Vaibhav Shukla

Lost thumb drives bedevil U.S. banking agency

A U.S. banking regulator says an employee downloaded a large amount of data from its computer system a week before he retired and is now unable to locate the thumb drives he stored it on.
The Office of the Comptroller of the Currency, which is a part of the Department of the Treasury, said the loss…[Read more]

Yeah even I had a initial feeling that what can be the sensitive information w.r.t the blood donors as they can have just information of blood donation history and name of donor.
But I felt this is a serious breach when the secret private questions like ” engaged in “at-risk” sexual behavior” and blood type is revealed in public.
Blood don…[Read more]

It is very important to know the difference between the identity and access management as we have to clarify the basic question ” When the user identity is established can he access the service? ”
Answer is No . Authentication is not equal to Authorization .After authentication there needs to be an access control decision. The decision is based…[Read more]

The article clearly throws light on how this vulnerability is a serious threat and way to fix it by patching our operating systems.But there are million of devices which cannot be patched which remains a serious concern.
Many gadgets using linux doesnt support patching and can be security rsik

The article is great and I feel the hash collision can also be created if we convert the hex code into the binary code.
The main vulnerability exploited in MD5 collision is the length extension because of this length-extension behavior, we can append any suffix to both messages and know that the longer messages will also collide.

Inorder to determine network capacity is adequate or inadequate we need to have a network capacity planning which includes finding out

1) Traffic Characteristics-Type and amount of traffic
• Traffic volumes and rates
• Prime versus non-prime traffic rates
• Traffic volumes by technology

2) Present Operational Capacity
• WAN percent…[Read more]

Millions of Indian debit cards ‘compromised’ in security breach

On Wednesday, India’s largest bank, State Bank of India, said it had blocked close to 600 thousands debit cards following a malware-related security breach in a non-SBI ATM network. Several other banks, such as Axis Bank, HDFC Bank and ICICI Bank, too have admitted being hit by s…[Read more]

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by bombarding it with traffic from multiple sources
Spear-phishing attack is carefully crafted and customized to look as if it comes from a trusted sender on a connected subject. Spear-phishing scams often take advantage of a variety of methods to…[Read more]

I think its a very bad approach by a government agency in maintaining its IT infrastructure.
The IT systems were like full of vulnerabilities and the officials were waiting for such data breach event to take place in-order to put everything on track .
The common items mentioned in it are like some of the key in maintaining IT security in an…[Read more]

Yeah but I still feel recognizing the cyber security hacks as national security challenge is very important.
This actually proves that information security is gaining importance in coming times that it even needs to be a part of political strategy for the competitors and I think in coming time this could be a very important factor to be seen in…[Read more]

Quantum computing in simple words is something that allows a particle to be both a zero and a one at the same time. Quantum cryptology depends on physics, not mathematics.
Quantum cryptography uses photons to transmit a key. Once the key is transmitted, coding and encoding using the normal secret-key method can take place.
But question comes…[Read more]

How is NSA breaking so much crypto?

The Snowden documents shows that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.
However, the documents do not explain how these breakthroughs work.If a client and server are speaking…[Read more]

BCP is a plan that allows a business to plan in advance what it needs to do to ensure that its key products and services continue to be delivered in case of a disaster,.A business continuity plan enables critical services or products to be continually delivered to clients. Instead of focusing on resuming to a complete strength after a disaster, a…[Read more]

Its a great article which even now strengthens the point that why RSA and Diffie-Hellman cryptography method may soon see the slowdown in their usage across industries .Its security relies on the fact that factoring is slow and multiplication is fast.Specialized algorithms like the Quadratic Sieve have been created to tackle the problem of prime…[Read more]

As you mentioned about the virus I will illustarte regarding the virus spread in nuclear facility in Germany
The viruses were “W32.Ramnit” and “Conficker” which were discovered at Gundremmingen’s B unit in a computer system retrofitted in 2008 with data visualisation software associated with equipment for moving nuclear fuel rods
W32.Ramnit is…[Read more]

What Makes a Good Security Awareness Officer?

Sharing the article i found interesting that how communication skills are also important with technical skills
Communication is one of the most important soft skills that a security awareness officer will need. Time and time again its been seen that people with the strongest communication skills…[Read more]