SON SON

These days criminal enterprises don’t just want to steal your Outlook contact list, they want to own your computer, and they will download a remote-access Trojan horse at the first available opportunity. Within the last six months, Symantec has seen the number of these “bot” infections increase 29 percent over the previous six months. That’s …

Fedora 7 was released last week, a little bit behind schedule, with a spate of new features, updates, and live CD installable “spins” of Fedora in KDE and GNOME flavors. I found a lot of good in this release, but a bug in the FireWire stack that attacked my external backup drive made this release just a little shy of perfect. Fedora 7 offers several ISO images for installation — a live CD with GNOME, a live CD with KDE, and a regular ISO for users who want to do server installations or customized installs. This is the first Fedora release to provide a single image for desktop users, a la Ubuntu, and it has turned out well. I installed the GNOME live CD on my IBM ThinkPad T43. The installation required answering questions about partitions and time zone, and providing a root password. After reboot, the post-install wizard asked …

SQL Injection merupakan teknik hacking paling populer pada aplikasi web dengan prinsip melewatkan perintah-perintah SQL lewat aplikasi web untuk dieksekusi oleh database back-end. Kelemahan akan muncul apabila inputan user tidak disaring/difilter dengan sempurna dan akhirnya dieksekusi. Mengidentifikasi kelemahan SQL Injection akan melibatkan proses auditing aplikasi web secara keseluruhan, cara paling ampuhdan efektif menurut security-hacks.com adalah dengan menggunakan SQL Injection Scanner. Beberapa diantaranya: SQLIer: mengambil URL yang vulnerable dan mencoba mendapatkan semua informasi untuk mengeksploit kelemahan tanpa membutuhkan interaksi user. SQLbftools: kumpulan tools untuk memperoleh informasi MySQL dengan menggunakan teknik Blind SQL Injection. SQLNinja: tool yang memanfaatkan kelemahan SQL Injection pada aplikasi web berbasis Microsoft SQL Server sebagai database back-end. Lainnya: SQL Injection Brute-forcer SQLBrute BobCat SQLMap Absinthe SQL Injection Pen-testing Tool SQID Blind SQL Injection Perl Tool SQL Power Injection FJ-Injector Framework Automagic SQL Injector NGSS SQL Injector

Apakah Anda tertarik dengan bisnis ISP? Atau barangkali sudah memulai bisnis tersebut tetapi masih banyak kendala teknis dalam pengoperasiannya. Kali ini Google menawarkan kerjasama bagi ISP, portal maupun Service Provider yang tertarik dengan layanan Google Apps. Program ini bertajuk Partner Edition yang memungkinkan ISP untuk memberikan fasilitas pada client seperti Gmail, Google Calendar, dan Google Docs & Spreadsheets tanpa perlu khawatir soal hosting, updating, atau maintaining. Satu hal yang diperlukan hanya point dan click pada admin control panel untuk mengatur tampilannya saja. Dan Anda bisa mulai berhenti menghabiskan sumber daya dan waktu pada berbagai aplikasi seperti webmail, cukup serahkan semuanya pada Googleplex (Googleplex adalah nama lain dari kantor pusat Google di Mountain View).

Posting singkat tentang vulnerable pada situs Google yang bisa dimanfaatkan oleh phiser untuk memanen username+password calon korbannya! Beware of phisers! Link: Google phishingUpdate: Bingung?? Jika Anda mempunyai account Google Adsense dan mendapati email yang seolah-olah berasal dari Google yang meminta Anda mengupdate informasi personal Anda, kemudian di bagian bawah email itu disertakan link seperti di atas (Anda pasti tidak mengira kalau itu akan mengarah ke fake login page) … Lihat variabel akhir link di atas: “adurl=%68%74%74%70%3A%2F%2F%67%69%73%74%2E%61%70%2E%6E%69%63%2E%69 %6E%2F%61%64%73%65%6E%73%65%2F%6C%6F%67%69%6E%2F%65%6E%5F%55%53″ Itu merupakan bentuk lain dari URL “http://gist.ap.nic.in/adsense/login/en_US/” yang telah diencodekan ke dalam hexadesimal, karena tanpa diencodekan tidak akan bisa berfungsi. Itu adalah salah satu redirect vulnerable pada situs Google, maka hati-hati terhadap email seperti itu, Google biasanya menggunakan secure http protocol (https) untuk keperluan mengupdate informasi personal dan hal penting lainnya.

This is a description of how to set up a secure tunnel between your MySQL Server and a locally running MySQL Administrator using Putty. By creating a secure tunnel to your MySQL server using Putty, you can grant localhost access to powerful applications like MySQL Administrator while at the same time, make your server appear as if it isn’t even there. In effect, make your MySQL server disappear from the outside world. You will need the following software: Putty MySQL Administrator When completed, you will not only have a secure connection between your remote MySQL Server and a local instance of MySQL Administrator but more so, you will open up all the functions and features of MySQL Administrator that are only available to instances running locally on the server itself. Step 1, Selecting a server connection profile in Putty Click on whichever connection name you wish to use for the …

Phishing is essentially a man-in-the-middle attack. The user is mis-directed, for example by social engineering or DNS-cache poisoning, to a fraudulent site. Because the user doesn’t understand how to validate SSL certificates (and who does?), the trick works far too often. Efforts such as Extended Validation certificates are bound to fail in many cases because they rely on inconsistent visual aids and not strong cryptography. One-time passwords alone have also proven to be vulnerable to real-time MITM attacks. To prevent phishing consistently requires strong mutual authentication – validating the host to the user and the user to the host. In this document, we will configure a JSP application to work with WiKID’s open-source one-time password and mutual authentication system. Here’s how it will work: when a user wants to login to the target site, they start the WiKID token client and enter their PIN. The PIN is encrypted by the …

This document will guide you on how to use a FreeBSD system as a wireless access point. This is intended to supplement the FreeBSD Handbook and not replace it. Getting FreeBSD to act as a wireless access point involves the following steps: Make sure your installation includes hostapd and named (BIND) Recompile your kernel for pf support pf is not the only way to do this, but I strongly prefer pf to the ipfw/ipfilter and have written the How-To to use it Configure NAT (and any firewall rules) Install isc-dhcp3-server Configure daemons and start them Hardware Requirements/Notes: One network card to connect to the upstream. This is the external network interface (ext_if). In this How-To it will be fxp0. Yours may differ. One wireless card to provide wireless services. I prefer Atheros-based cards, whatever FreeBSD supported card you have is fine, though (wifi_if). In this How-To it will be ath0. …

Ever notice that sometimes your sites take a while to load all the way because google’s urchin.js file is taking forever? You may recognize this problem when you see something similar to this in your browsers status bar “Transferring data from google-analytics.com…” Time To Setup? 4 minutes I got tired of seeing that all the time and so I set up an automated cronjob that runs every 12 hours and downloads the latest version from google, and saves it to my website directory, then I reference /urchin.js instead of http://www.google-analytics.com/urchin.js.. and my site loads a lot faster! Take a look at the source for this page if you want to see what is going on (look at the bottom) There are 2 pretty major things that you accomplish by hosting urchin.js locally You Enable persistant connections You ensure that the correct 304 Not Modified header is sent back to your …