A Trojan in Disguise….!!!

Cyber Security News, Information, Tips and Hacks

Well, it was first the Heartbleed bug which sent the whole world scrambling and put everyone in shellshock situation. Now it’s the supposed “Heartbleed Bug Detectors” making the rounds in emails and sites which instead go and steal your info. Record Keystrokes and capture screenshots. A Trojan in Disguise…

A Trojan in Disguise... A Trojan in Disguise…

Nearly two months have passed since news of the Heartbleed bug went public, but spammers continue to exploit fear of the now infamous OpenSSL vulnerability in order to deliver information-stealing trojans.

In a new, yet familiar spam campaign, emails that claim to come attached with a Heartbleed bug removal tool actually deliver an Infostealer trojan, according to a Symantec post, which explains that the trojan logs keystrokes and takes screenshots.

Several clues give the scam away, such as a subject line that is entirely unrelated to the remainder of the email, and how the Heartbleed bug is…

View original post 41 mots de plus

Par défaut

(Part 2) // Installing a SSL Certificate and don’t die while is trying to do it.

Carlos German Cruz

Okay, after receive some emails from the web hosting provider inmotionhosting.com, Today early, finally I have received the info with the RSA key…,
I will hide some train of chars by security reasons, the email looks like this:

Sin título-1

Usually you must think that the next step is more complex, wrong idea (in this case), …

The next step is only to open your panel (where you have bought the SSL certificate) and follow the next instructions:

https://www.namecheap.com/support/knowledgebase/article.aspx/794/67/how-to-activate-ssl-certificate

I know, I know, may be you can say something like: why you don’t explain everything here, under this post?, okay, the first answer is because the info « already exist »… in the link, only, you will need to re-use a link, and the second one reason is because is a little bit tired for me to think and write in english hehe … Usually I do one thing with 2 goals in mind.

View original post 100 mots de plus

Par défaut

Common web application threats

Buminda

Threat

Measures

SQL Injection : Appends existing SQL of the application , and generate unexpected queries.

Avoid dynamically generated queries. ( use parameterised queries ). Always use properly tested libraries to access DB.

OS Command Injection : Change applications OS command executions

Implement strict input validation.

XSS – Cross-Site-Scripting : Inject javascript or any other executable.

Dont allow <script> tags as input

Classic Buffer Overflow : Application allows copying of input buffers larger than output buffer.

Always check destination buffer is large enough to accommodate the source buffer.

Accessing restricted paths/files : Attacker constructs a file/directory path that is not intended to access.

Store sensitive files outside web-root and and secure them by granting permission only to authorized parties.

Missing authentication : Lack of sufficient authentication for critical functions.

Identify communication channels and authenticate for all. Identify and implement authorization for user groups . Avoid custom authentications or use single…

View original post 94 mots de plus

Par défaut

Gambaran Gaji Network Engineer | Faktor-Faktor Penentu Besaran Gaji

Agus Sasmito H

salary

Bicara bab pergajian, agak susah mematok pasti kalo gaji untuk posisi ini sekian. Ada beberapa faktor penentu yang bakal menentukan besaran gaji yang didapat pada posisi yang sama. Ambil contoh disini adalah Network Engineer yang di aliran saya sehingga barangkali nanti kalo ada yang tanya2 aku bisa jawab, kalo tanyanya gaji dokter hewan kan repot juga aku..haha.., Faktor-faktor itu mulai dari kemampuan perusahaan, kontribusi/tanggung jawab di perusahaan..dll…

Jadi teringat dulu di milis pernah bahas bab pergajian, salah satu jawaban yang menurutku menarik disitu adalah jawabannya om M. Syarifudin. Dia adalah orang network dengan pengalaman 7 tahun (kala itu). Begini nih bab besaran gaji dan faktor-faktor penentu di posisi Network Engineer….. cekidott… 

View original post 705 mots de plus

Par défaut