DDOS: Turn your Toaster Off!

Most of you are already aware of the fact that half of the internet went down (or slow), when a 'bad-hackers' group weaponized 'millions of insecure IOT devices' to attack a DNS provider. Personally from my browsing habits, I was largely effected by Twitter being dramatically slow while other sites felt little sluggish. Anyways, this brings us to a number of question(s), Should I be surprised? I think NO. We knew this sh*t...

NIST: Cyber Threat Information Sharing

Reference: 800_150_Draft Document Note: This article summarizes the draft paper, and may contain snippet(s) from it. I love you NIST (National Institute of Standards and Technology). I admire the contribution and knowledge available @NIST and we all have gained a lot from these standards. Now, when I read the draft on “Cyber Threat Information Sharing” (SP800-150) my first reaction was – Oh good God, finally its here! Its been so long I was...

Is it Sophisticated Cyber Attack?

These days I have been reading more and more about the sophisticated cyber attacks. There are agencies that report cyber attacks as state of the art – too awesome to detect. But, these news start with a pointer to vectors like "spear phishing" or “social media privacy leak” or plug in unknown USB. Now to me, this is weird because I don’t think any of these vectors point to “sophistication” in my cyber dictionary. Come’...

Cyber Attack! Buckle up

Recently I came across the news of hospital network hacked, 4.5 million records stolen and was shocked. Sometimes I wonder is the offensive toolkit and mindset evolving stronger or is the defensive side withering away. Of all the developers I have interacted with, very few understand the need for security. They always undermine their application and its scalability. If your application or environment is handling ‘any’ records more than 10,000 in numbers – you...

OWASP X – Cheat sheet, not Bible

First of all am sorry to all my readers/ subscribers that I haven’t been active on my blog. I know its been an year now, and the reason was silly enough – I couldn’t get hold of a good blogging client for Mac OS. But now, thanks to Blogo – I am back in business. On my windows box, Live Writer was to my rescue, but since I shifted to Mac, I couldn’t find...

LinkedIn Vulnerability

LinkedIn is a business-oriented social networking site. Founded in December 2002 and launched in May 2003, it is mainly used for professional networking. As of 22 March 2011, LinkedIn reports more than 100 million registered users, spanning more than 200 countries and territories worldwide. There exists multiple vulnerabilities in LinkedIn in which it handles the cookies and transmits them over SSL. This vulnerability if exploited, can result in hijacking of user accounts, and/or modifying...