Posts Tagged ‘information security’

How did it start? Let me set the stage first. Arun and I (Gayathri) are part of the global compliance partners team that supports InfoSec (information security) initiatives at Perficient India. One fine morning in early-July: Gayathri: So, Arun, we have completed providing our data evidences for the global ISO 27001 audit, what next? Arun: […]

We shouldn’t be that surprised. A couple of weeks ago, Crypto.com, one of the fastest-growing cryptocurrency platforms, was hacked on January 17, 2022. One area mentioned by the company as an issue was a gap in its multi-factor authentication (MFA) system. A statement issued by Crypto.com on January 20th said, “transactions were being approved without […]

As usual of my blog – the following anecdote unfolds the subject of my blog.… Have you met oxymoron characters? I have and I am going to describe an incident in one such character’s life: I know a balding old gentleman who is stung by an oxymoron combination of OCD (Obsessive Compulsive Disorder) and absent […]

The Corporate Game of Russian roulette! His last chance to spare himself and his billionaire empire is in hands of a Russian roulette game.  A weapon loaded with 5 bullets and one empty chamber lies on his table in front of him. His psyche mind winds up algorithmic yet he stood steady on the white […]

As a security professional, I spend a considerable amount of time building awareness around good password hygiene, and I am starting to see forward progress in efforts like moving users away from short passwords to longer passphrases.  But even as we are moving towards better password selection, most people don’t know that their old passwords […]

Imagine that you work on different engagements or projects in which Kali Linux is one of your primary tools.  Furthermore, maybe you also have the need to keep the data for each of those projects isolated from the others – in other words, you need to avoid cross-contamination between your projects.  In this article I […]

Pen testers often need to stage payloads and other tools on servers outside of their own infrastructure.  In this post I’ll show you how to use the Amazon AWS command line interface (CLI) to dynamically create and manage S3 buckets that you can use in your own pen tests.  I’ll also show you how to […]

I do not mean a notebook with handwritten passwords or even a spreadsheet.  I mean software designed specifically to generate and safely store your passwords.  We have all heard about sticky notes under the keyboard, or even worse on the monitor.  The current browsers can store your passwords for you and, assuming you have an […]

Microsoft Word has long offered support for loading images and templates over the network.  This is a great feature within corporate environments because it facilitates the reuse of assets like logos and corporate document templates.  Unfortunately, these features can be abused by bad actors to obtain operational intelligence on individuals, or even to steal credentials.  […]

Introduction On a daily basis, data growth is expanding at a pace greater than the expansion of the universe itself. It makes our lives better, but it also has the capability of reflecting the vulnerabilities of a person or an organization. Data is like Infinity Gauntlet. If you know how to use it, like Thanos […]

In my previous post, How to Set Up Your Own VPN Server Using Amazon Web Services, we set up and configured an OpenVPN server using Amazon Web Services, and then we configured Windows and Linux machines to use the new VPN server.  In this post, I’ll show you how to setup your Android phone to […]

As a Perficienite, I have been involved in ISO27001, SSAE-16 and HIPAA assessments and have learned the need for information security. I would like to give back my knowledge and awareness to all in a more palatable form without the jargon. This blog is the result. This blog is intended to develop awareness on general […]