Separating Fact from Fiction – The realities of Cyber War
By Don Eijndhoven
Cyber War. Two words that you’ll have heard in the news a few times by now. You’ll have heard it more and more over the last year or so. Maybe two or three years if you’ve been halfway interested or happened to be browsing on IT websites that cover cyber warfare. Especially if you’re living in the US, you’ll have heard some pretty fear-inducing stories. And not by just anybody; Richard Clarke himself has said that a Cyber War is the next big threat to national security. He was, of course, referring to the national security of the US, but his critique certainly holds water for other modernized nations. What may be surprising is that he was absolutely right, even though he may be understood poorly.
By Don Eijndhoven
Cyber War. Two words that you’ll have heard in the news a few times by now. You’ll have heard it more and more over the last year or so. Maybe two or three years if you’ve been halfway interested or happened to be browsing on IT websites that cover cyber warfare. Especially if you’re living in the US, you’ll have heard some pretty fear-inducing stories. And not by just anybody; Richard Clarke himself has said that a Cyber War is the next big threat to national security. He was, of course, referring to the national security of the US, but his critique certainly holds water for other modernized nations. What may be surprising is that he was absolutely right, even though he may be understood poorly.
Multifactor Authentication – A Requirement for the 21st Century
By Robert Keeler
Logon credentials as the only method of granting access to today’s valuable data is far from an acceptable 21st century solution. There is no doubt that the lack of serious authentication for the last decade has created much of the opportunity for the theft of information which has led to identity theft becoming an epidemic. Other than granting initial access, there is no monitoring of a user’s true identity during transaction processing online. There is no forced logout when the user has completed their task. There is no security when Man-in-the-middle attacks can easily penetrate the weaknesses of simple logon credentials being the primary access control to vasts amounts of data.
By Robert Keeler
Logon credentials as the only method of granting access to today’s valuable data is far from an acceptable 21st century solution. There is no doubt that the lack of serious authentication for the last decade has created much of the opportunity for the theft of information which has led to identity theft becoming an epidemic. Other than granting initial access, there is no monitoring of a user’s true identity during transaction processing online. There is no forced logout when the user has completed their task. There is no security when Man-in-the-middle attacks can easily penetrate the weaknesses of simple logon credentials being the primary access control to vasts amounts of data.
Regulatory Compliance under the Indian Cyber Laws
by Sagar Rahurkar
The Information Technology Act, 2000 (IT Act) is the primary law in India governing “cyberspace”. It is in force from 17th October, 2000 and IT (amended) Act, 2008 is in force from 27th October, 2009 making significant changes in the original Act. Amendments for the first times have introduced the concept of “Regulatory compliance” under the law for the protection of “Sensitive personal information”.
by Sagar Rahurkar
The Information Technology Act, 2000 (IT Act) is the primary law in India governing “cyberspace”. It is in force from 17th October, 2000 and IT (amended) Act, 2008 is in force from 27th October, 2009 making significant changes in the original Act. Amendments for the first times have introduced the concept of “Regulatory compliance” under the law for the protection of “Sensitive personal information”.
Ride the Dragon: Testing the Desktop by adopting criminal tools and strategies
by Stefano MacGalia
A usual Pen Testing engagement limits its perimeter of action to exploit specific vulnerabilities identified during phases and, by collecting the results, it ends with a positive or negative occurrence that will be included in the final report by the tester.
This means that, by the Customer point of view, in case of a positive result: the presence and exploitability of a specific weakness, the corrective action will be suggested and probably enforced lately.
by Stefano MacGalia
A usual Pen Testing engagement limits its perimeter of action to exploit specific vulnerabilities identified during phases and, by collecting the results, it ends with a positive or negative occurrence that will be included in the final report by the tester.
This means that, by the Customer point of view, in case of a positive result: the presence and exploitability of a specific weakness, the corrective action will be suggested and probably enforced lately.
Social Engineering
by Falgun Rathod
by Falgun Rathod
What if someone ask you for a Password Will you give it? Yes / No You will say Obviously No but this is What I call Social Engineering. According to Wiki “Social Engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.”Social Engineering is not a new thing at all it’s the art of lie and to get confidential information to access/Hacked into System.
Benefits of Attribution
by Sayngeun Phouamkha
A good friend by the name of “J” once told me in my very early stages of learning IT Security that, ” The enemy of my enemy is my scapegoat.” Of course knowing nothing of IT Security or the different arenas/specialties of which this field encompasses I had to have him explain in depth and in very non-IT Security terms exactly what that meant and why it was important to know in this line of work.
by Sayngeun Phouamkha
A good friend by the name of “J” once told me in my very early stages of learning IT Security that, ” The enemy of my enemy is my scapegoat.” Of course knowing nothing of IT Security or the different arenas/specialties of which this field encompasses I had to have him explain in depth and in very non-IT Security terms exactly what that meant and why it was important to know in this line of work.
Attacking POS: history, technique and a look to the future
When we talk about credit and debit card we should remember that this kind of payment was think and launched after the second war from American Express and the card as we know with magstripe was introduced in the market from 1979. Since the beginning of the ’90 years we’ve seen an increase in card fraud, before using the ATM terminals and subsequently affecting the Point of sale terminals (POS). Before talk about fraud we will try to understand how is composed a credit or debit card.
Click Here to Download - https://www.owasp.org/images/7/7b/PENTESTMAG2.pdf
