HD Moore wrote an excellent article on penetration testing IPMI and BMC’s. The article is based on various work of Dan Farmer and provides Metasploit penetration testing examples.
Finbar Ryan writes in his blog post Asp.Net Application Security: “I was recently helping a colleague with a customer who was running a security check against their IIS Server on Windows Server 2008. The security tool they used highlighted that the server was running Asp.Net and might be vulnerable to cross-site scripting attacks. The Asp.Net engine does validate every request that comes in. We do however recommend that you still ensure your application is not susceptible to the scripting attacks that are out there…
What if hackers also managed to crack any 16 character password? A password serves to protect your financial transactions, your social networking sites, and a host of other nominally secure websites online. People often say,
don’t use dictionary words as passwords. They are horribly insecure, but what if hackers also managed to crack any 16 character password?
Defend Against Cross-Site Scripting Using The HTML Encode Shortcuts. The .NET 4.0 & 4.5 frameworks introduced new syntax shortcuts to HTML encode dynamic content being rendered to the browser. These shortcuts provide an easy way to protect against Cross-Site Scripting (XSS) attacks in the newer versions of the .NET framework.
Send authenticated SMTP (auth-SMTP) over a TLS encrypted connection. If you want to send email securely from your website, this post is for you! In this post I’ll provide some script examples for ASP, PHP, and ASP.NET (C# / VB.Net) that you can easily integrate in your website.Continue reading
All Umbraco versions affected. Remove
/bin/umbraco.webservices.dll! A quick and short message to all Umbraco users, which just dropped in my Inbox:
WordPress security can be improved with plugins. Also from brute-force login attempts. Lately, a lot of brute force attacks are targeted against WordPress websites.Continue reading
Remove WordPress Social Media Widget Plugin; the plugin injects spam into your website
Close your open resolvers now! Open Recursive Resolvers pose a significant threat to the global network infrastructure. They are utilized in DNS Amplification attacks and pose a similar threat as those from Smurf attacks commonly seen in the late 1990’s. What can I do?
The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in Germany.
Charlie Eriksen has discovered a vulnerability in the Crayon Syntax Highlighter plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the “wp_load” parameter in
wp-content/plugins/crayon-syntax-hightlighter/util/preview.php is not properly verified before being used to include files. This can be exploited to include arbitrary PHP files from external FTP resources.