Security Information and Review

Collection of security information and review

Archive for June, 2009

Problem and Solution : Cross Site Request Forgery ( XSRF )

Author : Admin

Cross Site Request Forgery ( XSRF ) is a type of attacker technique with malicious code to exploit of a website or web application where by unauthorized commands are transmitted from a user that the website trusts. Attacker use a user that the website trusts with technique cross domain vulnerability, see detail at web based application and basic cross domain security. Cross Site Request Forgery also known as a one click attack or session riding and abbreviated.
… continue reading : Problem and Solution : Cross Site Request Forgery ( XSRF ).

24 June 2009 at 23:24 - Comments

Web Based Application and Basic Cross Domain Security

Author : Admin

Cross Domain Security issue is able people attention, as client, site owner or web base developer. With this vulnerability, cross domain security, allowing an attacker to access privat data on client browser in the same browser. We will take the case to clarify the description above by example. Client views a page on a malicious web site, attacker-hacker-site.com and other side is interacting with shopping online, victim-shop-online.com in the same browser, possibly in a different window. Code embedded in the malicious web page from attacker-hacker-site.com might be able to gain access to this user’s session with victim-shop-online.com, learn sensitive data associated with this user within the context of victim-shop-online.com, or maliciously make requests to victim-shop-online.com that appear to originate from this user. This issue was called the vulnerability cross domain security, the interaction of applications on different domains on the same browser used by the client. So, it’s very dangerous.

… continue reading : Web Based Application and Basic Cross Domain Security.

24 June 2009 at 14:04 - Comments

iPhone and iPod : Full feature and multiple vulnerabilities

Author : Admin

iPhone is a device designed and marketed by Apple Inc. It’s an internet-connected and multimedia smartphone with minimal hardware interface such keyboard but use touch screen to renders a virtual keyboard. iPhone is full feature smartphone, as a camera phone, a portable media player and can be an internet client with application like e-mail, web browsing and WIFI connectivity.

 

iPod was first launched on October 23, 2001, a brand of a portable media players designed and marketed by Apple Inc. Latest generation of the iPod use touchscreen technology was called iPod Touch, can play several audio file formats including MP3, AAC/M4A, WAV, Apple Lossless and other audio formats. The iPod Photo introduced the ability to display JPEG, BMP, GIF, TIFF and PNG image file formats.

 

iPhone and iPod touch use Apple iPhone OS to operate this device and multiple vulnerabilities have indentified which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise vulnerable system. Vulnerabilities was reported by the vendor and others organization like secunia, Google Inc, affected Apple iPhone and iPod touch prior to version 3.0.

… continue reading : iPhone and iPod : Full feature and multiple vulnerabilities.

22 June 2009 at 12:05 - Comments

Microsoft IIS 5.0 WebDAV Vulnerability

Author : Admin

WebDAV : Web distributed Authoring and Versioning is an extension to the Hyper Text Transfer Protocol ( HTTP ) that defines how basic file functions such copy, move, delete and create are performed by a computer using HTTP. So, WebDAV is extension in Microsoft Internet Information Services (IIS) 5.0 which is default activated.

 

A vulnerability was found in Microsoft IIS 5.0, 5.1 and 6.0 with WebDAV extension is activated. With this vulnerabilty  allowing an attacker to gain access to locations which normally require authentication.

… continue reading : Microsoft IIS 5.0 WebDAV Vulnerability.

19 June 2009 at 13:20 - Comments

Linksys WAG54G2 feature and vulnerability

Author : Admin

Linksys, a division of Cisco System Inc., is the recognized global leader in VOIP, Wireless and Ethernet networking for home and SOHO ( small office home office ). Linksys headquartedred in Irvine, California, has been acquired by Cisco system, Inc in June 2003.

 

One of famous product Linksys is WAG54G2, provides ADSL / WIFI / Ethernet interfaces with base on a Linux distribution which run on ARM architecture. The ARM family accounts for approximately 90% of all embedded 32-bit RISC CPU as of April 2009. It’s found in most corners of consumer electronics, from portable devices like PDA, mobil phone, iPods and other digital media and music players to computer peripherials such hard drives, desktop and routers.

 

… continue reading : Linksys WAG54G2 feature and vulnerability.

18 June 2009 at 11:09 - Comments

Hacking Technique and defenses Strategy part 1

Author : Admin

Footprinting

Footprinting is the process of accumulating preliminary data about a target using publicly available methodes. This information can be used to gain a better understanding of the target’s network architecture. There are many ways and techniques to get information about a target such the use of search engines, domain and network block registrars.

Enforcement of the following defensive tactics are strongly recommended in order to minimize the risks associated with exposure of sensitive information by search engines and web server misconfigurations. Administrators perform routine audits web server configuration and the data it is allowed to server. Administrators also must be instructed not to post job vacancies on technical news groups, message boards and mailing list using their real names and e-mail address.

… continue reading : Hacking Technique and defenses Strategy part 1.

4 June 2009 at 08:48 - Comments

Tips and Tricks Security Enhancements

Author : Admin

One use of the term computer security refers to technology to implement a secure operating system, especially Microsoft Windows. Before We spend a dime on security, there are precaution that we can take to protect our system from the most common threats. In this case, system will be used is Microsoft Windows Operating System.

Automatic Update

Make sure Microsoft Windows Automatic Update enabled and check update Microsoft Windows Uodate and Office Update regularly. Microsoft Windows ME, Microsoft Windows 2000 and Microsoft Windows XP can configure automatic updates. If we want to configure automatic update, click on the Automatic Updates tab in the system control panel and choose the appropriate options.

… continue reading : Tips and Tricks Security Enhancements.

3 June 2009 at 13:35 - Comments

Base Linux Security with IPTables

Author : Admin

Most people think that to protect computer networks from outside attacks by using firewall but they don’t understand what a firewall is and how it really work. A firewall inspects packets as they arrive on an interface, searching a table until it finds a matching rule to determine what is should do with each packet and the follow the action the rule specifies.

If the packet does not match a specific rule, a default action decides the packet’s fate, generally known as falling through the bottom of the rules. For firewalls, the generally accepted good default action is Deny. That is, unless we explicitly permit a particular access, the packet is dropped. This allows us to permit what we know and block what we do not. … continue reading : Base Linux Security with IPTables.

1 June 2009 at 19:41 - Comments