SECURITY
Change page: < 1 2 3 4 5 6 >  |  Displaying page 1 of 6, items 1 to 40 of 212.
Cisco Linksys X3000 - The Link to Connectivity
Cisco's Linksys X3000 modem router sits itself among the higher-end, slightly more premium range of devices -- and prices just similarly. Being up at the top means you're usually having a lot to offer, which means there's a lot for us to expect from the X3000 as well.
Protect your passwords (Part 3)
The most immediate way to use usernames and passwords saved in the KeePass database is to click on one, then click its URL in the lower pane of the user interface to bring up the relevant login page, and finally drag and drop the username and password into the input fields of the website.
Protect your passwords (Part 2) - KeePass
More importantly, it's open source. Where your passwords are concerned, this is a good idea because it means that anyone can inspect the source code, compile their own executable and be sure that no keylogger or malware is lurking and skimming off their credentials.
Protect your passwords (Part 1)
Analysis of cracked passwords has revealed that some are more popular than others. Believe it or not, ‘123456' is the world's most popular password, followed by 'password' and the username. In July 2011, Hotmail actually banned the password ‘123456'.
Mobile Viruses the risk keeps growing (Part 2) - iOS Apps in the Sandbox & Check App Authorisations
Apple’s method of isolation provides a measure of security: iOS only identifies the ‘root’ and ‘mobile’ user levels. Apps in a sandbox run on the ‘mobile’ level with limited rights: they may neither access other apps, nor change the kernel or start privileged processes that can’t be ended by iOS at any point to clear out memory.
Mobile Viruses the risk keeps growing (Part 1)
Mobile malware writers celebrated their first huge success in March this year: security experts found more than 50 unsafe apps in the Android market, which had infected about 200,000 devices within a few days.
Firewalls: Protection or Deception?
A firewall basically shuts down almost all the ports, in order to prevent unwanted packets from getting into the PC. The data packets can only use the ports that have been explicitly approved. So something like the most well known port (80), which carries all HTTP packets, must be open for the browser, otherwise you won’t be able to surf at all – and this is exactly where the firewall’s biggest problem lies.
Encrypt Your Entire Hard Drive with FileVault
If you're seriously concerned about privacy or you work with a lot of confidential files on your Mac, you might want to consider using FileVault. FileVault encrypts your entire hard drive, allowing file access only to users with the right password or access key.
AVG Internet Security 2012
AVG’s antivirus engine uses four detection techniques: signature, polymorphic, heuristic and behavioural. The last two are similar, both looking at software behaviour to determine whether it’s malicious.
Unravelling the mobile security conundrum
What do you look for in a mobile phone? As well as the ability to make calls - and no-one really cares about that - the modern smartphone hosts a standard feature set: email, a web browser and multimedia capability.
Three rising cybercrime threats
Just when you think you've safeguarded yourself from electronic security risks, along comes a new exploit to keep you up at night John Brandon explains three up and coming threats, and how to beat them
2012: the year of the mobile threat
Smartphones will become more dominant in 2012 and beyond, leaving PC shipments in the dust. That will bring big benefits but also big risks.
DrayTek Vigor 3200n
A working internet link is crucial to most businesses, so it is sensible to have access to multiple connections. In case of the main DSL wide area network (WAN) crashing, a prepared link will keep the business online.
What the cyberhackers do with your personal information
When the online shopping store Zappos announced to its customers that names, email addresses, invoices and delivery address as well as phone numbers and the last 4 digits of their credit cards could be exposed in a data leakage in January, it emphasized that “credit card information and important payment data weren’t affected or accessed.”
Multifaceted Tests : Attempting Server-Side Includes (SSI) Injection Systematically, Attempting Log Injection Interactively & Attempting LDAP Injection Interactively
If an application does not carefully handle user input before adding it to LDAP queries, a malicious user can modify query logic to authenticate herself without knowing any credentials, get access to sensitive information, and even add or delete content.
Multifaceted Tests : Attempting XPath Injection Interactively & Attempting Server-Side Includes (SSI) Injection Interactively
XML Path Language (XPath) injection is an attack similar to SQL injection that is a potential vulnerability when sensitive information in an application is stored in XML files rather than in a database.
Multifaceted Tests : Attempting Command Injection Interactively & Attempting Command Injection Systematically
Command injection is a method that an attacker can use to execute arbitrary commands on the target server. An application is vulnerable to command injection if it takes input from untrusted sources and inserts it into commands sent to the underlying operating system without proper input validation or output encoding.
Multifaceted Tests : Attempting PHP Include File Injection Interactively & Creating Decompression Bombs
A decompression bomb is a compressed file that is very small but expands to a disproportionately large amount of data. This recipe will discuss how such decompression bombs can be created.
Programming .NET Components : Addressing Other Security Issues
A partially trusted assembly can still implement interfaces defined in a strongly named assembly, because interfaces have no implementations to protect and the compiler doesn't change their definitions.
Programming .NET Components : Principal-Based Security
.NET component-based security isn't a cure-all. There is still a need to verify that the user (or the account) under which the code executes has permission to perform the operation.
Programming .NET Components : Visual Studio 2005 and Security
Visual Studio 2005 has a few features that cater to code access security. First, it allows developers of ClickOnce applications to specify the permissions required for their ClickOnce applications.
Multifaceted Tests : Modifying Host Headers & Brute-Force Guessing Usernames and Passwords
Unless an application contains account lockout functionality, an attacker can attempt to log in by brute-force guessing common usernames and passwords. This typically involves brute-force guessing to find a list of valid usernames and then attempting to brute-force passwords.
Multifaceted Tests : Bypassing Field Length Restrictions & Attempting Cross-Site Tracing Interactively
In the target application, you may find an input field that could be vulnerable to stored XSS, but the server truncates the input to a number of characters that seems insufficient to carry out a meaningful XSS attack.
Multifaceted Tests : Making HTTP Requests Using XSS & Attempting DOM-Based XSS Interactively
One of the most powerful tools available to an attacker building an XSS exploit is being able to generate requests to the target website from the victim’s browser and being able to read the responses.
Multifaceted Tests : Stealing Cookies Using XSS & Creating Overlays Using XSS
XSS may seem like a mysterious attack when given the standard detection mechanism of inserting an alert box into a web page. When you find XSS in an application, you may be called upon to demonstrate why it is really a problem.
IIS 7.0 : Securing Configuration - Controlling Configuration Delegation
By default, all IIS configuration sections are declared in applicationHost.config. Each section declaration specifies whether or not this section is available for delegation, based on the Microsoft IIS team’s criteria for whether or not the configuration section is sensitive.
IIS 7.0 : Securing Configuration - Securing Sensitive Configuration
The information in the configuration files in the IIS 7.0 configuration hierarchy is protected by the restricted permissions specified by the NTFS ACLs on each file. These permissions should prevent unauthorized users from being able to access these files.
IIS 7.0 : Securing Configuration - Restricting Access to Configuration
Previous versions of IIS have used a centralized configuration store known as the metabase. IIS 7.0 abandons the metabase in favor of a new configuration system based on a hierarchy of XML configuration files, in order to provide for simpler deployment and more flexible management of the Web server.
Web Security Testing : Changing Sessions to Evade Restrictions & Impersonating Another User
Some applications will prevent attackers from frequently accessing a form or page. One of the ways to bypass these protections is to frequently request new session identifiers so that the attacker appears as many new users rather than a single malicious user.
Web Security Testing : Manipulating Sessions - Analyzing Session Randomness with WebScarab
If you are trying to make the compelling argument that your session IDs are weak, WebScarab makes a very nice presentation. While Burp has a stronger statistical method of determining session-identifier randomness, WebScarab makes patterns in session identifiers visually apparent.
Web Security Testing : Manipulating Sessions - Analyzing Session Identifiers with Burp
If the session identifier can be predicted, an attacker can steal the next user’s session and thus impersonate the user. Random, unpredictable session identifiers are crucial to the security of a web application.
Programming .NET Security : Extending the .NET Framework (part 2) - Defining the Key Exchange Deformatter
The Parameters property returns the parameters of the private key that will be used to decrypt the exchange data; create the result by using the ToXmlString method defined in the AsymmetricAlgorithm class
Programming .NET Security : Extending the .NET Framework (part 1) - Defining the Key Exchange Formatter
Our implementation of the ElGamal encryption functions exposes the "raw" algorithm; that is, unlike the Microsoft RSA implementation, our ElGamalManaged class does not format data prior to encryption.
Programming .NET Security : Programming Cryptographic Keys (part 3) - Key Exchange Formatting
The formatter class is responsible for preparing the session key data prior to encryption with the asymmetric algorithm.
Programming .NET Security : Programming Cryptographic Keys (part 2) - Using Key Persistence
These classes expose a feature of this API that allows asymmetric key pairs to be stored persistently by the operating system; the user does not have to remember the key parameters, which are protected by the Windows account password.
Programming .NET Security : Programming Cryptographic Keys (part 1) - Creating Keys
The simplest way to create keys is to use the functionality built into all of the .NET algorithm classes for both symmetric and asymmetric algorithms.
Deploying a Windows Server 2008 R2 Network Policy Server
The Windows Server 2008 R2 server role that handles NAP is the Network Policy Server role. Installing this role on a server effectively makes it an SHV and an Enforcement Server.
Understanding Network Access Protection (NAP) in Windows Server 2008 R2
NAP in Windows Server 2008 R2 is composed of a series of components that provide for the ability to restrict client access to networks through various mechanisms such as controlling who gets an IP address from a DHCP server or who issues an IPSec certificate.
Programming .NET Security : Cryptographic Keys Explained
When you use cryptography, you simplify problems by relying on your ability to manage secret keys correctly; in essence, you exchange one problem for another (protecting the key), which you expect to be simpler.
Windows Server 2008 : Transport-Level Security - Using IPSec Encryption with Windows Server 2008 R2
IP Security (IPSec), mentioned briefly in previous sections, is essentially a mechanism for establishing end-to-end encryption of all data packets sent between computers.
 
Top 10
Mobile Application Security : The Apple iPhone - Push Notifications, Copy/Paste, and Other IPC
Exploring the T-SQL Enhancements in SQL Server 2005 : The WAITFOR Command
Parallel Programming with Microsoft .Net : Parallel Aggregation - Variations
Optimizing an Exchange Server 2010 Environment : Analyzing Capacity and Performance
Programming .NET Security : Hashing Algorithms Explained
Sharepoint 2007: Specify Your Colleagues
Algorithms for Compiler Design: THE NFA WITH ∈-MOVES
Choosing The Right Parts For Your Build (Part 1) - Picking the perfect processor
Choosing The Right Parts For Your Build (Part 5) - Choosing your case & Picking the right storage
SQL Server 2008 : Leveraging the Microsoft Sync Framework
Most View
Legal Trouble with Social Networks (Part 1)
The choices of mobile computing for SOHO users (part 2)
Infrastructure Security: The Application Level
Sharepoint 2007: Create a New List Item
SQL Azure Data Access
Getting Started with MySQL Enterprise & MySQL Enterprise Components
iPhone Application Development : Using Advanced Interface Objects and Views - User Input and Output
How to Protect Your Mobile Devices
Joomla! Blogging and RSS Feeds : Commenting anyone?
The Second BlackBerry Developers Conference Asia (Part 2)
Windows Azure : Understanding the Blob Service
Windows Server 2008 : Understanding the Identity Management for UNIX Components
Migrating from Legacy SharePoint to SharePoint Server 2010 : Using Visual Upgrade
Designing and Implementing Mobility in Exchange Server 2010 : Securing Access to ActiveSync Using Internet Security and Acceleration (ISA) Server 2006
SQL Server 2008 : Explaining Advanced Query Techniques - Creating CTEs
Configuring Server Roles in Windows 2008 : New Roles in 2008
Mass Effect Infiltrator
iPhone 3D Programming : Anti-Aliasing Tricks with Offscreen FBOs (part 1) - A Super Simple Sample App for Supersampling
Changes in Windows Vista Affecting SDI
Search for a File or Directory