The lockdown has forced people to look and feel differently. While the fashion of beard still continues to rule, ponytails and long hairs are not so much in the vogue these days. Quite a few people have asked me how do I manage to shave my head. Yes, I do it myself and what started off in 2015, is now a monthly or weekly routine.
Hoping this will help all you people who are on the fence whether to give their heads a cleanup either with the help of a barber, partner or all by themselves.
Shaving the head is…
If you have never received the dreaded AWS Abuse notifications on your cloud instances then you need not read the rest of the article :)
However, if you recently adopted AWS and received such a notice, then the following tips might come in handy.
Amazon EC2 Abuse <email@example.com>
Feel free to re-use for your Information Awareness Sessions!
One of the common complaints you will encounter while working with Intrusion Detection Systems (IDSs) are about false positives and continuos notifications. OSSEC is no different, despite a global upper rule for email notifications, it continues to bombard emails for events with lower severity ratings.
Although the documentation of OSSEC states this explicitly , it does not mention which exact rules can trigger these email notifications:
“Some rules have an option set to force OSSEC into sending an alert email. This option is <options>alert_by_email</options>. One of these rules is 1002. …
When WannaCry wrecked havoc last week there were widespread concerns that a lot of systems in India had fallen to this malware. However there were conflicting reports about the infection rate in India. Some reports cited that it was not as bad as expected while others differed.
With this in mind, I just wanted to know how vulnerable we were for this malware.
As per documents WannaCry malware tries to spread by infecting hosts that has port 445 open with Server Message Block (SMB) version 1 and running an unpatched version of Windows. …
I was quite excited by the prospect of using AWS Inspector as it is supposed to replaced some of the expensive tools like Nessus, Expose, Qualys etc for getting a holistic view of your infrastructure from a security perspective. Usually, it is a challenge to scan the servers /assets in the cloud. The complexities of Instant provisioning, Virtual Private Circuits (VPCs), multiple regions, different availability zones add to the license restrictions of the tools. If you are using any of the tools listed above, you could use only one scanning engine and pay up for the additional scanners. …
If you are an ACT Fibrenet customer with a Static IP either at home or at office, this might be of interest and worry to you. There is a flaw in the ACT Fibrenet’s Account/Billing page. Wait, It’s not exactly a flaw but a deliberate weakness in the name of convenience — The account settings page is accessible without any authentication (although accessible only from the ACT pool IPs).
If you access the same page [http://portal.acttv.in/] …
Cash or the Card First?
Found something interesting on my recent time at UAE, and it left me wondering. When you are drawing cash in India at ATMs, you insert the card, enter the pin and cash is dispensed and you take your card back. While is Dubai the order is different. You insert the card , enter pin and carry out a transaction, Card comes out first and only after you take the card back, the cash is dispensed.
We have had cases earlier here in India where people would forcibly pull some of the cash dispensed and then cancel the transaction. There were lot of such fraudulent cases that RBI had to step in and mandate once the cash is dispensed, it cannot be cancelled.
Any thoughts on what is the best practice and who is doing it right ? Banks in India or Dubai ?
InfoSec Head | Football Fanatic| Arsenal | 0xE53ACF6D|