Security Information and Review

Collection of security information and review

Archive for May, 2009

Conficker Worm and Windows vulnerabilty

Author : Admin

The Conficker worm is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction. Conficker is effecting and targeting the Microsoft Windows Operating System that it’s most sophisticated capability. Conficker, also known as Downup, Downadup and Kido. The first variant of Conficker propagated through the internet by expoliting a vulnerabity in a network service [ MS08-067 ]. This list of Microsoft Windows Operating system that has been affected by RPC DCOM vulnerability :

… continue reading : Conficker Worm and Windows vulnerabilty.

30 May 2009 at 18:03 - Comments

How to protect from Conficker Worm

Author : Admin

Conficker worm is exploiting vulnerability of Microsoft Windows at RPC DCOM vulnerability, for detail see Microsoft Bulletin MS08-067 and Conficker Worm and Windows Vulnerabilty at this site. The worm uses a combination of advanced malware techniques which has made it difficult to counter and eradicate.

Whatever the case, the first and best solution if you find the vulnerability security on your system is doing patching. Antivirus program is basically designed not to keep the attacks exploit of security vulnerability that technically the computer Operating System that contains antivirus up to date will be infected with a virus that attacks this vulnerability, the main reason is because vulnerability security of operating system allows many things, including the execution of a file virus can without intervention by the antivirus program.

… continue reading : How to protect from Conficker Worm.

30 May 2009 at 08:08 - Comments

How to prevent SQL Injection Attacks

Author : Admin

This article will show a number of ways to protect web application from SQL Injection Attacks. SQL Injection attacks occur when an application uses input from user that has not been check to see that it’s valid text. So, SQL Injection attacks take advantage of code that does not filter input that is being entered user directly into a form and application that take direct user input then generate SQL Command that execute via back end code. SQL Injection Attacks of web application events that occur most frequently is login form that accepts user name and password as authentication of system. … continue reading : How to prevent SQL Injection Attacks.

28 May 2009 at 13:16 - Comments

SQL Injection Attacks and SQL Server Security

Author : Admin

SQL Injection is a tehnique to manipulate of SQL Command that exploit SQL Server vulnerability of web application layer. This is the SQL Server security to be considered by many programmers and administrators. This vulnerability occurred if user insert text in form of web application. This form of SQL Injection occurs when user input is not filtered for escape characters and is then passed into an SQL Statement. Example, form login of web application as authentication to enter to system with user name and password is required. Field user name and password will make SQL Query to the database to check if a user name has valid name and password. Example SQL Injection in PHP in form login of the POST or GET methode, with a table user.
… continue reading : SQL Injection Attacks and SQL Server Security.

28 May 2009 at 00:14 - Comments

Basic User Linux Security

Author : Admin

All Administrator for Linux security reasons, Linux / Ubuntu server disabling the root user, it doesn’t even have a password , so we can not login as root so we do finish the installation system, because the root has rights to the infinite and to reduce the risk of error due to the usage rights as root.
How about a task which can only be run using the root user? On Linux in general, especialy of the Ubuntu Server, introduced with the use of sudo mechanism. The idea of sudo can be described that task - a task which can only be run by root can be defined specifically for a previous user of a given authority. Because sudo is the basic mechanism on Ubuntu to perform tasks that normally are reserved for root only, after a normal installation every administration tasks is performed that way.For example to run the shutdown command, is generally the root user has authority to run it but we can define on a particular user to run. The user is authorized to run commands with sudo. Define the commands and the user is authorized to run sudo then we need to do edit the file / etc / sudoers. We can use our favorite editor to do it, vi, or nano visudo.
… continue reading : Basic User Linux Security.

23 May 2009 at 08:24 - Comments

Basic Microsoft SQL Server Security

Author : Admin

Every discuss about Microsoft Windows security and other security discussion, it’s most often described for the first time is the Authentication and Authorization. Authentication is the process of identification of the person / user and Authorization refers to the process of determining what that user can do. At this article, we will discuss about Microsoft SQL Server ( all version of MS SQL Server ), Authentication and Authorization.

 

In the Microsoft SQL Server, authentication process occures when someone wanted to make a connection to Microsoft SQL Server. User and password is required for some one to be able to access resources of the Microsoft SQL Server. Once the authentication process finishes, Microsoft SQL Server takes control of authorizing user’s can access to object ( Database, table, trigger and function ) and data in the system.

 

Microsoft SQL Server version 7.0 up, can grant permission to Basic Windows authenticated login on their individual account or the groups of which they are members SQL Server Authenticated. beside this rules, Microsoft SQL Server can grant permission based on the login ID or in membership in database roles, which function like Windows Groups.
… continue reading : Basic Microsoft SQL Server Security.

22 May 2009 at 21:39 - Comments

Wordpress Security File Permission

Author : Admin

Wordpress is one of the biggest cms for blogging, so many problem which user not understand about security. One of the big security problem at wordpress and other web site or cms is file permission. File permission will control who can access a file and what sort of actions the can take with a file on web server / web site. So, it’s very important to harddening file permission at your web site. That’s why locking down file properly is crucial.

One of the biggest problems with any Web site is file permissions, which control who can access a file and what sort of actions they can take with a file. That’s why locking down files properly is crucial.

On computer file systems, different file and directories have permissions thas specify who and what can read, write, modify and access them.

see our profile at Technorati Profile


20 May 2009 at 15:56 - Comments