Category: വിവര സാങ്കേതിക വിദ്യ

You got Spam, With a hint of phishing.

aicdad.com

I have been receiving DMARC reports from Gmail, Yahoo and others. The report says they(Gmail and others) are receiving fake spoofed emails from the @aicdad.com domain to its users.

DMARC for this domain is set to reject emails that fail the DMARC check. So any server which honors DMARC should ideally reject the spoofed emails.

But the reality is – DMARC is good as it is, most email servers will accept the email from spammers spoofing a legit email. Almost all email providers move these emails to the spam folders. Rest just don’t and place them in the inbox(this is incompetence if you ask me).

If you have received any emails from @aicdad.com and were not expecting one. Mark it as spam. Don’t reply to it, Don’t feed the spammers.

Want more details or any concerns write to me <root + wth@aicdad.com>(eg- groot+wth@groot.con)

Phishing attacks have “gone through the roof” in the pandemic.

As a security professional! You’re tasked with protecting a web application. A tool is something to help you, not to replace you! By now you might have known no fancy tools can replace human intelligence, more so in security. Where adversaries are human with very human motives and emotions. What are tools you have in your arsenal?

Headers are component of the HTTP specification, characterizing the metadata of the message in both the HTTP request and response. While the HTTP message body is often meant to be read by the user, metadata is processed solely by the web browser and has been enclosed in HTTP protocol since version 1.0.

The HTTP headers allow the client and server to exchange information how they communicate with each other.

Metadata in request messages can hold.

• Language of the request
• Cookies
• Credentials for the website
• Cache data

Metadata in response message can hold.

• Size and type of the content
• Cache storage preferences
• Server data
• Time and date
• Credentials to be set by the client

When you’re in Cyber security you’re on a continuous learning track, one has to update skills on a daily. Its fun, but a never-ending journey as it seems. Standardized process for learning will help a lot to satisfy learning requirements. Don’t want to be a zombie also.

Effective time management

On average month, I read 3 to 4 books, keep track of new CVE, new threats in the wild and threats to the industry I am working on. Office projects, Personal Project, and most important of them all time with family.

The Internet is an inseparable part to us humans. Enabling us to access an enormous amount of information from a device we hold in our hand. Access to information is instant!. Physical part of the internet one may see is a Wi-Fi modem with its blinking lights, lying around in the corner, cables running from the modem to outside your home. Where does that cable go?

Have ever notice all the certification our income tax website has. Ever wonder what that means? … Probably not. Who cares right!

GiBu GeorGe

Certified means — you don’t have to take word of the govt/company, external auditors have checked and gave the thumbs up(in-case of ISO standards).