Many vendors have put out statements for OpenSSL vulnerability (CVE-2014-0160): This is a vulnerability in the encryption technology (OpenSSL) on websites and other systems. If you cannot safely access websites with encryption technologies it is a bad day on the Internet isc has a full list – list is increasing: But most interesting (to me) … Read more
Port 6789 according to Speedguide.net the port can be used by a Netsky worm variant, but is also used by the Sun cluster manager. In fact that is how the worm replicates itself across the Internet, by using the Java software on the cluster manager software (smc-https or Solaris Management console). Many ports are thus … Read more
OWASP has a great website discussing SQL injection: The Open web application Security project is an effort to help the programming community in securing their websites And I will copy a couple of lines from their SQL_Injection_prevention_Cheat_sheet becasue it is important: Option #1: Use of Prepared Statements (Parameterized Queries) Option #2: Use of Stored Procedures … Read more
XSS is something every website should be aware of – test for it, because the bad hackers do. Netsparker is a good site to explain some of the potential attacks. The effect of XSS is to use the website to extract information, and even bypass the defenses of the server. In some cases if the … Read more
As Forbes article discusses: Update your plugins and widgets when they are vulnerable, use complex passwords, and otherwise use good security methodologies. It is the basics that people are not doing. What is easy to use makes it less secure, thus requiring more effort by the user or administrator to make sure it is secure … Read more