Home

Quick Access

User login

Who's online

There are currently 2 users and 12 guests online.

Online users

Visitors Map

Site Counter

  • Site Counter: 352904
  • Registered Users: 16702
  • Published Nodes: 333
  • Your IP: 173.245.56.169
  • Since: 2008-09-09

Link Exchange

BlogCatalog Blog DirectoryTechnology blogs
Technology Business Directory - BTS LocalTop stories
Click hereTop Blog   Hacking & Security
         SecGeeks
       Megapanzer

Live Traffic Info

Security Articles

Hardening PHP Security from php.ini

Submitted by vismaya on 28 January, 2010 - 02:31

PHP's default configuration file, php.ini (usually found in /etc/php.ini on most Linux systems) contains a host of functionality that can be used to help secure your web applications. Unfortunately many PHP users and administrators are unfamiliar with the various options that are available with php.ini and leave the file in it's stock configuration. By utilizing a few of the security related options in the configuration file you can greatly strengthen the security posture of web applications running on your server. Read more..

Your rating: None Average: 3.8 (4 votes)


SHODAN The Computer Search

Submitted by vismaya on 1 December, 2009 - 09:50


SHODAN lets you find servers/ routers/ etc. by using the simple search bar.You can search by keyword, and/or using any of the advanced search options.

Check SHODAN:
  • country:2-letter country code
  • hostname:full or partial host name
  • net:IP range using CIDR notation (ex: 18.7.7.0/24 )
  • port:21, 22, 23 or 80

Lets say you want to find servers running the 'Apache' web daemon. A simple attempt would be to use:

apache

How about finding only apache servers running version 2.2.3?

apache 2.2.3Read more..

Your rating: None Average: 5 (1 vote)


The Inner Structure of a Trojan Horse

Submitted by vismaya on 14 August, 2009 - 22:05

When analyzing the code of a Trojan horse it often contains  methods  and functions that can be assigned to typical function groups and modules.  Even if the code and inner organisation seems to be chaotic and hard to understand because of  its structureless appearance you can assign a function to at least one of these groups. I want to give you the big picture, an overview about the inner structure of a Trojan horse and taking the confusion a little.



Dropper

The Trojan horse is wrapped by its dropper which is not a core component in the proper sense. But because it plays an important role in propagation and the installation of  the Trojans it is worth mentioning it.Read more..

Your rating: None Average: 5 (1 vote)


Remote/Local File Inclusion Exploition and Prevention

Submitted by vismaya on 17 April, 2009 - 13:59

Remote/Local File Inclusion Exploits


Remote and local file inclusions are just a problem on the coding end, like most exploits. Of course it takes a second person to make it happen, hehe. So this paper will hopefully give you some ideas on how to prevenet a file inclusion exploit on your website and most importantly, in your code. I will be providing the code examples in PHP format.

Let's take a look at some code that make the RFI/LFI exploits possible.



<a href=index.php?page=file1.php>Files</a>
<?php
$page = $_GET[page];
include($page);
?>

Now obviously this should never be used. The $page input isnt sanitized at all. The $page input is passed directly to the damn webpage, which is a very big no no. You should always sanitize every input passed through the browser. When the user clicks the "Files" link on the webpage to visit "files.php" it will look something like this.

http://localhost/index.php?page=files.php
Read more..
No votes yet


Signs of an Infected E-Mail

Submitted by Sajeev on 20 March, 2009 - 14:50

Harmful Email Subjects to Avoid

I. Emails from people trying to infect your system and steal your  friends' email addresses for spam

I.1. Pictures of Osama Bin Laden hanging or Arnold Schwarzenegger's
suicide note
I.2. Email that seems to come from your system administrator or
other familiar sender that says your email could not be
delivered, or some similar statement.
I.3. Email with subject "Against!" or "Revenge"
I.4. Email with subject Re_ and body with animals or foto or other
subjects


II. Emails from people trying to steal your identity (and your money)

II.1. Update Your Billing Information (from eBay)
II.2. Your account at eBay has been suspended
II.3. Your account at Wells Fargo has been suspended
II.4. Notification of US Bank Internet Banking
II.5. Attn: Citibank Update
II.6 Confirm AOL Billing Info


III. Emails from people trying to fool you into hurting yourself or  your friends and coworkers

III.1 Subject: "jdbg" Virus: how to detect and remove.

******************************
More Details About Each AttackRead more..

No votes yet


Preventing DDoS Attacks

Submitted by Sajeev on 17 March, 2009 - 17:51

In this article I am trying to explain what DDOS is and how it can be prevented. DDOS happens due to lack of security awareness of the network/server owners. On a daily basis we hear that a particular machine is under DDOS attack or NOC has unplugged the machine due to DDOS attack . So DDOS has become one of the common issues in this electronics world. DDOS is like a disease which doesn't have an anti-viral developed. So we should be carefull while dealing with it . Never take it lightly. In this article i am trying to explain the steps/measures which will help us defend from DDOS attack ,up to a certain extend .

What is a DDOS attack?
[adsense:468x60:7403224149]
   Simply said, DDOS is an advanced version of DOS attack . Like DOS , DDOS also tries to deny the important services running on a server by broadcasting packets to the destination server in a way that the Destination server cannot handle it. The speciality of the DDOS is that, it relays attacks not from a single network/host like DOS. The DDOS attack will be launched from different dynamic networks which has already been compromised.
Read more..
No votes yet


10 Steps to Secure Your Server

Submitted by Sajeev on 17 March, 2009 - 17:28
So many people are getting their own dedicated servers but are completely clueless about security. Usually they leave it up to the company where they purchase it or hire someone. That's fine but make sure you have these 10 items covered.



Use a Firewall
Read more..
Your rating: None Average: 4 (1 vote)


Turn your webcam into a security camera with Periscope

Submitted by Sajeev on 13 October, 2008 - 12:17
Have you ever wondered how you could set your webcam up as a security camera and have the images sent to you somewhere else? Maybe you wanted motion detection or noise detection to turn it on automatically? Or maybe that's just us, and we're a little paranoid. Regardless, Periscope is a tool that lets you do all of those things with your webcam, and more.  

You can trigger it to start recording in several ways: motion detection, noise detection, via Apple Remote, or with a timer. Once it's on, it'll capture images and save them to disc or send them to a few other places for review. It works with Flickr, e-mail, FTP, iPhoto, and the now-obsolete .mac (presumably an upcoming version will support MobileMe). You can also time-stamp or add your own logo automatically to your pictures.

Even if you're not interested in the security applications of Periscope, you might find it useful for making time-lapse videos. With its ability to capture images at intervals, you could theoretically capture your entire day at your desk if you had the disk space. Although we tested it with a built-in iSight, Periscope should work with other webcams.
Your rating: None Average: 4 (2 votes)


24 Great Open Source Apps for Admins & Technicians

Submitted by Sajeev on 13 October, 2008 - 12:05
I'm always on the lookout for apps that can ease my workload or free up some room in my budget, and open source applications are an excellent way for me to accomplish both.

If you're in the same boat as me, hopefully you're already utilizing some open source options. If not, I've put together this list of two dozen great applications that I can depend on to keep things running smoothly on my office LAN and customer systems as well.

Some of these you'll recognize, but I hope that there are some that are new to you as well.
  1. PING - I may be beating a dead horse here with my love of PING, but it's just a great piece of open source. Drive imaging with network and spanning support, password blanking, it's just an excellent app.

  2. NTRegEdit - The Windows Registry editor hasn't seen many changes over the years. NTRegEdit offers some great additional features like recursive export, color coding, improved searching, and quick edit window below the values list.

  3. Safarp - A portable alternative to appwiz.cpl (add/remove programs), it provides a few extra useful features - like silent uninstalls and repairs of Windows Installer-based apps. It also opens in a flash, unlike the clunky appwiz.
  4. WPKG - Maintaining software installs on computers in a small business environment can be a little frustrating sometimes. WPKG gives you push/pull installs and it can run as a service, so silent installs run transparently with no user ineteraction.
Read more..
No votes yet


How does Identity Theft work?

Submitted by Sajeev on 22 September, 2008 - 12:23

 
 
Thieves gain access to personal information in many ways, but the most common method is to take it from the victim themselves. They steal mail such as account statements, new checks and offers of credit left in a mailbox, discarded in the trash or stored in an easy to access location in your home or office. They access credit card and personal identification from your purse or wallet. Without realizing, you may give the information directly to the criminal when you enter data at an unsecured or unknown website, or in response to a fraudulent request for account information through an unverified e-mail; this is known as "phishing". Thieves also ask for information from you through unsolicited phone calls, tricking you into thinking it is someone you know, such as your bank; this is known as "pretexting".
 
How does an Identity Thief get your personal information?
 
Professional Identity thieves know exactly how to get your personal information and these are some of the common means used:Read more..

No votes yet

Search

Loading

Bookmark Us!

Share/Save

Page Rank

PageRank Checking Icon

Quotes

First say to yourself what you would be; and then do what you have to do.
View

Explore Tags

more tags

Follow Us
  • Virtual PC

    Virtual PC software ensures compliance while optimizing license costs.

  • Virtual Server

    Your company can protect and manage your virtual server with Symantec's tools.

  • Virtualization

    The right virtualization strategy can take you from a static infrastructure to a high-density cloud.