tag:blogger.com,1999:blog-293808262024-03-04T23:27:19.791-08:00Information Security & PrivacySecuring our digital presence ...Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-29380826.post-47523053700010825892008-11-05T01:46:00.000-08:002008-11-05T01:53:53.630-08:00Anand wins in style! ( Anand 6.5 - Kramnik 4.5 )<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYlVRWZ5Ut6wBfCsk2CWvKOBKLcLHQIYltuTJom8bik-Ye3sZ7YwRv71nCIFayJWO3VNEh54NAi3cW33Idf869r1OSvjF11KcDsodUWWI6J2xP0Pv0X4ahyphenhyphenqNdIdpgN0Z9pX7kAQ/s1600-h/World_Chess_Champion_Anand.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 400px; height: 266px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYlVRWZ5Ut6wBfCsk2CWvKOBKLcLHQIYltuTJom8bik-Ye3sZ7YwRv71nCIFayJWO3VNEh54NAi3cW33Idf869r1OSvjF11KcDsodUWWI6J2xP0Pv0X4ahyphenhyphenqNdIdpgN0Z9pX7kAQ/s400/World_Chess_Champion_Anand.jpg" border="0" alt=""id="BLOGGER_PHOTO_ID_5265109418437670786" /></a><br />Source : http://www.uep-worldchess.com/ ( Torsten Behl )Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com1tag:blogger.com,1999:blog-29380826.post-936058759390681122008-10-18T22:02:00.000-07:002008-10-18T22:14:46.452-07:00Anand Vs Kramnik - World Chess Championship 2008 - Live from Bonn, Germanyhttp://www.uep-worldchess.com/Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com0tag:blogger.com,1999:blog-29380826.post-39645506774080918502008-09-10T23:29:00.000-07:002008-09-10T23:38:02.492-07:00Web Application Security statistics for year 2007Web Application Security Consortium ( http://www.webappsec.org/ ) released a survey for Web Application Security vulnerabilities for the year 2007. XSS still dominates the arena. Well detailed, worth a read : http://www.webappsec.org/projects/statistics/Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com1tag:blogger.com,1999:blog-29380826.post-16780309334127749482008-05-30T03:32:00.000-07:002008-05-30T03:37:18.632-07:00the DONs of SecurityHere is a list of 15 most influential people in Security compiled by eWeek:<br /><br />'1. Tavis Ormandy, Google Security Team'<br />'2. Ivan Krstic, One Laptop Per Child'<br />'3. Chris Paget, IOActive'<br />'4. Bunnie Huang, Bunnie Studios'<br />'5. Michal Zalewski, Google'<br />'6. Window Snyder'<br />'7. The MOAB Hackers'<br />'8. Dino Dai Zovi'<br />'9. Michael Howard, Microsoft'<br />'10. HD Moore, Metasploit '<br />'11. Dave Aitel, Immunity'<br />'12. Bronwen Matthews, Microsoft'<br />'13. John Pescatore, Gartner'<br />'14. Rob Thomas and Team Cymru'<br />'15. Stefan Esser, Hardened PHP Project'<br /><br />The original article can be found at : <br />http://www.eweek.com/c/a/Security/The-15-Most-Influential-People-in-Security-Today/Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com0tag:blogger.com,1999:blog-29380826.post-83000686372471971122008-02-08T22:04:00.000-08:002008-09-27T04:27:32.088-07:00CISSP Preparation : Plan and Efforts<span style="font-weight:bold;">Preparing for CISSP:</span><br />Here are my two words, might help for your CISSP prep.<br /><br /><span style="font-weight:bold;">My Date : </span><br />April 2005<br /><br /><span style="font-weight:bold;">Changes Since :</span><br />A new topic on Application Security has been added into the 10 domains<br /><br /><span style="font-weight:bold;">Time :</span><br />4 to 6 months <br /><br /><span style="font-weight:bold;">Books Covered :</span><br />1] ISC2 Official Guide for CISSP ( 1st Priority )<br />( http://www.amazon.com/Official-ISC-Guide-CISSP-Press/dp/0849382319/ref=sr_1_1/104-1441772-1525525?ie=UTF8&s=books&qid=1202456055&sr=1-1 )<br />2] Shon Harris<br />( http://www.amazon.com/CISSP-Certification-All-One-Guide/dp/0071497870/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1202456103&sr=1-1 )<br />3] Wiley - CISSP Prep Guide ( good as aux. info, can do without it )<br />( http://www.amazon.com/CISSP-CAP-Prep-Guide-Platinum/dp/0470007923/ref=sr_1_3?ie=UTF8&s=books&qid=1202456134&sr=1-3 ) <br />4] cccure.org ( Good to cover corner concepts, limited use cosidering actual exam questions )<br />( http://www.cccure.org/ )<br />5] Hal Tipton - Information Security Management Handbook ( Awesome resource - only if you have >= 6 months )<br />( http://www.amazon.com/Information-Security-Management-Handbook-CD-ROM/dp/1420060457/ref=sr_1_3/104-1441772-1525525?ie=UTF8&s=books&qid=1202456055&sr=1-3 )<br />6] Michael Overly Guide ( for last 15 days ) <br />( http://www.cccure.org/ )<br /><br /><span style="font-weight:bold;">Study Plan :</span><br />Would recommend giving a serious 4-6 months of dedicated effort, completing the ISC2 official guide first. Then Shon Harris, and then the rest if time permits. Prepare in a group. For the last 15 days refer Michael Overly.<br /><br />All the best.<br /><br /><span style="font-weight:bold;"><br />My Favorite Topics :</span><br />Cryptography<br />Application Security<br />Telecommunication and Network Security<br />Physical SecurityAbhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com0tag:blogger.com,1999:blog-29380826.post-17757513720431921242008-01-21T02:16:00.000-08:002008-01-21T02:26:19.787-08:00OWASP Top 10 - OWASP Pune Chapter Presentation - January 2008<div style="width:425px;text-align:left" id="__ss_235498"><object style="margin:0px" width="425" height="355"><param name="movie" value="http://static.slideshare.net/swf/ssplayer2.swf?doc=owasp-top-10-owasp-pune-chapter-january-2008-120091043896391-3"/><param name="allowFullScreen" value="true"/><param name="allowScriptAccess" value="always"/><embed src="http://static.slideshare.net/swf/ssplayer2.swf?doc=owasp-top-10-owasp-pune-chapter-january-2008-120091043896391-3" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="355"></embed></object><div style="font-size:11px;font-family:tahoma,arial;height:26px;padding-top:2px;"><a href="http://www.slideshare.net/?src=embed"><img src="http://static.slideshare.net/swf/logo_embd.png" style="border:0px none;margin-bottom:-5px" alt="SlideShare"/></a> | <a href="http://www.slideshare.net/abhijitapatil/owasp-top-10-owasp-pune-chapter-january-2008" title="View 'Owasp Top 10 - Owasp Pune Chapter - January 2008' on SlideShare">View</a> | <a href="http://www.slideshare.net/upload">Upload your own</a></div></div>Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com0tag:blogger.com,1999:blog-29380826.post-80060883985006176022008-01-21T01:13:00.000-08:002008-01-21T01:18:48.067-08:00Technology Risk - IT Risk Career CertificationsInformation Security - CISSP - <br /><a href="https://www.isc2.org/cgi-bin/content.cgi?category=97" target="_blank">https://www.isc2.org/cgi-bin<wbr>/content.cgi?category=97</a><br /><br />Information Privacy - CIPP -<br /><a href="https://www.privacyassociation.org/index.php?option=content&task=view&id=36&Itemid=85" target="_blank">https://www.privacyassociation<wbr>.org/index.php?option=content<wbr>&task=view&id=36&Itemid=85</a><br /><br />Fraud Review - CFE -<br /><a href="http://www.acfe.com/Membership/become.asp" target="_blank">http://www.acfe.com/Membership<wbr>/become.asp</a><br /><br />IT Audit - CISA /CISM -<br /><span style="font-size:85%;"><a href="http://www.isaca.org/Template.cfm?Section=Certification&Template=/ContentManagement/ContentDisplay.cfm&ContentID=19934" target="_blank">http://www.isaca.org/Template<wbr>.cfm?Section=Certification<wbr>&Template=/ContentManagement<wbr>/ContentDisplay.cfm&ContentID<wbr>=19934</a></span><br /><br />Internal Audit - CIA -<br /><a href="http://www.theiia.org/certification/certified-internal-auditor/" target="_blank">http://www.theiia.org/certifica<wbr>tion/certified-internal<wbr>-auditor/</a><br /><br />IT Infrastructure - ITIL -<br /><a href="http://www.itil-officialsite.com/home/home.asp" target="_blank">http://www.itil-officialsite<wbr>.com/home/home.asp</a><br /><br />Business Continuity and Disaster Recovery - CBCP -<br /><a href="http://www.drii.org/DRII/Courses/certification_overview.aspx" target="_blank">http://www.drii.org/DRII<wbr>/Courses/certification_overview<wbr>.aspx</a>Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com0tag:blogger.com,1999:blog-29380826.post-66352845643618668872008-01-10T21:43:00.000-08:002008-01-21T01:24:45.202-08:00XSS Hu la la :-)From Mark Curphey's blog ::<br /><br />"<br /><h2 id="post-794"><span style="font-size:78%;"><a href="http://securitybuddha.com/2008/01/10/from-the-office-of-real-world-software-security/" rel="bookmark" title="Permanent Link: From the Office of "Real World Software Security"">From the Office of "Real World Software Security"</a></span></h2> <!-- IF YOU'RE GOING TO USE GOOGLE ADS, THIS IS A GOOD PLACE TO PUT THEM --> <div class="snap_preview"><p>When a customers development team was recently asked to use the AntiXSS library, validate input and encode output for their web interface they replied (and I quote) <em><strong>“we do not use cross site scripting”.</strong></em></p> <p>If any customer ever asks the single most effective thing to affect a positive change on their software security security program I always respond with education and awareness. Pound for pound, dollar for dollar it is the most effective tool anyone has. </p> </div><br />"Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com0tag:blogger.com,1999:blog-29380826.post-39274032577213171342007-01-26T08:39:00.000-08:002007-01-26T09:28:29.951-08:00Secrets & Lies : a swim through ...<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjN3Ce5vwJ4YAevNxCcmNoryIpzEciXHZO1p-dnu7AdTAryDBcNxbAh9JeJTNHg0jqYuY2lwVV_U0OsxZ2r8rxI8SGBIT0AAq19kdMSVMmkkwL9h3lQ-R8zBFNw8pKXANeqw8SgjQ/s1600-h/SecretsAndLies.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjN3Ce5vwJ4YAevNxCcmNoryIpzEciXHZO1p-dnu7AdTAryDBcNxbAh9JeJTNHg0jqYuY2lwVV_U0OsxZ2r8rxI8SGBIT0AAq19kdMSVMmkkwL9h3lQ-R8zBFNw8pKXANeqw8SgjQ/s400/SecretsAndLies.jpg" alt="" id="BLOGGER_PHOTO_ID_5024388949907203170" border="0" /></a><br /><span style="font-size:130%;"><span style="font-weight: bold;">Bruce Schneier</span> : Counterpane Security Chief and an authority on Cryptography<br />More from <span style="font-weight: bold;">Sir</span> <span style="font-weight: bold;">Bruce Schneier</span> : </span><span style="font-weight: bold;"><span style="font-size:130%;">http://www.schneier.com/</span><br /><br /></span><br /><br /><br /><br /><br /><br /><br />Before we start : some cool quotes from the book ...<br /><ul><li>"Security is a process, not a product."</li><li>"Yogi Berra : In theory there is no difference between theory and practice. In practice there is."</li><li>"Organized crime syndicates are spreading corruption, drugs, and fear with the efficiency of Fortune 500 companies."</li><li>"My personal expectations of safety come from living in a stable democracy."</li><li>"This book is about the relatively minor threats ( you guessed it : Digital Security! ) in a society where the major threats ( you know what ... ) have been dealt with."</li><li>"Attacks, whether criminal or not, are exceptions : disruptions in the society's social contract"<br /></li></ul><br />Systems and Security:<br />Systems are <span style="font-weight: bold;">complex</span>, <span style="font-weight: bold;">interactive</span>, have <span style="font-weight: bold;">emergent</span> properties, and are <span style="font-weight: bold;">bug ridden!</span><br /><span style="font-weight: bold;">Prevention, Detection, and Reaction : Good security has all the three ...</span><br /><span style="font-weight: bold;"></span>Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com0tag:blogger.com,1999:blog-29380826.post-1149656934960107452006-06-06T22:05:00.000-07:002006-06-06T22:09:24.730-07:00RFID Security Services<span style="color:#9999ff;">RFID Security Services</span>Abhijit A. Patilhttp://www.blogger.com/profile/07182380851995453543noreply@blogger.com1