External
There are many instances when user input is needed. But allowing just any code to be passed can cause severe problems and lead to even the most annoying 10 year old script kiddie writing “PWND” all over website!
There a are some simple steps which you can take to prevent most of these.
This article will go over some of the fundamental XSS attacks and how to stop them.
It’s nice to see the developers of PHP had some fun while they worked.
If you add the code…
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
to the end of any URL that is a PHP page, you will see a funny picture on most servers. Also on April 1st (April Fool’s Day), the picture will replace the PHP logo on any phpinfo() page. If the PHP directive expose_php is set to be “off” in php.ini, then the PHP eggs will not show, but it is “on” by default, and many webhosting servers do not change it.
A serious TCP/IP Vulnerability known as “SockStress” has been found, exploited, and information released by a Security group called Outpost24.
This latest vulnerability not only has severe implications for many web masters, designers and programmers, but also affects routing servers and any system with TCP stack processes exposed to the outside world.
After the latest DNS poisoning vulnerability, webmasters seem on edge about how insecure the very foundations of the internet are (mainly due to being created before security was even thought of).
Sockstress is the name of the tool created by Outpost24, which they are still testing before releasing it. They have, however, walked through how the attack could be achieved in great detail. Some security experts have showed concern over how they handled the information released.
The sockstress attack seems to be limited to the TCP stack, but mixes several techniques to allow a very low-bandwidth hacker to deplete local resources (memory, swap file and even kernel file abuse). Just a few packets a second and a little amount of time are needed to take down a server. As little as nine packets and a few minutes are all that is suggested to be needed!
We are all aware of the threats faced while online or connected to the internet.
But think about the security problems that could arise if your laptop, flash drive or cds were stolen!
Physical theft is often overlooked when thinking about the security of your personnel details.
As security online increases and encourages secure passwords, they also get harder to remember.
As a result of this, many of us have files on our hard drive / flash drive / cds etc containing our login details and other sensitive information.
There are many reasons why this is a bad idea. The latest to grab the attention of the media is related to the new powers given to US Customs and Border Patrol, allowing any suspicious electrical device to be search and / or seized!…..
A friend of mine just sent me the URL to a flash game (for obvious reasons I will not share the link) which is part of a number of games with a price of 10.000 EUR in the end. One would believe that a game with such a price money is secure. Especially when the organising party is an internet provider.
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void (Default)
Life
Earth
Wind
Water
FireLightweight
Previous Entries
Last 50 Posts 
Back