Sec?

Google is taking over Internet by strom day by day. After buying Online video sharing portal Youtube, finally Google has acquired Feedburner too. Chicago-based FeedBurner is a leading provider of feed distribution and management tools. Feedburner provides blogs to syndicate their content and deliver it straight to readers.

According to Official Google Blog, it seems Google is soon marching towards feed advertising after Adsense. Each day, FeedBurner delivers feeds to millions of users around the world. RSS driven feed ads could act as very lucarative alternative dissemination of Google Adsense inventory. Google has just posted even 45 minute audio press call regarding the same.

Every now and then, computer breaks down. An email stucks in the middle while sending, suddenly unwanted block of pictures starts poping out on the screen and ultimately stream of bits & bytes stops flowing. Research has shown 30% of computer break downs are due to lack of security. Having latest windows (XP or Vista) is not enough to run your day to day activities on your PC. The WWW, has now become Wild Wild Web, various unwelcomed scripts and malicious programs entering our PC daily, which can break down our PC in any day.

Here is a list of Top 10 Tips which can protect your Windows;

1. Install and update good antivirus software. Among the best are Kapersky Antivirus 6.0, NOD32 2.7, Trend Micro Antivirus 2007 , Norton AntiVirus 2007 etc. Run the virus scanner at least once a week.

2. Update and patch your OS regularly.

3. Do not log on with the user account with administrative privileges unless it is absolutely essential. Use a normal user account for general purposes like word-processing, internet surfing etc.

4. Use strong passwords. Strong passwords do not contain the words in dictionary or words relating to you or your family. They contain a combination of alphabets, numbers and special characters. The longer the length of the password, the more secure it is. For e.g. P@ssw0rd

5. Use a good antispyware software. The most effective solutions are Webroot Software Spy Sweeper 5.2, PC Tools Spyware Doctor 4.0, Lavasoft Ad-Adware SE Personal, Microsoft Windows Defender etc.

6. Install a secure firewall software. ZoneAlarm Pro 6.5, Outpost Firewall Pro 4.0, Kerio Personal Firewall 4 and Comodo Free Firewall are the ones with the best ratings.

7. Do not open unnecessary emails and email attachments.

8. Disable File and printer sharing service unless it is absolutely necessary.

9. Do not visit software cracks web sites.

10. Use secure web browsing software. For e.g. Mozilla Firefox (www.mozilla.org). Avoid using Internet Explorer.

Server Hardening means installing a new server in a secure fashion and maintaining the security and integrity of the server and application software. If you are planning to own a Virtual Private Server (VPS) or planning to get a Dedicated Server, then you need to prepare server Harndening checklist before launching your website on that server.

If you are running *nix based server (almost 66% of internet servers) then first and mostly you ought to do Host.conf & sysctl hardening. Making sure that your server is performing its best through configuration of the system control files is essential to optimized operation of your server. Apart from major optimizations, secure patch updates following are the things you should look into while hardening your server.

* Enable an SSH Banner (Legal Message/Warning on connect)
* Secure SSHD Daemon. (Disable root login, change default port..)
* Disable apache/named id outputs.
* Disable insecure PHP functions (mail(), CHMOD 755).
* Disable/remove unneeded default system accounts.
* Disable insecure cPanel scripts (if applicable)
* Modify WHM/cPanel settings for security purposes.
* Install Port Monitor (PMON)
* Setup Brute Force Detection (BFD)
* Setup Firewall Solution (APF/KISS)
* Setup rootkit hunters (chkrootkit and rkhunter)
* Install Process Resource Monitor (PRM)
* Disable/remove shell accounts (if applicable)
* Disable unused system services.
* Harden /etc/host.conf file.
* Change permissions on compilers and download utils (wget, lynx, GET, etc..)
* Secure and harden temporary directories (/tmp, /var/tmp, /dev/shm, etc..)
* Disable TELNET
* Modify logwatch for security.
* Setup Denial of Service (DDoS) and SYNFLOOD protection (Kernel Level).
* Install System Integrity Monitor (SIM).
* Install Tripwire Intrusion Detection System (Tracks moved/edited files on the system)
* Install file integrity checker (SAMHAIN).
* Install SMARTD (Tests reliability of S.M.A.R.T. devices such as hard drive.)
* Install mod_security for apache.
* Install mod_dosevasive for apache.
* Install mod_perl for apache.

I just read in webhostingtalk that one of the leading shared web hosting company iPowerWeb got hacked. Many of the clients websites got hacked due to Javascript vulnerability. As reported on PHPBB the hacker seemed to have implanted some kind of malicious javascript code on some of the pages of client’s sites. These Javascript code implanted on index pages of those hacked sites would further connect to some random IP addresses to download some script on client’s PC.

According to David (of HKBoards.com), one of his phpBB Forum hosted on iPowerWeb got following malicious code;


eval(String.fromCharCode(100,111,99,117,…,101,62,34,41))


The actual string of numbers in bold is 112 sets long. I reduced it for space and safety here. (Dont want anyone to acidently run it).

When decoded it gives a command for a script to be downloaded from an IP Address in Amsterdam.

iPowerWeb seems to be have planned to keep their lips tight until this whole issue gets resolved.

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

SQL Injection is the act of inserting evil information that will then change the anotomy of the original SQL request, that is going to be made by the server, in order to gain advantages (admin privileges, passwords, emails, run code on the server).

Almost 50% of the internet bloggers are today using wordpress or it variant blog engine. One simple SQL statment that could be ran over the database (WP) can be;

SELECT * FROM wp_users where user_id=1

The following code will grab all the values from wp_users table corresponding to the user with id=1.
The statement looks pretty innocuous, but look the following code.

SELECT * FROM wp_users where user_id=1 or 1=1

The above statement will be generating all the values from the wp_users table of NOT just user_id=1 but all users. So that was an unoptimized or faulty SQL statement. Now consider, if the CRITERIA ($user_id) part of that statement was supplied from some web based form.

SELECT * FROM wp_users where user_id=$user_id

Instead of inputing some good user_id, the malicious user might insert the following;

1 or 1=1 for the $user_id part.

How easily did the malicious user got information not just about user_id=1 but all the users stored within the wp_users table. The further consequences from those exploited data might vary upon importance of the data.

Now lets look into SQL Injection which could dramatically bring down your website on the same above SQL query;

SELECT * FROM wp_users where user_id=1;DELETE from wp_users;

Here the malicious user entered 1;DELETE FROM wp_users; for the value of $user_id through web based form or URL. The above code if executed will delete whole table itself, not just query.