Thursday, December 15, 2011

50% off on Check Point exam re-takes

To encourage and support your certification goals, Check Point has implemented automatic 50%-off re-takes for the following exams at Pearson VUE

CCSA R75 (coming soon)
CCSE R75 (coming soon)

Note: All R70 exams will be retiring on 31 December, 2011

Tuesday, November 15, 2011

Inspecting HTTPS traffic on gateways


In the past, security devices inspecting application content for attack patterns, misuse or malware, had been blind to encrypted traffic and due to this encrypted protocols like Hypertext Transfer Protocol Secure (HTTPS) have been a safe method used by attackers to bypass security inspection. Though reverse proxies and Web Server modules have been there for long, but they only inspect incoming traffic i.e. connections made to protected web servers in the organization. Inspecting outgoing traffic or traffic of connections made by users to outside world servers, not protected by the device, had been on the wish lists. Devices these days come with the capability to inspect Secure Sockets Layer (SSL) based outgoing traffic, however there are some concerns enabling such kind of inspection. In this article we cover some basics of SSL, the challenges in inspecting SSL traffic, and also see how Check Point's HTTPS Inspection feature starting from R75.20 is able to inspect HTTPS traffic at the gateway. After reading this article you will know the pros and cons of enabling SSL inspection on a gateway.

Read further or download the entire document in PDF format below:
Inspecting HTTPS Traffic on Gateways

Friday, May 27, 2011

SPG - informal meeting

Security Professional's Group (SPG) is having an informal bar meet on Sunday 29th May '11. If you are interested, send in your mobile no. to

Thursday, March 31, 2011

Saturday, February 26, 2011

Hackers meet at Nullcon 2, GOA

Heard of Black Hat, White Hat and also Gray Hat but what does this Brown Hat??

Does it mean the chief of all the hats? or something else??

Had a great time at GOA and the second Nullcon conference in Feb 2011.

2.4 Million email account passwords leaked

Have you ever entered your email account password on some sites like social networking, contact management, birthdates management or may be email marketing? Well the site you used could be legitimate, but how good is their security?? Are they collecting your password or redirecting to a login page on the email server?

Hackers have got 2.4 million email account passwords of gmail, hotmail, yahoo, live etc. The no. is expected to go up to 24 mil soon and as this is not likely to be the result of compromising all the providers at a go, hence it seems to be data from 3rd party sites in possession of the password. If you like to see if you are one of the victims, you can check your email id here -