subsequently independently reported by Craig Heffner. Craig and his team have now released their tool “Reaver” over at Google Code which helps with the brute force attacks.

Top 8 Security Predictions for 2012 by Fortinet

December 21st, 2011 < by Mahesh Balan > Information Technology, IT Security | No Comments »

Fortinet – a worldwide provider of network security appliances and the market leader in unified threat management (UTM) – has forecasted following eight threats that they consider to be the most damaging / dangerous in 2012.

Tech Terminology Demystified – ‘Forward-Secrecy’

December 21st, 2011 < by kannan > Uncategorized, website security | No Comments »

If a private key is compromised by the man-in-the middle attacker he can decrypt the messages using the private key. The worst part is if he has recorded the previous conversations he can break that also using this private key. This can be prevented by the Forward-Secrecy technique. Read more »

Wireless session hijacking using Droidsheep

December 8th, 2011 < by vinothkumar > Network Security | No Comments »

It is similar to Firesheep or Faceniff, one-click session hijacking using your android smartphone or tablet computer. Read more »

Web security threats to a business

December 8th, 2011 < by kalyani > website security | No Comments »

Businesses are exposed to various web security threats. Here we list some of the major threats that every organisation should be wary of and take pre-emptive steps to protect end users. Read more »

Saved passwords in browsers; Are they secure?

December 4th, 2011 < by vinothkumar > website security | 1 Comment »

Many famous browsers like Google chrome, FF (Firefox), etc provide the option to “remember password “option for its users to save the password. Read more »

Underground call-centre for identity theft uncovered by security researchers

December 1st, 2011 < by Suresh Rangarajan > IT Security, IT Security Frauds, Uncategorized | No Comments »

Fraud is a business too and as can be seen from this article, cybercriminals are now outsourcing work to underground call centers to obtain information using social engineering skills.
Read more »

Tech Terminology Demystified – Duqu Trojan

November 28th, 2011 < by Mahesh Balan > Information Technology | No Comments »

Duqu is a Remote Access Trojan designed to steal data from computers it infects.

Duqu seems to have been designed to steal information from vendors of industrial control systems. It is an intelligence gathering agent.
Read more »

Click Jacking – Hijacking the Click

November 25th, 2011 < by kannan > website security | No Comments »

Click jacking is used by an attacker to collect information from user’s clicks. The attacker can do any type of things by launching this type of attack for example taking control of users microphone, webcam, adjusting the user’s computer settings, sending the user to Web sites that might have malicious code. Read more »

Can our Power Supply / Other Utility Systems be hacked?

November 22nd, 2011 < by Mahesh Balan > IT Security | No Comments »

Federal authorities are investigating a hack that resulted in the burnout of a water pump at the Curran-Gardner Township Public Water District in Illinois.

A hacker apparently exploited a supervisory control and data acquisition (SCADA) system that managed the water pump and set the pump to continually turn on and off. Only after the pump failed, earlier this month, did plant operators discover that their systems had been exploited, apparently in September. The attack appeared to have been launched from a server based in Russia.
Read more »

Qadit's SecureITy Zone