Fingerprinting is a technique used by attackers to determine product and version information about operating systems and applications running on remote systems. The technique is called fingerprinting because each platform or version number for a software product gen¬erally has its own specific ways of responding to differ¬ent requests that uniquely identify it, (more…)

Incident response is planned action in response to adverse events affecting systems, networks, and data. Response to an incident can range from recording the incident to alerting an incident response team to initiating legal action against malicious individuals. The best way to deal with incidents affecting information security is to follow a planned approach laid out in a carefully developed security policy. (more…)

In my company, we kicked off the Information Security campaign about 4 years ago, and this was focused very heavily on IT staff and processes (insurance industry). At that time we had very few security skills in house, so we brought in an external trainer to deliver the Security Awareness training. We worked with the trainer to develop the course content, the baseline they had was good, but we wanted to added ten topics unique to our environment. (more…)

Being able to communicate by the use of email nowadays has opened great opportunities to all people who are hooked up on the internet. It serves all kinds of people and therefore millions of people around the world have email addresses. They use this email address to converse with many friends and colleagues, who they have met in the office, (more…)

Most people defined spyware and adware with the same term: sypware. But both actually have some differences in term on how they work and what is each purposes. Adware is installed with the user consent, mostly when users try to download other 3rd party software, adware is bundles with one. Ethically speaking, adware is legal to be installed in your PC. (more…)

Online stalking earns media attention, but how serious is the problem? This question is open to debate. A report prepared by the U.S. Department of Justice, and later reports that merely respond the same content, stated that the problem is pervasive and, using “back of the envelope,” calculations theorized that online stalking could be a crime with tens or hundreds of thousands of victims. The report, however, is sparse in actual support for these claims. In fact, it even cites a study conducted at the University of Cincinnati, of which the authors have stated does not measure the statistics that the Department of Justice cites the study to support. Essentially, there are no empirical scientific studies or data as to the scope of the problem. (more…)