Security Information and Review

Collection of security information and review

Critical Vulnerability in Mozilla Firefox, Belmoo and Nobel Peace Prize Site

Author : Admin

Latest vulnerability has been found in Mozilla Firefox v3.5 and v3.6 that is caused due to an unspecified error and can be exploited to execute arbitrary code by tricking a user into visiting a specially crafted site. If a user visited an infected site, the malware might be installed on the user’s computer without warning. The malware is delivered and installed by way of a malicious JavaScript that exploit a vulnerability in Firefox v3.5 and v3.6.

The malware ( Trojan ) was initially reported as live on the Nobel Peace Prize site and that specific site is now being blocked by Firefox’s built-in malware protection. However, the exploit code could still be live on other site. The Malicious JavaScript as Exploit:JS/Belmoo and the payload as Backdoor::Win32/Belmoo.A ( BKDR_NINDYA.A : Trend Micro ). … continue reading : Critical Vulnerability in Mozilla Firefox, Belmoo and Nobel Peace Prize Site.

28 October 2010 at 16:26 - Comments

Tips and Tricks Protect Your System from Malware

Author : Admin

Malware, also known as scumware, short for malicious software. It’s designed to secretly access a computer system without the owner’s informed consent. Some malware programs have been written with a profit motive ( financial or otherwise ) in mind. This can be taken as the malware authors’ choice to monetize their control over infected systems: to turn that control into a source of revenue.

Some malware are produced to gathering information of the victim activities and then showing pop-up advertising, it’s known as Adware. Some adware programs will redirect to search engine results to paid advertisements. Another way that financially motivated malware creators, use sensitive information from a victim. In this case, some malware program install a key logger that will automatically transmitted a password, credit card number, account and other information to the malware creator. It’s called Stealware, example of this type of malware : bancos, Gator, Legmir and Qhost. So, It’s very dangerous ….! In this post, we will explain how to protect our system from malware. … continue reading : Tips and Tricks Protect Your System from Malware.

28 October 2010 at 12:59 - Comments

CubeCart SQL Injection Vulnerability

Author : Admin

The latest vulnerabilities has been reported in CubeCart. With this vulnerability, an attacker can exploit CubeCart to manipulate and inject SQL queries. This vulnerability is caused input validation error in “includes/content/viewProd.inc.php” when processing the productId parameter. This issue is not going to happen if input passed to the productId parameter is properly sanitized before being used in SQL queries. This vulnerability is reported by sangteamtham and it’s confirmed in version 4.3.6 and prior versions may also be affected. … continue reading : CubeCart SQL Injection Vulnerability.

20 November 2009 at 06:58 - Comments

DOS Vulnerability in Home FTP Server

Author : Admin

Home FTP Server is a FTP Server program that allows use to share any files directly form our PC. With this program, we can build and implementation a FTP server easily. Home FTP Server use web based administration support, so we can manage, monitoring and add user very easy. Home FTP Server supports implicit or explicit Transport Secure Layer ( TSL ), virtual directories and banned IP address. Home FTP server has all feature that even some of the commercial FTP server but It’s free without any limitations and very efficient.

In November 16, 2009, a vulnerability has been discovered … continue reading : DOS Vulnerability in Home FTP Server.

18 November 2009 at 15:58 - Comments

Wordpress 2.8.5 XSS and File Upload Vulnerability

Author : Admin

The latest vulnerability was discovered on Wordpress v2.8.5 with XSS ( cross site scripting ) and file upload vulnerability. A security issue and vulnerability in Wordress, which can be exploited by an attacker with malicious code to conduct script insertion attacks and compromise a vulnerable system.

The first vulnerability issue is be caused by input passed not properly sanitized before being displayed to the user. … continue reading : Wordpress 2.8.5 XSS and File Upload Vulnerability.

15 November 2009 at 23:50 - Comments

The Latest Linksys WAP4400N Vulnerability

Author : Admin

Linksys WAP4400N uses the draft version of the upcoming 802.11n standard that is claimed with data transfer rate 300 Mbps. This access point has full feature such support HTTP/HTTPS protocol, SNMP v1, SNMP v2c or SNMP v3 and work at frequency 2.4 GHz. Others feature in this machine : DHCP support, load balancing, syslog, MAC filtering and others, support WPA, WPA2, WPA-PSK, 64-bit WEP and 128-bit WEP algorithm. Get more detail about this product at Cisco / Linksys web site.

The latest Linksys WAP4400N vulnerability was discovered. … continue reading : The Latest Linksys WAP4400N Vulnerability.

15 November 2009 at 23:13 - Comments

Piwik and Open Flash Chart Vulnerability

Author : Admin

In the Piwik with the Open Flash Chart Module has been discovered a vulnerability which can be exploited by malicious people to compromise a vulnerable system. The vulnerability exists in Piwik’s implementation of “open-flash-chart”, a module which resides in the “./libs/open-flash-chart/php-ofc-library” directory.

Piwik is an open source web analytics software with open sources and GPL licensed. … continue reading : Piwik and Open Flash Chart Vulnerability.

21 October 2009 at 02:06 - Comments

Best Practices to Build Web Application More Secure

Author : Admin

In this discussion, we will learn best practices to build web application more secure, such as tips and tricks. In the previous discussion, we have learned how to protect web application files but overall protect web application in every sections. We will discuss a set of best practices that if practiced will result in better security for our web applications.

In our web applications, we often use authentication information to restricted access to our applications. The best practices for this situation is store authentication data way from the web document tree and make sure our application read authentication related files from outside the web document tree. … continue reading : Best Practices to Build Web Application More Secure.

10 October 2009 at 17:11 - Comments

Controlling Access Web Application with Web Based Basic Authentication

Author : Admin

If we want to restrict access to our web based application, we can use web based authentication. In this discussion, we will learn how to protect our web based application with web based basic authentication. It’s simple authentication that it’s very common use in the world in various web server.

We can use our web server’s basic authentication scheme quite easily with .htaccess file in our web directory. In this example, we will restrict access to directory in our web based application : http://www.widyani.com/basic_auth. We can create and edit .htaccess file in the %DocumentRoot%/basic_auth, … continue reading : Controlling Access Web Application with Web Based Basic Authentication.

10 October 2009 at 01:33 - Comments

How to Protect Web Application Files

Author : Admin

When we build web application, all files in our web application becomes available for everyone. So, an attacker will try to find any holes in our web application or attack our data. How to protect sensitive file in our web application ..? In this discussion, we will learn step by step to protect our sensitive files in our web application.

The first step to control access to our sensitive file from visitor our web application with web server configuration. It’s assumed that we are using Apache web server and PHP as server side scripting. … continue reading : How to Protect Web Application Files.

10 October 2009 at 00:10 - Comments