Archive for vulnerability

[hackersmag] Whou can you do to defeat SSL BEAST

Posted in AbhishekKr, security with tags , , , , , on November 14, 2011 by abhishekkr

@ hackersmag.blogspot.com [23-September-2011]

http://hackersmag.blogspot.com/2011/09/beast-beating-ssl-tls-what-you-can-do.html

B.E.A.S.T.?
What It Does?
Point-to-Note!
Security Measures until F!XED…..
Something you should already be doing, if not start now…
To get a more detailed insight at the exploit Paper & Code, get your hands over…..
What to do at Server Side…..

…..click here to read in detail

 

Advertisements

[tekwalk] Scanning VoIP Service for SIP-based Vulnerabilities

Posted in Blogroll, security with tags , , , , , , on March 5, 2011 by abhishekkr

http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/app-security-scanning-voip-service-for.html

Scanning VoIP Service for SIP-based Vulnerabilities
(the version details and product specifcs belong to 2010)
Task Detail:
Scanning the state of SIP implementation in VoIP Service.

Background:
SIP (Session Initiation Protocol) is a popular protocol used for…..

Execution Method:
Attackers are actively seeking exposed PBX systems to launch Phishing Scams & route fake calls.
In recent years scams have evolved to include SMS Solicitations…..

…..click here to read the full blog-post

[tekwalk] Security Analysis of WiFi implementation WPA2-AES

Posted in Blogroll, security with tags , , , , , , , on March 5, 2011 by abhishekkr

http://tekwalk.blogspot.com [26-Jan-2011]

http://tekwalk.blogspot.com/2011/01/net-security-security-analysis-of-wifi.html

Security Analysis of WiFi implementation WPA2-AES

Background:
WiFi has several vulnerable protocols still in use for backward compatibility. There have been new updates made available for the WiFi implementations, but still they all can be exploited in some way.

Execution Method:[] The best WiFi setup you can have is WPA2-AES, its the most secure but not hacker-proof…..

…..click here to read fill blog-post

[tekwalk] all need Authentication, most need Domain Controllers ‘n hackers love it

Posted in Blogroll, security with tags , , , , , , , , , on January 20, 2011 by abhishekkr

@ tekwalk.blogspot.com [19/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-all-need-authentication-most.html

[security] all need Authentication most need Domain Controllers ‘n hackers love it

Domain Controllers are devices responsible for maintenance of data about all corporate user accounts, software resources and user ACLs. So, specific vulnerability assessment was required for them. We were…
………

…clikc here to read full blogpost

[tekwalk] Internal Network Scan : major NeXpose work

Posted in Blogroll, security with tags , , , , , , , , on January 20, 2011 by abhishekkr

@ tekwalk.blogspot.com [19/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-internal-network-scan-major.html

[security] Internal Network Scan : major NeXpose work

Even if a network has strong intrusion detection and prevention mechanism implemented, it is as safe as machines present within the network. If any network device within the network is infected with…
………

…clikc here to read full blogpost

[tekwalk] sometimes dumbest try hits hardest, our lovely ‘Port Scan’

Posted in Blogroll, history & technology, security with tags , , , , on January 19, 2011 by abhishekkr

@ tekwalk.blogspot.com [17/Jan/2011]

http://tekwalk.blogspot.com/2011/01/security-sometimes-dumbest-try-hits.html

[security] sometimes dumbest try hits hardest, our lovely ‘Port Scan’

even the………….
almost every Network Techie knows its importance and ways to secure them,
still everyone does leave a gap or even if no gap is left… its too hard to make network services hide their basic instincts and leave no trace…
…click here to read full blog-post

[hackersmag] Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

Posted in AbhishekKr, Blogroll, security with tags , , , , , , , , on December 29, 2010 by abhishekkr

@ hackersmag.blogspot.com [29-Dec-2010]

http://hackersmag.blogspot.com/2010/12/weak-excuses-after-weak-security.html

Weak Excuses after Weak Security :: Mozilla’s user a/c on Public Server

On Dec-17-2010, Mozilla was reported about availability of its user-accounts (partially, which were used on addons.mozilla.org) over a public server.

They have projects like Firefox (super famous web-browser), NSS (one of the most famous libraries for developing secured client-server application), and more… if an organization like them do a mistake like this, oh yeah… hackers paradise

it’s how they defend themselves…
database included 44,000 inactive accounts using older
but don’t you think… even inactive users on a site deserve their privacy, and if they were inactive and not important then……….

…click here to read full blogPost