Imagination is the highest form of research.|Albert Einstein
  • 0,,17053226_403,00[1]
    Permalink Gallery

    ECB publishes details on asset quality review of eurozone banks

ECB publishes details on asset quality review of eurozone banks

The ECB has published a manual with instructions for inspectors reviewing the asset quality of products of the eurozone’s biggest lenders. The central bank is to take over banking supervision in November of this year. (more…)

By |March 28th, 2014|Audit|0 Comments
  • email
    Permalink Gallery

    How to Find S/MIME Certificates of the Users in Internal Network

How to Find S/MIME Certificates of the Users in Internal Network

I am engaged with a mission to detect digital signatures on the client computers. Then, I decided to write a script to search for client computers in the internal network using WMI.

For anyone who would like to use it, here is the script. Save it as a search.vbs, and run as CScript search.vbs.

By |February 14th, 2014|Audit, Security|0 Comments

Adding an oddly recurring event to your Google Calendar

Well, it is all started that I wanted to add a recurring event for the world famous La Tomatina of Spain, where people throw tomatoes to each other in a sunny day of Valencia. The event is held on the last Wednesday of August, during the week of festivities of Buñol. Unfortunately, there is no way to add a recurring action like this on the website of Google.

However, the Google Calendar can read and understand successfully the iCalendar format, not to be confused with Apple iCal, so you can make use of it to achieve what you want. All you need to do is to create an iCalendar event with the below recurrence rule. The term -1WE, means last Wednesday of the month, and the rest is self-explanatory. You can find more information in the related RFC.

You can paste the below text into a new text file and save it as latomatina.ics. Then, you can go Settings page of Google Calendars, click on Calendars, and then click on import. You will need to select the latomatina.ics, and the calendar you want this event to appear. Now, it is done. You can edit this event on your calendar. However, you should not edit the recurrence part on the web interface of Google Calendar.

By |September 3rd, 2013|Uncategorized|0 Comments

Best way to prevent SQL Injection Attacks on MySQL / PHP Environment

If you don’t know what is SQL injection, you should read this first.

However,  if you authenticate users in a similar approach as below, you have already met with it, but you are not yet aware of it.

Well, these are old school tricks and old fashion attacks, therefore, I will not digg into the attack side.
Quick and Dirty Prevention
Simply escape the user inputs with built-in mysql function mysql_real_escape_string. Something like below:

Regulations which have an impact on IT Division of a Bank

I have complied a list of regulations which affects IT Division of any bank, who develops core banking system in house, in Netherlands.  (more…)

Which one is more important: IT Audit or IT Security?

It is a question I hear occasionally. Sometimes, I hear some confusions about their roles. Sometimes, some thinks that one is subordinate to another or one department is more important than the other one.

I associate the IT Security department to the Police Department, and IT Audit department to the Intelligence Service.
(more…)

A tool for reporting external IT Audit findings to BRSA

BRSA (Banking Regulation and Supervision Agency), the primary regulatory body of Financial Sector in Turkey, has developed a promising system named BADES for the reporting of the findings which are determined by the external auditors during the course of application controls and general IT controls audit engagements. The BADES system has also capable of importing and exporting XML files which have detailed information about the findings and remediation plans.

Thanks for the openness of BADES system, I decided to write a desktop application, which is roughly a specifically formatted XML editor, to accelerate the inputting process of findings and automate the most of the work. You can see the full feature list below. (more…)

Protecting audit evidences from prying eyes of Auditees

If you are working on a highly-critical engagement or a maganizish investigation you have to be sure that the information you have gathered or your audit program should be kept confidential. Otherwise, it would hurt you or the ones who are affected with your work. However, it might be quite though when all your data “belongs” to your company, and the “data custodians” of your company can easily browse your files even you will not notice whatsoever. I will tell you, how I cope with this situation.

One day, I heard an auditor colleague of mine suspiciously “lost” some of his audit evidences in the mid of his work. He was completely sure that he took the related evidences and put them all in that folder, which is not there at the moment. He was suspicious about some IT guys had deleted that folder from his computer. I took some measures to protect myself after hearing this story. (more…)