http://www.security-net.biz/wsw/index.php?p=200 RSS feed Security Net sr 15 http://www.security-net.biz/wsw/index.php?p=200&bl=325 http://www.security-net.biz/wsw/index.php?p=200&bl=325 Vecina Telekom ADSL modema je ranjiva na CSRF napade, ovim putem mozemo izmeniti vitalna podesavanja i ugroziti korisnike na vise nacina.<br /><br />Linkovi:<br /><br />- <a target="_blank" href="http://netsec.rs/18/huawei-hg510-multiple-vulnerabilities/493/">http://netsec.rs/18/huawei-hg510-multiple-vulnerabilities/493/</a><br />- <a target="_blank" href="http://www.securityfocus.com/bid/38261/info">http://www.securityfocus.com/bid/38261/info</a><br />- <a target="_blank" href="http://www.elitesecurity.org/t391845-Telekom-ADSL-amp-Huawei-CSRF-Auth-Bypass-DoS">http://www.elitesecurity.org/t391845-Telekom-ADSL-amp-Huawei-CSRF-Auth-Bypass-DoS</a><br />- <a href="http://en.wikipedia.org/wiki/Cross-site_request_forgery" target="_blank">http://en.wikipedia.org/wiki/Cross-site_request_forgery</a> Wed, 17 Feb 2010 05:39:28 +0100 http://www.security-net.biz/wsw/index.php?p=200&bl=324 http://www.security-net.biz/wsw/index.php?p=200&bl=324 Domen je istekao:<br /><br />---------------------------------------------<br />Expiration Date: 2011-11-25<br />Creation Date: 2005-11-25<br /><span style="font-weight: bold;">Last Update Date: 2010-02-12</span><br /><br />Name Servers:<br />ns1.pendingrenewaldeletion.com<br />ns2.pendingrenewaldeletion.com<br />---------------------------------------------<br /><br />Diskusija:<br /><br /><a href="http://www.devprotalk.com/t8440-istekao-domen-banke-intesa.html" target="_blank">http://www.devprotalk.com/t8440-istekao-domen-banke-intesa.html</a><br /><br /><br /><span style="font-weight: bold;">I da li je potrebno da napomenem koliko je ova neodgovornost opasna po korisnike ?</span> Sat, 13 Feb 2010 07:10:59 +0100 http://www.security-net.biz/wsw/index.php?p=200&bl=323 http://www.security-net.biz/wsw/index.php?p=200&bl=323 &quot;In order to comply with government search warrants on user data, <span style="font-weight: bold;">Google</span> created a <span style="font-weight: bold;">backdoor</span> access system into <span style="font-weight: bold;">Gmail </span>accounts. This feature is what the <span style="font-weight: bold;">Chinese hackers</span> exploited to gain access.&quot;<br /><br /><a target="_blank" href="http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/">http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/</a> Mon, 25 Jan 2010 01:19:33 +0100 http://www.security-net.biz/wsw/index.php?p=200&bl=322 http://www.security-net.biz/wsw/index.php?p=200&bl=322 Drago mi je da se na nasim prostorima sve cesce pojavljuju osobe zainteresovane za bezbednost, i zato zelim da pohvalim i ohrabrim iste da nastave sa svojim radom! <br /><br /><br /><span style="font-weight: bold;">Milos Zivanovic</span> je napisao odlican PHP skript koji moze brzo i efikasno da otkrije maliciozne fajlove na vasim web serverima. Skript ima opcije pretrazivanja direktorijuma za poznatim opasnim skriptama kao i opciju pretrazivanja izvornog koda za potencijalno opasnim funkcijama.<br /><br />Skript mozete skinuti ovde: <a target="_blank" href="http://www.packetstormsecurity.org/web/phpav-1.1.txt">http://www.packetstormsecurity.org/web/phpav-1.1.txt</a> <br /><br /><br /><span style="font-weight: bold;">Milos Djuric</span> je nasao inspiraciju u skriptu koji sam napisao davno a koji prikazuje obavestanja o potencijalno opasnim podesavanjima PHP-a. Skript je unapredjen a veoma zanimljiva opcija je i prikazivanje podesavanja u odnosu na tip okruzenja (Debug/Production).<br /><br />Skript mozete skinuti ovde:<a href="http://www.elitesecurity.org/t382114-PHP-ini-Security-info-pitanja-podesavanju-php-ini" target="_blank"> http://www.elitesecurity.org/t382114-PHP-ini-Security-info-pitanja-podesavanju-php-ini</a><br /><br /><br />Ukoliko imate neku ideju a vezana je za razvoj &quot;security&quot; alata, slobodno me kontaktirajte rado cu Vam izaci u susret ;) Sat, 09 Jan 2010 09:53:23 +0100 http://www.security-net.biz/wsw/index.php?p=200&bl=321 http://www.security-net.biz/wsw/index.php?p=200&bl=321 U poslednje vreme ne stizem da pisem na svom blogu o svim zanimljivim stvarima u vezi bezbednosti, ali zato mogu da podelim zanimljive linkove ;)<br /><br />- <a href="http://securityretentive.blogspot.com/2009/12/best-security-improvements-in-2009.html" target="_blank">Best Security Improvements in 2009?</a><br />- <a href="http://www.theregister.co.uk/2009/12/25/microsoft_iis_semicolon_bug/" target="_blank">Microsoft IIS vuln leaves users open to remote attack</a><br />- <a href="http://www.owasp.org/index.php/Securing_tomcat" target="_blank">Securing tomcat</a><br /><br /> Tue, 29 Dec 2009 09:48:58 +0100