Microsoft Most Valuable Professional – MVP (again)

Super excited to be awarded by Microsoft for the 10th time in a row as Most Valuable Professional in the domain of "Enterprise Security" under the named award category of "Cloud and Datacenter Management". A decade is a good thing, right :) For the sake of clarity, It's awarded for non-commercial community contributions, commercially benefiting contributions are not counted It doesn't have to be saying good about Microsoft only, they are pre

Mont Blanc India – An interesting fraud or a real bad way of handling operations

Mont Blanc India – An interesting fraud or a real bad way of handling operations
UPDATE: Looking at the comments on this blog so far, it's definitely a scam, not a bad way of handling operations On the 9th December 2019, I received an SMS that genuinely piqued my interest. Ordinarily, I wouldn’t entertain any unsolicited offers but I am a luxury fountain pen fanboy, and Mont Blanc is a highly coveted name. Add to that, the SMS sender had a Sender-ID, (i.e. QP-MONTDE, QP-MONTBI etc.) which (I believe) is not very easy to...

Smartphone Security Tips

Smartphone Security Tips
image: wikipediaChristmas & New year is here and its the time many people buy/exchange gifts. So if the next shiny gift in your hand is a smartphone, then remember following tips to be safe & secure your data.1. Don't loose track of your phone.This one goes non-technical. Don't loose the sight of your smartphone. Keep you eyes on it when you leave it anywhere, especially at the airport security checkin. The nature of data stored on phone makes it

Password analysis from 10,000 leaked Hotmail passwords

On 5th October theregister reported more than 10,000 password were leaked mysteriously on pastebin.com. See this tweetAs a followup study "Acunetix Web Application Security Blog" did an analysis on the kind of password people use.Some interesting findings are as follows-Statistics: The list initially contained 10,028 entries.There are 8931 (90%) unique passwords in the list. The longest password was 30 chars long: lafaroleratropezoooooooooooooo.The shortes

Cheat Sheets: Networking, Hacking, Security, Administration, Tools

Here is a bunch of CheatSheets which might be useful from time to time to use as a reference:# TCP/IP and tcpdump Cheat Sheet - SANS.org# Google Hacking and Defense Cheat Sheet - SANS.org# Intrusion Discovery Cheat Sheet Windows - SANS.org# Intrusion Discovery Cheat Sheet Linux - SANS.org# SQL Injection Cheat Sheet - ha.ckers.org# Cross Site Scripting Cheat Sheet - ha.ckers.org# Web application Cheat Sheet - secguru.com# Linux Security Quick Reference Guid...

UNtrusted Certificates from UNtrusted CA

Following HDMoore's twit I stumbled on this case of Man-in-the-middle attack with a valid SSL certificate from a shady reseller.Eddy Nigg was able to buy a certificate in the name of mozilla.com from a reseller of comodo named 'Certstar'.In response of this issue, comodo saysThat reseller's ability to sell Comodo certificates has been suspended while weinvestigate why they are apparently not fulfilling their contractual obligationsto us. We revoked your ce

Wardriving Pune

On 10th November 2008, ClubHack with support of Cyber Crime Cell of Pune Police conducted a Wardriving in Pune, Maharashtra.This Wardriving aimed at analysis of wireless network security in Pune city at common places like ITparks, residential areas, market areas, hotels, airport etc.To our amaze, we found nearly 81% of Pune's wifi to be insecure ( I count WEP as insecure)Find the report and analysis @ http://wardrive.in/