info@winintsoft.com
www.RoyaltyFreeAudioLogo.com

Categories

 

May 2012
M T W T F S S
« Jul    
 123456
78910111213
14151617181920
21222324252627
28293031  

Hackers can use Firefox as login credentials keylogger

Using public computers for internet banking isn’t a good idea. Did you know that already? Probably yes, because there’s a lot of cases somebody put the malware apps on the computers in internet caffes, libraries, schools etc. But a lot of the attacks are so called “useless” if you compare it with the attack we are going warn you today. This attack needs no programming, downloading and installing a sniffer or any other complex techniques.

With this attack method it’s easy to sniff the credentials for everybody and that’s why there’s so high risk. Using this method anybody can be successful in sniffing the passwords on the public computers.

Attention: This text is not intended to propagate the hacking methods. You should consider this article as educational material to learn how to protect against the hacking techniques.

How does a common public computer looks like?

- installed Windows OS (mostly XP, Vista, 7)
- installed Internet Explorer as an only web browser (sure mostly before Browser Choice Update (KB976002))
- if there’s any other web browser installed (let’s say Mozilla Firefox), it has been installed probably under the administrator account for the all user accounts
- users are logged under the account with limited privileges where they can install/execute EXE files, but there are the limits where they can write
Continue reading Hackers can use Firefox as login credentials keylogger

October 24th, 2010 | Tags: , , , , | Category: Basics, Internet, Security, Windows | Leave a comment

Free malware detection tools for Windows

Detecting the malware in Windows is not a hard task as you might think. In the many cases that’s the problem mostly for the users who don’t have so much of the technical skills. But if you are at least a little bit oriented in the Windows operating systems, you should be able do more than just to send the HijackThis’ logs on the web.

You just have to spend a few tens of the minutes and use the right tools. I am not saying the tools I am going to review in the next lines are the substitution for the antivirus software, firewalls, antispyware or Internet Security Software. Analyzing the operating system manually is useful in the cases when your security software didn’t detected any threats, but you are suspect there’s something wrong. The tools introduced in this article don’t have to be used just for malware detection, but it’s one of their purposes.


HijackThis

This freeware tool from TrendMicro is very popular and you’ve probably heard about it at least. A lot of Windows users use it to create a log and send it on the forums for other users’ analysis. HijackThis is not the automatic antimalware application which is able to decide what to delete or what is a malware. Instead of detecting the threats it create the list of the potentially malicious objects (files, processes, registry values) which can cause the operating system instability.

Download: http://go.trendmicro.com/free-tools/hijack-this/HijackThis.exe
Continue reading Free malware detection tools for Windows

June 9th, 2010 | Tags: , , | Category: Security, Windows | Leave a comment

Security vulnerabilities: SQL Injection, XSS and CSRF

Despite there’s more and more programmers who are carefully studying the web application’s security, it’s still sometimes seems like as it’d be just the other way. Everyday you can hear a lot of news about the successful attacks against the well or less known servers, and the hackers are finding the new vulnerabilities and use them to hack the open source and proprietary software used in a lot of web servers.

One of the main reason of the vulnerable web application’s code is its complexity, so it’s a real challenge to maintain such a huge bunch of a code, sanitize every input in the web applications and analyze even the smallest changes in the code if they can affect the overall applications’ security.

The goal of this article is to educate you why it’s so important to write secure web application’s code and to show you how easy can attackers hack the applications running on the bad programmer’s work.

SQL Injection

Overview:
The point of this vulnerability is the ability to inject an arbitrary SQL code into the application which sends it completely unchecked to the database server. The back-end database server execute that SQL query.

What can hackers do exploiting this vulnerability:
They can start the DoS attacks, steal the data from the databases or to delete or modify the information they contain.
Continue reading Security vulnerabilities: SQL Injection, XSS and CSRF

June 8th, 2010 | Tags: , , , | Category: Programming, Security, Web | Leave a comment
« Newer Entries  
  Older Entries »