Configure your Windows XP system securely with Seconfig XP
What a great little freeware application. Seconfig is only 37K in size and can be right from the location that you decided to unpack it to. The freeware has three main functions: Restrict Lan-like access, Service settings and TCP/IP settings. You may disable netbios, SMB and RPC over TCP/IP in the first, those are major entry points for worms and hackers.
Top 100 Network Security Tools
Great list of the top 100 network security tools voted by 3243 users of the nmap-hackers mailing list. Every tool mentioned has a description, a homepage link to the developers, icons that tell you if it works on your system and if it costs money. All utilities belong to a category, you have the option to display every category. (like vulnerability scanners)
Six WiFi Security Myths
There have been lots of articles lately that explain how to secure a wireless network. Most of this articles contain at least one measure that is not enhancing security at all. This does not neccessarily mean that it is lowering the security on the other hand though. Let us take a look at the six dumbest ways to secure a Wirelss Lan.
SQL Injection Attacks by Example
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
Security without Firewalls discussion
You might remember that I wrote an article in late november called Beginners Guide to securing your pc. You might even remember that I suggested that there was no need for a desktop firewall at all. And you might even remember that I got some pretty bad comments about my suggestion in the comments section.
Ultra High Security Password Generator
If you´re ever in the need of a high security password the Ultra High Security Password Generator Website might be exactly what you´ve been looking for. Everytime you visit or refresh the website it will display three randomly generated passwords, one 64 random hexadecimal charakters password, one 63 random printable ASCII chars and finally a 63 random alpha-numeric characters password.
Avoid Web Filters with LogMeIn
LogMeIn is another service that gives you remote control over a computer. It uses a java applet that has to be executed be the computer that should be controlled and a website that gives you control over the computer (or more than one) with the applet. That means you don´t have to install software or use a usb stick to run programs on the other computer, you simply open a website and control the computer at home.
Secure VOIP by encrypting it with ZFone
A new public beta of Zfone has been released a few days ago for windows xp, linux and mac os x. Zfone uses a new protocol called ZRTP, which is better than the other approaches to secure VoIP. "(ZRTP) achieves security without reliance on a PKI (Public Key Infrastructure), key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world," Zimmermann explains.
Wireless Security: Attacks and Defenses
The article wireless security attacks and defenses begins with a example how people who are new to the wireless world run their wireless devices carelessly and thus invite others (with more knowledge) to exploit this weakness. Those people run for example wireless routers at factory defaults because they don´t know better, they think the device is safe the way it´s preconfigured.
SQL Injection Walkthrough
You might already know what sql injection means, in case you did not i post the definition of wikipedia:
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
How to check your system for rootkits
Rootkits have been in the press lately and it´s a good idea to be on the safe side and check your system from time to time to make sure it is not infected. I´am going to introduce two freeware utilities that scan your system and reveal rootkits if they are installed and running on your system.
Introduction Series Part 4: Cookies
Many people consider themselves to be very secure when they are surfing the internet and that very well may be true. However, there are some things that are often forgotten about. The one thing is the cookie. This is not speaking about the edible version with chocolate chips, but instead the file that a good many web sites across the internet that put onto your system that tell the site that you have visited before and what you have done.
Introduction Series Part 2: Adware
Adware is another issue that seems to be plaguing the entire world these days and that means that people need to be aware that this is nothing anymore safe then the standard spyware is. There are many that will tell you that adware is nothing more than an advertising venue for online companies but that is false. Through adware these companies are actually collecting data about you so they can target your computer with advertising that will come up in parts as pop up windows or the computer can actually be hijacked and then all of your search options are then transported through the adware so the results that they want to bring to you can be filtered.
How to scan your Linux-Distro for Root Kits
Ghacks is running on a linux rootserver. It should be fairly secure but there is always a chance that someone might get access to it and comprimise the system. One of the biggest threats is the installation of a root kit which will be used to access the system at a later time and clean tracks of logins that might have occured.
Microsoft expands anti-piracy program
Microsoft Windows users who are living in the U.S., U.K., Malaysia, Australia or New Zealand have to deal with Microsofts next step in their fight against piracy. A user who opted for automatic security updates will recieve the new anti-piracy tool which will install and ask for a reboot. After that reboot the license of your windows operating system is checked. You might see the following message:
Defeating Hardware Keyloggers
You probably read my article about the bank heist in London where the robbers used a hardware keylogger to recieve sensitive information that allowed them to perform wireless transfers. The bank made the decision to super glue every cable to the back of the personal computer making it impossible to add the keylooger between the keyboard and the computer
Password Security: What Users Know and What They Actually Do
The study "password security: what users know and what they actually do" was conducted by the department of psychology from the Wichita State University. The study investigated the common password generation practices of online users. All participiants took part in a survey querying (1) the types and number of different password protected accounts maintained; (2) actual practices used in generating, storing and using passwords; (3) practices believed they should use in generating and storing passwords; and (4) general demographic information.
Hardware Keylogger
This little device has apparently been used to pull of one of the greatest bank heist in history. You attach this device to the keyboard cable at the back of the pc and it´s able to record 130000 keystrokes. The bank robbers installed this device inside the bank and got access to Sumitomo Bank's wire transfer capability. With all the information at their hand they proceeded to transfer more than 400 million $ to various foreign accounts.