10/12/2009 05:08
First line of defense
Building a Better Password
Tough to remember but easy to crack, passwords are the weak link in computer security. Billions hang in the balance.
Read the article on Newsweek's site: http://www.newsweek.com/id/217014/page/1
09/10/2009 07:31
Here's a great tip
SSH Service failed and you can’t start it using Cpanel
Consider the scenario :- SSH service in your server ( CPanel ) has falied and its not allowing you to login from backend. But you can login to WHM with any issues. Trying to restart SSH using WHM > Restart Services also is giving a “Failed” result .
or
You have changed the SSH port for server hardening , but forgot to add the new port to the firewall rules. And after you logout from the current shell you cant login using both ports: -
Please paste the following to your browser
http://your_server_ip:2086/scripts2/doautofixer?autofix=safesshrestart
This will reset the current SSH configuration to default configuration and safely restart SSH. As you all know this only works on a Cpanel Server!
Credit: GNUSYS
07/30/2009 15:54
Hackers go to SSL
Vulnerabilities Allow Attacker to Impersonate Any Website
LAS VEGAS — Two researchers examining the processes for issuing web certificates have uncovered vulnerabilities that would allow an attacker to masquerade as any website and trick a computer user into providing him with sensitive communications.
Normally when a user visits a secure website, such as Bank of America, PayPal or Ebay, the browser examines the website’s certificate to verify its authenticity.
However, IOActive researcher Dan Kaminsky and independent researcher Moxie Marlinspike, working separately, presented nearly identical findings in separate talks at the Black Hat security conference on Wednesday. Each showed how an attacker can legitimately obtain a certificate with a special character in the domain name that would fool nearly all popular browsers into believing an attacker is whichever site he wants to be.
Full Story: Wired
07/30/2009 15:49
But is there a silver lining?
The Hidden Risks of Cloud Computing
Every day more users move their computing lives from the desktop to the cloud and rely on hosted web applications to store and access email, photos, and documents. But this new frontier involves serious risks that aren't obvious to most.
In an era of ubiquitous broadband, smartphones, and users who manage multiple computers and devices, it just makes sense to move your email, photos, documents, calendar, notes, finances, and contacts to awesome web applications like Gmail, Evernote, Flickr, Google Docs, Mint, etc. But transferring your personal data to hosted web applications has its potential pitfalls, risks that get lost in all the hype around cloud-centric new products like Google's new Chrome OS or the iPhone.
When you decide to move your data into the cloud, there are a few gotchas you should know about.
Full Story: LifeHacker
07/19/2009 03:25
The complexity of today’s IT environment makes it easy for computer malware to exist, even flourish. Being informed about what’s out there is a good first step to avoid problems.
The 10 faces of computer malware
With all the different terms, definitions, and terminology, trying to figure out what’s what when it comes to computer malware can be difficult. To start things off, let’s define some key terms we’ll use throughout the article:
- Malware: Is malicious software that’s specifically developed to infiltrate or cause damage to computer systems without the owners’ knowledge or permission.
- Malcode: Is malicious programming code that’s introduced during the development stage of a software application and is commonly referred to as the malware’s payload.
- Anti-malware: Includes any program that combats malware, whether it’s real-time protection or detection and removal of existing malware. Antivirus and anti-spyware applications and malware scanners are examples of anti-malware.
It’s important to remember that like its biological counterpart, malware’s number one goal is reproduction. Damaging a computer system, destroying data, or stealing sensitive information are all secondary objectives.
Full Story: TechRepublic
06/24/2009 10:55
Information you can use
Make Prettier URLs with Apache's Mod Rewrite
By
Sukrit Dhandhania
We've discussed how to use the Apache module mod_rewrite to rewrite URLs in a previous article. I showed you how to setup URL rewriting using Apache and how to use it to forward a user from one web location to another. That was a pretty straightforward exercise. Now it's time to try out something a little more fancy. Let's look at how to use mod_rewrite to make prettier URLs for your web applications
. Many websites on the web today make the use of dynamic URLs. It's quite likely that you have come across a web link that looks something like this - http://www.example.com/library/bookinfo.php?section=biology&bookid=4856. I'm referring to the section of the URL after the question mark. This is where the web application passes on information gathered earlier, quite likely using a form of some type. If you have a web application or a content management system that churns out URLs like this one, you can use Apache's ability to rewrite URLs to make it look a lot easier on the eyes, like this: http://www.example.com/library/biology/4856. Other than being better too look at, these cleaner URLs are also pretty useful for search engine optimization.
Full Story: webreference
06/22/2009 06:00
Fraudulent sales of avast! products
Beware, Mateys, of Pirated 'Avast!' Software
by Neil J. Rubenking
ALWIL software's avast! antivirus is one of several free solutions that I frequently recommend. Lately I've been getting a slew of messages from readers complaining that avast! is not actually free.
At first I figured these readers had simply mistaken the professional edition's 30-day trial for the actual free utility. It turns out, though, that there's a darker explanation--avast! is frequently pirated. Aaargh!
Worldwide operations manager Justin Bellinger said that ALWIL has a problem with rogue web sites illegally selling avast!'s free antivirus. Apparently a Google search for avast! will often turn up one of these rogues. ALWIL works to shut them down, but before long another rogue site pops up. They have an entire web page devoted to the problem: Fraudulent sales of avast! products.
So how do you navigate these treacherous waters, avoid pirates, and come home with the treasure of a free antivirus? Simple! Go directly to www.avast.com and download avast! Home Edition. If nobody buys from the pirate sites their income will dry up and they'll go back to swabbing the decks and singing sea chanteys.
Originally posted on the PCMag.com security blog, Security Watch.
05/26/2009 05:30
So the glass is 10% full then?
90 Percent of E-mail Is Spam, Symantec Says
By Robert McMillan, IDG News Service - Tue May 26, 2009 5:50PM EDT
Spammers seem to be working a little bit harder these days, according to Symantec, which reported Tuesday that unsolicited e-mail made up 90.4 percent of messages on corporate networks last month.
That represents a 5.1 percent increase over last month's numbers, but it's nothing out of the ordinary. For years, spam has made up somewhere between 80 percent and 95 percent of all e-mail on the Internet.
Symantec reported that nearly 58 percent of spam is now coming from so-called botnets --networks of hacked computers that can be misused by criminals to steal financial information, launch attacks or send spam. The worst of the spamming botnets -- called Donbot -- generates 18.2 percent of all spam, according to Symantec.
Full Story: Yahoo! Tech
