Hackers have found ways to infiltrate internal networks via those web applications that most of the times are insecurely coded and are full of vulnerabilities. Attacks and exploits range from code injections, sql injection, cross site scripting (XSS) etc. Via those exploits, attackers can steal sensitive information from the databases on the back of the web-apps, or even manage to gain shell access on the database or web server itself. Gaining shell access allows the attacker to create a “pivot-point” from where he can execute further attacks to get deeper into the network.

The following are some important suggestions to follow for hardening your web applications:
 

1. First and most important is to adopt secure coding. Your software developers or the vendor from where you purchased the web application or whoever designed and coded your website, must have implemented security inside the code itself. Some examples include the filtering of input data in web forms (to block sql injections or XSS), the avoidance of buffer overflows, the avoidance of remote file injection and local file injection etc.
2. Don’t allow the web server to communicate with the database as an administrator user (sa).
3. Don’t run the webserver or the database server with administrator priviledges.
4. Configure engress firewall filtering in order to prohibit the database from communicating with the outside world.
5. Remove command execution (e.g xp_cmdshell) capability on the database.
6. And ofcourse harden all software and applications with latest patches.
7. Implement host intrusion detection and log monitoring.

 Those are some of the most important steps you need  to take to enhance the security of your web-apps and backend databases.

The only problem was that the mother was not aware of parental control software like Net Nanny or Norton Internet Security, which also cost some money. Before you decide to block some addresses (something that the children will be opposed), try a few other things:

First of all, educate your children and tell them about the dangers that exist when they share information with strangers. Family members should discuss the security and confidentiality of data in the web. You can place the computer in an area where you can easily check the screen to get an idea of what your children do and which sites they visit frequently. Furthermore, Orkut is a social network which means that one can easily see what friends your children have and what data is exchanged.

Finally, to block specific sites on your child’s computer with Windows without paying any money, follow the procedure below.

* Start – Run
* Enter notepad c: \ windows \ system32 \ drivers \ etc \ hosts
* Go to last line and add:

127.0.0.1 orkut.com
127.0.0.1 facebook.com
127.0.0.1 myspace.com

* Save the file and quit notepad

You can block any site you want with this technique. If you want later to unblock a certain site, simply remove the appropriate line with the same procedure. You should know however that usually your children are very smart and they will find out about the above technique sooner or later. So maybe a parental control software might be more appropriate.

Affected:Adobe Acrobat Standard 8.1.3 and prior
Adobe Acrobat Standard 7.0.8 and prior
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1 and prior
Adobe Acrobat Standard 7.1
Adobe Acrobat Reader (UNIX) 7.0.1 and prior
Adobe Acrobat Reader 8.1.3 and prior
Adobe Acrobat Reader 7.0.9 and prior
Adobe Acrobat Reader 9
Adobe Acrobat Reader 8.1 and prior
Adobe Acrobat Reader 7.1
Adobe Acrobat Professional 8.1.3 and prior
Adobe Acrobat Professional 7.0.9 and prior
Adobe Acrobat Professional 9
Adobe Acrobat Professional 8.1 and prior
Adobe Acrobat Professional 7.1
Adobe Acrobat 7.0.3 and prior

Description:

Graphics Device Interface (GDI) is an application programming interface by Microsoft Windows. It’s a core operating system component responsible for representing graphical objects. Microsoft Windows GDI has integer overflow vulnerability in gdiplus.dll while processing Enhanced Metafile (EMF) files. Possible vectors to exploit the flaw are: (a) Create a webpage containing a malicious WMF or EMF image file, and entice an attacker to visit his webpage. (b) Send an email with a specially crafted EMF image file attachment and convincing the user to view it or (c) embedding the malicious image file in an Office document and convincing the user to open it. Successful exploitation might lead to code execution or denial-of-service. Technical details about the vulnerability are publicly available.

Affected versions:

Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP2
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Gold 0
Microsoft Windows XP 0
Microsoft Office XP SP2 and prior

In symmetric cryptography, the same encryption key is used for encoding and decoding of a message. Therefore the key must be known to both the sender and the recipient. However, this requires a secure means for transmission and the only way to achieve this is to have a private meeting of the sender and the recipient where it is agreed what key will be used. If this is not feasible, symmetric cryptography is not recommended. A well known symmetric encryption algorithm is the Data Encryption Standard (DES or 3DES), which was developed by IBM and then adopted in 1977 by the U.S. Government as the standard encryption algorithm for important information.

On the other hand, in asymmetric cryptography two keys are used, one for encryption and another for decryption. Lets look at this case with an example using RSA asymmetric cryptography. Assume one party wants to accept a message from another party. Then from the side of the receiver, two keys are generated, a public and a private key, which uniquely correlate with each other. (ie for each private key there is only one public key). The receiver gives the sender the public key (which can be seen by anyone). Then the sender encrypts the message with this key and sends it to the recipient. During transport, the message can be seen by anyone but it can not be decrypted (at least regarding the RSA algorithm for which we discuss below). When the receiver gets the encrypted message, he can decrypt the message with his private key.

You must be asking now how this happens, that is, how an encrypted message created by the public key can not be deciphered with the same key that was created. This is the «magic» of mathematics in which there is not always a reverse process, or if there is, it can not be achieved by mathematical analytical methods. As we said before there is a correlation between public and private key. If you found this correlation then you can brake the encryption.

The RSA encryption method was proposed in 1977 by leading mathematicians Rivest, Shamir and Adleman, from where it took its name. The philosophy of this algorithm is what mentioned above and its security strength is based on the complexity of numbers. We will not mention how it operates exactly but we will give a very simple example to understand why its such a safe encryption method.

Assume you are given a number, 133. Can you find two numbers (except 1 and the same number), which when multiplied will give us 133? An analytical formula certainly does not exist (at least not for all the numbers), ie there is no formula to accept as input number 133 or 1,3,3 or any other relevant number and output a result. The only way to find these numbers is by trial and error, i.e to begin with numbers 2,3,4 … until we find exactly what divides 133 (to be precise we should look at numbers 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41 ..- prime numbers). After testing you will find that 7 divides exactly 133: 133 / 7 = 19, so the solution is the pair (7, 19).

Imagine now the number is not just 3 digits, like 133, … but 1000 digits! The time needed to find two numbers that when multiplied will give this 1000 digit number will increase dramatically. The RSA method is based on the inability of a system to analyze any such large numbers at a reasonable time.

As you will understand the higher the figure the more time you need to analyze this number to two factors (which are prime numbers). If one could calculate such numbers in a short time (and not a few years!), you could find the private key through the public key in order to decode the encrypted messages.

A virus can infiltrate a computer through several “entry points”. For Internet users, this can happen with downloading files, from email attachments, from network shares, from instant messaging applications etc. In the old days, viruses spread mainly by floppy disks.

When a virus infects a computer, it gets attached or replaces an existing program in the system. Thus, when the user runs the infected program, the virus is executed. This usually happens without the user knowing about the virus.

There are many types of computer viruses, such as file viruses, boot sector viruses, Trojan Horse, worms, spyware etc. Worms and Spyware are in my opinion the most dangerous among all the malware programs because usually their purpose is to steal personal data from the user (credit cards, passwords etc) or to take over the computer for sending spam.

A “general purpose” anti-virus tool is essential for your computer protection, but I believe that in addition to that, using a specialized anti spyware program is critical. To find the best anti spyware program you should look for something with a large spyware database with frequent updates, with detection capabilities for keyloggers, Trojans, hijackers, with protection against identity or credit card theft etc. For true computer protection, its essential to have a combination of a general-purpose antivirus with a specialized anti spyware protection program.

What is the best anti spyware program in the market?

I have used several freeware or commercial anti spyware tools for my computer but my vote for the best anti spyware program goes to Paretologic XoftSpySE. This is by far the best antispyware tool I have ever used.

[UPDATE] XoftSpySE is able to Successfully Remove the CONFICKER/DOWNADUP/KIDO Worm.

XoftSpySE is a spyware, adware, spybot, malware, keylogger, spy popup, and browser hijacker scanner and remover.

• We highly recommend using XoftSpySE, as spyware is now just as big a threat as viruses.
• XoftSpySE is designed to search and eliminate all known computer parasites that bog down the speed and capabilities of your PC.
• XoftSpySE frequently updates its spyware definitions with free updates to keep you protected.
• XoftSpySE should be used in conjunction with a good firewall, anti-spam and anti-virus software for complete PC protection. XoftSpySE does not detect viruses or manage spam.
• Removes over 250,000 + harmful files/programs

Key features of this software:

• Complete PC scanning, including running processes, registry entries, files and folders
• Detects and removes: adware, spyware, pop-Up generators, keyloggers, trojans, hijackers, and malware
• One of the largest spyware definition databases in the industry
• Automatic definition and feature updates
• Fast, powerful, and easy to use
• Comprehensive customer technical support
• Protects against identity and credit card theft

For a limited time only you can receive a full version of RegCure Registry Cleaner, absolutely FREE as a gift when you register for XoftSpySE Anti-Spyware. Click the image below to receive your free gift.

First the good news:

• We are getting a lot better about information security. This bears a lot of reasons behind it. For instance, new privacy laws are mandating organizations to tighten up their security. Await to come across to more consumer privacy laws passed in this year and more tightening of security arrangements.

• ISPs are now assuming the responsibility to help us with our security. Many ISPs nowadays install internet security software, anti-spam guards, email spam protection, intrusion detection systems etc to protect their customers.

• There is a plethora of advanced security software and hardware to assist us to be more secure and they’ll continue to get better. Competition right at present is strong in the security industry triggering a lot of innovation.

• Authentication demands are increasing. This is closing down big security loopholes. Organizations are asking for a great deal of authentication to access secure systems (this also is on the bad news side).

Now the bad news:

• Cyber-terrorists are becoming more advanced and knowledgeable. For instance, Botnets are getting more sophisticated and harder and harder to catch and stop. Do a search on botnets on the Internet and you will see how popular and dangerous are becoming. They really are causing many problems, but it does not stop there. The number of viruses, trojans and malware out there is astonishing.

• Securing our networks is costly. Many corporations are globalizing their presence and making them secure costs a lot of money. It will become worse before it gets better.

• Authentication demands are increasing. This is getting claustrophobic. Companies are asking for a great deal of authentication to access secure systems (This is also on the good news side) Unfortunately, for the end user, it is another thing to be unhappy about, not unlike airport security lines.

• Spammers keep coming up with more creative ways to fill our email boxes. Don’t look for this trend to stop anytime soon.

• Virus: A virus is a malware program that is loaded on your computer without your knowledge, with the intent of doing some damage to your system. It normally attaches itself to another program or data file in order to spread and reproduce itself in other areas of the computer without the knowledge of the user. Normally a virus enters your computer through a spam email which has attachments (pictures or files) or by downloading infected programs from malicious sites. A virus can damage files or cause your computer to behave strangely.
• Warm: Warms are memory-resident malware threats that can spread across networks by exploiting possible Vulnerabilities in the TCP/IP stack implementation of the OS and/or specific applications. They load themselves into the memory of a remote system and then execute themselves … all without ever being written to a disk. A warm therefore can live on its own and propagate by copying itself from one computer to another. Worms can harm a network, can consume tremendous bandwidth, and can shut a computer down.
• The difference between viruses and worms is that a virus cannot replicate itself like a worm, and it usually affects the computer it has invaded. A worm acts autonomously, and uses a computer network in order to multiply itself and to send copies of itself to other systems. A virus needs a user action (e.g download of infected file, run a program etc) in order to propagate and spread itself.
• Adware: An adware is certainly less threatening than a Warm or Virus. Typically, adware components install alongside a shareware or freeware application and bring targeted advertisements to your computer. These advertisements create revenue for the software developer. Adware displays web-based advertisements through pop-up windows or through annoying advertising banners. It can slow down your computer by consuming cpu, memory and bandwidth.
• Spyware: A spyware is closely related with adware, since it is usually transmitted also via freeware/shareware applications that we often download. As soon as it is downloaded it installs itself in your PC without your knowledge, and starts to monitor your internet activity. The monitored information is then transmitted to a third party, in most cases to companies which are interested in creating your personal profile. Later on, it will start sending you advertising or other data.
• Trojan: It is a program that appears to be working properly but actually causes damage in some form. It is called a Trojan because it can enter your computer through operations considered harmless, for example, through a game or even through a virus tracking program, and so it can trick the user by hiding the underlying activity. Like the ancient Trojan Horse, the Computer Trojan can secretly open ports on your Home Network. In general, Trojan horses cannot multiply themselves as warms do, but they rely on people to pass them around. The idea is to make the program look like it’s something harmless, like a screen saver or joke, so it gets sent around.

Bottom line is that you don’t want any of those little nasty codes on your computer. Fortunately there are several tools in the security “Arsenal” that can help you fight all these malware threats:

Antivirus Software

Antivirus software is the countermeasure program used to “inoculate” computer viruses. The software is installed on your PC and checks against viruses all files on your computer as well as files attached in incoming emails. If it finds viruses, it immediately informs you and, in most cases, it quarantines/cleans the infected files. The Antivirus can detect and clean both viruses and worms.

The Antivirus tool is a “must-have” software if you want to browse the Internet safely. The Three Best Antivirus Software available on the market today (which I am currently using on my personal computers) are the following:

1. Norton from Symantec
2. Kaspersky Anti-Virus Products
3. Trend Micro

Complete Security Suite

A complete security suite is a collection of tools for defending against malicious threats for your computer. The security suite usually includes antivirus, antispam, firewall, antispyware etc. An example of such a suite is The Norton 360 All-In-One Security

Although a security suite can help you prevent more types of malware compared with the standalone antivirus, the disadvantage of this software is that it takes more computer resources compared with a single antivirus solution.

When applying the term firewall to a computer network (or to a Local Area Network – LAN), a firewall is a system or group of systems that manages access between two or more networks.

A simple network protected by a firewall is shown below:

Firewall Technologies

Firewall operations are based on one of three technologies:

• Packet Filtering: Limits information that is allowed into a network based on static packet header information.
• Proxy Server: Requests connections on behalf of the client on the inside of the firewall and Internet.
• Stateful Filtering Firewall: Combines the best of packet filtering and proxy server technologies.

As shown from the diagram above, Packet Filtering can be applied on the Internet Border router (e.g using Access Control Lists), Proxy services can be implemented by a dedicated proxy server (located on the DMZ of the firewall), and full stateful firewall functionality is accomplished by a dedicated hardware firewall (e.g Cisco PIX or ASA firewall).

The scenario above combines all three firewall technologies and is considered the best security practice for protecting a network perimeter.