More than half – 59 per cent – of US workers made redundant or who left their job in 2008 admitted swiping confidential corporate data, such as customer list, before they left, a new study claims. Read more »

Microsoft’s periodically revamped CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) has been broken, yet again in spite of it’s continued efforts towards protecting it. This is the latest in a series of ‘break-ins’ which started in early 2008 and has affected major service providers including Google & Yahoo.  Read more »

IT risk is gaining increased attention from executive management, stakeholders and regulators alike. The COBIT framework provides a generally accepted framework for IT but this does not deal with risk management in a comprehensive manner. The ITGI has now remedied this gap with their latest initiative-a framework for IT related risk management. Read more »

A buffer overflow, or buffer overrun, occurs when a program or processattempts to store data beyond the boundaries of a fixed-length buffer (which is a temporary data storage area). Read more »

MITRE Corp. and The SANS Institute, participants in what’s called the Common Weakness Enumeration (CWE) project organized by the U.S. Department of Homeland Security’s National Cybersecurity Division, have come out with a list of Top 25 Programming Errors in Software. Read more »

Mission Impossible !!

 
With only 100 compromised ATM cards thieves were able to grab $9 million from ATMs in a new style of attack in just under 30 minutes. Law enforcement sources have told that it’s one of the most frightening well-coordinated heists they’ve ever seen.

From the news that have come in till now, the flow of events is presumed to be as follows. Read more »

While there have been scores of IT related security incidents and this is definitely not going to be the last, the Heartland Payment Systems incident is noteworthy for the fact that the company in question was PCI compliant. While we have been seeing security certifications such as ISO27001, PCI being introduced and implemented across industry, a key question that rarely gets addressed is the absorption of IT Security initiatives within the organization. No compliance can help when importance of IT Security is not understood. At the end of the day compliance to all security standards is only illusory, reality may be far behind. Read more »

The audit of OS Security involves different phases from logging into the system and seeing the values on the system to running a few commands / tools to find these values. In this blog article, we will be looking at how to go about an audit of OS Security. Read more »