ninja iptables for your server
Security is often about layers on top of layers on top of layers... And one of these layers is usually an iptables firewall installed in your server. Let's create a small script to provide our server with the kung-fu fighting techniques needed to defeat the black hats!!
Popularity: 3% [?]
Elastic Path Embedded Cross Site Scripting
Elastic Path is a Java e-commerce software platform for building online stores and shopping carts. This software is used by businesses to manage their e-commerce. Features such as a search engine, merchandising, payment, tax, customer management, order management, etc. are included in the Elastic Path manager.
Elastic Path 5.0 has been identified to be vulnerable to an embedded Cross Site Scripting attack that could allow an attacker to gain unauthorised access to the Elastic Path Commerce Manager and obtain administrative privileges.
The embedded XSS vulnerability was identified in the ‘First Name’ and ‘Last Name’ fields when viewing user’s details. An attacker could inject JavaScript into these fields in any e-commerce application that uses Elastic Path to manage their application and this would be executed by the Elastic Path manager when an administrator views this particular user’s details.
This vulnerability could be exploited in large number of ways; such as session hijacking, key logging or social enginering, the main limitation would be the creativity of the person performing the attack.
Elastic Path have addressed this vulnerability and implemented a fix in version 5.1.1
The full security advisory can be found here: [1]
Popularity: 3% [?]
runningserver: hello? anybody out there?
I have created a small ruby script to check if there are running servers on a given port number. The script is able to check a list of hosts and will output an informational message on the port status for each host.
Let's begin with the script. Then we can talk about the work it does.
Popularity: 3% [?]
icmp timestamps
The Timestamp is an ICMP (rfc792) message which is used for time synchronization. The Timestamp Reply message consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp.
If your machine answers ICMP Timestamp messages an attacker can learn the date which is set on your machine. This may help him to defeat all your time based authentication protocols.
Popularity: 4% [?]
install auditor in your hard drive
Auditor is a knoppix-based linux distribution full of network auditing tools. The main drawback is that it is unable to boot from a firewire cd-rom, so if you have one, you need to install Auditor on your hard drive.
You need some tricks to make it work.
Popularity: 3% [?]
Hello world!
Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
Popularity: 2% [?]