A recent ruling by consumer court in Mumbai, India has held the bank responsible if it has not complied with regulations and the account holders money is fraudently transferred. Read more »

Recent Phishing Scams
Over the last few months, financial institutions have seen a varying profile of phishing attacks. Two interesting instances are reproduced below Read more »

The use of smart phones to access sensitive corporate information away from the office is creating huge security gaps for enterprises. Smart phones are being used to access company mails and applications. Atleast one major breach involving theft of application code has been attributed to malware from smart phones. So how do we benefit from the technology while addressing the risks Read more »

As we begin a new year, I thought it would be a good time to reflect upon some major information security breaches of 2009.   The list of the organizations involved makes this list very  interesting. What makes this list even more interesting is the analysis of the  breach- which indicates that the incidents could have been averted by adopting some fundamental security best practices.

Read more »

Cloud Security
(This is an extract from the original article appearing in Information Week)

The benefits of cloud computing make it hard to resist for both big and small businesses. However security in the cloud is still a stumbling block for most organisation in considering the adoption of cloud computing.

Read more »

In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine from a completely “off” state. The attack relies on the data retention property of DRAM and SRAM to retrieve memory contents which remain readable in the seconds to minutes after power has been removed.

Payment Card Industry (PCI) – Data Security Standard is standard set based on a consensus based process led by 5 major credit card companies. It is not a government enforced standard and compliance is enforced by the credit companies.

Non-compliance results in higher fees and severe fines in the event of breach. All merchants and service providers collecting and processing credit card transactions are required to comply with the PCI-DSS. Version 1.2 of the standard was released in October 2008.

Section 6.6 of the PCI-DSS requires that for all public-facing applications, new threats and vulnerabilities should be addressed on an on-going basis and ensure that the applications are protected against know attacks.

Read more »

Botnets are suddenly in the news for all the wrong reasons. What are botnets and why are they in the news?

Read more »

Cloud computing is getting tons of press these days. Big names such as IBM , Amazon are already in the market with service offerings.So what exactly is cloud computing and how does it work.

Read more »

A new study released by the Ponemon Institute reveals that there is a general lack of awareness and enforcement of computer security policies at many companies.  The rate of non-compliant employee behavior appears to be getting worse over time. Read more »