Today's Question:  What does your personal desk look like?        GIVE A SHOUT

 SERVER SECURITY


  Why is my IP blocked at a website I visit regularly after I changed ISPs?

I just installed a new Express Card with Verizon Broadband wireless lastnight. Had tons of fun accessing the web from places I usually cannot, (we arein trucking) until I got to my favorite forum. It's a public place I have beento thousands of times, but instead of happily browsing all the daily newsevents and checking to see if the world blew up yet, I found myself blocked bya big white screen that said YOUR IP ADDRESS HAS BEEN BANNED.What can I do? I can't go to the forum owners to tell them it's just lil 'olme. Besides, I have picked them up on all other wireless connections at varioush...

2,481 0       SOLUTION ISP IP BLOCK STOPFORUMSPAM


  Microsoft’s “Picture Password”: A Breath Of Fresh Air On The Lock Screen, Of All Places

Remember that feeling you got back when Steve Jobs was unveiling the iPhone, and he did the “slide to unlock” gesture for the first time? I remember the way he said it – “You like that? Want to see it again?”Since then I haven’t seen a lock screen interface that has made me feel that same “how obvious, how elegant!” feeling – until today at the NVIDIA press conference, and later at the Microsoft keynote here at CES. It sounds a little silly, sure, making such a big deal of such a small feature, but it’s just nice to see a genuinely na...

2,834 0       MICROSOFT WINDOWS 8 PICTURE PASSWORD CES


  How to secure an Ubuntu Apache web server

Securing server software is not a straightforward task. Not all of our operating environments are the same, leading to a variety of potential security vulnerabilities. However, using a few basic configuration and security options, you can stay a little ahead of where you want to be.1. Fail2banFail2ban is a Python-based intrusion prevention software that detects and blocks malicious IP addresses from multiple unsuccessful attempts at software logins. In other words, if someone is attempting to login to your server via ssh, it detects multiple, unsuccessful attempts and blocks that user ip for a...

4,307 0       CACHE .HTACCESS UNIX SERVER SECURITY LOG


  How does CSDN dare to use plain text as password?

Recently, the China's largest Chinese IT community website named CSDN leaked its user's account information. Later today CSDN made an announcements to its users on their website. The announcement said that some user account information was leaked and the passwords of the accounts were stored as plain text in their database before 2009, and after 2009, they adopted an encryption algorithm to encrypt user password. They urged all users who registered the account before 2009 to change their password immediately. After reading this news, I was shocked. How come an IT website stores passwords in pl...

6,611 0       SECURITY INFORMATION LEAK CSDN PLAIN TEXT


  Bad code plagues business applications, especially Java ones

A new study examining 365 million lines of code in 745 applications identifies bad coding practices that affect security, performance and uptime, with Java Enterprise Edition applications having the greatest number of problems. Cast Software, which makes tools that automate the analysis of business applications, examined programs written in Java-EE, .NET, ABAP, C, C++, Cobol, Oracle Forms, and Visual Basic, used across a wide range of industries from energy and financial services to IT consulting, insurance, government, retail, telecom, and more. Java-EE applications were the most prevalent in...

3,300 0       JAVA PROGRAM SECURITY DEFECTS


  Three Simple Ways to Improve the Security of Your Web App

It seems like web app security has entered the public conscious recently, probably as a result of the press covering the activities of groups like Anonymous and incidents like security breaches at several CAs. Here are a couple of quick security tips to improve the security of your web apps. Think of these as low-hanging fruit, not as a substitute for thorough analysis of your app’s security. If there’s interest in this topic we can do more posts, too - let us know in the comments!Prologue: SSLYour app already forces all traffic over SSL, right? If it doesn’t, it should. T...

3,415 0       SECURITY SSL WEB APP X-FRAME-OPTIONS


  FUCK PASSWORDS

I'm so tired of passwords. So, so, so tired.Most people don't understand this. Most people use the same password everywhere. Most people can just mechanically type out password3 in every password box, smirking to themselves at how clever they are, because who would ever guess 3 instead of 1?I don't do that. Let me tell you what i do.I generate a different password for every service, based on a convoluted master password and the name of the thing. I do this because it's what you're supposed to do; it's what security nerds (including myself for the purposes of this post) tell everyone e...

4,831 0       SECURITY PASSWORD RANDOM GENERATION HARD TO REMEMBER


  Full disk encryption is too good, says US intelligence agency

You might be shocked to learn this, but when a quivering-lipped Chloe from 24 cracks the encryption on a terrorist’s hard drive in 30 seconds, the TV show is faking it. “So what? It’s just a TV show.” Well, yes, but it turns out that real federal intelligence agencies, like the FBI, CIA, and NSA, also have a problem cracking encrypted hard disks — and according to a new research paper, this is a serious risk to national security.The study, titled “The growing impact of full disk encryption on digital forensics,” illustrates ...

2,152 0       FDE FULL DISK ENCRYPTION CRACK DIFFICULTY