Posts Tagged 'security'

Malicious Cryptography: Exposing Cryptovirology

• 
• 

Details

Category: Cryptography

Published on Wednesday, 16 March 2005 00:00

Written by Administrator

Hits: 7787

I start reading this book 2 days ago (135pages read of 412 pages), It is quite interesting, especially the chapter about pseudo-random generator quality and bias, Zero knowledge protocol, polymorphic virus body using relatively small algorithm (TEA)...It also propose some solutions but I did not reach this chapter...

Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. Malicious Cryptography: Exposing Cryptovirology Adam Young, Moti Yung ISBN: 0-7645-4975-8 Understand the mechanics of computationally secure information stealing Learn how non-zero sum Game Theory is used to develop survivable malware Discover how hackers use public key cryptography to mount extortion attacks Recognize and combat the danger of kleptographic attacks on smart-card devices Build a strong arsenal against a cryptovirology attack Preface by security expert Bruce Schneier (Pratical Cryptography a reference)

Todo list for securing Your Joomla/Mambo installation against hackers

• 
• 

Details

Category: Security

Published on Wednesday, 21 December 2005 00:00

Written by Administrator

Hits: 7666

A lot of Mambo/Joomla site has been hacked last week, since I've already help someone hardening an installation (mambo 4.5.2.3), I've decide to write a tutorial for the benefit of the open source community...

 Some steps are common sense while others are not.

But:

• Do not think that doing all steps below will protect You! nothing is secure in the computer world! or not very long...
• Do not think that after doing all steps below, Joomla will be as user friendly for You as before! we are restricting rights, changing some behaviours of the webserver, it will be more difficult to publish content, on the other side, articles and content will be safer.
• Security come always with a pain!.

Consider this page as a work in progress, feedback is as usual welcomed. Click read more for the article

Read more: Todo list for securing Your Joomla/Mambo installation against hackers

Upgrade to Joomla! 1.5.8 ASAP

• 
• 

Details

Category: News

Published on Tuesday, 11 November 2008 00:00

Written by Administrator

Hits: 4453

To stay secure and stable, stay up to date!

The Joomla Project has announced the availability of Joomla 1.5.8.

This release contains a number of bug fixes and two moderate-level security fixes and you would be well advised to upgrade to this version if you are running any other Joomla 1.5.x version. (Users of Joomla 1.0.x are urged to ensure they are running Joomla 1.0.15, but do not need to migrate to Joomla 1.5.8 immediately.

Joomla patches for SecurityImages 5 will follow in a few hours... (before 22:00 GMT+1)

Preventing SQL Injection Attacks on your Joomla! Websites

• 
• 

Details

Category: Security

Published on Wednesday, 12 November 2008 00:00

Written by Administrator

Hits: 8772

This article is extracted from:
Joomla! Web Security

Secure your Joomla! website from common security threats with this easy-to-use guide

Learn how to secure your Joomla! websites Real-world tools to protect against hacks on your site Implement disaster recovery features Set up SSL on your site Covers Joomla! 1.0 as well as 1.5

For more information, please visit:
http://www.PacktPub.com/joomla-web-security-guide/book

Joomla!, a very popular content management system (CMS) is as you may know an easy-to-deploy-and-use content management system. This ease of use has lent itself to rapid growth of both the CMS and extensions for it. You can install it on almost any host, running Linux or Windows. This highly versatile software has found itself in such lofty places as large corporate web portals, and humble places such as the simple blog.

Joomla! itself is inherently safe, but misconfigurations of the CMS, vulnerable components, hosts that are poorly configured, and weak passwords can all contribute to the downfall of your site. Hence, it's always better to ensure the security of your site.

In this article by Tom Canavan, we will take a look at how SQL injection attacks can occur to your Joomla website, how we can test for SQL injection attacks, and how to stop SQL injection.

Introduction

Mark Twain once said, "There are only two certainties in life-death and taxes." Even in web security there are two certainties: It's not "if you are attacked", but "when and how" your site will be taken advantage of.

There are several types of attacks that your Joomla! site may be vulnerable to such as CSRF, Buffer Overflows, Blind SQL Injection, Denial of Service, and others that are yet to be found.

The top issues in PHP-based websites are:

• Incorrect or invalid (intentional or unintentional) input
• Access control vulnerabilities
• Session hijacks and attempts on session IDs
• SQL Injection and Blind SQL Injection
• Incorrect or ignored PHP configuration settings
• Divulging too much in error messages and poor error handling
• Cross Site Scripting (XSS)
• Cross Site Request Forgery, that is CSRF (one-click attack)

Read more: Preventing SQL Injection Attacks on your Joomla! Websites

Be secure use the latest Joomla! version

• 
• 

Details

Category: News

Published on Monday, 08 June 2009 00:00

Written by Administrator

Hits: 8191

If you are running any of the following Joomla versions it might just be a matter of time before you too are hacked!

• Joomla! 1.5.0
• Joomla! 1.5.1
• Joomla! 1.5.2
• Joomla! 1.5.3
• Joomla! 1.5.4
• Joomla! 1.5.5
• Joomla! 1.5.6
• Joomla! 1.5.7
• Joomla! 1.5.8
• Joomla! 1.5.9
• And maybe to a lesser extent Joomla! 1.5.10

The latest, and most secure Joomla version is Joomla! 1.5.11 - and was released last week! Backup your site and database and just unpack the right Joomla! distribution now.

Joomla 1.5.13 Security Release Available

• 
• 

Details

Category: Security

Published on Sunday, 26 July 2009 00:00

Written by Administrator

Hits: 4685

The Joomla Project announces the immediate availability of Joomla 1.5.13 [Wojmamni ama baji]. This is a security release and users are strongly encouraged to upgrade immediately.
This release contains 26 bug fixes, two moderate-level security fixes and one low-level security fix. It has been 3 weeks since Joomla 1.5.12 was released on July 1, 2009. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

Statistics

Statistics for the 1.5.13 release period:

• Joomla 1.5.13 contains:
  • 7 issues fixed in SVN
  • 7 commits
• Tracker activity resulted in a net increase of 42 active issues:
  • 68 new reports
  • 19 closed
  • 7 fixed in SVN
• At the time the 1.5.13 release was packaged, the tracker had 188 active issues:
  • 89 open
  • 68 confirmed
  • 31 pending

Read more HERE

HOW to make your own patches for securityimages

• 
• 

Details

Category: SecurityImages

Published on Wednesday, 05 August 2009 00:00

Written by Administrator

Hits: 11777

Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding

1. Create a temporary directory c:\patch
2. Copy an existing patch distribution, under a new name
   For example, lets download Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip into c:\patch\ and copy it to c:\patch\Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
3. Download the latest full zip package of Joomla that target the patch (here 1.5.14), so I download Joomla_1.5.14-Stable-Full_Package.zip and save it in the same directory c:\patch\
   
4. Now download a free trial copy of Beyond compare from www.scootersoftware.com and install this great application
5. Select the 2 zip files, and right click “compare”
   
6. Now it is like a game, on the left side, you have you patch that need to be updated with the latest Joomla! core changes, just edit every file present on the left and update line that are new or changed till you are finished. Luckily there is only 14 files to merge
   
7. Test the result in a Joomla test instance.
   

I do this for you at each release of Joomla!

Hosts file protection

• 
• 

Details

Category: Spam

Published on Monday, 28 September 2009 00:00

Written by Administrator

Hits: 5558

The hosts file is a computer file used by an operating system to map hostnames to IP addresses. This method is one of several methods used by an operating system to locate network nodes on a computer network. Spybot Search and Destroy is using this technique when you click on immunize button behind the scene.

Found at http://someonewhocares.org/hosts/

Use this file to prevent your computer from connecting to selected internet hosts. This is an easy and effective way to

• protect you from many types of spyware,
• reduces bandwidth use,
• blocks certain pop-up traps,
• prevents user tracking by way of "web bugs" embedded in spam,
• provides partial protection to IE from certain web-based exploits
• blocks most advertising you would otherwise be subjected to on the internet.

There is a version of this file that uses 0.0.0.0 instead of 127.0.0.1 available at http://someonewhocares.org/hosts/zero/. On some machines this may run minutely faster, however the zero version may not be compatible with all systems.

This file must be saved as a text file with no extension. (This means it that the file name should be exactly as below, without a ".txt" appended.). Let me repeat, the file should be named "hosts" NOT "hosts.txt".

Read more: Hosts file protection

Secure, Safe, Fast Linux Hosting v1.6.0

• 
• 

Details

Category: Linux

Published on Friday, 11 March 2011 20:56

Written by Administrator

Hits: 5197

Here is the latest version of my growing mind map that will help you to secure your Linux box. While some node are clearly targeted toward Joomla!, you can still safely apply a lot of my recommendations to any LAMP (Linux, Apache, MySQL, PHP) server.

 

This mind map is an ongoing work, that is why it has also a version number in it (v1.6). As soon as I will learn new tricks, the mind map will be updated.

Added Crash – Kernel Panic / Password / Intrusion Detection / Joomla! links / PHP settings / mod security

New mind map are currently in development:

• Linux Compromised Server Checklist
• Linux Server What to monitor

By clicking read more, You'll be able to go through the checklist as text, or download the mind map as a PDF (2MB)

Read more: Secure, Safe, Fast Linux Hosting v1.6.0

Linux server Monitoring mind map

• 
• 

Details

Category: Linux

Published on Wednesday, 17 October 2012 22:11

Written by Administrator

Hits: 1461

I did create this mind map a while ago, and found it while going through my dropbox folders. Linux server Monitoring “You can't correct something you can't measure” is in version v 1.0.0

You’ll find in this mind map

What to monitor, how and the most useful commands to detect what happening on your Linux server.

Why a mind map?

A mind map is a diagram used to visually outline information. mind map help you take notes, brainstorm complex problems, and think creatively.

• Information are summarized efficiently to be usable and accessible,
• Inter-relationships are clear between the different concepts,
• It is the most flexible for organizing associative, divergent and convergent thinking (Convergent thinking involves aiming for a single, correct solution to a problem, whereas divergent thinking involves creative generation of multiple answers to a set problem),

Read more: Linux server Monitoring mind map