Join Akamai’s State of the Internet Report Webinar on 17th December

Akamai, the leader in Content Delivery Network earlier had released its State of the Internet Report with details about the health of the internet, traffic details based on various states and countries and also had categorised the internet traffic into various categories like attack traffic, traffic for news site, retail traffic etc. Akamai is now organizing a Webinar to discuss the state of the internet.

Akamai State of Internet

Image:Akamai State of Internet

Are you concerned about how Internet outages and related problems impact your customers’ ability to access your online business? Have you secured your Web sites against Denial of Service attacks? Do you factor in broadband adoption rates as you look to optimize performance of your online operations on a global scale?

Join Akamai, the market leader in managed services for powering rich media, dynamic transactions, and enterprise applications online, as they discuss the state of the Internet and its impact on the online industry. 

During this Webinar, David Belson, Director of Market Intelligence at Akamai, will lead an interactive discussion providing insights into:

Broadband Adoption Trends

Impact On Adoption of HD Video

Vulnerabilities in Core Internet Protocols

Attack Traffic Trends

Online Data Visualization Tools

When will this webinar take place?

This webinar will take place on December 17th 2008 and there will be two sessions: 7:30 pm Indian Standard Time (9.00 am EST) and 11:30 pm Indian Standard Time (1.00 pm EST)

How Much will this Event Cost?

This is a FREE event. There is no charge. Click here to register.

If you have any other questions regarding this webinar, do drop me a line and i will get back to you with an answer.

You can also follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Top 5 Security Peeve’s You Must Be Aware Of.

Most of the programmers ,deployment engineers and web surfers have a very casual approach when it comes to Security of the application. This post describes Top 5 Security Peeve’s referred to by such folks for whom security is secondary.

This post is an effort to remind you that Security should always be an important agenda in whatever application you develop and that Prevention is always better than cure and knowledge is the ultimate weapon in this age of Information Technology.

1.) Nobody would attack this: This is one of the most commonly heard reason for not building in enough security around the application. It would be interesting to know that as per a research, around 10 percent of the application owners usually never come to know that they have already been attacked. Recently an attacker was able to hack into a web application and insert malicious code inside the website’s javascript. This then caused Google to completely de-index the website. 

2.) Our Application is behind a secure Firewall: This is another most commonly heard Security peeve. Even if your application is behind a secure firewall, it doesnt mean you cannot be attacked. There are various kinds of attacks which can still be made, for example; SQL Injection Attacks. You can even learn to hack and also do a hacking practise on Ruby on Rails application to learn more about such attacks. 

3.) We haven’t coded that, we are re-using the Third Party Code: This is another often heard and most ignored of all Peeve’s. Its also interesting to note that most of us usually do use a lot of third party codes and re-usable code samples available freely over the internet. However, most of the developers, most of the times, never actually go and read the code behind those freely available samples and thereby imposing a security risk to the entire application using that bit of code. As a suggestion, i would say, always do read the code of the third party library to ensure that everything in it is as expected. This will also help you get rid of some of the annoying behaviour you might be noticing with your application since you started using the third party code.

4.) Our Development Methodology is Quality Focussed: Good that your development methodology is Quality focussed, but do have at the back of your mind that even if you focus on quality, security wont come attached. Defect free doesnt mean secure anymore in today’s world.

5.) I often use Free Wi-Fi at hotels, airports and coffee shops: If you are someone who uses free wi-fi at Hotels, Airports and Coffee Shops, ensure that you are enough protected. Have a good firewall, ensure that your OS is updated and you have an updated Antivirus and Spyware software. Free Wi-fi also brings with it free trouble if not administered properly. Also, its important you keep your Wifi protected so that you can ensure that your wifi doesn’t get used for illegal purposes.

You might also want to take another look at your Web Application Security Testing and also read Some Notes On Ethical Hacking

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Google Announces Release of “Browser Security Handbook”

At Technofriends, i have written multiple posts on Security and Hacking. Going forward with this, today in this post i will introduce you to the recently released Browser Security Handbook released by Google.

Security of Web Applications begins with Code and spans topics as complex as Networks to Web and Application servers to routers, gateways and Browsers. It’s also important to note that a thorough understanding of Full Browser Specific behaviour is important when considering security designs for Web 2.0 applications.

Browser Security is an important concept and must not be ignored at any cost.

Browser Security is an important concept and must not be ignored at any cost.

In order to make the life of a developer and other related to the task of Web Security Desigining somewhat easy, Google says

In hopes of helping to make the Web a safer place, we decided to release our Browser Security Handbook to the general public. This 60-page document provides a comprehensive comparison of a broad set of security features and characteristics in commonly used browsers, along with (hopefully) useful commentary and implementation tips for application developers who need to rely on these mechanisms, as well as engineering teams working on future browser-side security enhancements.

This Browser Security Handbook is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.

Although all browsers implement roughly the same set of baseline features, there is relatively little standardization – or conformance to standards – when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.

Browser Security Handbook is an interesting read and talks about Basic Concepts of a Web Browser, Standard Browser Security Features like same origin policy, third party cookie rules, content handling mechanism etc. It also talks about the experimental and legacy security features.

You can run a browser security test through ScanIt for testing the various bugs related to your browser.

Microsoft releases 6 Critical and 2 Important Security Patches

Microsoft has released 8 security patches yesterday. Out of the 8 security patches, 6 are critical and 2 are important patches. Below is the list of various security patches released by Microsoft. First 6 in the list are the critical patches and the rest are Important patches. These updates will be the part of Windows Updates. You can even Control Automatic Updates in Windows.

 

Microsoft.

Microsoft.

1.) Critical Vulnerabilities in Visual Basic 6 Runtime extended files: This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content.

2.) Security Vulnerability in GDI: This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3.) Security Vulnerability in Microsoft Office Word: This security update resolves eight privately reported vulnerabilities in Microsoft Office Word and Microsoft Office Outlook that could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file.

4.) Security Update for Internet Explorer: This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

5.) Security Vulnerability in Microsoft Excel: This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

6.) Security Vulerabilities in Windows Search: This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. 

7.) Security Vulnerability in Windows Media Components: This security update resolves two privately reported vulnerabilities in the following Windows Media components: Windows Media Player, Windows Media Format Runtime, and Windows Media Services. The most severe vulnerability could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

8.) Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege: This security update resolves a privately reported vulnerability. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.

 

Also ReadSome notes on Ethical Hacking

Hacking Ruby on Rails.

Gmail’s phishing alerts warns you of suspected messages.

Gmail’s Phishing alert service warns you whenever you get any message from a suspected source. These alerts are triggered to let the end user know that the message might not be from the person whom he claims to be in the mail. 

Being focussed on helping laymen become tech enthusiasts, i often write about critical topics which everyone needs to be aware of, in general to protect and secure themselves in the cyberworld.

Earlier, i wrote How not to get Phished,Learn from Phil the Fish and Learn more about Phishing which certainly helped readers understand the simple ways of protecting themselves. However, there still can be situtations when you are duped in such a way that you fall prey to such exercises. 

Whenever you get an email in your Gmail mailbox, Gmail does a virus check against it, runs it spam filters to see if it has indeed come from a spammer and also runs a Phishing alert service to alert the user if this is indeed a Phishing mail. 

Gmail Phishing Alert warns you of suspected messages.

Gmail Phishing Alert warns you of suspected messages.

The above figure clearly depicts how Gmail can help you stay safe from Phishing. However, have in mind that Gmail’s service can also be duped by some tricksters. 

Are there any ways to help me stay safe and not get Phished?

In general these are the basic steps you should be following to stay away from Phishing scams :

  • Always go through the URL of the website. A closer look at the URL can certainly give you clues with regards to the fraudulent websites.
  • Never reply to emails asking for your bank account number, internet user details etc. Remember NO BANK asks you for such information. If they do, CHANGE YOUR BANK.
  • The old saying “When in doubt, talk”, holds true here as well. If you are in a doubt about the email/website, just take the phone and call up the call center of the service to get an explanation on your doubt.
  • Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
  • Don’t open email attachments sent to you by strangers. Email attachments can have programs which can affect your computers once opened.
  • Always follow steps to a healthy PC. You can read my previous post 4 steps to a Healthy PC to learn more on this.
Recently there has been a spurt in the phishing attacks and therefore this Gmail alert certainly helps users stay safe to an extent. Google also issued a statement recently informing users that the security lapses are not within Gmail but its the Phishing attacks which are responsible.

You can also follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav

WordPress 2.6.5 is up for grabs now

WordPress has released the latest version to the existing 2.6.3 version. The latest release has fixes for a couple of security issues which only affects IP-based virtual servers running on Apache 2.x.

 

Wordpress releases 2.6.5 version.

Wordpress releases 2.6.5 version.

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php andwp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Also, interestingly WordPress has deliberately not released the WordPress 2.6.4 release to avoid confusion with a fake 2.6.4 release that made the rounds a few days back. 

Please note WordPress doesn’t have a 2.6.4 version and if you happen to be running one of that, you better abandon it as soon as possible. WordPress also says, there is no 2.6.4 version and there will never be a WordPress 2.6.4 version.

Download WordPress 2.6.5

Also Read30+ Tools to Turn WordPress into a Personal Hub

Automattic has an interesting way of Hiring the Right Candidates

 

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey

Recap of this week’s best posts

This post contains five articles which got the most user attention this week. Click on the links below to check out the entire post.

1.) Gmail Launches Voice and Video Chat: This post includes interesting news about the launch of Video chat over Gmail.

2.) [How-To] Detect memory leaks in Javascript : This post introduces readers to the concept of circular referencing in Javascript and how it causes Memory leaks. It then introduces an extremely useful debugging tool JavaScript Memory Leak Detector  which can be used to detect memory leaks in Javascript. 

3.) What is OpenID and how to use your Gmail account as OpenID: This post introduces the concept of OpenID and how your Gmail account id can be used as an OpenID.

4.) Default Password List for various Routers: If you are one of those who seems to be looking for the default password of a router, this post should be of help. This post contains listing of default password of various routers. Particularly useful if you often find yourself helping others with their setups.

5.) Searching for Source Code? Try these 6 websites: Are you a developer or a programmer looking out for Source code examples? If yes, this post is of great help. It lists 6 Websites which can help you search for a source code sample in any language based on various filters. Worth checking out.

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav Pandey