Auditor's notes

The purpose of this articel to describe substantive audit procedure related to IT audit. This article will cover the following areas:

* The objective of substantive procedures
* The risk factors
*

… Continue

For those who read my article Cracking access to Bank this paper may be interesting from the securing transactions point of view.
As we identified that that the m

… Continue

Why hackers do not like script-kiddeis ? May be you think that hackers hate tham just because guys do not know how to intrude the system or do not know how to craft an exploit... may be... some of kiddies really annoying. However, nobody was born clever. And if we ju

… Continue

The purpose of this article is to show the real threat for banks' clients that use on-line banking services for processing bank documents and transactions in "real-time". On-line banking services are used in our days by 99% of legal entities. In my practice I have see

… Continue

Be careful! Once you scanned your workstation using TrendMicro HOUSECALL this ActiveX component will stay in your system. That means that anyone can exploit this vulnerability. The vulnerable methods are listed below:
showAlert()
setOption()
isOptionAvail

… Continue

Do you know what is Client-Bank application ? That is electronic transaction system that allows to work with bank account through the Internet. The on of the types of Client-Bank applications is the web-based client bank, that check signatures and e-tokens data using the ActiveX control. I reviewed the one (http://bssys.com/eng).

The result was (integer overflow):

Exception Code: ACCESS_VIOLATION
Disasm: 1D0BB96 MOV EDI,[ESI+3C] (

… Continue

Yesterday I was really surprised to know that Aeroflot has operational vulnerability in reservation of tickets process (the part of tickets sales). As it happens Aeroflot allows to perform tickets reservations via WEB and this reservations include desired s

… Continue

What are the risks and why we always looking for controls? How can we pass controls over and what do we need it for? These questions are normal! I am going to describe simplified audit procedures related to Information Technologies and Information Security audits.

… Continue

Fuzzing the ActiveX components installed in my operating system i discovered vulnerability in RegWizCtrl ActiveX

The first vulnerability identified in this component was in InvokeRegWizard method; however, this vulnerability identified by mine was in IsRegistered pr… Continue

Guys!
I am going to give a mouth about the cheating in flash. Talking about the flash you may think only about flash games since they are still popular; however, flash is used for WEB design and you should remember the following:
*The main engine of the flash can be built on flash
*Flash always runs on clients machine - not server.
*Flash could be decompiled.

Ok. Let's start. Talking about flash we always look back and see where it is used, what kind of sites. First of all - that are the sites… Continue