2010-02-17T17:02:28Z Ivan Markovic urn:uuid:1268166738 Ivan Markovic tag:www.security-net.biz,2010-02-17:/325 2010-02-17T17:02:28Z

Vecina Telekom ADSL modema je ranjiva na CSRF napade, ovim putem mozemo izmeniti vitalna podesavanja i ugroziti korisnike na vise nacina.<br /><br />Linkovi:<br /><br />- <a target="_blank" href="http://netsec.rs/18/huawei-hg510-multiple-vulnerabilities/493/">http://netsec.rs/18/huawei-hg510-multiple-vulnerabilities/493/</a><br />- <a target="_blank" href="http://www.securityfocus.com/bid/38261/info">http://www.securityfocus.com/bid/38261/info</a><br />- <a target="_blank" href="http://www.elitesecurity.org/t391845-Telekom-ADSL-amp-Huawei-CSRF-Auth-Bypass-DoS">http://www.elitesecurity.org/t391845-Telekom-ADSL-amp-Huawei-CSRF-Auth-Bypass-DoS</a><br />- <a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery" target="_blank">http://en.wikipedia.org/wiki/Cross-site_request_forgery</a>

Ivan Markovic tag:www.security-net.biz,2010-02-13:/324 2010-02-13T19:02:59Z

Domen je istekao:<br /><br />---------------------------------------------<br />Expiration Date: 2011-11-25<br />Creation Date: 2005-11-25<br /><span style="font-weight: bold;">Last Update Date: 2010-02-12</span><br /><br />Name Servers:<br />ns1.pendingrenewaldeletion.com<br />ns2.pendingrenewaldeletion.com<br />---------------------------------------------<br /><br />Diskusija:<br /><br /><a href="http://www.devprotalk.com/t8440-istekao-domen-banke-intesa.html" target="_blank">http://www.devprotalk.com/t8440-istekao-domen-banke-intesa.html</a><br /><br /><br /><span style="font-weight: bold;">I da li je potrebno da napomenem koliko je ova neodgovornost opasna po korisnike ?</span>

Ivan Markovic tag:www.security-net.biz,2010-01-25:/323 2010-01-25T01:01:33Z

&quot;In order to comply with government search warrants on user data, <span style="font-weight: bold;">Google</span> created a <span style="font-weight: bold;">backdoor</span> access system into <span style="font-weight: bold;">Gmail </span>accounts. This feature is what the <span style="font-weight: bold;">Chinese hackers</span> exploited to gain access.&quot;<br /><br /><a target="_blank" href="http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/">http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/</a>

Ivan Markovic tag:www.security-net.biz,2010-01-09:/322 2010-01-09T21:01:23Z

Drago mi je da se na nasim prostorima sve cesce pojavljuju osobe zainteresovane za bezbednost, i zato zelim da pohvalim i ohrabrim iste da nastave sa svojim radom! <br /><br /><br /><span style="font-weight: bold;">Milos Zivanovic</span> je napisao odlican PHP skript koji moze brzo i efikasno da otkrije maliciozne fajlove na vasim web serverima. Skript ima opcije pretrazivanja direktorijuma za poznatim opasnim skriptama kao i opciju pretrazivanja izvornog koda za potencijalno opasnim funkcijama.<br /><br />Skript mozete skinuti ovde: <a target="_blank" href="http://www.packetstormsecurity.org/web/phpav-1.1.txt">http://www.packetstormsecurity.org/web/phpav-1.1.txt</a> <br /><br /><br /><span style="font-weight: bold;">Milos Djuric</span> je nasao inspiraciju u skriptu koji sam napisao davno a koji prikazuje obavestanja o potencijalno opasnim podesavanjima PHP-a. Skript je unapredjen a veoma zanimljiva opcija je i prikazivanje podesavanja u odnosu na tip okruzenja (Debug/Production).<br /><br />Skript mozete skinuti ovde:<a href="http://www.elitesecurity.org/t382114-PHP-ini-Security-info-pitanja-podesavanju-php-ini" target="_blank"> http://www.elitesecurity.org/t382114-PHP-ini-Security-info-pitanja-podesavanju-php-ini</a><br /><br /><br />Ukoliko imate neku ideju a vezana je za razvoj &quot;security&quot; alata, slobodno me kontaktirajte rado cu Vam izaci u susret ;)

Ivan Markovic tag:www.security-net.biz,2009-12-29:/321 2009-12-29T21:12:58Z

U poslednje vreme ne stizem da pisem na svom blogu o svim zanimljivim stvarima u vezi bezbednosti, ali zato mogu da podelim zanimljive linkove ;)<br /><br />- <a href="http://securityretentive.blogspot.com/2009/12/best-security-improvements-in-2009.html" target="_blank">Best Security Improvements in 2009?</a><br />- <a href="http://www.theregister.co.uk/2009/12/25/microsoft_iis_semicolon_bug/" target="_blank">Microsoft IIS vuln leaves users open to remote attack</a><br />- <a href="http://www.owasp.org/index.php/Securing_tomcat" target="_blank">Securing tomcat</a><br /><br />