Sunday, May 23, 2010

Few links i found worth sharing from the week (Wk.20/2010):

Lot of talk about Metasploit now, after the Metasploit Framework 3.4.0 Release

An exploitable VM for testing Metasploitable

For the Pentester > Quickly gathering logins/emails with theHarvester and Metasploit


You can have a Open Secure Wireless

Well @securosis & @ashimmy are calling out to Infosec bloggers

Is Twitter Making Us Dumb? Bloggers, Please Come Back

Calling all security bloggers, come out, come out where ever you are

Advice: If you dont want to share dont post it > Why I'm not leaving Facebook

Yes, SIEM technologies have improved > Implementing SIEM

Off-topic:

Dell views net-books as a complement, and not a replacement, for laptops & they are right >

I found this Credit Card Concierge Experiment quite amusing

Posted via email from Ramki's posterous

Posted by at No comments:
Labels: , ,

Friday, May 14, 2010

Advice to Govt. of India after the decision to develop their own version of OS & Software

Note: This advice is offered free with no obligations

The Indian government has set in motion an ambitious plan to develop its own software & operating systems after the spurt in cyber attacks on Indian establishments. I think this is a bad idea and being an Indian i thought of contributing.

The Problem is not with the OS or software, it is with the way IT is managed.

Indian government should look at addressing the management of IT; developing a OS (or software) is not the solution. I am sure existing players can do a better job because they have matured their processes over time and it is really a mammoth task.

If i were to address this problem, i would start with this to-do list:

  • Do a risk assessment and then develop a risk management system
  • Develop an security management system or adopt some existing system like ISMS
  • Create a security plan & include specific plans for departments/units
  • Develop security evangelists in government departments
  • Implement technical systems like standard hardening like US Fed's or have special a government build

Posted via email from Ramki's posterous

Posted by at No comments:
Labels: , , , ,

Thursday, May 13, 2010

Hacking "Time"

Who is not fascinated by traveling over time to future or past? this may be possible.

Reason: Time runs at different rates in different places in universe you just have to travel fast almost 186k miles/sec to endup in future

Good article from Stephen Hawking

Posted via email from Ramki's posterous

Posted by at No comments:
Labels: , , ,

Sunday, January 24, 2010

Current high focus area for CISOs should be APT

These APTs has been getting lot of attention recently and reasons why CISOs should focus on this threat now are:

a)      These are essentially a type of targeted attack

b)      And if they miss they reload and fire again till they hit the target

c)       These are “Advanced” meaning  they use publicly available exploits as well as develop custom ones

Draw up action items like; more focus on log analysis and checking out the reason behind the traffic to that  xyz country IP(s) where your company has no business, more aggressive SPAM filtering, etc... And it helps to do things like network pruning and review of your IT policies & procedures

Posted via email from Ramki's posterous

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)