most security solutions are like traditional painkillers, we certainly feel better after talking them, but the root cause of pain remains intact and unresolved! as long as we do not address root cause of security incidents and vulnerabilities, we will be feeling better from short-term pain relief of “Security Solutions” and then suffering again soon… Continue reading Security solution which acts like traditional painkiller
Category: Vulnerabilities
utilizing dark web as defense
I was shocked when I heard from a “security professional” that using dark web as means understanding cyber threats has been Just Recently been discovered by them as an effective defense mechanism! no kidding! then why we are surprised we get hacked by the most trivial TTP out there? this is very disappointing that “security… Continue reading utilizing dark web as defense
SolarWinds hack: what just happened?
Solarigate, Sunbusrt, UNC2452 or whatever they call it, how even fireEye, SolarWinds, Crowdstrike and many other involved are able to sell and survive after this disaster, and how security community is able to trust them again? it is interesting that how these top security companies with lots of managed service and bunch of products in… Continue reading SolarWinds hack: what just happened?
Regulating Dark Web!
I came across an article the other day on Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources! A publication from justice.gov with interesting insight but opened an old wound for me! Trying to regulate an environment which is naturally unregulated sounds not reasonable. it is like saying you can… Continue reading Regulating Dark Web!
Why Folks Are Not Able to Secure Their Network?
The question simply is: Why we do not feel insecure even spending a lot, giant teams of professional and bunch of fancy tools? And the answer simply is: Wrong Direction! As long as one’s going wrong direction, we certainly cannot even imagine being able to reach the destination. How it is possible to reach the… Continue reading Why Folks Are Not Able to Secure Their Network?
Why Common Vulnerability Scanning Practice is Useless?
I hope you will find this so obvious but unfortunately security community is highly relied on vulnerability scanning in a way which makes it totally useless or even harmful! Vulnerability assessment is evaluating of a System against known and potential security flaws. A System is simply a collection of processes, workflows, people, nodes, software…but traditional… Continue reading Why Common Vulnerability Scanning Practice is Useless?
Penetration Testing vs. Secure Code Review
What is the best way to make sure a software product is secure? The easiest way is to roll out to the market and see what is going to happen and hope everything does well…no kidding, that is what most software developers do! Let’s forget about what majority of software community do and see what… Continue reading Penetration Testing vs. Secure Code Review
The Only Reason A System Has Not Been Hacked!
Real hackers do not randomly find a flaw in a system. There is a systematic approach to hack a system! Regardless of size and type of an online entity and its online presence, a giant company with ten thousand of employee, or a home user of the Net, the only reason a system (may) have… Continue reading The Only Reason A System Has Not Been Hacked!
Microsoft Windows Huge Text Processing Instability
SECURE TARGET (Security Advisory October 17, 2004) Topic: Microsoft Windows Huge Text Processing Instability Discovery Date: October 14, 2004Original Advisory External Links: VULDB, Full-Disclosure, BugTraq, SICHERHEITSLüCKEN, Addict3d, Ls, Der Keiler, Seifried, NetSys, Mail Archive, SecLists, Neohapsis, Checksum, Network Security, Virus, DoddsNet, ReadList, Mega Security, Security Trap, Virovvch, DevArchives Affected applications and platforms: Notepad, NotePad2 and… Continue reading Microsoft Windows Huge Text Processing Instability
PerfectNav Crashes IE
Secure Target Network (Security Advisory February 25, 2004) Topic: PerfectNav Crashes IE Discovery Date: February 24, 2004 Original Advisory External: Full-Disclosure, BugTraq, Security Tracker, xforce, SANS Affected applications and platforms: Microsoft Internet Explorer 6 Service Pack 1 and older versions Introduction: PerfectNav is designed to redirect your URL typing errors to PerfectNav’s web page. Bundled… Continue reading PerfectNav Crashes IE