Archive for the security Category

[hackersmag] HTTP Referer Spoofing, don’t get confused, don’t worry, Block or Avoid

Posted in AbhishekKr, security with tags , , , , , , , , on November 19, 2013 by abhishekkr

hackersmag.blogspot.in [30/Oct/2013]

http://hackersmag.blogspot.in/2013/10/http-referer-spoofing-dont-get-confused.html

HTTP Referer?
It’s an optional HTTP Request Header which can be set to URI to inform the WebServer the source URI which led the client to current URI.

Analytics Benefit:
It’s useful for Web content publishers for analysis sake as per which are the web portals that are attractive more visitors to that URI.

Security Benefit:
It has also been seen to be used as an extra layer of check by WebApps to confirm if the requested URI has been accessed via proper channels and respond accordingly.

HTTP Referer Spoofing ?

As other popular spoofing attack this doesn’t involve attacker trying to hide their identity.

…..
…..

Threat ?
There are potential 2 types of threats which arise from it:
…..
….. 
Solution ?
…..
…..
read full blogpost here
Advertisements

[hackers-mag] Snoop internal data, Info is already breaking out

Posted in AbhishekKr, Blogroll, security with tags , , , , , , , on July 3, 2012 by abhishekkr

hackersmag.blogspot.in [1/May/2012]

http://hackersmag.blogspot.in/2012/05/snoop-internal-netowrk-data-without.html

One day when I was creating a pastie for some DevOps related discussion, and filtering out the organization related data….. it just occurred to what all internal information just gets added with the long logs getting pasted online for help.

someone pasted this on 20-Mar-2012 at pastebin.com

Data provided by Pastebin.com – Download Raw – See Original
  1. [root@fennel ~]# telnet puppet 8140
  2. Trying 192.168.30.147…
  3. telnet: connect to address 192.168.30.147: No route to host
  4. telnet: Unable to connect to remote host: No route to host
  5. [root@fennel ~]# ping puppet
  6. PING puppetmaster.virtual.office.assanka.com (192.168.30.147) 56(84) bytes of data.
  7. 64 bytes from puppetmaster.virtual.office.assanka.com (192.168.30.147): icmp_seq=2 ttl=64 time=0.872 ms
says nothing much except probably ‘assanka.com‘ uses Puppet with PuppetMaster atpuppetmaster.virtual.office.assanka.com with 192.
…..click  here to read full post

[hackersmag] (Adios Censorship, Hola ODDNS) Internet Censorship: state & solution

Posted in ABK Labs, Blogroll, security with tags , , , , , , , , , , , , , , , on April 11, 2012 by abhishekkr

hackersmag.blogspot.com [20/Nov/2011, updated 11/April/2012]

http://hackersmag.blogspot.in/2011/11/adios-censorship-hola-oddns-internet.html

…..more….
They started with shutting down (supposed to be) bothering web portals, forcing them to change contentand even leak information about their users. When they found out they can’t (without any controversy) dominate all web services around the globe. They started taking DNS servers under control.

 InteXnet CensoXship
…..more….
So, the problem why DNS Servers can be controlled currently is because of their structure.
DNS Servers have a tree-like hierarchical set-up.
It has few Root DNS Servers at the top, which contain the entire Internet Domain Name registration database and its relative IP. These are maintained by independent agencies, but maximum of those reside in U.S. and few others distributed over globe.
…..more….
 Now, that is the main problem with this….. its based on a money exchange system architecture. You either mine namecoins for a domain name or buy them.

Jimmy Rudolf is out with ODDNS : Decentralized and Open DNS. It removes intermediaries dns servers from the scene removing their crippled dns resolutions.

…..click here to read full original post on how DNS works, how Censorship works over DNS, and how P2P-DNS could bypass that

[hackersmag] facebook blocks spam URLs, but there method looks useless

Posted in ABK Labs, Blogroll, security with tags , , , , , , , , , , on April 11, 2012 by abhishekkr

hackersmag.blogspot.com [31/March/2012]

http://hackersmag.blogspot.in/2012/03/facebook-blocks-spam-urls-but-there.html

to bypass such a system is real real easy… just get a link redirected from any in the batch of URL Shorteners, Page Translaters, Proxy or….. Simple get up a new machine on cloud and get it to bounce the URL back to desired URL.

Even if FB’s awesome team succeeds in blacklisting in ever growing services of proxy and url-shorteners.
This technique of theirs wouldn’t be able to catch your newly specially launched service before you a some decent response time.

…..click here to find out what could correct it AND read full original post

[hackersmag] Social Engineering ~ Eden Guide to Hacking

Posted in AbhishekKr, security with tags , , , , , , , on November 14, 2011 by abhishekkr

@ hackersmag.blogspot.com [3-October-2011]

http://hackersmag.blogspot.com/2011/10/eden-guide-to-hacking-httpsgithub.html

@github…..Active_Recon/article2_Social_Engineering.txt

Most creative non-technical hacker practice known to mankind.

a.) It’s Art of Communication with People for ‘Information Leakage‘.

You have a ‘Victim’ identified by now and…..

…..click here to read in detail

 

[hackersmag] Whou can you do to defeat SSL BEAST

Posted in AbhishekKr, security with tags , , , , , on November 14, 2011 by abhishekkr

@ hackersmag.blogspot.com [23-September-2011]

http://hackersmag.blogspot.com/2011/09/beast-beating-ssl-tls-what-you-can-do.html

B.E.A.S.T.?
What It Does?
Point-to-Note!
Security Measures until F!XED…..
Something you should already be doing, if not start now…
To get a more detailed insight at the exploit Paper & Code, get your hands over…..
What to do at Server Side…..

…..click here to read in detail

 

[hackersmag] Open Intelligence Gathering ~ Eden Guide to Hacking

Posted in security, Uncategorized with tags , , , , , , , on November 14, 2011 by abhishekkr

@ hackersmag.blogspot.com [13-September-2011]

http://hackersmag.blogspot.com/2011/09/open-intelligence-gathering-for-passive.html

@github…..chapter4_Reconnaissance/section0_Passive_Recon/article0_Open_Intelligence_Gathering.txt

|
 |[+] What Is Open Intelligence?
 |
 |[+] Legal Documents Got Them
 |
 |[+] Search Engines Sort Them
 |
 |[+] Web Activity Caught Them
 | |
 | |[+] You Blog/Comment
 | |[+] You Socialize.....

…..click here to read in detail