Archive for flaw

[hackersmag] Whou can you do to defeat SSL BEAST

Posted in AbhishekKr, security with tags , , , , , on November 14, 2011 by abhishekkr

@ hackersmag.blogspot.com [23-September-2011]

http://hackersmag.blogspot.com/2011/09/beast-beating-ssl-tls-what-you-can-do.html

B.E.A.S.T.?
What It Does?
Point-to-Note!
Security Measures until F!XED…..
Something you should already be doing, if not start now…
To get a more detailed insight at the exploit Paper & Code, get your hands over…..
What to do at Server Side…..

…..click here to read in detail

 

Advertisements

[tekwalk] MySQL server retains old credentials

Posted in AbhishekKr, security with tags , , , , , , on November 14, 2011 by abhishekkr

@ tekwalk.blogspot.com [5-September-2011]

http://tekwalk.blogspot.com/2011/09/while-trying-re-configuration-of.html

When I tried setting up a new password for ‘root’ using ‘mysqladmin’, it raised an error. Some random troubleshooting showed it still had earlier-installation’s root credential working for it.

For time being, got a work-around fixing the problem…

…..click here to read in detail

[technopast] Social Engineering : an old real case; courtesy: Art Of Deception

Posted in Blogroll, history & technology, security with tags , , , , on January 19, 2011 by abhishekkr

@ technopast.blogspot.com [18/Jan/2011]

http://technopast.blogspot.com/2011/01/social-engineering-old-real-case.html

Social Engineering : an old real case [courtesy: Art Of Deception]

Its a real incident of Social Engineering, in 1978 ‘Stanley Mark Rifkin’ was working under contract for ‘Security Pacific’. He was there to develop a backup system for wire-room system’s data. This role gave him authorities to access all transfer procedures. He knew bank officers were authorized to order wire transfer where they had a closely guarded ‘daily code’ to use while calling the wire-transfer room.

…click here to read full blog-post

[tekwalk] prying ‘ears’ at ‘get-some-fresh-air-spots’ near office

Posted in Blogroll, security with tags , , , on January 19, 2011 by abhishekkr

@ tekwalk.blogspot.com [17/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-prying-ears-at-get-some-fresh.html

[security] prying ‘ears’ at ‘get-some-fresh-air-spots’ near office

the first task…

……….

I don’t pry around, just go to tea-stall outside my office with my friends… and still get to know some internal details of other organizations ‘cuz they are chattered by a person standing next to me

…click here to read full blogpost

[hackersmag] Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

Posted in AbhishekKr, Blogroll, security with tags , , , , , , , , on December 29, 2010 by abhishekkr

@ hackersmag.blogspot.com [29-Dec-2010]

http://hackersmag.blogspot.com/2010/12/weak-excuses-after-weak-security.html

Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

On Dec-17-2010, Mozilla was reported about availability of its user-accounts (partially, which were used on addons.mozilla.org) over a public server.

They have projects like Firefox (super famous web-browser), NSS (one of the most famous libraries for developing secured client-server application), and more… if an organization like them do a mistake like this, oh yeah… hackers paradise

it’s how they defend themselves…
database included 44,000 inactive accounts using older
but don’t you think… even inactive users on a site deserve their privacy, and if they were inactive and not important then……….

…click here to read full blogPost

[hackersmag] bypass user level restrictions, bug-case in ‘Scribd.com’

Posted in AbhishekKr, ABK Labs, security with tags , , , , , , , , , , on December 21, 2010 by abhishekkr

@ hackersmag.blogspot.com [21/Dec/2010]

entry@Blogpost: http://hackersmag.blogspot.com/2010/12/bypass-of-user-level-restrictions-case.html

view-video@Youtube: http://www.youtube.com/watch?v=g-ETsFjRhqs
access-video@Vimeo: http://vimeo.com/18020569 [view/download original nice resolution video here]

bypass of user level restrictions, a case of bug in ‘Scribd.com’

So, here is a bug (which  has now been fixed) in Scribd.com… that allowed users to get a local copy of documents which were devoid of download and print options.

It’s how layered limitation can be broken, and why restrictions must be implemented root-level-up and not just as user-level module.

…click here to read full blog-post and view real-case video

[hackersmag.blogspot.com] only few domains DNSSEC protected, WHAT ABOUT YOU

Posted in Blogroll, security with tags , , , , , , , , , , , , , , on December 20, 2010 by abhishekkr

@ hackersmag.blogspot.com [17/Dec/2010]

http://hackersmag.blogspot.com/2010/12/only-org-and-net-domains-under-dnssec.html

Are you protected with DNSSEC:
[] in mid-2010, DNSSEC got deployed over ‘root-DNS-server’ and ‘.org’ domain
[] on 10-Dec-2010, Verisign deployed DNSSEC in ‘.net’ zone too
{securing more than 13million registrations online}
[] preparations are up to sign the ‘.com’ zone in first quarter of 2011

Verisign has even launched a cloud based DNSSEC implementation service to ease its implementation in organisations…

…click here to read the full post