Announcements
LiveZilla Live Help

10/12/2009 05:08 News Item First line of defense

Building a Better Password

Tough to remember but easy to crack, passwords are the weak link in computer security. Billions hang in the balance.

Read the article on Newsweek's site: http://www.newsweek.com/id/217014/page/1

09/10/2009 07:31 News Item Here's a great tip

SSH Service failed and you can’t start it using Cpanel

Consider the scenario :- SSH service in your server ( CPanel ) has falied and its not allowing you to login from backend. But you can login to WHM with any issues. Trying to restart SSH using WHM > Restart Services also is giving a “Failed” result .

or

You have changed the SSH port for server hardening , but forgot to add the new port to the firewall rules. And after you logout from the current shell you cant login using both ports: -

Please paste the following to your browser

http://your_server_ip:2086/scripts2/doautofixer?autofix=safesshrestart

This will reset the current SSH configuration to default configuration and safely restart SSH. As you all know this only works on a Cpanel Server!

Credit: GNUSYS

07/30/2009 15:54 News Item Hackers go to SSL

Vulnerabilities Allow Attacker to Impersonate Any Website

LAS VEGAS — Two researchers examining the processes for issuing web certificates have uncovered vulnerabilities that would allow an attacker to masquerade as any website and trick a computer user into providing him with sensitive communications.

Normally when a user visits a secure website, such as Bank of America, PayPal or Ebay, the browser examines the website’s certificate to verify its authenticity.

However, IOActive researcher Dan Kaminsky and independent researcher Moxie Marlinspike, working separately, presented nearly identical findings in separate talks at the Black Hat security conference on Wednesday. Each showed how an attacker can legitimately obtain a certificate with a special character in the domain name that would fool nearly all popular browsers into believing an attacker is whichever site he wants to be.

Full Story: Wired

07/30/2009 15:49 News Item But is there a silver lining?

The Hidden Risks of Cloud Computing

Every day more users move their computing lives from the desktop to the cloud and rely on hosted web applications to store and access email, photos, and documents. But this new frontier involves serious risks that aren't obvious to most.

In an era of ubiquitous broadband, smartphones, and users who manage multiple computers and devices, it just makes sense to move your email, photos, documents, calendar, notes, finances, and contacts to awesome web applications like Gmail, Evernote, Flickr, Google Docs, Mint, etc. But transferring your personal data to hosted web applications has its potential pitfalls, risks that get lost in all the hype around cloud-centric new products like Google's new Chrome OS or the iPhone.

When you decide to move your data into the cloud, there are a few gotchas you should know about.

Full Story: LifeHacker

07/19/2009 03:25 News Item The complexity of today’s IT environment makes it easy for computer malware to exist, even flourish. Being informed about what’s out there is a good first step to avoid problems.

The 10 faces of computer malware

With all the different terms, definitions, and terminology, trying to figure out what’s what when it comes to computer malware can be difficult. To start things off, let’s define some key terms we’ll use throughout the article:

It’s important to remember that like its biological counterpart, malware’s number one goal is reproduction. Damaging a computer system, destroying data, or stealing sensitive information are all secondary objectives.

Full Story: TechRepublic

07/11/2009 04:22 News Item ImageShackHack

ImageShack Hacked by Anti-sec Movement

ImageShack (ImageShack), one of the web’s largest image hosts, was attacked tonight by a movement called “Anti-Sec”. The result of the attack has been to replace all ImageShack hosted images with a manifesto for the movement (below).

The message adds that “no images were harmed in the making of this…image”, implying that ImageShack images are not lost.

Full Story: Mashable

07/10/2009 02:18 News Item A new kind of war?

PCs could be hit next in Web attack: South Korea

Cyber attacks slowing U.S. and South Korean websites could enter a new phase on Friday by attacking personal computers and wiping hard disks, a South Korean government agency and Web security firm said.

North Korea was originally a prime suspect for launching the cyber attacks, but the isolated state was not named on a list of five countries where the attacks may have originated, the Korea Communications Commission (KCC) said.

The attacks targeting dozens of government and business sites in South Korea and the United States did not caused major damage or security breaches, experts said, but the KCC warned a new phase at 1500 GMT on Friday that could cause severe damage.

Full Story: Yahoo! Tech

07/09/2009 07:00 News Item Windows only: Hulu Video Downloader

Hulu Video Downloader Saves Your Favorite Shows for Offline Enjoyment

Windows only: Hulu Video Downloader is a free application that saves Hulu videos to your desktop and converts them to virtually any popular, device-friendly format you might want—at least in theory.

Just copy and paste the URL to any Hulu video you want to download into the Hulu Video Downloader application and click Add. The application itself is kind of horrendous in the looks department, but you shouldn't judge a software by its chrome. Unfortunately I had some trouble getting the actual application to work in my tests (kept sticking at the Please Wait notification); I decided to go ahead and post it with a your-mileage-may-vary disclaimer, since it would be a great app to have on hand if it did work, and you may have more luck than I did.

Full Story: lifehacker.com

07/02/2009 15:31 News Item Attention iPhone lovers

Apple to patch serious iPhone vulnerability

A security researcher has revealed that Apple's iPhone has a serious vulnerability that could allow an attacker to remotely install and run unsigned software code with root access to the phone.

The attack in question exploits a weakness in the way iPhones handle text messages received via SMS (Short Message Service), said security researcher Charlie Miller, during a presentation at the SyScan conference in Singapore on Thursday. He didn't provide a detailed description of the SMS vulnerability, citing an agreement with Apple.

Full Story: Techworld

06/30/2009 05:20 News Item Just let him rest in peace already

PCs hit by Michael Jackson malware

It didn't take long. Security researchers are reporting that hackers have begun to use the death of pop star Michael Jackson to infect people's PCs, just as they predicted.

Starting late last week and continuing today, messages posing as breaking news alerts from the likes of CNN and the Los Angeles Times have been reaching users' mailboxes, said several security companies, including Sophos, Symantec and Trend Micro.

Full Story: Techworld

06/29/2009 17:57 News Item Firefox takes aim at cross-site scripting

Shutting Down XSS with Content Security Policy

For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy, designed to shut these attacks down. We wanted to give a bit of background on this project as well as provide an update on our progress so far.

Full Story: Mozilla Security Blog

06/27/2009 04:50 News Item Flash websites get new respect from Google

Google gets to grip with Flash files

Google has enhanced its search engine's capacity to index Adobe's Flash files, which are very popular on the web but tricky for search engine spiders.

The company's search engine can now index external content that a Flash file loads, such as text, HTML, XML or Flash content itself. It will also tie the indexed Flash file to this externally loaded content and the documents from where it comes, Google said.

Full Story: Techworld

06/26/2009 03:47 News Item Windows 7 for $49.99 pre-order direct from Microsoft

Pre-order the newest version of Windows today

Windows 7 Home Premium Upgrade Preorder Download $49.99

Windows 7 Professional Upgrade Preorder Download $99.99

Windows 7 Ultimate Upgrade Preorder Download $219.99

06/24/2009 10:55 News Item Information you can use

Make Prettier URLs with Apache's Mod Rewrite

By Sukrit Dhandhania

We've discussed how to use the Apache module mod_rewrite to rewrite URLs in a previous article. I showed you how to setup URL rewriting using Apache and how to use it to forward a user from one web location to another. That was a pretty straightforward exercise. Now it's time to try out something a little more fancy. Let's look at how to use mod_rewrite to make prettier URLs for your web applications

. Many websites on the web today make the use of dynamic URLs. It's quite likely that you have come across a web link that looks something like this - http://www.example.com/library/bookinfo.php?section=biology&bookid=4856. I'm referring to the section of the URL after the question mark. This is where the web application passes on information gathered earlier, quite likely using a form of some type. If you have a web application or a content management system that churns out URLs like this one, you can use Apache's ability to rewrite URLs to make it look a lot easier on the eyes, like this: http://www.example.com/library/biology/4856. Other than being better too look at, these cleaner URLs are also pretty useful for search engine optimization.

Full Story: webreference

06/22/2009 06:00 News Item Fraudulent sales of avast! products

Beware, Mateys, of Pirated 'Avast!' Software

by Neil J. Rubenking

ALWIL software's avast! antivirus is one of several free solutions that I frequently recommend. Lately I've been getting a slew of messages from readers complaining that avast! is not actually free.

At first I figured these readers had simply mistaken the professional edition's 30-day trial for the actual free utility. It turns out, though, that there's a darker explanation--avast! is frequently pirated. Aaargh!

Worldwide operations manager Justin Bellinger said that ALWIL has a problem with rogue web sites illegally selling avast!'s free antivirus. Apparently a Google search for avast! will often turn up one of these rogues. ALWIL works to shut them down, but before long another rogue site pops up. They have an entire web page devoted to the problem: Fraudulent sales of avast! products.

So how do you navigate these treacherous waters, avoid pirates, and come home with the treasure of a free antivirus? Simple! Go directly to www.avast.com and download avast! Home Edition. If nobody buys from the pirate sites their income will dry up and they'll go back to swabbing the decks and singing sea chanteys.

Originally posted on the PCMag.com security blog, Security Watch.

05/26/2009 05:30 News Item So the glass is 10% full then?

90 Percent of E-mail Is Spam, Symantec Says

By Robert McMillan, IDG News Service - Tue May 26, 2009 5:50PM EDT

Spammers seem to be working a little bit harder these days, according to Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month.

That represents a 5.1 percent increase over last month's numbers, but it's nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet.

Symantec reported that nearly 58 percent of spam is now coming from so-called botnets --networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam. The worst of the spamming botnets -- called Donbot -- generates 18.2 percent of all spam, according to Symantec.

Full Story: Yahoo! Tech

09/06/2008 09:55 News Item Google Chrome Concerns

PC World: Early Security Issues Tarnish Google's Chrome

Security researchers have reported finding vulnerabilities in Google's new Web browser a day after it was released in beta.

One vulnerability would allow hackers to crash the browser. Security researcher Rishi Narang described the issue on the SecuriTeam Web site and posted a proof of concept at Evilfingers. According to Narang, a hacker could build a malicious link that includes an undefined handler followed by a certain character. When a user clicks on the link, Chrome crashes.

Full story: Early Security Issues Tarnish Google's Chrome

08/10/2008 16:08 News Item Are You Protected? Latest Threat Revealed...

New SQL Injection Attack Infecting Machines

A new SQL injection attack started circulating last week, and appears to have infected several thousand web servers as of late Friday evening. The attacks look similar to the one below, and attempt to query random valid files on the web server.

The sysobjects and syscolumns tables queried are the give away: the attack is targeting machines running MSSQL server and storing the malicious HTML code in the database. It’s also possible that web servers with Sybase database backends could also conceivably be exploited, as Sybase is largely using the same SQL syntax and table structure as MSSQL server.

The SQL statement itself scans through all of the tables in the database, inserting the attack author’s own HTML into the contents of each page. This ultimately causes the web server’s visitors to, depending on their client, be sent one of many different forms of malware from the referred pages. Similar to phishing, this attack takes advantage of the website visitor’s trust in the site they are visiting. Instead of phishing for information, however, malware is sent to the client, which the client has a higher likelihood of accepting being from a trusted site.

Full Story: TrustedSource™ Blog



View RSS Feed