Security Information and Review

Collection of security information and review

The Latest Microsoft Windows SMB Vulnerability

Author : Admin

In this week, the latest Microsoft Windows vulnerability was reported in several sites or blogs, such as securityfocus site, g-laurent blog and others. In the newer Microsoft Windows operating system comes with a new SMB protocol version, it’s known as SMB2. This vulnerability in Microsoft Server Message Block ( SMB ) implementation with specific at SMB2 negotiate protocol request.

The SMB2 ( Server Message Block v2 ) protocol has been introduced in Microsoft Windows Vista and newer Microsoft Windows operating system. SMB2 comes with significant improving performance and reducing the number of commands and sub commands. … continue reading : The Latest Microsoft Windows SMB Vulnerability.

15 September 2009 at 10:03 - Comments

Computer Worm : Definition and How to Prevent it

Author : Admin

Computer worm is a computer program that is designed to replicate itself without any user intervention and interaction. It uses a network to send copies of itself to other network / nodes automatically, commonly computer worms can replicate in great volume and spread very quickly.

Computer Worms, one of virus type that spread automatically, irrespective of human behavior and by exploiting bugs in applications that are connected to the internet, such as Code Red, Nimda and Slammer. … continue reading : Computer Worm : Definition and How to Prevent it.

8 September 2009 at 15:05 - Comments

How to Select Type of Firewall

Author : Admin

Firewall is a part of computer system or network that is designed to block an authorized people to access our resources or infrastructure. In the personal use, when we are browsing or surfing, firewall will keep our internet connection as secure by inspecting and then approving or rejecting each connection attempt made between our internal network and external network. … continue reading : How to Select Type of Firewall.

8 September 2009 at 09:03 - Comments

Hardening MS SQL Server Security with Database Roles

Author : Admin

MS SQL Server divides it’s authorization architecture into statement permission and object permission. In the MS SQL Server there are three types of permissions : GRANT, REVOKE AND DENY. With statement permissions allow user to create, alter and drop objects in the database, such as CREATE DATABASE, CREATE FUNCTION, CREATE PROCEDURE and others. In the object permission, allow user to perform operations that use the objects in the dataset such as SELECT, INSERT, DELETE and others.

In the MS SQL Server, each database has a set of ten built-in roles : public, db_owner, db_accessadmin, db_securityadmin, db_ddladmin, db_backupoperator, db_datareader, db_datawriter, db_dennydatareader, db_denydatawriter. … continue reading : Hardening MS SQL Server Security with Database Roles.

31 August 2009 at 23:47 - Comments

Fixed Database Roles in MS SQL Server Security

Author : Admin

The first step to securing MS SQL server security is Login Security. So, we will spend a lot of time ensuring unauthorized user never log into MS SQL Server successfully. The Login process is comparing account names and password in the list of authorized users, we need to prevent account name and password from being stolen by the wrong people.

In the MS SQL Server, there are some roles that represent server administrator tasks and we more granular control over what the administrator can do. We can classify of the fix role in the MS SQL Server : Primary Server Roles and Secondary Server Roles. … continue reading : Fixed Database Roles in MS SQL Server Security.

31 August 2009 at 21:41 - Comments

Tips and Tricks to Protect and Store Password

Author : Admin

Password are the keys we use to access personal information that we’re stored on our computer and in our online accounts. So it’s very important for our privacy. Therefore, we must not give our password to anyone and write to anything that can be accessed by anyone.

 

In this discussion, we will talk about how to properly protect our password. This discussion is called : tips and tricks to protect our password. We hope this discussion, we can manage our account more safe and secure.

… continue reading : Tips and Tricks to Protect and Store Password.

15 August 2009 at 20:42 - Comments

Tips and Tricks to Improve E-mail Security

Author : Admin

E-mail has become one of the communication tools that it is very important. However, there are several obstacles to make e-mail communication is very safe and secure. So, every organization and company must maintain robust e-mail security defenses. But it’s very harder to do, such as spam volumes are increasing, malware as attachment of e-mail becoming stealthier and more developer of malicious content are developing more effective ways to circumvent e-mail security defenses. So, it’s make e-mail security very expensive and difficult, really ? … continue reading : Tips and Tricks to Improve E-mail Security.

15 August 2009 at 17:51 - Comments

2Wire Gateway Password Reset Vulnerability

Author : Admin

In August 11, 2009, a vulnerability have been reported in 2Wire Modem Gateway. There is an authentication bypass vulnerability in the web administration that allow an attacker to set new password even if the password was previously set.

 

2Wire is the leading provider of intelligent service delivery platforms for the DSL broadband market. Its flagship products include the award-winning HomePortal residential gateways, the first to allow broadband subscribers to connect to the high-speed Internet with an integrated DSL modem, … continue reading : 2Wire Gateway Password Reset Vulnerability.

13 August 2009 at 04:23 - Comments

SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution

Author : Admin

SquirrelMail is one of the famous webmail package written in pure PHP and support standard e-mail protocol such as IMAP and SMTP protocols. In the SquirrelMain, all pages will render in pure HTML with no JavaScript Script enable required for maximum compatibility in all browsers.

 

In August 12, 2009, a vulnerability was reported at SquirrelMail which can be exploited by an attacker with Cross Site Request Forgery – CSRF technique. Find more information about this technique at Problem and Solution : Cross Site Request Forgery ( XSRF ). … continue reading : SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution.

13 August 2009 at 03:48 - Comments

Wordpress Admin Password Vulnerability and Solutions

Author : Admin

In August 10th, 2009, a vulnerability was reported at Wordpress v2.8.3 which can be exploited by an attacker with a special crafted URL to bypass certain security restrictions.

 

An Attacker can sent request to Wordpress system with a special crafted URL to reset the password of the first user ( usually an Administrator site ) without the correct secret key. … continue reading : Wordpress Admin Password Vulnerability and Solutions.

13 August 2009 at 03:03 - Comments