The ECB has published a manual with instructions for inspectors reviewing the asset quality of products of the eurozone’s biggest lenders. The central bank is to take over banking supervision in November of this year. (more…)
I am engaged with a mission to detect digital signatures on the client computers. Then, I decided to write a script to search for client computers in the internal network using WMI.
For anyone who would like to use it, here is the script. Save it as a search.vbs, and run as CScript search.vbs.
Well, it is all started that I wanted to add a recurring event for the world famous La Tomatina of Spain, where people throw tomatoes to each other in a sunny day of Valencia. The event is held on the last Wednesday of August, during the week of festivities of Buñol. Unfortunately, there is no way to add a recurring action like this on the website of Google.
However, the Google Calendar can read and understand successfully the iCalendar format, not to be confused with Apple iCal, so you can make use of it to achieve what you want. All you need to do is to create an iCalendar event with the below recurrence rule. The term -1WE, means last Wednesday of the month, and the rest is self-explanatory. You can find more information in the related RFC.
You can paste the below text into a new text file and save it as latomatina.ics. Then, you can go Settings page of Google Calendars, click on Calendars, and then click on import. You will need to select the latomatina.ics, and the calendar you want this event to appear. Now, it is done. You can edit this event on your calendar. However, you should not edit the recurrence part on the web interface of Google Calendar.
If you don’t know what is SQL injection, you should read this first.
However, if you authenticate users in a similar approach as below, you have already met with it, but you are not yet aware of it.
Well, these are old school tricks and old fashion attacks, therefore, I will not digg into the attack side.
Quick and Dirty Prevention
Simply escape the user inputs with built-in mysql function mysql_real_escape_string. Something like below:
I have complied a list of regulations which affects IT Division of any bank, who develops core banking system in house, in Netherlands. (more…)
It is a question I hear occasionally. Sometimes, I hear some confusions about their roles. Sometimes, some thinks that one is subordinate to another or one department is more important than the other one.
I associate the IT Security department to the Police Department, and IT Audit department to the Intelligence Service.
BRSA (Banking Regulation and Supervision Agency), the primary regulatory body of Financial Sector in Turkey, has developed a promising system named BADES for the reporting of the findings which are determined by the external auditors during the course of application controls and general IT controls audit engagements. The BADES system has also capable of importing and exporting XML files which have detailed information about the findings and remediation plans.
Thanks for the openness of BADES system, I decided to write a desktop application, which is roughly a specifically formatted XML editor, to accelerate the inputting process of findings and automate the most of the work. You can see the full feature list below. (more…)
If you are working on a highly-critical engagement or a maganizish investigation you have to be sure that the information you have gathered or your audit program should be kept confidential. Otherwise, it would hurt you or the ones who are affected with your work. However, it might be quite though when all your data “belongs” to your company, and the “data custodians” of your company can easily browse your files even you will not notice whatsoever. I will tell you, how I cope with this situation.
One day, I heard an auditor colleague of mine suspiciously “lost” some of his audit evidences in the mid of his work. He was completely sure that he took the related evidences and put them all in that folder, which is not there at the moment. He was suspicious about some IT guys had deleted that folder from his computer. I took some measures to protect myself after hearing this story. (more…)