- How to Sell Security: If you want to sell security, a leading expert advises, you have to turn it into something people actually want to buy.
- Security Engineering – The Book: If you’re even thinking of doing any security engineering, you need to read this book
Archive for the 'Security' Category
PCI SSC finally released “Information Supplement: Payment Card Industry Data Security Standard (PCI DSS) Requirement 6.6 Code Reviews and Application Firewalls” that would clean some air on how much application security is really required for PCI DSS compliance. I have often had long discussions on the intent of 6.6 requirement, and to me it always was clear that Section 6.6 wanted application owners to be cautious against web based attacks than just web-application security testing.
The supplement is a must read and can be downloaded from here
I have read a lot of material on Johny Lang and stuff written by him, but I have never come across an article as lame as this. Someone please tell the author that penetration testing is different from data stealing!
Indian government either needs a session on risk perception. It has this tremendous capacity to recognise a threat from a cow to a smartphone.
The way things are turning out in India, we will soon see DoT ordering NIC to maintain a national mail server where all our emails will be mirrored and scanned for keywords that reflect terrorism. Atleast people can look up to NIC to snoop around in other’s email and ask for backup just incase an email is deleted from their servers!
The last few years have seen alarming rise in demand for security products and services within India especially related to data security. Be it firewalls, VPN boxes and encryption solutions, or ISO 27001 and SOX consulting, the demand has only increased. There is not one reason amounting to this growth. Contractual clauses for BPO segment have become harsher. Fear of data breach within companies has increased. Salesmen (or Pre-Sales consultant as they are known these days) have mastered the art of selling expensive yet ineffective solutions. And so on. But do the solutions protect private data of consumers better than before? Probably not to the extent it should be protected. And yet, there are not as many cases of privacy violation in cyberlaw courts in India as one thinks there would be. The problem with Indian way of securing information and assuring privacy is many folds. Continue reading ‘Learnings from India: How not to secure personal data’
While browsing through generic masala news on rediff.com, I stumbled upon a piece on social engineering that talks about a case of double attack. For people who thought social engineering was limited to a 419 type email seeking your account number, this article seems to be an eye-opener.
The much knowledgeable computer hardware geek Chris has written a blog post on Google and Privacy. A subject that has taken up most of my free time for the last few weeks. A subject that I have been most inclined to write about, but never actually got down to scribble something. A subject that I have worked on for the last few years. So now that I have something to rant about, I’ll let my thoughts flow. The article discusses Google owned applications such as Gmail, Adsense and Gtalk etc more from a ‘single point of failure’ perspective than from the privacy angle. Privacy breach is not limited to someone getting into your account and stealing away your information. Privacy breach is misusing Google for google-hacks and collecting, processing and disseminating personally identifiable information without consent. Being a techie or geek helps you being safe on public networks such as Internet. It protects you from virus, trojans and known malicious activities on the Internet. It helps you filter between legitimate emails and phishing attacks. But does it help you protect your privacy to a safe limit? The answer from my experience is NO. Continue reading ‘Google & Privacy’
Not many people are happy with Google Maps Street View’s street level cameras that show pictures of people at various locations. The pictures were clearly taken without the consent of the subject, and hence have raised eyebrows in many of the privacy conscious countries such as EU Union, UK and Australia.
I am Sumeet,an information security enthusiast, crazy about Coffee, iPod, everything mac, travelling, consuming rss and eating. I work for a large consulting firm where I usually rant about security best practices.