A hacking anatomy and what we can learn out of it!
There is nearly no single week , we don’t read in the news that there is a attack launched against a government, business or organization. As we all know there is NO WAY to STAP a Hacker. All what we can do is make their job harder ? But how?
The best way is to keep an eye on Security News, to subscribe to some newsletters etc. Once a incident happens , we should look in to the details and learn from that. unfortunately, for most of us an incident can be much more effective than 100000 advises.
So we should learn from mistakes? Here is a very bad example : “The Turkish Government” . In last few months they had so many attacks , they were brought down so many times . the sad part of this is, when you check their “hacked” methods most of them are done with known vulnerabilities or more importantly with weak security.
Let’s review their (Turkish Government) incidents and what they done as response... [More]
Repost from Bruce Schneier Blog
I regularly receive e-mail from people who want advice on how to learn more about computer security, either as a course of study in college or as an IT person considering it as a career choice.
First, know that there are many subspecialties in computer security. You can be an expert in keeping systems from being hacked, or in creating unhackable software. You can be an expert in finding security problems in software, or in networks. You can be an expert in viruses, or policies, or cryptography. There are many, many opportunities for many different skill sets. You don't have to be a coder to be a security expert.
In general, though, I have three pieces of advice to anyone who wants to learn computer security.
Study. Studying can take many forms. It can be classwork, either at universities or at training conferences like EC Council and OffensiveSecurity. (These are good self-starter resources.) It can be reading; there are a lot of excellent books out th... [More]
Windows Server 2012 is a game-changing release for so many reasons and this course will help experienced IT Pros truly understand why -- check it out! Windows Server 2012 Jump Start (01): Core Hyper-V Windows Server 2012 Jump Start (02a): Virtualization Infrastructure, Part 1 Windows Server 2012 Jump Start (02b): Virtualization Infrastructure, Part 2 Windows Server 2012 Jump Start (03a): Storage Architecture, Part 1 Windows Server 2012 Jump Start (03b): Storage Architecture, Part 2 Windows Server 2012 Jump Start (04): Continuous Availability Windows Server 2012 Jump Start (05a): Multi-Server Management, Part 1 Windows Server 2012 Jump Start (05b): Multi-Server Management, Part 2 Windows Server 2012 Jump Start (06a): Security and Access, Part 1 Windows Server 2012 Jump Start (06b): Security and Access, Part 2 Windows Server 2012 Jump Start (07): Remote Connectivity and Networking Windows Server 2012 Jump Start (08): IIS, DHCP and IPAM Setup your ow... [More]
Sony PS3 vs. Microsoft XBOX 360 I am quite sure you read many articles based on these two products. There are some core fan’s of both of the gaming consoles. If you are about to buy a new gaming console and you are not sure on which one to buy, check the below photo’s which I took in a Local Australian Super store called “Harvey Norman” in their Canberra branch… This post does not requires any words, lets see the photos of the gaming section. Nothing seems wrong, now zoom in, in to my favourite console , which is XBOX 360 XBOX 360 and below is the Sony PS3 console in a display unit, Sony PS3 &... [More]
Are you getting ready for the O365 certification track ? Do you have difficulties to find recourses? This post has most of the staff you need to pass the exam. Free Computer Based Training, Free E-book and much more. Enjoy and feel free to share www.yourMCT.com Computer Based Training Deploying Office 365 Jump Start (01): Infrastructure Planning Deploying Office 365 Jump Start (02): Deploying SSO | Part 1 Deploying Office 365 Jump Start (03): Deploying SSO | Part 2 Deploying Office 365 Jump Start (04): Planning & Deploying DirSync Deploying Office 365 Jump Start (05): Planning Lync Online Deploying Office 365 Jump Start (06): Planning Exchange Online—UM Deploying Office 365 Jump Start (07): Exchange Online Mail and Routing Deploying Office 365 Jump Start (08): Exchange Online -- Hybrid Scenarios | Part 1 Deploying Office 365 Jump Start (09): Exchange Online -- Hybrid Scenarios | Part 2 Deploying Office 365 Jump Start (10): Planning Exchange... [More]
One more big week has passed. A sold out event with over 11,000 customers, partners, speakers, and staff who made the 20th year of TechEd so successful & joyful, the week was like a carnival designed for IT. Microsoft made a some important product announcements and demonstrated a lot of Windows Server 2012's new virtualization features. Which one was about our session with Elias , about Windows Intune v3.0 , Microsoft highlighted what is coming soon, especially from Windows Server 2012. Virtualization is the name of the game, and Microsoft showed off migration of virtual machines between on-premises servers and the cloud ( Azure ), showcased the scalability of Hyper-V 3 (up to 64 virtual CPUs, 1TB RAM per virtual machine, and a test virtual machine managing more than 900,000 I/O operations per second, bottlenecked only by hardware), and demonstrated management of its virtual switch using software from Cisco. These capabilities are going to be production-ready soon. For Microsof... [More]
If you’re a LinkedIn user, do yourself a favour and change your password right now !!! LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts. Norweigan IT website Dagens IT first reported the breach, noting that “Two days ago a package on the 6.5 million encrypted passwords posted on a Russian hacker site. http://thehackernews.com/2012/06/linkedin-confirms-millions-of-account.html Double check if your password is leaked or not ? http://leakedin.org/ I hope you will get a response like below PS: Please try only your “old password” the one that you have changed and not using anywhere anymore Official LinkedIn announcement : http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/
Very interesting article to read specially if you are in IT Source: arstechnica.com A couple of days ago, I received an e-mail from Iran. It was sent by an analyst from the Iranian Computer Emergency Response Team, and it was informing me about a piece of malware their team had found infecting a variety of Iranian computers. This turned out to be Flame: the malware that has now been front-page news worldwide. When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010. What this means is that all of us had missed detecting this malwa... [More]
Watch the video at the below link
FYI!!! From MS Security Response Blog:
We recently became aware of a complex piece of targeted malware known as “Flame” and immediately began examining the issue. As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk. Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks. Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers.
We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be expl... [More]