SecurityGyan » Secuity Awareness http://securitygyan.com World of information security Mon, 14 Dec 2009 10:00:35 +0000 en hourly 1 http://wordpress.org/?v=3.1 “Human Present” A new security technology http://securitygyan.com/2009/05/09/human-present-a-new-security-technology/ http://securitygyan.com/2009/05/09/human-present-a-new-security-technology/#comments Sat, 09 May 2009 02:49:42 +0000 Vinod Sharma http://securitygyan.com/?p=70 Human Present is a technology spun off from research at Georgia Tech that catches online fraud in action, using a dynamic method of identifying human behavior anomalies while at the same time preventing the fraudsters from detecting that they’re being watched. It differentiates human visitors from spiders, bots, and even zombie computers in bot networks.

For complete details visit:
http://www.humanpresent.net
http://www.pramana.com

]]> http://securitygyan.com/2009/05/09/human-present-a-new-security-technology/feed/ 0 Over 8M Virginian patient records held to ransom http://securitygyan.com/2009/05/08/over-8m-virginian-patient-records-held-to-ransom/ http://securitygyan.com/2009/05/08/over-8m-virginian-patient-records-held-to-ransom/#comments Fri, 08 May 2009 02:37:59 +0000 Vinod Sharma http://securitygyan.com/?p=68 Hi,
On Thursday, April 30, the secure site for the Virginia Prescription Monitoring Program (PMP) was replaced with a $US10M ransom demand:
“I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :( For $10 million, I will gladly send along the password.”

Original copy is available at:virginia-ransom-2009
The note said the intruders possessed 8.3 million patient records and 35.6 million prescriptions. Also, the thieves said they created an encrypted backup of the data and deleted the original files.
Virginia’s Prescription Monitoring Program (VPMP) website PMP is still not accessible.

Compromise of a website/server is not new but thing about which i am concerned is: Disaster management department(DMD) is doing what, before the incidence? They have not maintained a single isolated backup copy of the whole database. I thing DMD did a very poor job, because if they have backup system which is can’t be compromised through the internet, then they don’t have to bent there knees in front of a bad guy.

Remember
“Nobody is secure in cyber world but security can be achieved up to the maximum by closing all possible loop holes”

]]> http://securitygyan.com/2009/05/08/over-8m-virginian-patient-records-held-to-ransom/feed/ 1 ProxyStrike v2.0 released http://securitygyan.com/2009/05/03/proxystrike-v20-released/ http://securitygyan.com/2009/05/03/proxystrike-v20-released/#comments Sun, 03 May 2009 07:27:24 +0000 Vinod Sharma http://securitygyan.com/?p=35 ProxyStrike is an active Web Application Proxy, is a tool designed to find web application vulnerabilities like XSS,SQL,LFI,DT etc. while browsing an application.

Download location:http://code.google.com/p/proxystrike/downloads/list

Demo: http://www.edge-security.com/proxystrike.php

]]> http://securitygyan.com/2009/05/03/proxystrike-v20-released/feed/ 0