DDOS: Turn your Toaster Off!

Most of you are already aware of the fact that half of the internet went down (or slow), when a 'bad-hackers' group weaponized 'millions of insecure IOT devices' to attack a DNS provider. Personally from my browsing habits, I was largely effected by Twitter being dramatically slow while other sites

NodeJS URL Shortener

Recently I wrote an article on Ghost blog integration with a URL shortener (the dirty way). This is in sequence to it but with custom URL shortener running on my own machine. While most of this code is shared from codebyte article, I have enhanced it to serve two purposes,

Ghost Blog Image Alignment

Its around 2:00 AM, and before I call it a day (a long day), I thought to post a quick blog on custom image alignment in Ghost Blog Platform. Without further ado, as of Sep, 2016 Ghost doesn't support custom image alignments and ruling. It means all images in

Ghost Blog and custom URL Shortening

It's been 2 years and Ghost Blogging Platform is doing well and the downloads are going up. Kudos to the team. While the platform is doing good, we are miles from reaching the point where we have apps, plugins and smooth migrations/ customisation etc. And in this blog I would

Target _Blank - The Infamous Issue

This is one of those vulnerabilities which hasn't got enough spotlight, and therefore vendors are still reluctant to fix it. Some of the vendors do not consider this a vulnerability at all. Here via this blog post, I would like to highlight this issue, and also possible workaround(s). What

NIST Digital Auth and Password Rules

Passwords are important and it's no secret that we are bad in finding complex passwords during sign-up processes. The initial idea of OneID, or OAuth is not doing very well for the common user, and therefore people are registering on 100s of websites - commercial, social networks, banks etc. without

Linux TCP ACK Issue (Part 1)

A flaw in the Linux kernel used since late 2012 allows adversaries to inject malicious traffic, without MITM. In a Wednesday presentation at the USENIX Security Symposium researchers showed that this flaw lies in the Transmission Control Protocol (TCP) used by Linux since late 2012. In their research paper -

Lessons from LinkedIn DB Breach

We are aware that social networking site LinkedIn was breached in June, 2012 and nearly 6 million user credentials were stolen. In May 2016 it's confirmed that nearly 115+ million credentials were stolen, and are now available for sale. So, it's time we revisit what went wrong, and what can

NIST: Cyber Threat Information Sharing

Reference: 800_150_Draft Document Note: This article summarizes the draft paper, and may contain snippet(s) from it. I love you NIST (National Institute of Standards and Technology). I admire the contribution and knowledge available @NIST and we all have gained a lot from these standards. Now, when I

You aid spammers! LION vs. Sheep

It’s 21st century, the year 2014 and we are still on ground zero talking about spam emails and attacks like spear phishing. No matter how stringent your controls are, how much you have invest in your "defense in depth" approach, a single human being of your firm clicking a

Is it Sophisticated Cyber Attack?

These days I have been reading more and more about the sophisticated cyber attacks. There are agencies that report cyber attacks as state of the art – too awesome to detect. But, these news start with a pointer to vectors like "spear phishing" or “social media privacy leak” or plug in

Search

    Your Bio Here
    More Details →

    My Skills

    • Web Design
    • C#
    • jQuery
    • PHP
    • Html5
    • Css3
    • Wordpress
    • Ghost

    Connect Me

    ← Back

    Recent Posts